examples improvement - traefik alternative, autoconf reverse proxy and basic website
This commit is contained in:
parent
6d73fbdedb
commit
44de2253d2
Binary file not shown.
|
@ -6,7 +6,7 @@ Quickly deploy PHP app on Docker containers without restarting bunkerized-nginx.
|
|||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/autoconf-php/architecture.png?raw=true" />
|
||||
|
||||
## Docker
|
||||
## Autoconf
|
||||
|
||||
First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-php/docker-compose-nginx.yml).
|
||||
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
# Autoconf reverse proxy
|
||||
|
||||
Quickly deploy web app on Docker containers without restarting bunkerized-nginx.
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/autoconf-reverse-proxy/architecture.png?raw=true" />
|
||||
|
||||
## Autoconf
|
||||
|
||||
First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-nginx.yml).
|
||||
|
||||
Then, you can add and remove web apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose-apps.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-apps.yml).
|
Binary file not shown.
After Width: | Height: | Size: 16 KiB |
|
@ -0,0 +1,50 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
myapp1:
|
||||
build: js-app
|
||||
restart: always
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app1.example.com" # replace with your domain
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp1:3000"
|
||||
networks:
|
||||
myappnet:
|
||||
aliases:
|
||||
- myapp1
|
||||
|
||||
myapp2:
|
||||
build: js-app
|
||||
restart: always
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app2.example.com" # replace with your domain
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2:3000"
|
||||
networks:
|
||||
myappnet:
|
||||
aliases:
|
||||
- myapp2
|
||||
|
||||
myapp3:
|
||||
build: js-app
|
||||
restart: always
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app3.example.com" # replace with your domain
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp3:3000"
|
||||
networks:
|
||||
myappnet:
|
||||
aliases:
|
||||
- myapp3
|
||||
|
||||
networks:
|
||||
myphpnet:
|
||||
external:
|
||||
name: myphpnet
|
|
@ -0,0 +1,45 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
mywww:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- autoconf:/etc/nginx
|
||||
environment:
|
||||
- SERVER_NAME= # must be left blank if you don't want to setup "static" conf
|
||||
- MULTISITE=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_PROXY_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
labels:
|
||||
- "bunkerized-nginx.AUTOCONF"
|
||||
networks:
|
||||
- myappnet
|
||||
|
||||
myautoconf:
|
||||
image: bunkerity/bunkerized-nginx-autoconf
|
||||
restart: always
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- autoconf:/etc/nginx
|
||||
depends_on:
|
||||
- mywww
|
||||
|
||||
volumes:
|
||||
autoconf:
|
||||
|
||||
networks:
|
||||
myappnet:
|
||||
name: myappnet
|
|
@ -2,28 +2,16 @@
|
|||
|
||||
This is a basic example for a typical PHP website/app.
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/basic-website-with-php/architecture.png?raw=true" />
|
||||
|
||||
## Docker
|
||||
|
||||
```shell
|
||||
$ mkdir letsencrypt
|
||||
$ chown root:101 letsencrypt
|
||||
$ chmod 770 letsencrypt
|
||||
$ chmod 755 web-files
|
||||
$ chmod -R 744 web-files/*
|
||||
$ docker-compose up
|
||||
```
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/basic-website-with-php/docker-compose.yml).
|
||||
|
||||
## Linux
|
||||
|
||||
You will need to configure your php-fpm service to listen on localhost with the following directive :
|
||||
```conf
|
||||
listen = 127.0.0.1:9000
|
||||
```
|
||||
Please note that you need to install and configure a php-fpm instance on your server.
|
||||
|
||||
```shell
|
||||
$ cp variables.env /opt/bunkerized-nginx/variables.env
|
||||
$ cp web-files/* /opt/bunkerized-nginx/www
|
||||
$ chown -R www-data:www-data /opt/bunkerized-nginx/www/*
|
||||
$ chmod -R 774 /opt/bunkerized-nginx/www/*
|
||||
$ bunkerized-nginx
|
||||
```
|
||||
See [variables.env](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/basic-website-with-php/variables.env).
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 8.4 KiB |
|
@ -1,62 +0,0 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
mytraefik:
|
||||
image: traefik:v1.7.26
|
||||
restart: always
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./traefik/traefik.toml:/traefik.toml
|
||||
- ./traefik/acme.json:/acme.json
|
||||
|
||||
mywww1:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web1:/www:ro
|
||||
environment:
|
||||
- SERVER_NAME=app1.example.com
|
||||
- PROXY_REAL_IP=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- REMOTE_PHP=myphp1
|
||||
- REMOTE_PHP_PATH=/app
|
||||
labels:
|
||||
- 'traefik.enable=true'
|
||||
- 'traefik.port=8080'
|
||||
- 'traefik.frontend.rule=Host:app1.example.com' # replace with your domain
|
||||
|
||||
mywww2:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web2:/www:ro
|
||||
environment:
|
||||
- SERVER_NAME=app2.example.com
|
||||
- PROXY_REAL_IP=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- REMOTE_PHP=myphp2
|
||||
- REMOTE_PHP_PATH=/app
|
||||
labels:
|
||||
- 'traefik.enable=true'
|
||||
- 'traefik.port=8080'
|
||||
- 'traefik.frontend.rule=Host:app2.example.com' # replace with your domain
|
||||
|
||||
myphp1:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web1:/app
|
||||
|
||||
myphp2:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web2:/app
|
|
@ -1,29 +0,0 @@
|
|||
debug = false
|
||||
|
||||
logLevel = "ERROR"
|
||||
defaultEntryPoints = ["https","http"]
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
address = ":80"
|
||||
[entryPoints.http.redirect]
|
||||
entryPoint = "https"
|
||||
[entryPoints.https]
|
||||
address = ":443"
|
||||
[entryPoints.https.tls]
|
||||
|
||||
[retry]
|
||||
|
||||
[docker]
|
||||
endpoint = "unix:///var/run/docker.sock"
|
||||
domain = "example.com"
|
||||
watch = true
|
||||
exposedByDefault = false
|
||||
|
||||
[acme]
|
||||
email = "contact@example.com"
|
||||
storage = "acme.json"
|
||||
entryPoint = "https"
|
||||
onHostRule = true
|
||||
[acme.httpChallenge]
|
||||
entryPoint = "http"
|
|
@ -1,5 +0,0 @@
|
|||
<?php
|
||||
|
||||
echo "Web1 app.";
|
||||
|
||||
?>
|
|
@ -1,5 +0,0 @@
|
|||
<?php
|
||||
|
||||
echo "Web2 app.";
|
||||
|
||||
?>
|
|
@ -0,0 +1,13 @@
|
|||
# Traefik alternative
|
||||
|
||||
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. See [documentation](https://doc.traefik.io/traefik/) and [GitHub repo](https://github.com/traefik/traefik) for more information.
|
||||
|
||||
You can easily switch from Traefik to bunkerized-nginx if you are more concerned about security.
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/traefik-alternative/architecture.png?raw=true" />
|
||||
|
||||
## Autoconf
|
||||
|
||||
See [docker-compose-bunkerized.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/traefik-alternative/docker-compose-bunkerized.yml) which is the equivalent of [docker-compose-traefik.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/traefik-alternative/docker-compose-traefik.yml).
|
Binary file not shown.
After Width: | Height: | Size: 818 B |
|
@ -22,7 +22,6 @@ services:
|
|||
- USE_CLIENT_CACHE=yes
|
||||
- USE_PROXY_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
labels:
|
||||
- "bunkerized-nginx.AUTOCONF"
|
||||
|
||||
|
@ -34,39 +33,15 @@ services:
|
|||
- autoconf:/etc/nginx
|
||||
depends_on:
|
||||
- mywww
|
||||
- myapp1
|
||||
- myapp2
|
||||
- myapp3
|
||||
- whoami
|
||||
|
||||
myapp1:
|
||||
build: js-app
|
||||
restart: always
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
whoami:
|
||||
image: "traefik/whoami"
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app1.example.com" # replace with your domain
|
||||
- "bunkerized-nginx.SERVER_NAME=www.example.com"
|
||||
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp1:3000"
|
||||
|
||||
myapp2:
|
||||
build: js-app
|
||||
restart: always
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app2.example.com" # replace with your domain
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2:3000"
|
||||
|
||||
myapp3:
|
||||
build: js-app
|
||||
restart: always
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app3.example.com" # replace with your domain
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp3:3000"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://whoami"
|
||||
|
||||
volumes:
|
||||
autoconf:
|
|
@ -0,0 +1,35 @@
|
|||
version: "3.3"
|
||||
|
||||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v2.4"
|
||||
container_name: "traefik"
|
||||
command:
|
||||
#- "--log.level=DEBUG"
|
||||
- "--api.insecure=true"
|
||||
- "--providers.docker=true"
|
||||
- "--providers.docker.exposedbydefault=false"
|
||||
- "--entrypoints.web.address=:80"
|
||||
- "--entrypoints.websecure.address=:443"
|
||||
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
|
||||
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
|
||||
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
- "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
|
||||
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "8080:8080"
|
||||
volumes:
|
||||
- "./letsencrypt:/letsencrypt"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
|
||||
whoami:
|
||||
image: "traefik/whoami"
|
||||
container_name: "simple-service"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.whoami.rule=Host(`www.example.com`)"
|
||||
- "traefik.http.routers.whoami.entrypoints=websecure"
|
||||
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
|
Loading…
Reference in New Issue