reverse-proxy-zammad
This commit is contained in:
parent
0114c7b09f
commit
4a8da40cf2
|
@ -0,0 +1,150 @@
|
|||
version: '2'
|
||||
|
||||
services:
|
||||
|
||||
zammad-backup:
|
||||
command: ["zammad-backup"]
|
||||
depends_on:
|
||||
- zammad-railsserver
|
||||
entrypoint: /usr/local/bin/backup.sh
|
||||
environment:
|
||||
- BACKUP_SLEEP=86400
|
||||
- HOLD_DAYS=10
|
||||
- POSTGRESQL_USER=${POSTGRES_USER}
|
||||
- POSTGRESQL_PASSWORD=${POSTGRES_PASS}
|
||||
image: ${IMAGE_REPO}:zammad-postgresql${VERSION}
|
||||
links:
|
||||
- zammad-postgresql
|
||||
restart: ${RESTART}
|
||||
volumes:
|
||||
- zammad-backup:/var/tmp/zammad
|
||||
- zammad-data:/opt/zammad
|
||||
|
||||
zammad-elasticsearch:
|
||||
environment:
|
||||
- discovery.type=single-node
|
||||
image: ${IMAGE_REPO}:zammad-elasticsearch${VERSION}
|
||||
restart: ${RESTART}
|
||||
volumes:
|
||||
- elasticsearch-data:/usr/share/elasticsearch/data
|
||||
|
||||
zammad-init:
|
||||
command: ["zammad-init"]
|
||||
depends_on:
|
||||
- zammad-postgresql
|
||||
environment:
|
||||
- POSTGRESQL_USER=${POSTGRES_USER}
|
||||
- POSTGRESQL_PASS=${POSTGRES_PASS}
|
||||
image: ${IMAGE_REPO}:zammad${VERSION}
|
||||
links:
|
||||
- zammad-elasticsearch
|
||||
- zammad-postgresql
|
||||
restart: on-failure
|
||||
volumes:
|
||||
- zammad-data:/opt/zammad
|
||||
|
||||
zammad-memcached:
|
||||
command: memcached -m 256M
|
||||
image: memcached:1.6.9-alpine
|
||||
restart: ${RESTART}
|
||||
|
||||
zammad-postgresql:
|
||||
environment:
|
||||
- POSTGRES_USER=${POSTGRES_USER}
|
||||
- POSTGRES_PASSWORD=${POSTGRES_PASS}
|
||||
image: ${IMAGE_REPO}:zammad-postgresql${VERSION}
|
||||
restart: ${RESTART}
|
||||
volumes:
|
||||
- postgresql-data:/var/lib/postgresql/data
|
||||
|
||||
zammad-railsserver:
|
||||
command: ["zammad-railsserver"]
|
||||
depends_on:
|
||||
- zammad-memcached
|
||||
- zammad-postgresql
|
||||
image: ${IMAGE_REPO}:zammad${VERSION}
|
||||
links:
|
||||
- zammad-elasticsearch
|
||||
- zammad-memcached
|
||||
- zammad-postgresql
|
||||
restart: ${RESTART}
|
||||
volumes:
|
||||
- zammad-data:/opt/zammad
|
||||
environment:
|
||||
- RAILS_SERVE_STATIC_FILES=true
|
||||
|
||||
zammad-scheduler:
|
||||
command: ["zammad-scheduler"]
|
||||
depends_on:
|
||||
- zammad-memcached
|
||||
- zammad-railsserver
|
||||
image: ${IMAGE_REPO}:zammad${VERSION}
|
||||
links:
|
||||
- zammad-elasticsearch
|
||||
- zammad-memcached
|
||||
- zammad-postgresql
|
||||
restart: ${RESTART}
|
||||
volumes:
|
||||
- zammad-data:/opt/zammad
|
||||
|
||||
zammad-websocket:
|
||||
command: ["zammad-websocket"]
|
||||
depends_on:
|
||||
- zammad-memcached
|
||||
- zammad-railsserver
|
||||
image: ${IMAGE_REPO}:zammad${VERSION}
|
||||
links:
|
||||
- zammad-postgresql
|
||||
- zammad-memcached
|
||||
restart: ${RESTART}
|
||||
volumes:
|
||||
- zammad-data:/opt/zammad
|
||||
|
||||
bunkerity:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
ports:
|
||||
- "80:8080"
|
||||
- "443:8443"
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./modsec-crs-confs:/modsec-crs-confs:ro # ModSecurity Core ignore false positive match error
|
||||
- ./modsec-confs:/modsec-confs:ro # ModSecurity ignore false positive match error
|
||||
- ./data:/www:ro
|
||||
environment:
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_PROXY_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- LIMIT_REQ_RATE=20r/s # Number of request allowed per seconds, let him to 20 to don't get code 429
|
||||
- FEATURE_POLICY= # Need to be allowed to work with Chrome, Brave, Edge
|
||||
- PERMISSIONS_POLICY= # Need to be allowed to work with Chrome, Brave, Edge
|
||||
- SERVER_NAME=www.website.com # replace with your domain
|
||||
- www.website.com_REVERSE_PROXY_URL_1=/ws
|
||||
- www.website.com_REVERSE_PROXY_HOST_1=http://zammad-websocket:6042
|
||||
- www.website.com_REVERSE_PROXY_WS=yes # used to allow websocket redirect
|
||||
- www.website.com_REVERSE_PROXY_URL_2=/
|
||||
- www.website.com_REVERSE_PROXY_HOST_2=http://zammad-railsserver:3000
|
||||
- ALLOWED_METHODS=GET|POST|HEAD|PUT|OPTIONS|DELETE|PATCH # All methods allowed by modSecurity used by default in zammad
|
||||
depends_on:
|
||||
- zammad-railsserver
|
||||
- zammad-websocket
|
||||
- zammad-backup
|
||||
- zammad-elasticsearch
|
||||
- zammad-init
|
||||
- zammad-memcached
|
||||
- zammad-postgresql
|
||||
- zammad-scheduler
|
||||
|
||||
volumes:
|
||||
elasticsearch-data:
|
||||
driver: local
|
||||
postgresql-data:
|
||||
driver: local
|
||||
zammad-backup:
|
||||
driver: local
|
||||
zammad-data:
|
||||
driver: local
|
|
@ -0,0 +1,7 @@
|
|||
SecRule REQUEST_FILENAME "^/api/v1/tickets" "id:1,nolog,ctl:ruleRemoveById=942100,ctl:ruleRemoveById=941100,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=capec/1000/152/242,ctl:ruleRemoveById=942170,ctl:ruleRemoveById=942190,ctl:ruleRemoveByTag=attack-sqli"
|
||||
SecRule REQUEST_FILENAME "^/api/v1/taskbar" "id:2,nolog,ctl:ruleRemoveById=921110,ctl:ruleRemoveById=921130,ctl:ruleRemoveById=932100,ctl:ruleRemoveById=932130,ctl:ruleRemoveById=93215,ctl:ruleRemoveById=933100,ctl:ruleRemoveById=933160,ctl:ruleRemoveById=941100,ctl:ruleRemoveById=941160,ctl:ruleRemoveById=941170,ctl:ruleRemoveById=941210,ctl:ruleRemoveById=942100,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-rce"
|
||||
SecRule REQUEST_FILENAME "^/api/v1/getting_started" "id:3,nolog,ctl:ruleRemoveById=941130,ctl:ruleRemoveById=941170"
|
||||
SecRule REQUEST_FILENAME "^/api/v1/reports" "id:4,nolog,ctl:ruleRemoveById=930120"
|
||||
SecRule REQUEST_FILENAME "^/api/v1/form_config" "id:5,nolog,ctl:ruleRemoveById=941130,ctl:ruleRemoveById=941170"
|
||||
SecRule REQUEST_FILENAME "^/api/v1/settings" "id:6,nolog,ctl:ruleRemoveById=941130,ctl:ruleRemoveById=941170"
|
||||
SecRule REQUEST_FILENAME "^/api/v1/integration" "id:7,nolog,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-sqli"
|
|
@ -0,0 +1,7 @@
|
|||
SecAction \
|
||||
"id:900200,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:'tx.allowed_methods=GET POST HEAD PUT OPTIONS DELETE PATCH'"
|
Loading…
Reference in New Issue