examples improvement - hardened, joomla, kubernetes, load-balancer and moodle

examples/hardened/README.md

@@ -0,0 +1,11 @@
+# Hardened
+
+Example on how you can harden the container executing bunkerized-nginx. See the [documentation](https://bunkerized-nginx.readthedocs.io/en/latest/security_tuning.html#container-hardening) for details.
+
+## Architecture
+
+<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/hardened/architecture.png?raw=true" />
+
+## Docker
+
+See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/hardened/docker-compose.yml).

examples/joomla/README.md

@@ -0,0 +1,11 @@
+# Joomla
+
+Joomla is a free and open-source content management system (CMS) for publishing web content on websites. Web content applications include discussion forums, photo galleries, e-Commerce and user communities and numerous other web-based applications. More info on the official [website](https://www.joomla.org/) and [repository](https://github.com/joomla/joomla-cms).
+
+## Architecture
+
+<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/joomla/architecture.png?raw=true" />
+
+## Docker
+
+See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/joomla/docker-compose.yml).

examples/kubernetes/README.md

@@ -0,0 +1,16 @@
+# Kubernetes
+
+Various examples on how to use bunkerized-nginx within a Kubernetes cluster. See the [Kubernetes section of the documentation](#TODO) for more information.
+
+## Architecture
+
+<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/kubernetes/architecture.png?raw=true" />
+
+## Configuration
+
+We will assume that you have setup the [bunkerized-nginx ingress controller](#TODO) inside your cluster.
+
+## Kubernetes
+
+See [ingress.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/ingress.yml), [php.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/php.yml) and [reverse-proxy.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/reverse-proxy.yml).
+

examples/kubernetes/ingress.yml

@@ -0,0 +1,66 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: bunkerized-nginx-ingress
+  # this label is mandatory
+  labels:
+    bunkerized-nginx: "yes"
+  annotations:
+    # add any global and default environment variables here as annotations with the "bunkerized-nginx." prefix
+    # examples :
+    #bunkerized-nginx.AUTO_LETS_ENCRYPT: "yes"
+    #bunkerized-nginx.USE_ANTIBOT: "javascript"
+    #bunkerized-nginx.REDIRECT_HTTP_TO_HTTPS: "yes"
+    #bunkerized-nginx.app.example.com_REVERSE_PROXY_WS: "yes"
+    #bunkerized-nginx.app.example.com_USE_MODSECURITY: "no"
+# add "static" routes here (see https://kubernetes.io/docs/concepts/services-networking/ingress/)
+# and/or add annotations to your services (see https://github.com/bunkerity/bunkerized-nginx/tree/master/examples/kubernetes)
+spec:
+  tls:
+  - hosts:
+    - app1.example.com
+  rules:
+  - host: "app1.example.com"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: app1
+            port:
+              number: 80
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app1
+  labels:
+    app: app1
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: app1
+  template:
+    metadata:
+      labels:
+        app: app1
+    spec:
+      containers:
+      - name: app1
+        image: containous/whoami
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: app1
+spec:
+  type: ClusterIP
+  selector:
+    app: app1
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+

examples/kubernetes/php.yml

@@ -1,21 +1,21 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: myapp
+  name: app2
   labels:
-    app: myapp
+    app: app2
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: myapp
+      app: app2
   template:
     metadata:
       labels:
-        app: myapp
+        app: app2
     spec:
       containers:
-      - name: myapp
+      - name: app2
         image: php:fpm
         volumeMounts:
           - name: www
@@ -23,23 +23,26 @@ spec:
       volumes:
         - name: www
           hostPath:
-            path: /shared/www/myapp.example.com
+            path: /shared/www/app2.example.com
             type: Directory
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: myapp
+  name: app2
+  # this label is mandatory
+  labels:
+    bunkerized-nginx: "yes"
   annotations:
-    bunkerized-nginx.AUTOCONF: "yes"
-    bunkerized-nginx.SERVER_NAME: "myapp.example.com"
-    bunkerized-nginx.REMOTE_PHP: "myapp"
+    bunkerized-nginx.SERVER_NAME: "app2.example.com"
+    bunkerized-nginx.REMOTE_PHP: "app2"
     bunkerized-nginx.REMOTE_PHP_PATH: "/var/www/html"
+    bunkerized-nginx.AUTO_LETS_ENCRYPT: "yes"
 spec:
   type: ClusterIP
   selector:
-    app: myapp
+    app: app2
   ports:
     - protocol: TCP
       port: 9000
-      targetPort: 9000
+      targetPort: 9000

examples/kubernetes/reverse-proxy.yml

@@ -1,38 +1,41 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: myapp
+  name: app3
   labels:
-    app: myapp
+    app: app3
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: myapp
+      app: app3
   template:
     metadata:
       labels:
-        app: myapp
+        app: app3
     spec:
       containers:
-      - name: myapp
+      - name: app3
         image: containous/whoami
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: myapp
+  name: app3
+  # this label is mandatory
+  labels:
+    bunkerized-nginx: "yes"
   annotations:
-    bunkerized-nginx.AUTOCONF: "yes"
-    bunkerized-nginx.SERVER_NAME: "myapp.example.com"
+    bunkerized-nginx.SERVER_NAME: "app3.example.com"
     bunkerized-nginx.USE_REVERSE_PROXY: "yes"
     bunkerized-nginx.REVERSE_PROXY_URL: "/"
-    bunkerized-nginx.REVERSE_PROXY_HOST: "http://myapp"
+    bunkerized-nginx.REVERSE_PROXY_HOST: "http://app3"
+    bunkerized-nginx.AUTO_LETS_ENCRYPT: "yes"
 spec:
   type: ClusterIP
   selector:
-    app: myapp
+    app: app3
   ports:
     - protocol: TCP
       port: 80
-      targetPort: 80
+      targetPort: 80

examples/load-balancer/README.md

@@ -0,0 +1,15 @@
+# Load balancer
+
+Simple example on how to load balance requests to multiple backends.
+
+## Architecture
+
+<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/load-balancer/architecture.png?raw=true" />
+
+## Configuration
+
+Edit the custom `upstream` directive in the **http-confs/upstream.conf** file according to your use case.
+
+## Docker
+
+See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/load-balancer/docker-compose.yml).

examples/moodle/README.md

@@ -0,0 +1,11 @@
+# Moodle
+
+Moodle is a free and open-source learning management system (LMS) written in PHP and distributed under the GNU General Public License. See the official [website](https://moodle.org/) and [repository](https://git.in.moodle.com/moodle/moodle) for more information.
+
+## Architecture
+
+<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/moodle/architecture.png?raw=true" />
+
+## Docker
+
+See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/moodle/docker-compose.yml).