examples improvement - hardened, joomla, kubernetes, load-balancer and moodle
This commit is contained in:
parent
d8286ced7c
commit
55186bbef5
|
@ -0,0 +1,11 @@
|
|||
# Hardened
|
||||
|
||||
Example on how you can harden the container executing bunkerized-nginx. See the [documentation](https://bunkerized-nginx.readthedocs.io/en/latest/security_tuning.html#container-hardening) for details.
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/hardened/architecture.png?raw=true" />
|
||||
|
||||
## Docker
|
||||
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/hardened/docker-compose.yml).
|
Binary file not shown.
After Width: | Height: | Size: 8.4 KiB |
|
@ -0,0 +1,11 @@
|
|||
# Joomla
|
||||
|
||||
Joomla is a free and open-source content management system (CMS) for publishing web content on websites. Web content applications include discussion forums, photo galleries, e-Commerce and user communities and numerous other web-based applications. More info on the official [website](https://www.joomla.org/) and [repository](https://github.com/joomla/joomla-cms).
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/joomla/architecture.png?raw=true" />
|
||||
|
||||
## Docker
|
||||
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/joomla/docker-compose.yml).
|
Binary file not shown.
After Width: | Height: | Size: 14 KiB |
|
@ -0,0 +1,16 @@
|
|||
# Kubernetes
|
||||
|
||||
Various examples on how to use bunkerized-nginx within a Kubernetes cluster. See the [Kubernetes section of the documentation](#TODO) for more information.
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/kubernetes/architecture.png?raw=true" />
|
||||
|
||||
## Configuration
|
||||
|
||||
We will assume that you have setup the [bunkerized-nginx ingress controller](#TODO) inside your cluster.
|
||||
|
||||
## Kubernetes
|
||||
|
||||
See [ingress.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/ingress.yml), [php.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/php.yml) and [reverse-proxy.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/reverse-proxy.yml).
|
||||
|
Binary file not shown.
After Width: | Height: | Size: 15 KiB |
|
@ -0,0 +1,66 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: bunkerized-nginx-ingress
|
||||
# this label is mandatory
|
||||
labels:
|
||||
bunkerized-nginx: "yes"
|
||||
annotations:
|
||||
# add any global and default environment variables here as annotations with the "bunkerized-nginx." prefix
|
||||
# examples :
|
||||
#bunkerized-nginx.AUTO_LETS_ENCRYPT: "yes"
|
||||
#bunkerized-nginx.USE_ANTIBOT: "javascript"
|
||||
#bunkerized-nginx.REDIRECT_HTTP_TO_HTTPS: "yes"
|
||||
#bunkerized-nginx.app.example.com_REVERSE_PROXY_WS: "yes"
|
||||
#bunkerized-nginx.app.example.com_USE_MODSECURITY: "no"
|
||||
# add "static" routes here (see https://kubernetes.io/docs/concepts/services-networking/ingress/)
|
||||
# and/or add annotations to your services (see https://github.com/bunkerity/bunkerized-nginx/tree/master/examples/kubernetes)
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- app1.example.com
|
||||
rules:
|
||||
- host: "app1.example.com"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: app1
|
||||
port:
|
||||
number: 80
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: app1
|
||||
labels:
|
||||
app: app1
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: app1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: app1
|
||||
spec:
|
||||
containers:
|
||||
- name: app1
|
||||
image: containous/whoami
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: app1
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: app1
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 80
|
||||
|
|
@ -1,21 +1,21 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: myapp
|
||||
name: app2
|
||||
labels:
|
||||
app: myapp
|
||||
app: app2
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: myapp
|
||||
app: app2
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: myapp
|
||||
app: app2
|
||||
spec:
|
||||
containers:
|
||||
- name: myapp
|
||||
- name: app2
|
||||
image: php:fpm
|
||||
volumeMounts:
|
||||
- name: www
|
||||
|
@ -23,23 +23,26 @@ spec:
|
|||
volumes:
|
||||
- name: www
|
||||
hostPath:
|
||||
path: /shared/www/myapp.example.com
|
||||
path: /shared/www/app2.example.com
|
||||
type: Directory
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: myapp
|
||||
name: app2
|
||||
# this label is mandatory
|
||||
labels:
|
||||
bunkerized-nginx: "yes"
|
||||
annotations:
|
||||
bunkerized-nginx.AUTOCONF: "yes"
|
||||
bunkerized-nginx.SERVER_NAME: "myapp.example.com"
|
||||
bunkerized-nginx.REMOTE_PHP: "myapp"
|
||||
bunkerized-nginx.SERVER_NAME: "app2.example.com"
|
||||
bunkerized-nginx.REMOTE_PHP: "app2"
|
||||
bunkerized-nginx.REMOTE_PHP_PATH: "/var/www/html"
|
||||
bunkerized-nginx.AUTO_LETS_ENCRYPT: "yes"
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: myapp
|
||||
app: app2
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 9000
|
||||
targetPort: 9000
|
||||
targetPort: 9000
|
||||
|
|
|
@ -1,38 +1,41 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: myapp
|
||||
name: app3
|
||||
labels:
|
||||
app: myapp
|
||||
app: app3
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: myapp
|
||||
app: app3
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: myapp
|
||||
app: app3
|
||||
spec:
|
||||
containers:
|
||||
- name: myapp
|
||||
- name: app3
|
||||
image: containous/whoami
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: myapp
|
||||
name: app3
|
||||
# this label is mandatory
|
||||
labels:
|
||||
bunkerized-nginx: "yes"
|
||||
annotations:
|
||||
bunkerized-nginx.AUTOCONF: "yes"
|
||||
bunkerized-nginx.SERVER_NAME: "myapp.example.com"
|
||||
bunkerized-nginx.SERVER_NAME: "app3.example.com"
|
||||
bunkerized-nginx.USE_REVERSE_PROXY: "yes"
|
||||
bunkerized-nginx.REVERSE_PROXY_URL: "/"
|
||||
bunkerized-nginx.REVERSE_PROXY_HOST: "http://myapp"
|
||||
bunkerized-nginx.REVERSE_PROXY_HOST: "http://app3"
|
||||
bunkerized-nginx.AUTO_LETS_ENCRYPT: "yes"
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: myapp
|
||||
app: app3
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 80
|
||||
targetPort: 80
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
# Load balancer
|
||||
|
||||
Simple example on how to load balance requests to multiple backends.
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/load-balancer/architecture.png?raw=true" />
|
||||
|
||||
## Configuration
|
||||
|
||||
Edit the custom `upstream` directive in the **http-confs/upstream.conf** file according to your use case.
|
||||
|
||||
## Docker
|
||||
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/load-balancer/docker-compose.yml).
|
Binary file not shown.
After Width: | Height: | Size: 15 KiB |
|
@ -0,0 +1,11 @@
|
|||
# Moodle
|
||||
|
||||
Moodle is a free and open-source learning management system (LMS) written in PHP and distributed under the GNU General Public License. See the official [website](https://moodle.org/) and [repository](https://git.in.moodle.com/moodle/moodle) for more information.
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/moodle/architecture.png?raw=true" />
|
||||
|
||||
## Docker
|
||||
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/moodle/docker-compose.yml).
|
Binary file not shown.
After Width: | Height: | Size: 17 KiB |
Loading…
Reference in New Issue