librewolf/bunkerized-nginx
4
0
Fork 1
mirror of https://github.com/bunkerity/bunkerized-nginx synced 2023-12-13 21:30:18 +01:00
Code Issues Projects Releases Wiki Activity

Start updating the examples to the 1.5

Browse source
This commit is contained in:
TheophileDiot 2022-11-20 18:53:41 +01:00
parent 3c3bb7f200
commit 719d779e01
11 changed files with 252 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
examples/behind-reverse-proxy/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
# ⚠️ read this if you use local folders for volumes ⚠️
# bunkerweb runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
@ -10,9 +10,10 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
@ -23,9 +24,22 @@ services:
# real IP settings
- USE_REAL_IP=yes
- REAL_IP_FROM=10.10.10.0/24
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- net_proxy
- net_apps
- net-proxy
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
myproxy:
image: haproxy
@ -34,20 +48,26 @@ services:
volumes:
- ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
networks:
- net_proxy
- net-proxy
myapp:
image: tutum/hello-world
networks:
- net_apps
- bw-services
volumes:
bw_data:
bw-data:
networks:
net_proxy:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net-proxy:
ipam:
driver: default
config:
- subnet: 10.10.10.0/24
net_apps:
bw-services:

20
examples/bigbluebutton/docker-compose.yml
View file

@ -27,7 +27,7 @@ services:
...
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -38,9 +38,10 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=${DOMAIN}
- API_WHITELIST_IP=127.0.0.0/8 10.7.7.0/24
- AUTO_LETS_ENCRYPT=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
@ -48,13 +49,26 @@ services:
- REVERSE_PROXY_WS=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://10.7.7.253:48087
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
# You have to put this IP address in your docker-compose.yml file
networks:
bbb-net:
ipv4_address: 10.7.7.254
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
bbb-net:
ipv4_address: 10.7.7.42
...
volumes:
...
bw_data:
bw-data:

26
examples/certbot-dns-cloudflare/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,11 +13,12 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
- certs:/certs
environment:
- MULTISITE=yes
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
@ -32,11 +33,24 @@ services:
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- net_app1
- net_app2
- net_app3
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
mycertbot:
image: certbot/dns-cloudflare
environment:
@ -64,10 +78,16 @@ services:
- net_app3
volumes:
bw_data:
bw-data:
certs:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net_app1:
net_app2:
net_app3:

26
examples/certbot-dns-digitalocean/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,11 +13,12 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
- certs:/certs
environment:
- MULTISITE=yes
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
@ -32,11 +33,24 @@ services:
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- net_app1
- net_app2
- net_app3
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
mycertbot:
image: certbot/dns-digitalocean
environment:
@ -64,10 +78,16 @@ services:
- net_app3
volumes:
bw_data:
bw-data:
certs:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net_app1:
net_app2:
net_app3:

26
examples/certbot-dns-google/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,11 +13,12 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
- certs:/certs
environment:
- MULTISITE=yes
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
@ -32,11 +33,24 @@ services:
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- net_app1
- net_app2
- net_app3
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
mycertbot:
image: certbot/dns-google
environment:
@ -64,10 +78,16 @@ services:
- net_app3
volumes:
bw_data:
bw-data:
certs:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net_app1:
net_app2:
net_app3:

26
examples/certbot-dns-ovh/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,11 +13,12 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
- certs:/certs
environment:
- MULTISITE=yes
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
@ -32,11 +33,24 @@ services:
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- net_app1
- net_app2
- net_app3
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
mycertbot:
image: certbot/dns-ovh
environment:
@ -64,10 +78,16 @@ services:
- net_app3
volumes:
bw_data:
bw-data:
certs:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net_app1:
net_app2:
net_app3:

21
examples/cors/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -16,6 +16,7 @@ services:
- ./bw-data:/data # contains web files (PHP, assets, ...), don't forget to rename the subfolders
environment:
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- MULTISITE=yes
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
@ -30,11 +31,24 @@ services:
- app2.example.com_REMOTE_PHP_PATH=/app
- app3.example.com_REMOTE_PHP=myapp3
- app3.example.com_REMOTE_PHP_PATH=/app
labels:
- "bunkerweb.INSTANCE"
networks:
- bw-universe
- net_app1
- net_app2
- net_app3
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
volumes:
- ./bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
myapp1:
image: php:fpm
# ⚠️ UID and GID of mywww (101:101) and php:fpm (33:33) are not the same ⚠️
@ -69,6 +83,11 @@ services:
- net_app3
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net_app1:
net_app2:
net_app3:

39
examples/docker-configs/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,13 +13,16 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- MULTISITE=yes
- SERVER_NAME=app1.example.com app2.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
# - AUTO_LETS_ENCRYPT=yes # TODO uncomment this line when the tests are done
- USE_BUNKERNET=no # TODO remove this line when the tests are done
- GENERATE_SELF_SIGNED_SSL=yes # TODO remove this line when the tests are done
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
@ -53,12 +56,40 @@ services:
ngx.say('hello app2')
}
}
labels:
- "bunkerweb.INSTANCE"
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
myapp1:
image: tutum/hello-world
networks:
- bw-services
myapp2:
image: tutum/hello-world
networks:
- bw-services
volumes:
bw_data:
bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:

5
examples/drupal/cleanup-kubernetes.sh
View file

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm delete drupal
kubectl delete pvc data-drupal-mariadb-0

84
examples/drupal/docker-compose.yml
View file

@ -1,8 +1,12 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${DRUPAL_USER:-user}:${DRUPAL_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,28 +17,39 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://mydrupal
- LIMIT_REQ_URL_1=/core/install.php
- LIMIT_REQ_RATE_1=5r/s
- |
CUSTOM_CONF_MODSEC_CRS_drupal=
SecAction \
"id:900130,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_exclusions_drupal=1"
<<: *bunkerweb-env
SERVER_NAME: "www.example.com" # replace with your domain
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
SERVE_FILES: "no"
DISABLE_DEFAULT_SERVER: "yes"
AUTO_LETS_ENCRYPT: "yes"
USE_CLIENT_CACHE: "yes"
USE_GZIP: "yes"
USE_REVERSE_PROXY: "yes"
REVERSE_PROXY_URL: "/"
REVERSE_PROXY_HOST: "http://mydrupal"
LIMIT_REQ_URL_1: "/core/install.php"
LIMIT_REQ_RATE_1: "5r/s"
CUSTOM_CONF_MODSEC_CRS_drupal: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_drupal=1"'
labels:
- "bunkerweb.INSTANCE"
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
<<: *bunkerweb-env
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
mydrupal:
image: drupal:9-apache
@ -43,16 +58,29 @@ services:
- ./drupal-profiles:/var/www/html/profiles
- ./drupal-themes:/var/www/html/themes
- ./drupal-sites:/var/www/html/sites
networks:
- bw-services
mydb:
image: mariadb
volumes:
- ./db-data:/var/lib/mysql
- db-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=drupaldb
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${DRUPAL_USER:-user}\"; CREATE USER \"${DRUPAL_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${DRUPAL_DATABASE:-drupaldb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${DRUPAL_DATABASE:-drupaldb}.* TO \"${DRUPAL_USER:-user}\"@\"%\" IDENTIFIED BY \"${DRUPAL_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${DRUPAL_USER:-user}\"@\"%\" IDENTIFIED BY \"${DRUPAL_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
networks:
- bw-universe
- bw-services
volumes:
bw_data:
bw-data:
db-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:

5
examples/drupal/setup-kubernetes.sh
View file

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install -f drupal-chart-values.yml drupal bitnami/drupal