librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Update examples and add docker-proxy

This commit is contained in:
TheophileDiot 2022-11-21 11:28:08 +01:00
parent 82ab6c7c43
commit 81ad9e9ac0
21 changed files with 360 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
examples/behind-reverse-proxy/docker-compose.yml
View File

@ -14,6 +14,7 @@ services:
environment:
- SERVER_NAME=www.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- AUTO_LETS_ENCRYPT=yes
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
@ -35,11 +36,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myproxy:
image: haproxy
@ -71,3 +83,4 @@ networks:
config:
- subnet: 10.10.10.0/24
bw-services:
net-docker:

17
examples/bigbluebutton/docker-compose.yml
View File

@ -60,15 +60,30 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
bbb-net:
ipv4_address: 10.7.7.42
net-docker:
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
...
volumes:
...
bw-data:
networks:
...
net-docker:

14
examples/certbot-dns-cloudflare/docker-compose.yml
View File

@ -45,11 +45,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mycertbot:
image: certbot/dns-cloudflare
@ -88,6 +99,7 @@ networks:
driver: default
config:
- subnet: 10.20.30.0/24
net-docker:
net_app1:
net_app2:
net_app3:

14
examples/certbot-dns-digitalocean/docker-compose.yml
View File

@ -45,11 +45,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mycertbot:
image: certbot/dns-digitalocean
@ -88,6 +99,7 @@ networks:
driver: default
config:
- subnet: 10.20.30.0/24
net-docker:
net_app1:
net_app2:
net_app3:

14
examples/certbot-dns-google/docker-compose.yml
View File

@ -45,11 +45,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mycertbot:
image: certbot/dns-google
@ -88,6 +99,7 @@ networks:
driver: default
config:
- subnet: 10.20.30.0/24
net-docker:
net_app1:
net_app2:
net_app3:

14
examples/certbot-dns-ovh/docker-compose.yml
View File

@ -45,11 +45,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mycertbot:
image: certbot/dns-ovh
@ -88,6 +99,7 @@ networks:
driver: default
config:
- subnet: 10.20.30.0/24
net-docker:
net_app1:
net_app2:
net_app3:

38
examples/certbot-dns-route53/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,11 +13,12 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
- certs:/certs
environment:
- MULTISITE=yes
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
@ -32,11 +33,35 @@ services:
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- net_app1
- net_app2
- net_app3
bbw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mycertbot:
image: certbot/dns-google
environment:
@ -64,10 +89,17 @@ services:
- net_app3
volumes:
bw_data:
bw-data:
certs:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net-docker:
net_app1:
net_app2:
net_app3:

18
examples/cors/docker-compose.yml
View File

@ -32,7 +32,7 @@ services:
- app3.example.com_REMOTE_PHP=myapp3
- app3.example.com_REMOTE_PHP_PATH=/app
labels:
- "bunkerweb.INSTANCE"
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- net_app1
@ -43,11 +43,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- ./bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myapp1:
image: php:fpm
@ -88,6 +99,7 @@ networks:
driver: default
config:
- subnet: 10.20.30.0/24
net-docker:
net_app1:
net_app2:
net_app3:

14
examples/docker-configs/docker-compose.yml
View File

@ -66,11 +66,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myapp1:
image: tutum/hello-world
@ -93,3 +104,4 @@ networks:
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

15
examples/drupal/docker-compose.yml
View File

@ -34,7 +34,7 @@ services:
LIMIT_REQ_RATE_1: "5r/s"
CUSTOM_CONF_MODSEC_CRS_drupal: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_drupal=1"'
labels:
- "bunkerweb.INSTANCE"
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
@ -45,11 +45,21 @@ services:
- mybunker
environment:
<<: *bunkerweb-env
DOCKER_HOST: "tcp://docker-proxy:2375"
volumes:
- bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mydrupal:
image: drupal:9-apache
@ -84,3 +94,4 @@ networks:
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/ghost/cleanup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm delete ghost
kubectl delete pvc data-ghost-mysql-0
kubectl delete pvc data-ghost-mysql-0

45
examples/ghost/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,9 +13,10 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
@ -24,6 +25,32 @@ services:
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myghost:2368
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myghost:
image: ghost:alpine
@ -32,6 +59,18 @@ services:
environment:
- url=https://www.example.com # replace with your domain
- NODE_ENV=development
networks:
- bw-services
volumes:
bw_data:
bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/ghost/setup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install -f ghost-chart-values.yml ghost bitnami/ghost
helm install -f ghost-chart-values.yml ghost bitnami/ghost

2
examples/ghost/tests.json
View File

@ -2,7 +2,7 @@
"name": "ghost",
"kinds": ["docker", "autoconf", "swarm", "kubernetes"],
"timeout": 60,
"delay": 30,
"delay": 180,
"tests": [
{
"type": "string",

9
examples/gogs/autoconf.yml
View File

@ -17,14 +17,7 @@ services:
- bunkerweb.REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
- bunkerweb.MAX_CLIENT_SIZE=1G
- |
bunkerweb.CUSTOM_CONF_MODSEC_CRS_gogs=
SecAction \
"id:900220,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
bunkerweb.CUSTOM_CONF_MODSEC_CRS_gogs=SecAction "id:900220,phase:1,nolog,pass,t:none,setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
networks:
bw-services:

49
examples/gogs/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -16,6 +16,7 @@ services:
- ./bw-data:/data # contains some Core Rule Set configuration to fix FP
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes
@ -27,16 +28,46 @@ services:
- REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
- MAX_CLIENT_SIZE=1G
- |
CUSTOM_CONF_MODSEC_CRS_gogs=
SecAction \
"id:900220,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
CUSTOM_CONF_MODSEC_CRS_gogs=SecAction "id:900220,phase:1,nolog,pass,t:none,setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mygogs:
image: gogs/gogs
volumes:
- ./gogs-data:/data
networks:
- bw-services
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

8
examples/gogs/kubernetes.yml
View File

@ -27,13 +27,7 @@ metadata:
bunkerweb.io/CONFIG_SITE: "www.example.com"
data:
gogs.conf: |
SecAction \
"id:900220,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
SecAction "id:900220,phase:1,nolog,pass,t:none,setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
---
apiVersion: apps/v1
kind: Deployment

45
examples/hardened/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
# dropping all capabilities
cap_drop:
- ALL
@ -26,9 +26,10 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
@ -37,9 +38,47 @@ services:
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
- REMOTE_PHP_PATH=/app
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myapp:
image: tutum/hello-world
networks:
- bw-services
volumes:
bw_data:
bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/joomla/cleanup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm delete joomla
kubectl delete pvc data-joomla-mariadb-0
kubectl delete pvc data-joomla-mariadb-0

95
examples/joomla/docker-compose.yml
View File

@ -1,8 +1,12 @@
version: "3"
x-bunkerweb-env:
&bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${JOOMLA_USER:-user}:${JOOMLA_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
mybunker:
image: bunkerity/bunkerweb:1.4.3
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
@ -13,21 +17,50 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw_data:/data
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes
- MAX_CLIENT_SIZE=50m
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myjoomla
- LIMIT_REQ_URL_1=/administrator/
- LIMIT_REQ_RATE_1=8r/s
- LIMIT_REQ_URL_2=/installation/index.php
- LIMIT_REQ_RATE_2=8r/s
<<: *bunkerweb-env
SERVER_NAME: "www.example.com" # replace with your domain
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
AUTO_LETS_ENCRYPT: "yes"
DISABLE_DEFAULT_SERVER: "yes"
MAX_CLIENT_SIZE: "50m"
USE_CLIENT_CACHE: "yes"
USE_GZIP: "yes"
USE_REVERSE_PROXY: "yes"
REVERSE_PROXY_URL: "/"
REVERSE_PROXY_HOST: "http://myjoomla"
LIMIT_REQ_URL_1: "/administrator/"
LIMIT_REQ_RATE_1: "8r/s"
LIMIT_REQ_URL_2: "/installation/index.php"
LIMIT_REQ_RATE_2: "8r/s"
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
<<: *bunkerweb-env
DOCKER_HOST: "tcp://docker-proxy:2375"
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myjoomla:
image: joomla:4-apache
@ -35,19 +68,33 @@ services:
- ./joomla-files:/var/www/html
environment:
- JOOMLA_DB_HOST=mydb
- JOOMLA_DB_NAME=joomla_db
- JOOMLA_DB_USER=user
- JOOMLA_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
- JOOMLA_DB_NAME=${JOOMLA_DATABASE:-joomladb}
- JOOMLA_DB_USER=${JOOMLA_USER:-user}
- JOOMLA_DB_PASSWORD=${JOOMLA_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
networks:
- bw-services
mydb:
image: mariadb
volumes:
- ./db-data:/var/lib/mysql
- db-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=joomla_db
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD)
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${JOOMLA_USER:-user}\"; CREATE USER \"${JOOMLA_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${JOOMLA_DATABASE:-joomladb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${JOOMLA_DATABASE:-joomladb}.* TO \"${JOOMLA_USER:-user}\"@\"%\" IDENTIFIED BY \"${JOOMLA_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${JOOMLA_USER:-user}\"@\"%\" IDENTIFIED BY \"${JOOMLA_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
networks:
- bw-universe
- bw-services
volumes:
bw_data:
bw-data:
db-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/joomla/setup-kubernetes.sh
View File

@ -1,9 +1,4 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install -f joomla-chart-values.yml joomla bitnami/joomla
helm install -f joomla-chart-values.yml joomla bitnami/joomla