librewolf/bunkerized-nginx
4
0
Fork 1
mirror of https://github.com/bunkerity/bunkerized-nginx synced 2023-12-13 21:30:18 +01:00
Code Issues Projects Releases Wiki Activity

Update examples and add docker-proxy

Browse source
This commit is contained in:
TheophileDiot 2022-11-21 11:28:08 +01:00
parent 82ab6c7c43
commit 81ad9e9ac0
21 changed files with 360 additions and 94 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
examples/behind-reverse-proxy/docker-compose.yml
View file

@ -14,6 +14,7 @@ services:
environment: environment:
- SERVER_NAME=www.example.com # replace with your domains - SERVER_NAME=www.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- AUTO_LETS_ENCRYPT=yes
- SERVE_FILES=no - SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes - DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes - USE_CLIENT_CACHE=yes
@ -35,11 +36,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0 image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on: depends_on:
- mybunker - mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes: volumes:
- bw-data:/data - bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks: networks:
- bw-universe - bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myproxy: myproxy:
image: haproxy image: haproxy
@ -71,3 +83,4 @@ networks:
config: config:
- subnet: 10.10.10.0/24 - subnet: 10.10.10.0/24
bw-services: bw-services:
net-docker:

17
examples/bigbluebutton/docker-compose.yml
View file

@ -60,15 +60,30 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0 image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on: depends_on:
- mybunker - mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes: volumes:
- bw-data:/data - bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks: networks:
bbb-net: bbb-net:
ipv4_address: 10.7.7.42 ipv4_address: 10.7.7.42
net-docker:
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
... ...
volumes: volumes:
... ...
bw-data: bw-data:
networks:
...
net-docker:

14
examples/certbot-dns-cloudflare/docker-compose.yml
View file

@ -45,11 +45,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0 image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on: depends_on:
- mybunker - mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes: volumes:
- bw-data:/data - bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks: networks:
- bw-universe - bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mycertbot: mycertbot:
image: certbot/dns-cloudflare image: certbot/dns-cloudflare
@ -88,6 +99,7 @@ networks:
driver: default driver: default
config: config:
- subnet: 10.20.30.0/24 - subnet: 10.20.30.0/24
net-docker:
net_app1: net_app1:
net_app2: net_app2:
net_app3: net_app3:

14
examples/certbot-dns-digitalocean/docker-compose.yml
View file

@ -45,11 +45,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0 image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on: depends_on:
- mybunker - mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes: volumes:
- bw-data:/data - bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks: networks:
- bw-universe - bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mycertbot: mycertbot:
image: certbot/dns-digitalocean image: certbot/dns-digitalocean
@ -88,6 +99,7 @@ networks:
driver: default driver: default
config: config:
- subnet: 10.20.30.0/24 - subnet: 10.20.30.0/24
net-docker:
net_app1: net_app1:
net_app2: net_app2:
net_app3: net_app3:

14
examples/certbot-dns-google/docker-compose.yml
View file

@ -45,11 +45,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0 image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on: depends_on:
- mybunker - mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes: volumes:
- bw-data:/data - bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks: networks:
- bw-universe - bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mycertbot: mycertbot:
image: certbot/dns-google image: certbot/dns-google
@ -88,6 +99,7 @@ networks:
driver: default driver: default
config: config:
- subnet: 10.20.30.0/24 - subnet: 10.20.30.0/24
net-docker:
net_app1: net_app1:
net_app2: net_app2:
net_app3: net_app3:

14
examples/certbot-dns-ovh/docker-compose.yml
View file

@ -45,11 +45,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0 image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on: depends_on:
- mybunker - mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes: volumes:
- bw-data:/data - bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks: networks:
- bw-universe - bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mycertbot: mycertbot:
image: certbot/dns-ovh image: certbot/dns-ovh
@ -88,6 +99,7 @@ networks:
driver: default driver: default
config: config:
- subnet: 10.20.30.0/24 - subnet: 10.20.30.0/24
net-docker:
net_app1: net_app1:
net_app2: net_app2:
net_app3: net_app3:

38
examples/certbot-dns-route53/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services: services:
mybunker: mybunker:
image: bunkerity/bunkerweb:1.4.3 image: bunkerity/bunkerweb:1.5.0
ports: ports:
- 80:8080 - 80:8080
- 443:8443 - 443:8443
@ -13,11 +13,12 @@ services:
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io # more info at https://docs.bunkerweb.io
volumes: volumes:
- bw_data:/data - bw-data:/data
- certs:/certs - certs:/certs
environment: environment:
- MULTISITE=yes - MULTISITE=yes
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains - SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no - SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes - DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes - USE_CLIENT_CACHE=yes
@ -32,11 +33,35 @@ services:
- app2.example.com_REVERSE_PROXY_HOST=http://app2 - app2.example.com_REVERSE_PROXY_HOST=http://app2
- app3.example.com_REVERSE_PROXY_URL=/ - app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3 - app3.example.com_REVERSE_PROXY_HOST=http://app3
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks: networks:
- bw-universe
- net_app1 - net_app1
- net_app2 - net_app2
- net_app3 - net_app3
bbw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mycertbot: mycertbot:
image: certbot/dns-google image: certbot/dns-google
environment: environment:
@ -64,10 +89,17 @@ services:
- net_app3 - net_app3
volumes: volumes:
bw_data: bw-data:
certs: certs:
networks: networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
net-docker:
net_app1: net_app1:
net_app2: net_app2:
net_app3: net_app3:

18
examples/cors/docker-compose.yml
View file

@ -32,7 +32,7 @@ services:
- app3.example.com_REMOTE_PHP=myapp3 - app3.example.com_REMOTE_PHP=myapp3
- app3.example.com_REMOTE_PHP_PATH=/app - app3.example.com_REMOTE_PHP_PATH=/app
labels: labels:
- "bunkerweb.INSTANCE" - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks: networks:
- bw-universe - bw-universe
- net_app1 - net_app1
@ -43,11 +43,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0 image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on: depends_on:
- mybunker - mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes: volumes:
- ./bw-data:/data - bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks: networks:
- bw-universe - bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myapp1: myapp1:
image: php:fpm image: php:fpm
@ -88,6 +99,7 @@ networks:
driver: default driver: default
config: config:
- subnet: 10.20.30.0/24 - subnet: 10.20.30.0/24
net-docker:
net_app1: net_app1:
net_app2: net_app2:
net_app3: net_app3:

14
examples/docker-configs/docker-compose.yml
View file

@ -66,11 +66,22 @@ services:
image: bunkerity/bunkerweb-scheduler:1.5.0 image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on: depends_on:
- mybunker - mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes: volumes:
- bw-data:/data - bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks: networks:
- bw-universe - bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myapp1: myapp1:
image: tutum/hello-world image: tutum/hello-world
@ -93,3 +104,4 @@ networks:
config: config:
- subnet: 10.20.30.0/24 - subnet: 10.20.30.0/24
bw-services: bw-services:
net-docker:

15
examples/drupal/docker-compose.yml
View file

@ -34,7 +34,7 @@ services:
LIMIT_REQ_RATE_1: "5r/s" LIMIT_REQ_RATE_1: "5r/s"
CUSTOM_CONF_MODSEC_CRS_drupal: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_drupal=1"' CUSTOM_CONF_MODSEC_CRS_drupal: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_drupal=1"'
labels: labels:
- "bunkerweb.INSTANCE" - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks: networks:
- bw-universe - bw-universe
- bw-services - bw-services
@ -45,11 +45,21 @@ services:
- mybunker - mybunker
environment: environment:
<<: *bunkerweb-env <<: *bunkerweb-env
DOCKER_HOST: "tcp://docker-proxy:2375"
volumes: volumes:
- bw-data:/data - bw-data:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
networks: networks:
- bw-universe - bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mydrupal: mydrupal:
image: drupal:9-apache image: drupal:9-apache
@ -84,3 +94,4 @@ networks:
config: config:
- subnet: 10.20.30.0/24 - subnet: 10.20.30.0/24
bw-services: bw-services:
net-docker:

7
examples/ghost/cleanup-kubernetes.sh
View file

@ -1,9 +1,4 @@
#!/bin/bash #!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm delete ghost helm delete ghost
kubectl delete pvc data-ghost-mysql-0 kubectl delete pvc data-ghost-mysql-0

45
examples/ghost/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services: services:
mybunker: mybunker:
image: bunkerity/bunkerweb:1.4.3 image: bunkerity/bunkerweb:1.5.0
ports: ports:
- 80:8080 - 80:8080
- 443:8443 - 443:8443
@ -13,9 +13,10 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io # more info at https://docs.bunkerweb.io
volumes: volumes:
- bw_data:/data - bw-data:/data
environment: environment:
- SERVER_NAME=www.example.com # replace with your domain - SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no - SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes - DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes - AUTO_LETS_ENCRYPT=yes
@ -24,6 +25,32 @@ services:
- USE_REVERSE_PROXY=yes - USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/ - REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myghost:2368 - REVERSE_PROXY_HOST=http://myghost:2368
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myghost: myghost:
image: ghost:alpine image: ghost:alpine
@ -32,6 +59,18 @@ services:
environment: environment:
- url=https://www.example.com # replace with your domain - url=https://www.example.com # replace with your domain
- NODE_ENV=development - NODE_ENV=development
networks:
- bw-services
volumes: volumes:
bw_data: bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/ghost/setup-kubernetes.sh
View file

@ -1,9 +1,4 @@
#!/bin/bash #!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add bitnami https://charts.bitnami.com/bitnami
helm install -f ghost-chart-values.yml ghost bitnami/ghost helm install -f ghost-chart-values.yml ghost bitnami/ghost

2
examples/ghost/tests.json
View file

@ -2,7 +2,7 @@
"name": "ghost", "name": "ghost",
"kinds": ["docker", "autoconf", "swarm", "kubernetes"], "kinds": ["docker", "autoconf", "swarm", "kubernetes"],
"timeout": 60, "timeout": 60,
"delay": 30, "delay": 180,
"tests": [ "tests": [
{ {
"type": "string", "type": "string",

9
examples/gogs/autoconf.yml
View file

@ -17,14 +17,7 @@ services:
- bunkerweb.REVERSE_PROXY_HEADERS_1=Authorization $http_authorization - bunkerweb.REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
- bunkerweb.MAX_CLIENT_SIZE=1G - bunkerweb.MAX_CLIENT_SIZE=1G
- | - |
bunkerweb.CUSTOM_CONF_MODSEC_CRS_gogs= bunkerweb.CUSTOM_CONF_MODSEC_CRS_gogs=SecAction "id:900220,phase:1,nolog,pass,t:none,setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
SecAction \
"id:900220,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
networks: networks:
bw-services: bw-services:

49
examples/gogs/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services: services:
mybunker: mybunker:
image: bunkerity/bunkerweb:1.4.3 image: bunkerity/bunkerweb:1.5.0
ports: ports:
- 80:8080 - 80:8080
- 443:8443 - 443:8443
@ -16,6 +16,7 @@ services:
- ./bw-data:/data # contains some Core Rule Set configuration to fix FP - ./bw-data:/data # contains some Core Rule Set configuration to fix FP
environment: environment:
- SERVER_NAME=www.example.com # replace with your domain - SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no - SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes - DISABLE_DEFAULT_SERVER=yes
- AUTO_LETS_ENCRYPT=yes - AUTO_LETS_ENCRYPT=yes
@ -27,16 +28,46 @@ services:
- REVERSE_PROXY_HEADERS_1=Authorization $http_authorization - REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
- MAX_CLIENT_SIZE=1G - MAX_CLIENT_SIZE=1G
- | - |
CUSTOM_CONF_MODSEC_CRS_gogs= CUSTOM_CONF_MODSEC_CRS_gogs=SecAction "id:900220,phase:1,nolog,pass,t:none,setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
SecAction \ labels:
"id:900220,\ - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
phase:1,\ networks:
nolog,\ - bw-universe
pass,\ - bw-services
t:none,\
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'" bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mygogs: mygogs:
image: gogs/gogs image: gogs/gogs
volumes: volumes:
- ./gogs-data:/data - ./gogs-data:/data
networks:
- bw-services
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

8
examples/gogs/kubernetes.yml
View file

@ -27,13 +27,7 @@ metadata:
bunkerweb.io/CONFIG_SITE: "www.example.com" bunkerweb.io/CONFIG_SITE: "www.example.com"
data: data:
gogs.conf: | gogs.conf: |
SecAction \ SecAction "id:900220,phase:1,nolog,pass,t:none,setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
"id:900220,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment

45
examples/hardened/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services: services:
mybunker: mybunker:
image: bunkerity/bunkerweb:1.4.3 image: bunkerity/bunkerweb:1.5.0
# dropping all capabilities # dropping all capabilities
cap_drop: cap_drop:
- ALL - ALL
@ -26,9 +26,10 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io # more info at https://docs.bunkerweb.io
volumes: volumes:
- bw_data:/data - bw-data:/data
environment: environment:
- SERVER_NAME=www.example.com # replace with your domain - SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- AUTO_LETS_ENCRYPT=yes - AUTO_LETS_ENCRYPT=yes
- DISABLE_DEFAULT_SERVER=yes - DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes - USE_CLIENT_CACHE=yes
@ -37,9 +38,47 @@ services:
- REVERSE_PROXY_URL=/ - REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp - REVERSE_PROXY_HOST=http://myapp
- REMOTE_PHP_PATH=/app - REMOTE_PHP_PATH=/app
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myapp: myapp:
image: tutum/hello-world image: tutum/hello-world
networks:
- bw-services
volumes: volumes:
bw_data: bw-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/joomla/cleanup-kubernetes.sh
View file

@ -1,9 +1,4 @@
#!/bin/bash #!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm delete joomla helm delete joomla
kubectl delete pvc data-joomla-mariadb-0 kubectl delete pvc data-joomla-mariadb-0

95
examples/joomla/docker-compose.yml
View file

@ -1,8 +1,12 @@
version: "3" version: "3"
x-bunkerweb-env:
&bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${JOOMLA_USER:-user}:${JOOMLA_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services: services:
mybunker: mybunker:
image: bunkerity/bunkerweb:1.4.3 image: bunkerity/bunkerweb:1.5.0
ports: ports:
- 80:8080 - 80:8080
- 443:8443 - 443:8443
@ -13,21 +17,50 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io # more info at https://docs.bunkerweb.io
volumes: volumes:
- bw_data:/data - bw-data:/data
environment: environment:
- SERVER_NAME=www.example.com # replace with your domain <<: *bunkerweb-env
- AUTO_LETS_ENCRYPT=yes SERVER_NAME: "www.example.com" # replace with your domain
- DISABLE_DEFAULT_SERVER=yes API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
- MAX_CLIENT_SIZE=50m AUTO_LETS_ENCRYPT: "yes"
- USE_CLIENT_CACHE=yes DISABLE_DEFAULT_SERVER: "yes"
- USE_GZIP=yes MAX_CLIENT_SIZE: "50m"
- USE_REVERSE_PROXY=yes USE_CLIENT_CACHE: "yes"
- REVERSE_PROXY_URL=/ USE_GZIP: "yes"
- REVERSE_PROXY_HOST=http://myjoomla USE_REVERSE_PROXY: "yes"
- LIMIT_REQ_URL_1=/administrator/ REVERSE_PROXY_URL: "/"
- LIMIT_REQ_RATE_1=8r/s REVERSE_PROXY_HOST: "http://myjoomla"
- LIMIT_REQ_URL_2=/installation/index.php LIMIT_REQ_URL_1: "/administrator/"
- LIMIT_REQ_RATE_2=8r/s LIMIT_REQ_RATE_1: "8r/s"
LIMIT_REQ_URL_2: "/installation/index.php"
LIMIT_REQ_RATE_2: "8r/s"
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
<<: *bunkerweb-env
DOCKER_HOST: "tcp://docker-proxy:2375"
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
myjoomla: myjoomla:
image: joomla:4-apache image: joomla:4-apache
@ -35,19 +68,33 @@ services:
- ./joomla-files:/var/www/html - ./joomla-files:/var/www/html
environment: environment:
- JOOMLA_DB_HOST=mydb - JOOMLA_DB_HOST=mydb
- JOOMLA_DB_NAME=joomla_db - JOOMLA_DB_NAME=${JOOMLA_DATABASE:-joomladb}
- JOOMLA_DB_USER=user - JOOMLA_DB_USER=${JOOMLA_USER:-user}
- JOOMLA_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) - JOOMLA_DB_PASSWORD=${JOOMLA_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
networks:
- bw-services
mydb: mydb:
image: mariadb image: mariadb
volumes: volumes:
- ./db-data:/var/lib/mysql - db-data:/var/lib/mysql
environment: environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password MARIADB_RANDOM_ROOT_PASSWORD: "yes"
- MYSQL_DATABASE=joomla_db entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${JOOMLA_USER:-user}\"; CREATE USER \"${JOOMLA_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${JOOMLA_DATABASE:-joomladb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${JOOMLA_DATABASE:-joomladb}.* TO \"${JOOMLA_USER:-user}\"@\"%\" IDENTIFIED BY \"${JOOMLA_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${JOOMLA_USER:-user}\"@\"%\" IDENTIFIED BY \"${JOOMLA_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
- MYSQL_USER=user networks:
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD) - bw-universe
- bw-services
volumes: volumes:
bw_data: bw-data:
db-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:

7
examples/joomla/setup-kubernetes.sh
View file

@ -1,9 +1,4 @@
#!/bin/bash #!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add bitnami https://charts.bitnami.com/bitnami
helm install -f joomla-chart-values.yml joomla bitnami/joomla helm install -f joomla-chart-values.yml joomla bitnami/joomla