mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
Update examples and add docker-proxy
This commit is contained in:
parent
82ab6c7c43
commit
81ad9e9ac0
21 changed files with 360 additions and 94 deletions
|
@ -14,6 +14,7 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- SERVER_NAME=www.example.com # replace with your domains
|
- SERVER_NAME=www.example.com # replace with your domains
|
||||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||||
|
- AUTO_LETS_ENCRYPT=yes
|
||||||
- SERVE_FILES=no
|
- SERVE_FILES=no
|
||||||
- DISABLE_DEFAULT_SERVER=yes
|
- DISABLE_DEFAULT_SERVER=yes
|
||||||
- USE_CLIENT_CACHE=yes
|
- USE_CLIENT_CACHE=yes
|
||||||
|
@ -35,11 +36,22 @@ services:
|
||||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||||
depends_on:
|
depends_on:
|
||||||
- mybunker
|
- mybunker
|
||||||
|
environment:
|
||||||
|
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||||
volumes:
|
volumes:
|
||||||
- bw-data:/data
|
- bw-data:/data
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
networks:
|
networks:
|
||||||
- bw-universe
|
- bw-universe
|
||||||
|
- net-docker
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
myproxy:
|
myproxy:
|
||||||
image: haproxy
|
image: haproxy
|
||||||
|
@ -71,3 +83,4 @@ networks:
|
||||||
config:
|
config:
|
||||||
- subnet: 10.10.10.0/24
|
- subnet: 10.10.10.0/24
|
||||||
bw-services:
|
bw-services:
|
||||||
|
net-docker:
|
||||||
|
|
|
@ -60,15 +60,30 @@ services:
|
||||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||||
depends_on:
|
depends_on:
|
||||||
- mybunker
|
- mybunker
|
||||||
|
environment:
|
||||||
|
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||||
volumes:
|
volumes:
|
||||||
- bw-data:/data
|
- bw-data:/data
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
networks:
|
networks:
|
||||||
bbb-net:
|
bbb-net:
|
||||||
ipv4_address: 10.7.7.42
|
ipv4_address: 10.7.7.42
|
||||||
|
net-docker:
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
...
|
...
|
||||||
bw-data:
|
bw-data:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
...
|
||||||
|
net-docker:
|
|
@ -45,11 +45,22 @@ services:
|
||||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||||
depends_on:
|
depends_on:
|
||||||
- mybunker
|
- mybunker
|
||||||
|
environment:
|
||||||
|
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||||
volumes:
|
volumes:
|
||||||
- bw-data:/data
|
- bw-data:/data
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
networks:
|
networks:
|
||||||
- bw-universe
|
- bw-universe
|
||||||
|
- net-docker
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
mycertbot:
|
mycertbot:
|
||||||
image: certbot/dns-cloudflare
|
image: certbot/dns-cloudflare
|
||||||
|
@ -88,6 +99,7 @@ networks:
|
||||||
driver: default
|
driver: default
|
||||||
config:
|
config:
|
||||||
- subnet: 10.20.30.0/24
|
- subnet: 10.20.30.0/24
|
||||||
|
net-docker:
|
||||||
net_app1:
|
net_app1:
|
||||||
net_app2:
|
net_app2:
|
||||||
net_app3:
|
net_app3:
|
||||||
|
|
|
@ -45,11 +45,22 @@ services:
|
||||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||||
depends_on:
|
depends_on:
|
||||||
- mybunker
|
- mybunker
|
||||||
|
environment:
|
||||||
|
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||||
volumes:
|
volumes:
|
||||||
- bw-data:/data
|
- bw-data:/data
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
networks:
|
networks:
|
||||||
- bw-universe
|
- bw-universe
|
||||||
|
- net-docker
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
mycertbot:
|
mycertbot:
|
||||||
image: certbot/dns-digitalocean
|
image: certbot/dns-digitalocean
|
||||||
|
@ -88,6 +99,7 @@ networks:
|
||||||
driver: default
|
driver: default
|
||||||
config:
|
config:
|
||||||
- subnet: 10.20.30.0/24
|
- subnet: 10.20.30.0/24
|
||||||
|
net-docker:
|
||||||
net_app1:
|
net_app1:
|
||||||
net_app2:
|
net_app2:
|
||||||
net_app3:
|
net_app3:
|
||||||
|
|
|
@ -45,11 +45,22 @@ services:
|
||||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||||
depends_on:
|
depends_on:
|
||||||
- mybunker
|
- mybunker
|
||||||
|
environment:
|
||||||
|
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||||
volumes:
|
volumes:
|
||||||
- bw-data:/data
|
- bw-data:/data
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
networks:
|
networks:
|
||||||
- bw-universe
|
- bw-universe
|
||||||
|
- net-docker
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
mycertbot:
|
mycertbot:
|
||||||
image: certbot/dns-google
|
image: certbot/dns-google
|
||||||
|
@ -88,6 +99,7 @@ networks:
|
||||||
driver: default
|
driver: default
|
||||||
config:
|
config:
|
||||||
- subnet: 10.20.30.0/24
|
- subnet: 10.20.30.0/24
|
||||||
|
net-docker:
|
||||||
net_app1:
|
net_app1:
|
||||||
net_app2:
|
net_app2:
|
||||||
net_app3:
|
net_app3:
|
||||||
|
|
|
@ -45,11 +45,22 @@ services:
|
||||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||||
depends_on:
|
depends_on:
|
||||||
- mybunker
|
- mybunker
|
||||||
|
environment:
|
||||||
|
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||||
volumes:
|
volumes:
|
||||||
- bw-data:/data
|
- bw-data:/data
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
networks:
|
networks:
|
||||||
- bw-universe
|
- bw-universe
|
||||||
|
- net-docker
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
mycertbot:
|
mycertbot:
|
||||||
image: certbot/dns-ovh
|
image: certbot/dns-ovh
|
||||||
|
@ -88,6 +99,7 @@ networks:
|
||||||
driver: default
|
driver: default
|
||||||
config:
|
config:
|
||||||
- subnet: 10.20.30.0/24
|
- subnet: 10.20.30.0/24
|
||||||
|
net-docker:
|
||||||
net_app1:
|
net_app1:
|
||||||
net_app2:
|
net_app2:
|
||||||
net_app3:
|
net_app3:
|
||||||
|
|
|
@ -2,7 +2,7 @@ version: "3"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
mybunker:
|
mybunker:
|
||||||
image: bunkerity/bunkerweb:1.4.3
|
image: bunkerity/bunkerweb:1.5.0
|
||||||
ports:
|
ports:
|
||||||
- 80:8080
|
- 80:8080
|
||||||
- 443:8443
|
- 443:8443
|
||||||
|
@ -13,11 +13,12 @@ services:
|
||||||
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
|
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
|
||||||
# more info at https://docs.bunkerweb.io
|
# more info at https://docs.bunkerweb.io
|
||||||
volumes:
|
volumes:
|
||||||
- bw_data:/data
|
- bw-data:/data
|
||||||
- certs:/certs
|
- certs:/certs
|
||||||
environment:
|
environment:
|
||||||
- MULTISITE=yes
|
- MULTISITE=yes
|
||||||
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
|
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
|
||||||
|
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||||
- SERVE_FILES=no
|
- SERVE_FILES=no
|
||||||
- DISABLE_DEFAULT_SERVER=yes
|
- DISABLE_DEFAULT_SERVER=yes
|
||||||
- USE_CLIENT_CACHE=yes
|
- USE_CLIENT_CACHE=yes
|
||||||
|
@ -32,11 +33,35 @@ services:
|
||||||
- app2.example.com_REVERSE_PROXY_HOST=http://app2
|
- app2.example.com_REVERSE_PROXY_HOST=http://app2
|
||||||
- app3.example.com_REVERSE_PROXY_URL=/
|
- app3.example.com_REVERSE_PROXY_URL=/
|
||||||
- app3.example.com_REVERSE_PROXY_HOST=http://app3
|
- app3.example.com_REVERSE_PROXY_HOST=http://app3
|
||||||
|
labels:
|
||||||
|
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||||
networks:
|
networks:
|
||||||
|
- bw-universe
|
||||||
- net_app1
|
- net_app1
|
||||||
- net_app2
|
- net_app2
|
||||||
- net_app3
|
- net_app3
|
||||||
|
|
||||||
|
bbw-scheduler:
|
||||||
|
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||||
|
depends_on:
|
||||||
|
- mybunker
|
||||||
|
environment:
|
||||||
|
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||||
|
volumes:
|
||||||
|
- bw-data:/data
|
||||||
|
networks:
|
||||||
|
- bw-universe
|
||||||
|
- net-docker
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
mycertbot:
|
mycertbot:
|
||||||
image: certbot/dns-google
|
image: certbot/dns-google
|
||||||
environment:
|
environment:
|
||||||
|
@ -64,10 +89,17 @@ services:
|
||||||
- net_app3
|
- net_app3
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
bw_data:
|
bw-data:
|
||||||
certs:
|
certs:
|
||||||
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
|
bw-universe:
|
||||||
|
ipam:
|
||||||
|
driver: default
|
||||||
|
config:
|
||||||
|
- subnet: 10.20.30.0/24
|
||||||
|
net-docker:
|
||||||
net_app1:
|
net_app1:
|
||||||
net_app2:
|
net_app2:
|
||||||
net_app3:
|
net_app3:
|
||||||
|
|
|
@ -32,7 +32,7 @@ services:
|
||||||
- app3.example.com_REMOTE_PHP=myapp3
|
- app3.example.com_REMOTE_PHP=myapp3
|
||||||
- app3.example.com_REMOTE_PHP_PATH=/app
|
- app3.example.com_REMOTE_PHP_PATH=/app
|
||||||
labels:
|
labels:
|
||||||
- "bunkerweb.INSTANCE"
|
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||||
networks:
|
networks:
|
||||||
- bw-universe
|
- bw-universe
|
||||||
- net_app1
|
- net_app1
|
||||||
|
@ -43,11 +43,22 @@ services:
|
||||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||||
depends_on:
|
depends_on:
|
||||||
- mybunker
|
- mybunker
|
||||||
|
environment:
|
||||||
|
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||||
volumes:
|
volumes:
|
||||||
- ./bw-data:/data
|
- bw-data:/data
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
networks:
|
networks:
|
||||||
- bw-universe
|
- bw-universe
|
||||||
|
- net-docker
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
myapp1:
|
myapp1:
|
||||||
image: php:fpm
|
image: php:fpm
|
||||||
|
@ -88,6 +99,7 @@ networks:
|
||||||
driver: default
|
driver: default
|
||||||
config:
|
config:
|
||||||
- subnet: 10.20.30.0/24
|
- subnet: 10.20.30.0/24
|
||||||
|
net-docker:
|
||||||
net_app1:
|
net_app1:
|
||||||
net_app2:
|
net_app2:
|
||||||
net_app3:
|
net_app3:
|
||||||
|
|
|
@ -66,11 +66,22 @@ services:
|
||||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||||
depends_on:
|
depends_on:
|
||||||
- mybunker
|
- mybunker
|
||||||
|
environment:
|
||||||
|
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||||
volumes:
|
volumes:
|
||||||
- bw-data:/data
|
- bw-data:/data
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
networks:
|
networks:
|
||||||
- bw-universe
|
- bw-universe
|
||||||
|
- net-docker
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
myapp1:
|
myapp1:
|
||||||
image: tutum/hello-world
|
image: tutum/hello-world
|
||||||
|
@ -93,3 +104,4 @@ networks:
|
||||||
config:
|
config:
|
||||||
- subnet: 10.20.30.0/24
|
- subnet: 10.20.30.0/24
|
||||||
bw-services:
|
bw-services:
|
||||||
|
net-docker:
|
||||||
|
|
|
@ -34,7 +34,7 @@ services:
|
||||||
LIMIT_REQ_RATE_1: "5r/s"
|
LIMIT_REQ_RATE_1: "5r/s"
|
||||||
CUSTOM_CONF_MODSEC_CRS_drupal: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_drupal=1"'
|
CUSTOM_CONF_MODSEC_CRS_drupal: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_drupal=1"'
|
||||||
labels:
|
labels:
|
||||||
- "bunkerweb.INSTANCE"
|
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||||
networks:
|
networks:
|
||||||
- bw-universe
|
- bw-universe
|
||||||
- bw-services
|
- bw-services
|
||||||
|
@ -45,11 +45,21 @@ services:
|
||||||
- mybunker
|
- mybunker
|
||||||
environment:
|
environment:
|
||||||
<<: *bunkerweb-env
|
<<: *bunkerweb-env
|
||||||
|
DOCKER_HOST: "tcp://docker-proxy:2375"
|
||||||
volumes:
|
volumes:
|
||||||
- bw-data:/data
|
- bw-data:/data
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
networks:
|
networks:
|
||||||
- bw-universe
|
- bw-universe
|
||||||
|
- net-docker
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
mydrupal:
|
mydrupal:
|
||||||
image: drupal:9-apache
|
image: drupal:9-apache
|
||||||
|
@ -84,3 +94,4 @@ networks:
|
||||||
config:
|
config:
|
||||||
- subnet: 10.20.30.0/24
|
- subnet: 10.20.30.0/24
|
||||||
bw-services:
|
bw-services:
|
||||||
|
net-docker:
|
||||||
|
|
|
@ -1,9 +1,4 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ $(id -u) -ne 0 ] ; then
|
|
||||||
echo "❌ Run me as root"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
helm delete ghost
|
helm delete ghost
|
||||||
kubectl delete pvc data-ghost-mysql-0
|
kubectl delete pvc data-ghost-mysql-0
|
||||||
|
|
|
@ -2,7 +2,7 @@ version: "3"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
mybunker:
|
mybunker:
|
||||||
image: bunkerity/bunkerweb:1.4.3
|
image: bunkerity/bunkerweb:1.5.0
|
||||||
ports:
|
ports:
|
||||||
- 80:8080
|
- 80:8080
|
||||||
- 443:8443
|
- 443:8443
|
||||||
|
@ -13,9 +13,10 @@ services:
|
||||||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||||
# more info at https://docs.bunkerweb.io
|
# more info at https://docs.bunkerweb.io
|
||||||
volumes:
|
volumes:
|
||||||
- bw_data:/data
|
- bw-data:/data
|
||||||
environment:
|
environment:
|
||||||
- SERVER_NAME=www.example.com # replace with your domain
|
- SERVER_NAME=www.example.com # replace with your domain
|
||||||
|
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||||
- SERVE_FILES=no
|
- SERVE_FILES=no
|
||||||
- DISABLE_DEFAULT_SERVER=yes
|
- DISABLE_DEFAULT_SERVER=yes
|
||||||
- AUTO_LETS_ENCRYPT=yes
|
- AUTO_LETS_ENCRYPT=yes
|
||||||
|
@ -24,6 +25,32 @@ services:
|
||||||
- USE_REVERSE_PROXY=yes
|
- USE_REVERSE_PROXY=yes
|
||||||
- REVERSE_PROXY_URL=/
|
- REVERSE_PROXY_URL=/
|
||||||
- REVERSE_PROXY_HOST=http://myghost:2368
|
- REVERSE_PROXY_HOST=http://myghost:2368
|
||||||
|
labels:
|
||||||
|
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||||
|
networks:
|
||||||
|
- bw-universe
|
||||||
|
- bw-services
|
||||||
|
|
||||||
|
bw-scheduler:
|
||||||
|
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||||
|
depends_on:
|
||||||
|
- mybunker
|
||||||
|
environment:
|
||||||
|
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||||
|
volumes:
|
||||||
|
- bw-data:/data
|
||||||
|
networks:
|
||||||
|
- bw-universe
|
||||||
|
- net-docker
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
myghost:
|
myghost:
|
||||||
image: ghost:alpine
|
image: ghost:alpine
|
||||||
|
@ -32,6 +59,18 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- url=https://www.example.com # replace with your domain
|
- url=https://www.example.com # replace with your domain
|
||||||
- NODE_ENV=development
|
- NODE_ENV=development
|
||||||
|
networks:
|
||||||
|
- bw-services
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
bw_data:
|
bw-data:
|
||||||
|
|
||||||
|
|
||||||
|
networks:
|
||||||
|
bw-universe:
|
||||||
|
ipam:
|
||||||
|
driver: default
|
||||||
|
config:
|
||||||
|
- subnet: 10.20.30.0/24
|
||||||
|
bw-services:
|
||||||
|
net-docker:
|
||||||
|
|
|
@ -1,9 +1,4 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ $(id -u) -ne 0 ] ; then
|
|
||||||
echo "❌ Run me as root"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
helm repo add bitnami https://charts.bitnami.com/bitnami
|
helm repo add bitnami https://charts.bitnami.com/bitnami
|
||||||
helm install -f ghost-chart-values.yml ghost bitnami/ghost
|
helm install -f ghost-chart-values.yml ghost bitnami/ghost
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
"name": "ghost",
|
"name": "ghost",
|
||||||
"kinds": ["docker", "autoconf", "swarm", "kubernetes"],
|
"kinds": ["docker", "autoconf", "swarm", "kubernetes"],
|
||||||
"timeout": 60,
|
"timeout": 60,
|
||||||
"delay": 30,
|
"delay": 180,
|
||||||
"tests": [
|
"tests": [
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
|
|
|
@ -17,14 +17,7 @@ services:
|
||||||
- bunkerweb.REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
|
- bunkerweb.REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
|
||||||
- bunkerweb.MAX_CLIENT_SIZE=1G
|
- bunkerweb.MAX_CLIENT_SIZE=1G
|
||||||
- |
|
- |
|
||||||
bunkerweb.CUSTOM_CONF_MODSEC_CRS_gogs=
|
bunkerweb.CUSTOM_CONF_MODSEC_CRS_gogs=SecAction "id:900220,phase:1,nolog,pass,t:none,setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
|
||||||
SecAction \
|
|
||||||
"id:900220,\
|
|
||||||
phase:1,\
|
|
||||||
nolog,\
|
|
||||||
pass,\
|
|
||||||
t:none,\
|
|
||||||
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
bw-services:
|
bw-services:
|
||||||
|
|
|
@ -2,7 +2,7 @@ version: "3"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
mybunker:
|
mybunker:
|
||||||
image: bunkerity/bunkerweb:1.4.3
|
image: bunkerity/bunkerweb:1.5.0
|
||||||
ports:
|
ports:
|
||||||
- 80:8080
|
- 80:8080
|
||||||
- 443:8443
|
- 443:8443
|
||||||
|
@ -16,6 +16,7 @@ services:
|
||||||
- ./bw-data:/data # contains some Core Rule Set configuration to fix FP
|
- ./bw-data:/data # contains some Core Rule Set configuration to fix FP
|
||||||
environment:
|
environment:
|
||||||
- SERVER_NAME=www.example.com # replace with your domain
|
- SERVER_NAME=www.example.com # replace with your domain
|
||||||
|
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||||
- SERVE_FILES=no
|
- SERVE_FILES=no
|
||||||
- DISABLE_DEFAULT_SERVER=yes
|
- DISABLE_DEFAULT_SERVER=yes
|
||||||
- AUTO_LETS_ENCRYPT=yes
|
- AUTO_LETS_ENCRYPT=yes
|
||||||
|
@ -27,16 +28,46 @@ services:
|
||||||
- REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
|
- REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
|
||||||
- MAX_CLIENT_SIZE=1G
|
- MAX_CLIENT_SIZE=1G
|
||||||
- |
|
- |
|
||||||
CUSTOM_CONF_MODSEC_CRS_gogs=
|
CUSTOM_CONF_MODSEC_CRS_gogs=SecAction "id:900220,phase:1,nolog,pass,t:none,setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
|
||||||
SecAction \
|
labels:
|
||||||
"id:900220,\
|
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||||
phase:1,\
|
networks:
|
||||||
nolog,\
|
- bw-universe
|
||||||
pass,\
|
- bw-services
|
||||||
t:none,\
|
|
||||||
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
|
bw-scheduler:
|
||||||
|
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||||
|
depends_on:
|
||||||
|
- mybunker
|
||||||
|
environment:
|
||||||
|
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||||
|
volumes:
|
||||||
|
- bw-data:/data
|
||||||
|
networks:
|
||||||
|
- bw-universe
|
||||||
|
- net-docker
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
mygogs:
|
mygogs:
|
||||||
image: gogs/gogs
|
image: gogs/gogs
|
||||||
volumes:
|
volumes:
|
||||||
- ./gogs-data:/data
|
- ./gogs-data:/data
|
||||||
|
networks:
|
||||||
|
- bw-services
|
||||||
|
|
||||||
|
networks:
|
||||||
|
bw-universe:
|
||||||
|
ipam:
|
||||||
|
driver: default
|
||||||
|
config:
|
||||||
|
- subnet: 10.20.30.0/24
|
||||||
|
bw-services:
|
||||||
|
net-docker:
|
||||||
|
|
|
@ -27,13 +27,7 @@ metadata:
|
||||||
bunkerweb.io/CONFIG_SITE: "www.example.com"
|
bunkerweb.io/CONFIG_SITE: "www.example.com"
|
||||||
data:
|
data:
|
||||||
gogs.conf: |
|
gogs.conf: |
|
||||||
SecAction \
|
SecAction "id:900220,phase:1,nolog,pass,t:none,setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
|
||||||
"id:900220,\
|
|
||||||
phase:1,\
|
|
||||||
nolog,\
|
|
||||||
pass,\
|
|
||||||
t:none,\
|
|
||||||
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
|
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
|
|
|
@ -2,7 +2,7 @@ version: "3"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
mybunker:
|
mybunker:
|
||||||
image: bunkerity/bunkerweb:1.4.3
|
image: bunkerity/bunkerweb:1.5.0
|
||||||
# dropping all capabilities
|
# dropping all capabilities
|
||||||
cap_drop:
|
cap_drop:
|
||||||
- ALL
|
- ALL
|
||||||
|
@ -26,9 +26,10 @@ services:
|
||||||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||||
# more info at https://docs.bunkerweb.io
|
# more info at https://docs.bunkerweb.io
|
||||||
volumes:
|
volumes:
|
||||||
- bw_data:/data
|
- bw-data:/data
|
||||||
environment:
|
environment:
|
||||||
- SERVER_NAME=www.example.com # replace with your domain
|
- SERVER_NAME=www.example.com # replace with your domain
|
||||||
|
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||||
- AUTO_LETS_ENCRYPT=yes
|
- AUTO_LETS_ENCRYPT=yes
|
||||||
- DISABLE_DEFAULT_SERVER=yes
|
- DISABLE_DEFAULT_SERVER=yes
|
||||||
- USE_CLIENT_CACHE=yes
|
- USE_CLIENT_CACHE=yes
|
||||||
|
@ -37,9 +38,47 @@ services:
|
||||||
- REVERSE_PROXY_URL=/
|
- REVERSE_PROXY_URL=/
|
||||||
- REVERSE_PROXY_HOST=http://myapp
|
- REVERSE_PROXY_HOST=http://myapp
|
||||||
- REMOTE_PHP_PATH=/app
|
- REMOTE_PHP_PATH=/app
|
||||||
|
labels:
|
||||||
|
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||||
|
networks:
|
||||||
|
- bw-universe
|
||||||
|
- bw-services
|
||||||
|
|
||||||
|
bw-scheduler:
|
||||||
|
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||||
|
depends_on:
|
||||||
|
- mybunker
|
||||||
|
environment:
|
||||||
|
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||||
|
volumes:
|
||||||
|
- bw-data:/data
|
||||||
|
networks:
|
||||||
|
- bw-universe
|
||||||
|
- net-docker
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
myapp:
|
myapp:
|
||||||
image: tutum/hello-world
|
image: tutum/hello-world
|
||||||
|
networks:
|
||||||
|
- bw-services
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
bw_data:
|
bw-data:
|
||||||
|
|
||||||
|
|
||||||
|
networks:
|
||||||
|
bw-universe:
|
||||||
|
ipam:
|
||||||
|
driver: default
|
||||||
|
config:
|
||||||
|
- subnet: 10.20.30.0/24
|
||||||
|
bw-services:
|
||||||
|
net-docker:
|
||||||
|
|
|
@ -1,9 +1,4 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ $(id -u) -ne 0 ] ; then
|
|
||||||
echo "❌ Run me as root"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
helm delete joomla
|
helm delete joomla
|
||||||
kubectl delete pvc data-joomla-mariadb-0
|
kubectl delete pvc data-joomla-mariadb-0
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
version: "3"
|
version: "3"
|
||||||
|
|
||||||
|
x-bunkerweb-env:
|
||||||
|
&bunkerweb-env
|
||||||
|
DATABASE_URI: "mariadb+pymysql://${JOOMLA_USER:-user}:${JOOMLA_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
mybunker:
|
mybunker:
|
||||||
image: bunkerity/bunkerweb:1.4.3
|
image: bunkerity/bunkerweb:1.5.0
|
||||||
ports:
|
ports:
|
||||||
- 80:8080
|
- 80:8080
|
||||||
- 443:8443
|
- 443:8443
|
||||||
|
@ -13,21 +17,50 @@ services:
|
||||||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||||
# more info at https://docs.bunkerweb.io
|
# more info at https://docs.bunkerweb.io
|
||||||
volumes:
|
volumes:
|
||||||
- bw_data:/data
|
- bw-data:/data
|
||||||
environment:
|
environment:
|
||||||
- SERVER_NAME=www.example.com # replace with your domain
|
<<: *bunkerweb-env
|
||||||
- AUTO_LETS_ENCRYPT=yes
|
SERVER_NAME: "www.example.com" # replace with your domain
|
||||||
- DISABLE_DEFAULT_SERVER=yes
|
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
|
||||||
- MAX_CLIENT_SIZE=50m
|
AUTO_LETS_ENCRYPT: "yes"
|
||||||
- USE_CLIENT_CACHE=yes
|
DISABLE_DEFAULT_SERVER: "yes"
|
||||||
- USE_GZIP=yes
|
MAX_CLIENT_SIZE: "50m"
|
||||||
- USE_REVERSE_PROXY=yes
|
USE_CLIENT_CACHE: "yes"
|
||||||
- REVERSE_PROXY_URL=/
|
USE_GZIP: "yes"
|
||||||
- REVERSE_PROXY_HOST=http://myjoomla
|
USE_REVERSE_PROXY: "yes"
|
||||||
- LIMIT_REQ_URL_1=/administrator/
|
REVERSE_PROXY_URL: "/"
|
||||||
- LIMIT_REQ_RATE_1=8r/s
|
REVERSE_PROXY_HOST: "http://myjoomla"
|
||||||
- LIMIT_REQ_URL_2=/installation/index.php
|
LIMIT_REQ_URL_1: "/administrator/"
|
||||||
- LIMIT_REQ_RATE_2=8r/s
|
LIMIT_REQ_RATE_1: "8r/s"
|
||||||
|
LIMIT_REQ_URL_2: "/installation/index.php"
|
||||||
|
LIMIT_REQ_RATE_2: "8r/s"
|
||||||
|
labels:
|
||||||
|
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||||
|
networks:
|
||||||
|
- bw-universe
|
||||||
|
- bw-services
|
||||||
|
|
||||||
|
bw-scheduler:
|
||||||
|
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||||
|
depends_on:
|
||||||
|
- mybunker
|
||||||
|
environment:
|
||||||
|
<<: *bunkerweb-env
|
||||||
|
DOCKER_HOST: "tcp://docker-proxy:2375"
|
||||||
|
volumes:
|
||||||
|
- bw-data:/data
|
||||||
|
networks:
|
||||||
|
- bw-universe
|
||||||
|
- net-docker
|
||||||
|
|
||||||
|
docker-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- CONTAINERS=1
|
||||||
|
networks:
|
||||||
|
- net-docker
|
||||||
|
|
||||||
myjoomla:
|
myjoomla:
|
||||||
image: joomla:4-apache
|
image: joomla:4-apache
|
||||||
|
@ -35,19 +68,33 @@ services:
|
||||||
- ./joomla-files:/var/www/html
|
- ./joomla-files:/var/www/html
|
||||||
environment:
|
environment:
|
||||||
- JOOMLA_DB_HOST=mydb
|
- JOOMLA_DB_HOST=mydb
|
||||||
- JOOMLA_DB_NAME=joomla_db
|
- JOOMLA_DB_NAME=${JOOMLA_DATABASE:-joomladb}
|
||||||
- JOOMLA_DB_USER=user
|
- JOOMLA_DB_USER=${JOOMLA_USER:-user}
|
||||||
- JOOMLA_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
- JOOMLA_DB_PASSWORD=${JOOMLA_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
|
||||||
|
networks:
|
||||||
|
- bw-services
|
||||||
|
|
||||||
mydb:
|
mydb:
|
||||||
image: mariadb
|
image: mariadb
|
||||||
volumes:
|
volumes:
|
||||||
- ./db-data:/var/lib/mysql
|
- db-data:/var/lib/mysql
|
||||||
environment:
|
environment:
|
||||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
||||||
- MYSQL_DATABASE=joomla_db
|
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${JOOMLA_USER:-user}\"; CREATE USER \"${JOOMLA_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${JOOMLA_DATABASE:-joomladb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${JOOMLA_DATABASE:-joomladb}.* TO \"${JOOMLA_USER:-user}\"@\"%\" IDENTIFIED BY \"${JOOMLA_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${JOOMLA_USER:-user}\"@\"%\" IDENTIFIED BY \"${JOOMLA_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
|
||||||
- MYSQL_USER=user
|
networks:
|
||||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD)
|
- bw-universe
|
||||||
|
- bw-services
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
bw_data:
|
bw-data:
|
||||||
|
db-data:
|
||||||
|
|
||||||
|
|
||||||
|
networks:
|
||||||
|
bw-universe:
|
||||||
|
ipam:
|
||||||
|
driver: default
|
||||||
|
config:
|
||||||
|
- subnet: 10.20.30.0/24
|
||||||
|
bw-services:
|
||||||
|
net-docker:
|
||||||
|
|
|
@ -1,9 +1,4 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ $(id -u) -ne 0 ] ; then
|
|
||||||
echo "❌ Run me as root"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
helm repo add bitnami https://charts.bitnami.com/bitnami
|
helm repo add bitnami https://charts.bitnami.com/bitnami
|
||||||
helm install -f joomla-chart-values.yml joomla bitnami/joomla
|
helm install -f joomla-chart-values.yml joomla bitnami/joomla
|
||||||
|
|
Loading…
Reference in a new issue