examples - polishing before next release
This commit is contained in:
parent
0ad5159a33
commit
83e7ce9cde
|
@ -2,6 +2,6 @@
|
|||
path = examples/crowdsec/bunkerized-nginx-crowdsec
|
||||
url = https://github.com/bunkerity/bunkerized-nginx-crowdsec
|
||||
|
||||
[submodule "bunkerized-nginx-clamav"]
|
||||
[submodule "examples/clamav/bunkerized-nginx-clamav"]
|
||||
path = examples/clamav/bunkerized-nginx-clamav
|
||||
url = https://github.com/bunkerity/bunkerized-nginx-clamav
|
||||
url = https://github.com/bunkerity/bunkerized-nginx-clamav.git
|
||||
|
|
|
@ -17,3 +17,11 @@ First of all, you will need to edit the configuration files inside the authelia
|
|||
## Docker
|
||||
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/authelia/docker-compose.yml).
|
||||
|
||||
## Docker autoconf
|
||||
|
||||
See [docker-compose.autoconf.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/authelia/docker-compose.autoconf.yml).
|
||||
|
||||
## Docker Swarm
|
||||
|
||||
See [docker-compose.swarm.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/authelia/docker-compose.swarm.yml).
|
||||
|
|
|
@ -0,0 +1,70 @@
|
|||
version: '3.3'
|
||||
|
||||
services:
|
||||
|
||||
authelia:
|
||||
image: authelia/authelia
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- authelia
|
||||
volumes:
|
||||
- ./authelia:/config
|
||||
healthcheck:
|
||||
disable: true
|
||||
environment:
|
||||
- TZ=France/Paris
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=auth.example.com"
|
||||
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://authelia:9091"
|
||||
|
||||
redis:
|
||||
image: redis:alpine
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- redis
|
||||
volumes:
|
||||
- ./redis:/data
|
||||
environment:
|
||||
- TZ=France/Paris
|
||||
|
||||
myapp1:
|
||||
image: php:fpm
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- myapp1
|
||||
volumes:
|
||||
- ./web-files/app1.example.com:/app
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app1.example.com"
|
||||
- "bunkerized-nginx.USE_AUTHELIA=yes"
|
||||
- "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com"
|
||||
- "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091"
|
||||
- "bunkerized-nginx.REMOTE_PHP=myapp1"
|
||||
- "bunkerized-nginx.REMOTE_PHP_PATH=/app"
|
||||
|
||||
myapp2:
|
||||
image: php:apache
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- myapp2
|
||||
volumes:
|
||||
- ./web-files/app2.example.com:/var/www/html
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app2.example.com"
|
||||
- "bunkerized-nginx.USE_AUTHELIA=yes"
|
||||
- "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com"
|
||||
- "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091"
|
||||
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2"
|
||||
|
||||
networks:
|
||||
services-net:
|
||||
external:
|
||||
name: services-net
|
|
@ -0,0 +1,82 @@
|
|||
version: '3.3'
|
||||
|
||||
services:
|
||||
|
||||
authelia:
|
||||
image: authelia/authelia
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- authelia
|
||||
volumes:
|
||||
- /shared/authelia:/config
|
||||
healthcheck:
|
||||
disable: true
|
||||
environment:
|
||||
- TZ=France/Paris
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=auth.example.com"
|
||||
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://authelia:9091"
|
||||
|
||||
redis:
|
||||
image: redis:alpine
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- redis
|
||||
volumes:
|
||||
- /shared/redis:/data
|
||||
environment:
|
||||
- TZ=France/Paris
|
||||
|
||||
myapp1:
|
||||
image: php:fpm
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- myapp1
|
||||
volumes:
|
||||
- /shared/www/app1.example.com:/app
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app1.example.com"
|
||||
- "bunkerized-nginx.USE_AUTHELIA=yes"
|
||||
- "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com"
|
||||
- "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091"
|
||||
- "bunkerized-nginx.REMOTE_PHP=myapp1"
|
||||
- "bunkerized-nginx.REMOTE_PHP_PATH=/app"
|
||||
|
||||
myapp2:
|
||||
image: php:apache
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- myapp2
|
||||
volumes:
|
||||
- /shared/www/app2.example.com:/var/www/html
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app2.example.com"
|
||||
- "bunkerized-nginx.USE_AUTHELIA=yes"
|
||||
- "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com"
|
||||
- "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091"
|
||||
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2"
|
||||
|
||||
networks:
|
||||
services-net:
|
||||
external:
|
||||
name: services-net
|
|
@ -8,6 +8,6 @@ Quickly deploy PHP app on Docker containers without restarting bunkerized-nginx.
|
|||
|
||||
## Autoconf
|
||||
|
||||
First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-php/docker-compose-nginx.yml).
|
||||
First of all, you need to setup the [Docker autoconf integration](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#docker-autoconf).
|
||||
|
||||
Then, you can add and remove PHP apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose-php.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-php/docker-compose-php.yml).
|
||||
Then, you can add and remove PHP apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-php/docker-compose.yml).
|
||||
|
|
|
@ -1,44 +0,0 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
mywww:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./web-files:/www:ro
|
||||
- autoconf:/etc/nginx
|
||||
environment:
|
||||
- SERVER_NAME= # must be left blank if you don't want to setup "static" conf
|
||||
- MULTISITE=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
labels:
|
||||
- "bunkerized-nginx.AUTOCONF"
|
||||
networks:
|
||||
- myphpnet
|
||||
|
||||
myautoconf:
|
||||
image: bunkerity/bunkerized-nginx-autoconf
|
||||
restart: always
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- autoconf:/etc/nginx
|
||||
depends_on:
|
||||
- mywww
|
||||
|
||||
volumes:
|
||||
autoconf:
|
||||
|
||||
networks:
|
||||
myphpnet:
|
||||
name: myphpnet
|
|
@ -4,47 +4,44 @@ services:
|
|||
|
||||
myapp1:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- myapp1
|
||||
volumes:
|
||||
- ./web-files/app1.example.com:/app
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app1.example.com" # replace with your domain
|
||||
- "bunkerized-nginx.REMOTE_PHP=myapp1"
|
||||
- "bunkerized-nginx.REMOTE_PHP_PATH=/app"
|
||||
networks:
|
||||
myphpnet:
|
||||
aliases:
|
||||
- myapp1
|
||||
|
||||
myapp2:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- myapp2
|
||||
volumes:
|
||||
- ./web-files/app2.example.com:/app
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app2.example.com" # replace with your domain
|
||||
- "bunkerized-nginx.REMOTE_PHP=myapp2"
|
||||
- "bunkerized-nginx.REMOTE_PHP_PATH=/app"
|
||||
networks:
|
||||
myphpnet:
|
||||
aliases:
|
||||
- myapp2
|
||||
|
||||
myapp3:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- myapp3
|
||||
volumes:
|
||||
- ./web-files/app3.example.com:/app
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app3.example.com" # replace with your domain
|
||||
- "bunkerized-nginx.REMOTE_PHP=myapp3"
|
||||
- "bunkerized-nginx.REMOTE_PHP_PATH=/app"
|
||||
networks:
|
||||
myphpnet:
|
||||
aliases:
|
||||
- myapp3
|
||||
|
||||
networks:
|
||||
myphpnet:
|
||||
services-net:
|
||||
external:
|
||||
name: myphpnet
|
||||
name: services-net
|
|
@ -8,6 +8,6 @@ Quickly deploy web app on Docker containers without restarting bunkerized-nginx.
|
|||
|
||||
## Autoconf
|
||||
|
||||
First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-nginx.yml).
|
||||
First of all, you need to setup the [Docker autoconf integration](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#docker-autoconf).
|
||||
|
||||
Then, you can add and remove web apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose-apps.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-apps.yml).
|
||||
Then, you can add and remove web apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose.yml).
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
mywww:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- autoconf:/etc/nginx
|
||||
environment:
|
||||
- SERVER_NAME= # must be left blank if you don't want to setup "static" conf
|
||||
- MULTISITE=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_PROXY_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
labels:
|
||||
- "bunkerized-nginx.AUTOCONF"
|
||||
networks:
|
||||
- myappnet
|
||||
|
||||
myautoconf:
|
||||
image: bunkerity/bunkerized-nginx-autoconf
|
||||
restart: always
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- autoconf:/etc/nginx
|
||||
depends_on:
|
||||
- mywww
|
||||
|
||||
volumes:
|
||||
autoconf:
|
||||
|
||||
networks:
|
||||
myappnet:
|
||||
name: myappnet
|
|
@ -4,47 +4,44 @@ services:
|
|||
|
||||
myapp1:
|
||||
build: js-app
|
||||
restart: always
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- myapp1
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app1.example.com" # replace with your domain
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp1:3000"
|
||||
networks:
|
||||
myappnet:
|
||||
aliases:
|
||||
- myapp1
|
||||
|
||||
myapp2:
|
||||
build: js-app
|
||||
restart: always
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- myapp2
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app2.example.com" # replace with your domain
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2:3000"
|
||||
networks:
|
||||
myappnet:
|
||||
aliases:
|
||||
- myapp2
|
||||
|
||||
myapp3:
|
||||
build: js-app
|
||||
restart: always
|
||||
networks:
|
||||
services-net:
|
||||
aliases:
|
||||
- myapp3
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
labels:
|
||||
- "bunkerized-nginx.SERVER_NAME=app3.example.com" # replace with your domain
|
||||
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
|
||||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp3:3000"
|
||||
networks:
|
||||
myappnet:
|
||||
aliases:
|
||||
- myapp3
|
||||
|
||||
networks:
|
||||
myphpnet:
|
||||
services-net:
|
||||
external:
|
||||
name: myphpnet
|
||||
name: services-net
|
|
@ -4,7 +4,6 @@ services:
|
|||
|
||||
mywww:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
depends_on:
|
||||
- myphp
|
||||
ports:
|
||||
|
|
|
@ -6,5 +6,5 @@ REDIRECT_HTTP_TO_HTTPS=yes
|
|||
DISABLE_DEFAULT_SERVER=yes
|
||||
USE_CLIENT_CACHE=yes
|
||||
USE_GZIP=yes
|
||||
REMOTE_PHP=localhost
|
||||
REMOTE_PHP_PATH=/opt/bunkerized-nginx/www
|
||||
LOCAL_PHP=/run/php/php7.3-fpm.sock
|
||||
LOCAL_PHP_PATH=/opt/bunkerize-nginx/www
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
Subproject commit a48ee83b95a5f91cd7d7084b34068e6ecf28f23d
|
|
@ -15,7 +15,7 @@ services:
|
|||
volumes:
|
||||
- ./web-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./bunkerized-nginx-clamav:/plugins/clamav:ro # you will need to download the plugin see download-plugin.sh
|
||||
- ./bunkerized-nginx-clamav:/plugins/clamav # you will need to download the plugin see download-plugin.sh
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
|
|
|
@ -1,15 +1,11 @@
|
|||
# Kubernetes
|
||||
|
||||
Various examples on how to use bunkerized-nginx within a Kubernetes cluster. See the [Kubernetes section of the documentation](#TODO) for more information.
|
||||
Basic examples on how to use bunkerized-nginx within a Kubernetes cluster. See the [Kubernetes integration section of the documentation](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#kubernetes) for more information.
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/kubernetes/architecture.png?raw=true" />
|
||||
|
||||
## Configuration
|
||||
|
||||
We will assume that you have setup the [bunkerized-nginx ingress controller](#TODO) inside your cluster.
|
||||
|
||||
## Kubernetes
|
||||
|
||||
See [ingress.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/ingress.yml), [php.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/php.yml) and [reverse-proxy.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/reverse-proxy.yml).
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Swarm wit hredis
|
||||
# Swarm with redis
|
||||
|
||||
Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster and use redis to distribute the blacklists. See the [Docker Swarm](#TODO) section of the documentation for more information.
|
||||
Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster and use redis to distribute the blacklists. See the [Docker Swarm integration section of the documentation](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#docker-swarm) for more information.
|
||||
|
||||
## Architecture
|
||||
|
||||
|
@ -11,8 +11,8 @@ Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm c
|
|||
This example uses two overlay networks needed by the services :
|
||||
|
||||
```shell
|
||||
$ docker network create -d overlay --attachable net_config
|
||||
$ docker network create -d overlay --attachable net_services
|
||||
$ docker network create -d overlay --attachable config-net
|
||||
$ docker network create -d overlay --attachable services-net
|
||||
```
|
||||
|
||||
First you need to create the redis service : see [redis.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/swarm-redis/redis.yml).
|
||||
|
|
|
@ -18,7 +18,7 @@ services:
|
|||
- SWARM_MODE=yes
|
||||
- API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from nginx
|
||||
networks:
|
||||
- net_config
|
||||
- config-net
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
|
@ -59,8 +59,8 @@ services:
|
|||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
networks:
|
||||
- net_config
|
||||
- net_services
|
||||
- config-net
|
||||
- services-net
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
|
@ -70,7 +70,9 @@ services:
|
|||
- "bunkerized-nginx.AUTOCONF"
|
||||
|
||||
networks:
|
||||
net_config:
|
||||
external: true
|
||||
net_services:
|
||||
external: true
|
||||
config-net:
|
||||
external:
|
||||
name: config-net
|
||||
services-net:
|
||||
external:
|
||||
name: services-net
|
||||
|
|
|
@ -5,7 +5,7 @@ services:
|
|||
redis:
|
||||
image: redis:alpine
|
||||
networks:
|
||||
- net_config
|
||||
- config-net
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
|
@ -13,5 +13,6 @@ services:
|
|||
- "node.role==worker"
|
||||
|
||||
networks:
|
||||
net_config:
|
||||
external: true
|
||||
config-net:
|
||||
external:
|
||||
name: config-net
|
||||
|
|
|
@ -7,7 +7,7 @@ services:
|
|||
volumes:
|
||||
- /shared/www/app1.example.com:/www
|
||||
networks:
|
||||
- net_services
|
||||
- services-net
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
|
@ -24,7 +24,7 @@ services:
|
|||
- PMA_ARBITRARY=1
|
||||
- PMA_ABSOLUTE_URI=https://app2.example.com
|
||||
networks:
|
||||
- net_services
|
||||
- services-net
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
|
@ -38,5 +38,6 @@ services:
|
|||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://app2"
|
||||
|
||||
networks:
|
||||
net_services:
|
||||
external: true
|
||||
services-net:
|
||||
external:
|
||||
name: services-net
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Swarm
|
||||
|
||||
Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster. See the [Docker Swarm](#TODO) section of the documentation for more information.
|
||||
Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster. See the [Docker Swarm integration section of the documentation](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#docker-swarm) for more information.
|
||||
|
||||
## Architecture
|
||||
|
||||
|
@ -8,13 +8,6 @@ Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm c
|
|||
|
||||
## Swarm
|
||||
|
||||
This example uses two overlay networks needed by the services :
|
||||
|
||||
```shell
|
||||
$ docker network create -d overlay --attachable net_config
|
||||
$ docker network create -d overlay --attachable net_services
|
||||
```
|
||||
|
||||
First you will need to setup bunkerized-nginx and the autoconf with Swarm mode activated : see [nginx-autoconf.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/swarm/nginx-autoconf.yml).
|
||||
We assume that you've installed bunkerized-nginx and the autoconf on service on your Docker Swarm cluster.
|
||||
|
||||
Then you can add and delete your web services and autoconf will automatically generate the configuration based on your labels : see [services.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/swarm/services.yml).
|
||||
|
|
|
@ -1,74 +0,0 @@
|
|||
version: '3.8'
|
||||
|
||||
services:
|
||||
|
||||
autoconf:
|
||||
image: bunkerity/bunkerized-nginx-autoconf
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- /shared/confs:/etc/nginx
|
||||
- /shared/letsencrypt:/etc/letsencrypt
|
||||
- /shared/acme-challenge:/acme-challenge
|
||||
- /shared/cache:/cache
|
||||
- /shared/modsec-confs:/modsec-confs:ro
|
||||
- /shared/modsec-crs-confs:/modsec-crs-confs:ro
|
||||
environment:
|
||||
- SWARM_MODE=yes
|
||||
- API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from nginx
|
||||
networks:
|
||||
- net_config
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==manager"
|
||||
|
||||
nginx:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
ports:
|
||||
- published: 80
|
||||
target: 8080
|
||||
mode: host
|
||||
protocol: tcp
|
||||
- published: 443
|
||||
target: 8443
|
||||
mode: host
|
||||
protocol: tcp
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- /shared/confs:/etc/nginx:ro
|
||||
- /shared/letsencrypt:/etc/letsencrypt:ro
|
||||
- /shared/acme-challenge:/acme-challenge:ro
|
||||
- /shared/www:/www:ro
|
||||
- /shared/cache:/cache:ro
|
||||
- /shared/modsec-confs:/modsec-confs:ro
|
||||
- /shared/modsec-crs-confs:/modsec-crs-confs:ro
|
||||
environment:
|
||||
- SWARM_MODE=yes
|
||||
- USE_API=yes
|
||||
- API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from autoconf
|
||||
- MULTISITE=yes
|
||||
- SERVER_NAME=
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
networks:
|
||||
- net_config
|
||||
- net_services
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
labels:
|
||||
- "bunkerized-nginx.AUTOCONF"
|
||||
|
||||
networks:
|
||||
net_config:
|
||||
external: true
|
||||
net_services:
|
||||
external: true
|
|
@ -7,7 +7,7 @@ services:
|
|||
volumes:
|
||||
- /shared/www/app1.example.com:/www
|
||||
networks:
|
||||
- net_services
|
||||
- services-net
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
|
@ -24,7 +24,7 @@ services:
|
|||
- PMA_ARBITRARY=1
|
||||
- PMA_ABSOLUTE_URI=https://app2.example.com
|
||||
networks:
|
||||
- net_services
|
||||
- services-net
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
|
@ -38,5 +38,6 @@ services:
|
|||
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://app2"
|
||||
|
||||
networks:
|
||||
net_services:
|
||||
external: true
|
||||
services-net:
|
||||
external:
|
||||
name: services-net
|
||||
|
|
|
@ -9,15 +9,3 @@ Use the web UI panel to configure your bunkerized-nginx instances.
|
|||
## Docker
|
||||
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/web-ui/docker-compose.yml).
|
||||
|
||||
## Linux
|
||||
|
||||
TODO
|
||||
|
||||
## Autoconf
|
||||
|
||||
TODO
|
||||
|
||||
## Swarm
|
||||
|
||||
TODO
|
||||
|
|
Loading…
Reference in New Issue