librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

examples - polishing before next release

This commit is contained in:
bunkerity 2021-08-12 10:19:43 +02:00
parent 0ad5159a33
commit 83e7ce9cde
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
23 changed files with 228 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitmodules vendored
View File

@ -2,6 +2,6 @@
path = examples/crowdsec/bunkerized-nginx-crowdsec
url = https://github.com/bunkerity/bunkerized-nginx-crowdsec
[submodule "bunkerized-nginx-clamav"]
[submodule "examples/clamav/bunkerized-nginx-clamav"]
path = examples/clamav/bunkerized-nginx-clamav
url = https://github.com/bunkerity/bunkerized-nginx-clamav
url = https://github.com/bunkerity/bunkerized-nginx-clamav.git

8
examples/authelia/README.md
View File

@ -17,3 +17,11 @@ First of all, you will need to edit the configuration files inside the authelia
## Docker
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/authelia/docker-compose.yml).
## Docker autoconf
See [docker-compose.autoconf.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/authelia/docker-compose.autoconf.yml).
## Docker Swarm
See [docker-compose.swarm.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/authelia/docker-compose.swarm.yml).

70
examples/authelia/docker-compose.autoconf.yml Normal file
View File

@ -0,0 +1,70 @@
version: '3.3'
services:
authelia:
image: authelia/authelia
networks:
services-net:
aliases:
- authelia
volumes:
- ./authelia:/config
healthcheck:
disable: true
environment:
- TZ=France/Paris
labels:
- "bunkerized-nginx.SERVER_NAME=auth.example.com"
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://authelia:9091"
redis:
image: redis:alpine
networks:
services-net:
aliases:
- redis
volumes:
- ./redis:/data
environment:
- TZ=France/Paris
myapp1:
image: php:fpm
networks:
services-net:
aliases:
- myapp1
volumes:
- ./web-files/app1.example.com:/app
labels:
- "bunkerized-nginx.SERVER_NAME=app1.example.com"
- "bunkerized-nginx.USE_AUTHELIA=yes"
- "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com"
- "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091"
- "bunkerized-nginx.REMOTE_PHP=myapp1"
- "bunkerized-nginx.REMOTE_PHP_PATH=/app"
myapp2:
image: php:apache
networks:
services-net:
aliases:
- myapp2
volumes:
- ./web-files/app2.example.com:/var/www/html
labels:
- "bunkerized-nginx.SERVER_NAME=app2.example.com"
- "bunkerized-nginx.USE_AUTHELIA=yes"
- "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com"
- "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091"
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2"
networks:
services-net:
external:
name: services-net

82
examples/authelia/docker-compose.swarm.yml Normal file
View File

@ -0,0 +1,82 @@
version: '3.3'
services:
authelia:
image: authelia/authelia
networks:
services-net:
aliases:
- authelia
volumes:
- /shared/authelia:/config
healthcheck:
disable: true
environment:
- TZ=France/Paris
deploy:
placement:
constraints:
- "node.role==worker"
labels:
- "bunkerized-nginx.SERVER_NAME=auth.example.com"
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://authelia:9091"
redis:
image: redis:alpine
networks:
services-net:
aliases:
- redis
volumes:
- /shared/redis:/data
environment:
- TZ=France/Paris
myapp1:
image: php:fpm
networks:
services-net:
aliases:
- myapp1
volumes:
- /shared/www/app1.example.com:/app
deploy:
placement:
constraints:
- "node.role==worker"
labels:
- "bunkerized-nginx.SERVER_NAME=app1.example.com"
- "bunkerized-nginx.USE_AUTHELIA=yes"
- "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com"
- "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091"
- "bunkerized-nginx.REMOTE_PHP=myapp1"
- "bunkerized-nginx.REMOTE_PHP_PATH=/app"
myapp2:
image: php:apache
networks:
services-net:
aliases:
- myapp2
volumes:
- /shared/www/app2.example.com:/var/www/html
deploy:
placement:
constraints:
- "node.role==worker"
labels:
- "bunkerized-nginx.SERVER_NAME=app2.example.com"
- "bunkerized-nginx.USE_AUTHELIA=yes"
- "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com"
- "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091"
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2"
networks:
services-net:
external:
name: services-net

4
examples/autoconf-php/README.md
View File

@ -8,6 +8,6 @@ Quickly deploy PHP app on Docker containers without restarting bunkerized-nginx.
## Autoconf
First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-php/docker-compose-nginx.yml).
First of all, you need to setup the [Docker autoconf integration](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#docker-autoconf).
Then, you can add and remove PHP apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose-php.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-php/docker-compose-php.yml).
Then, you can add and remove PHP apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-php/docker-compose.yml).

44
examples/autoconf-php/docker-compose-nginx.yml
View File

@ -1,44 +0,0 @@
version: '3'
services:
mywww:
image: bunkerity/bunkerized-nginx
restart: always
ports:
- 80:8080
- 443:8443
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
volumes:
- ./letsencrypt:/etc/letsencrypt
- ./web-files:/www:ro
- autoconf:/etc/nginx
environment:
- SERVER_NAME= # must be left blank if you don't want to setup "static" conf
- MULTISITE=yes
- AUTO_LETS_ENCRYPT=yes
- REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
labels:
- "bunkerized-nginx.AUTOCONF"
networks:
- myphpnet
myautoconf:
image: bunkerity/bunkerized-nginx-autoconf
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- autoconf:/etc/nginx
depends_on:
- mywww
volumes:
autoconf:
networks:
myphpnet:
name: myphpnet

31
examples/autoconf-php/docker-compose-php.yml → examples/autoconf-php/docker-compose.yml
View File

@ -4,47 +4,44 @@ services:
myapp1:
image: php:fpm
restart: always
networks:
services-net:
aliases:
- myapp1
volumes:
- ./web-files/app1.example.com:/app
labels:
- "bunkerized-nginx.SERVER_NAME=app1.example.com" # replace with your domain
- "bunkerized-nginx.REMOTE_PHP=myapp1"
- "bunkerized-nginx.REMOTE_PHP_PATH=/app"
networks:
myphpnet:
aliases:
- myapp1
myapp2:
image: php:fpm
restart: always
networks:
services-net:
aliases:
- myapp2
volumes:
- ./web-files/app2.example.com:/app
labels:
- "bunkerized-nginx.SERVER_NAME=app2.example.com" # replace with your domain
- "bunkerized-nginx.REMOTE_PHP=myapp2"
- "bunkerized-nginx.REMOTE_PHP_PATH=/app"
networks:
myphpnet:
aliases:
- myapp2
myapp3:
image: php:fpm
restart: always
networks:
services-net:
aliases:
- myapp3
volumes:
- ./web-files/app3.example.com:/app
labels:
- "bunkerized-nginx.SERVER_NAME=app3.example.com" # replace with your domain
- "bunkerized-nginx.REMOTE_PHP=myapp3"
- "bunkerized-nginx.REMOTE_PHP_PATH=/app"
networks:
myphpnet:
aliases:
- myapp3
networks:
myphpnet:
services-net:
external:
name: myphpnet
name: services-net

4
examples/autoconf-reverse-proxy/README.md
View File

@ -8,6 +8,6 @@ Quickly deploy web app on Docker containers without restarting bunkerized-nginx.
## Autoconf
First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-nginx.yml).
First of all, you need to setup the [Docker autoconf integration](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#docker-autoconf).
Then, you can add and remove web apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose-apps.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-apps.yml).
Then, you can add and remove web apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose.yml).

45
examples/autoconf-reverse-proxy/docker-compose-nginx.yml
View File

@ -1,45 +0,0 @@
version: '3'
services:
mywww:
image: bunkerity/bunkerized-nginx
restart: always
ports:
- 80:8080
- 443:8443
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
volumes:
- ./letsencrypt:/etc/letsencrypt
- autoconf:/etc/nginx
environment:
- SERVER_NAME= # must be left blank if you don't want to setup "static" conf
- MULTISITE=yes
- AUTO_LETS_ENCRYPT=yes
- REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
- USE_PROXY_CACHE=yes
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
labels:
- "bunkerized-nginx.AUTOCONF"
networks:
- myappnet
myautoconf:
image: bunkerity/bunkerized-nginx-autoconf
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- autoconf:/etc/nginx
depends_on:
- mywww
volumes:
autoconf:
networks:
myappnet:
name: myappnet

31
examples/autoconf-reverse-proxy/docker-compose-apps.yml → examples/autoconf-reverse-proxy/docker-compose.yml
View File

@ -4,47 +4,44 @@ services:
myapp1:
build: js-app
restart: always
networks:
services-net:
aliases:
- myapp1
environment:
- NODE_ENV=production
labels:
- "bunkerized-nginx.SERVER_NAME=app1.example.com" # replace with your domain
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp1:3000"
networks:
myappnet:
aliases:
- myapp1
myapp2:
build: js-app
restart: always
networks:
services-net:
aliases:
- myapp2
environment:
- NODE_ENV=production
labels:
- "bunkerized-nginx.SERVER_NAME=app2.example.com" # replace with your domain
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2:3000"
networks:
myappnet:
aliases:
- myapp2
myapp3:
build: js-app
restart: always
networks:
services-net:
aliases:
- myapp3
environment:
- NODE_ENV=production
labels:
- "bunkerized-nginx.SERVER_NAME=app3.example.com" # replace with your domain
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp3:3000"
networks:
myappnet:
aliases:
- myapp3
networks:
myphpnet:
services-net:
external:
name: myphpnet
name: services-net

1
examples/basic-website-with-php/docker-compose.yml
View File

@ -4,7 +4,6 @@ services:
mywww:
image: bunkerity/bunkerized-nginx
restart: always
depends_on:
- myphp
ports:

4
examples/basic-website-with-php/variables.env
View File

@ -6,5 +6,5 @@ REDIRECT_HTTP_TO_HTTPS=yes
DISABLE_DEFAULT_SERVER=yes
USE_CLIENT_CACHE=yes
USE_GZIP=yes
REMOTE_PHP=localhost
REMOTE_PHP_PATH=/opt/bunkerized-nginx/www
LOCAL_PHP=/run/php/php7.3-fpm.sock
LOCAL_PHP_PATH=/opt/bunkerize-nginx/www

1
examples/clamav/bunkerized-nginx-clamav Submodule

@ -0,0 +1 @@
Subproject commit a48ee83b95a5f91cd7d7084b34068e6ecf28f23d

2
examples/clamav/docker-compose.yml
View File

@ -15,7 +15,7 @@ services:
volumes:
- ./web-files:/www:ro
- ./letsencrypt:/etc/letsencrypt
- ./bunkerized-nginx-clamav:/plugins/clamav:ro # you will need to download the plugin see download-plugin.sh
- ./bunkerized-nginx-clamav:/plugins/clamav # you will need to download the plugin see download-plugin.sh
environment:
- SERVER_NAME=www.example.com # replace with your domain
- AUTO_LETS_ENCRYPT=yes

6
examples/kubernetes/README.md
View File

@ -1,15 +1,11 @@
# Kubernetes
Various examples on how to use bunkerized-nginx within a Kubernetes cluster. See the [Kubernetes section of the documentation](#TODO) for more information.
Basic examples on how to use bunkerized-nginx within a Kubernetes cluster. See the [Kubernetes integration section of the documentation](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#kubernetes) for more information.
## Architecture
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/kubernetes/architecture.png?raw=true" />
## Configuration
We will assume that you have setup the [bunkerized-nginx ingress controller](#TODO) inside your cluster.
## Kubernetes
See [ingress.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/ingress.yml), [php.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/php.yml) and [reverse-proxy.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/reverse-proxy.yml).

8
examples/swarm-redis/README.md
View File

@ -1,6 +1,6 @@
# Swarm wit hredis
# Swarm with redis
Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster and use redis to distribute the blacklists. See the [Docker Swarm](#TODO) section of the documentation for more information.
Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster and use redis to distribute the blacklists. See the [Docker Swarm integration section of the documentation](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#docker-swarm) for more information.
## Architecture
@ -11,8 +11,8 @@ Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm c
This example uses two overlay networks needed by the services :
```shell
$ docker network create -d overlay --attachable net_config
$ docker network create -d overlay --attachable net_services
$ docker network create -d overlay --attachable config-net
$ docker network create -d overlay --attachable services-net
```
First you need to create the redis service : see [redis.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/swarm-redis/redis.yml).

16
examples/swarm-redis/nginx-autoconf.yml
View File

@ -18,7 +18,7 @@ services:
- SWARM_MODE=yes
- API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from nginx
networks:
- net_config
- config-net
deploy:
replicas: 1
placement:
@ -59,8 +59,8 @@ services:
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
networks:
- net_config
- net_services
- config-net
- services-net
deploy:
mode: global
placement:
@ -70,7 +70,9 @@ services:
- "bunkerized-nginx.AUTOCONF"
networks:
net_config:
external: true
net_services:
external: true
config-net:
external:
name: config-net
services-net:
external:
name: services-net

7
examples/swarm-redis/redis.yml
View File

@ -5,7 +5,7 @@ services:
redis:
image: redis:alpine
networks:
- net_config
- config-net
deploy:
replicas: 1
placement:
@ -13,5 +13,6 @@ services:
- "node.role==worker"
networks:
net_config:
external: true
config-net:
external:
name: config-net

9
examples/swarm-redis/services.yml
View File

@ -7,7 +7,7 @@ services:
volumes:
- /shared/www/app1.example.com:/www
networks:
- net_services
- services-net
deploy:
replicas: 1
placement:
@ -24,7 +24,7 @@ services:
- PMA_ARBITRARY=1
- PMA_ABSOLUTE_URI=https://app2.example.com
networks:
- net_services
- services-net
deploy:
replicas: 1
placement:
@ -38,5 +38,6 @@ services:
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://app2"
networks:
net_services:
external: true
services-net:
external:
name: services-net

11
examples/swarm/README.md
View File

@ -1,6 +1,6 @@
# Swarm
Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster. See the [Docker Swarm](#TODO) section of the documentation for more information.
Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster. See the [Docker Swarm integration section of the documentation](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#docker-swarm) for more information.
## Architecture
@ -8,13 +8,6 @@ Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm c
## Swarm
This example uses two overlay networks needed by the services :
```shell
$ docker network create -d overlay --attachable net_config
$ docker network create -d overlay --attachable net_services
```
First you will need to setup bunkerized-nginx and the autoconf with Swarm mode activated : see [nginx-autoconf.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/swarm/nginx-autoconf.yml).
We assume that you've installed bunkerized-nginx and the autoconf on service on your Docker Swarm cluster.
Then you can add and delete your web services and autoconf will automatically generate the configuration based on your labels : see [services.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/swarm/services.yml).

74
examples/swarm/nginx-autoconf.yml
View File

@ -1,74 +0,0 @@
version: '3.8'
services:
autoconf:
image: bunkerity/bunkerized-nginx-autoconf
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /shared/confs:/etc/nginx
- /shared/letsencrypt:/etc/letsencrypt
- /shared/acme-challenge:/acme-challenge
- /shared/cache:/cache
- /shared/modsec-confs:/modsec-confs:ro
- /shared/modsec-crs-confs:/modsec-crs-confs:ro
environment:
- SWARM_MODE=yes
- API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from nginx
networks:
- net_config
deploy:
replicas: 1
placement:
constraints:
- "node.role==manager"
nginx:
image: bunkerity/bunkerized-nginx
ports:
- published: 80
target: 8080
mode: host
protocol: tcp
- published: 443
target: 8443
mode: host
protocol: tcp
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
volumes:
- /shared/confs:/etc/nginx:ro
- /shared/letsencrypt:/etc/letsencrypt:ro
- /shared/acme-challenge:/acme-challenge:ro
- /shared/www:/www:ro
- /shared/cache:/cache:ro
- /shared/modsec-confs:/modsec-confs:ro
- /shared/modsec-crs-confs:/modsec-crs-confs:ro
environment:
- SWARM_MODE=yes
- USE_API=yes
- API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from autoconf
- MULTISITE=yes
- SERVER_NAME=
- AUTO_LETS_ENCRYPT=yes
- REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
networks:
- net_config
- net_services
deploy:
mode: global
placement:
constraints:
- "node.role==worker"
labels:
- "bunkerized-nginx.AUTOCONF"
networks:
net_config:
external: true
net_services:
external: true

9
examples/swarm/services.yml
View File

@ -7,7 +7,7 @@ services:
volumes:
- /shared/www/app1.example.com:/www
networks:
- net_services
- services-net
deploy:
replicas: 1
placement:
@ -24,7 +24,7 @@ services:
- PMA_ARBITRARY=1
- PMA_ABSOLUTE_URI=https://app2.example.com
networks:
- net_services
- services-net
deploy:
replicas: 1
placement:
@ -38,5 +38,6 @@ services:
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://app2"
networks:
net_services:
external: true
services-net:
external:
name: services-net

12
examples/web-ui/README.md
View File

@ -9,15 +9,3 @@ Use the web UI panel to configure your bunkerized-nginx instances.
## Docker
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/web-ui/docker-compose.yml).
## Linux
TODO
## Autoconf
TODO
## Swarm
TODO