multisite examples and certbot renew fix
This commit is contained in:
parent
1abe1da89e
commit
8cdc155ac0
|
@ -0,0 +1,62 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
mywww:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./web-files:/www
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./server-confs:/server-confs
|
||||
environment:
|
||||
- SERVER_NAME=app1.website.com app2.website.com app3.website.com # replace with your domains
|
||||
- MULTISITE=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- app1.website.com_REMOTE_PHP=myapp1
|
||||
- app1.website.com_REMOTE_PHP_PATH=/app
|
||||
- app2.website.com_REMOTE_PHP=myapp2
|
||||
- app2.website.com_REMOTE_PHP_PATH=/app
|
||||
- app3.website.com_SERVE_FILES=no
|
||||
networks:
|
||||
- net1
|
||||
- net2
|
||||
- net3
|
||||
|
||||
myapp1:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web-files/app1:/app
|
||||
networks:
|
||||
- net1
|
||||
|
||||
myapp2:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web-files/app2:/app
|
||||
networks:
|
||||
- net2
|
||||
|
||||
myapp3:
|
||||
image: node
|
||||
restart: always
|
||||
working_dir: /home/node/app
|
||||
volumes:
|
||||
- ./js-app:/home/node/app
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
command: bash -c "npm install express && node index.js"
|
||||
networks:
|
||||
- net3
|
||||
|
||||
networks:
|
||||
net1:
|
||||
net2:
|
||||
net3:
|
|
@ -0,0 +1,12 @@
|
|||
const express = require('express')
|
||||
const app = express()
|
||||
const port = 3000
|
||||
|
||||
app.get('/', (req, res) => {
|
||||
res.send('hello from app3 !')
|
||||
})
|
||||
|
||||
app.listen(port, () => {
|
||||
console.log(`Example app listening at http://localhost:${port}`)
|
||||
})
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
"name": "js-app",
|
||||
"version": "1.0.0",
|
||||
"description": "demo",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
"test": "echo \"Error: no test specified\" && exit 1"
|
||||
},
|
||||
"author": "",
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"express": "^4.17.1"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location / {
|
||||
proxy_pass http://myapp3:3000$request_uri;
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
<?php
|
||||
|
||||
echo "hello from app1 !";
|
||||
|
||||
?>
|
|
@ -0,0 +1,5 @@
|
|||
<?php
|
||||
|
||||
echo "hello from app2 !";
|
||||
|
||||
?>
|
|
@ -0,0 +1,87 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
mywww:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./web-files:/www
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./server-confs:/server-confs
|
||||
- ./modsec-confs:/modsec-confs
|
||||
- ./modsec-crs-confs:/modsec-crs-conf
|
||||
environment:
|
||||
- SERVER_NAME=wp.website.com nc.website.com # replace with your domains
|
||||
- MULTISITE=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- wp.website.com_REMOTE_PHP=mywp
|
||||
- wp.website.com_REMOTE_PHP_PATH=/var/www/html
|
||||
- nc.website.com_REMOTE_PHP=mync
|
||||
- nc.website.com_REMOTE_PHP_PATH=/var/www/html
|
||||
- nc.website.com_LIMIT_REQ_RATE=40r/s
|
||||
- nc.website.com_LIMIT_REQ_BURST=60
|
||||
- nc.website.com_ALLOWED_METHODS=GET|POST|HEAD|PROPFIND|DELETE|PUT|MKCOL|MOVE|COPY|PROPPATCH|REPORT
|
||||
- nc.website.com_X_FRAME_OPTIONS=SAMEORIGIN
|
||||
networks:
|
||||
- net1
|
||||
- net2
|
||||
|
||||
mywp:
|
||||
image: wordpress:fpm-alpine
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web-files/wp.website.com:/var/www/html
|
||||
environment:
|
||||
- WORDPRESS_DB_HOST=mywpdb
|
||||
- WORDPRESS_DB_NAME=wp
|
||||
- WORDPRESS_DB_USER=user
|
||||
- WORDPRESS_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- WORDPRESS_TABLE_PREFIX=prefix_ # best practice : replace with a random prefix
|
||||
networks:
|
||||
- net1
|
||||
|
||||
mywpdb:
|
||||
image: mariadb
|
||||
restart: always
|
||||
volumes:
|
||||
- ./wp-db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=wp
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)
|
||||
networks:
|
||||
- net1
|
||||
|
||||
mync:
|
||||
image: nextcloud:stable-fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web-files/nc.website.com:/var/www/html
|
||||
environment:
|
||||
- MYSQL_HOST=myncdb
|
||||
- MYSQL_DATABASE=nc
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
networks:
|
||||
- net2
|
||||
|
||||
myncdb:
|
||||
image: mariadb
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: always
|
||||
volumes:
|
||||
- ./nc-db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=nc
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
networks:
|
||||
- net2
|
|
@ -0,0 +1 @@
|
|||
SecRuleRemoveById 921110
|
|
@ -0,0 +1,15 @@
|
|||
SecAction \
|
||||
"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_nextcloud=1"
|
||||
|
||||
SecAction \
|
||||
"id:900200,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:'tx.allowed_methods=GET HEAD POST PROPFIND DELETE PUT MKCOL MOVE COPY PROPPATCH REPORT'"
|
|
@ -0,0 +1,7 @@
|
|||
SecAction \
|
||||
"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_wordpress=1"
|
|
@ -0,0 +1,42 @@
|
|||
location / {
|
||||
rewrite ^ /index.php;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
|
||||
include fastcgi_params;
|
||||
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
try_files $fastcgi_script_name =404;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass mync:9000;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
include fastcgi.conf;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
location ~ \.(?:css|js|woff2?|svg|gif|map|mp4)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
}
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
location / {
|
||||
index index.php index.html index.htm;
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
<?php
|
||||
|
||||
echo "Hello World!";
|
||||
|
||||
?>
|
|
@ -7,23 +7,23 @@ function replace_in_file() {
|
|||
sed -i "s/$pattern/$replace/g" "$1"
|
||||
}
|
||||
|
||||
# check if HTTP enabled
|
||||
# and disable it temporarily if needed
|
||||
if grep -q "listen" "/etc/nginx/server.conf" ; then
|
||||
replace_in_file "/etc/nginx/server.conf" "listen" "#listen"
|
||||
if [ -f /tmp/nginx.pid ] ; then
|
||||
/usr/sbin/nginx -s reload
|
||||
sleep 10
|
||||
fi
|
||||
# disable HTTP
|
||||
servers="$(find /etc/nginx -name server.conf)"
|
||||
for f in $servers ; do
|
||||
replace_in_file "$f" "listen" "#listen"
|
||||
done
|
||||
if [ -f /tmp/nginx.pid ] ; then
|
||||
/usr/sbin/nginx -s reload
|
||||
sleep 10
|
||||
fi
|
||||
|
||||
# ask a new certificate if needed
|
||||
certbot renew
|
||||
|
||||
# enable HTTP again if needed
|
||||
if grep -q "#listen" "/etc/nginx/server.conf" ; then
|
||||
replace_in_file "/etc/nginx/server.conf" "#listen" "listen"
|
||||
fi
|
||||
# enable HTTP again
|
||||
for f in $servers ; do
|
||||
replace_in_file "$f" "#listen" "listen"
|
||||
done
|
||||
|
||||
chown -R root:nginx /etc/letsencrypt
|
||||
chmod -R 740 /etc/letsencrypt
|
||||
|
|
Loading…
Reference in New Issue