fix multiple CVE with curl/libcurl and add autoconf/docker CUSTOM_CONF configs examples

2022-07-02 20:47:57 +02:00 · 2022-07-02 20:47:57 +02:00 · 8f258486ef
parent 2dc18a7942
commit 8f258486ef
5 changed files with 141 additions and 0 deletions
--- a/2
+++ b/2
@ -74,6 +74,8 @@ RUN apk add --no-cache bash python3 libgcc libstdc++ openssl git && \

 # Fix CVE-2022-27405 and CVE-2022-27406
 RUN apk add "freetype>=2.10.4-r3"
+# Fix multiple CVE for curl/libcurl
+RUN apk add "curl>=7.79.1-r2" "libcurl>=7.79.1-r2"

 VOLUME /data

--- a/examples/autoconf-configs/docker-compose.yml
+++ b/examples/autoconf-configs/docker-compose.yml
@ -0,0 +1,68 @@
+version: '3'
+
+services:
+
+  myapp1:
+    image: tutum/hello-world
+    networks:
+      bw-services:
+        aliases:
+          - myapp1
+    labels:
+      - "bunkerweb.SERVER_NAME=app1.example.com" # replace with your domain
+      - "bunkerweb.USE_REVERSE_PROXY=yes"
+      - "bunkerweb.REVERSE_PROXY_URL=/"
+      - "bunkerweb.REVERSE_PROXY_HOST=http://myapp1"
+      - |
+        CUSTOM_CONF_SERVER_HTTP_example=
+        location /hello {
+        	default_type 'text/plain';
+        	content_by_lua_block {
+        		ngx.say('hello app1')
+        	}
+        }
+
+  myapp2:
+    image: tutum/hello-world
+    networks:
+      bw-services:
+        aliases:
+          - myapp2
+    labels:
+      - "bunkerweb.SERVER_NAME=app2.example.com" # replace with your domain
+      - "bunkerweb.USE_REVERSE_PROXY=yes"
+      - "bunkerweb.REVERSE_PROXY_URL=/"
+      - "bunkerweb.REVERSE_PROXY_HOST=http://myapp2"
+      - |
+        CUSTOM_CONF_SERVER_HTTP_example=
+        location /hello {
+        	default_type 'text/plain';
+        	content_by_lua_block {
+        		ngx.say('hello app2')
+        	}
+        }
+
+  myapp3:
+    image: tutum/hello-world
+    networks:
+      bw-services:
+        aliases:
+          - myapp3
+    labels:
+      - "bunkerweb.SERVER_NAME=app3.example.com" # replace with your domain
+      - "bunkerweb.USE_REVERSE_PROXY=yes"
+      - "bunkerweb.REVERSE_PROXY_URL=/"
+      - "bunkerweb.REVERSE_PROXY_HOST=http://myapp3"
+      - |
+        CUSTOM_CONF_SERVER_HTTP_example=
+        location /hello {
+        	default_type 'text/plain';
+        	content_by_lua_block {
+        		ngx.say('hello app3')
+        	}
+        }
+
+networks:
+  bw-services:
+    external:
+      name: bw-services
--- a/examples/docker-configs/docker-compose.yml
+++ b/examples/docker-configs/docker-compose.yml
@ -0,0 +1,65 @@
+version: "3"
+
+services:
+
+  mybunker:
+    image: bunkerity/bunkerweb:1.4.2
+    ports:
+      - 80:8080
+      - 443:8443
+    # ⚠️ read this if you use local folders for volumes ⚠️
+    # bunkerweb runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
+    # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
+    # or for an existing one : chown -R root:101 folder && chmod -R 770 folder
+    # more info at https://docs.bunkerweb.io
+    volumes:
+      - bw_data:/data
+    environment:
+      - MULTISITE=yes
+      - SERVER_NAME=app1.example.com app2.example.com # replace with your domains
+      - SERVE_FILES=no
+      - DISABLE_DEFAULT_SERVER=yes
+      - AUTO_LETS_ENCRYPT=yes
+      - USE_CLIENT_CACHE=yes
+      - USE_GZIP=yes
+      - USE_REVERSE_PROXY=yes
+      - app1.example.com_REVERSE_PROXY_URL=/
+      - app1.example.com_REVERSE_PROXY_HOST=http://app1
+      - app2.example.com_REVERSE_PROXY_URL=/
+      - app2.example.com_REVERSE_PROXY_HOST=http://app2
+      # global config applied at server context
+      - |
+        CUSTOM_CONF_SERVER_HTTP_hello-world=
+        location /hello {
+        	default_type 'text/plain';
+        	content_by_lua_block {
+        		ngx.say('world')
+        	}
+        }
+      # site configs applied at server context
+      - |
+        app1.example.com_CUSTOM_CONF_SERVER_HTTP_dummy=
+        location /app1 {
+        	default_type 'text/plain';
+        	content_by_lua_block {
+        		ngx.say('hello app1')
+        	}
+        }
+      - |
+        app2.example.com_CUSTOM_CONF_SERVER_HTTP_dummy=
+        location /app2 {
+        	default_type 'text/plain';
+        	content_by_lua_block {
+        		ngx.say('hello app2')
+        	}
+        }
+
+  myapp1:
+    image: tutum/hello-world
+
+  myapp2:
+    image: tutum/hello-world
+
+  volumes:
+    bw-data:
--- a/tests/autoconf.sh
+++ b/tests/autoconf.sh
@ -102,6 +102,9 @@ single_autoconf_test "autoconf-reverse-proxy" "60" "https://$TEST_DOMAIN1_1 hell
 # php
 single_autoconf_test "autoconf-php" "60" "https://$TEST_DOMAIN1_1 app1" "https://$TEST_DOMAIN1_2 app2" "https://$TEST_DOMAIN1_3 app3"

+# configs
+single_docker_test "autoconf-configs" "60" "https://$TEST_DOMAIN1/hello app1" "https://$TEST_DOMAIN2/hello app2" "https://$TEST_DOMAIN3/hello app3"
+
 # cleanup
 current_dir="$(pwd)"
 cd "/tmp/autoconf"
--- a/tests/docker.sh
+++ b/tests/docker.sh
@ -58,6 +58,9 @@ single_docker_test "authelia" "60" "https://$TEST_DOMAIN1_1 authelia" "https://$
 # drupal
 single_docker_test "drupal" "60" "https://$TEST_DOMAIN1 drupal"

+# docker configs
+single_docker_test "docker-configs" "30" "https://$TEST_DOMAIN1_1/hello world" "https://$TEST_DOMAIN1_2/hello world" "https://$TEST_DOMAIN1/app1 app1" "https://$TEST_DOMAIN1/app2 app2"
+
 # ghost
 single_docker_test "ghost" "30" "https://$TEST_DOMAIN1 ghost"