docs - last polish
This commit is contained in:
parent
f5c28b27df
commit
bbaaad8487
|
@ -34,7 +34,7 @@ Here is a non-exhaustive list of what you can do :
|
|||
- Follow us on [LinkedIn](https://www.linkedin.com/company/bunkerity/), [Twitter](https://twitter.com/bunkerity) and [GitHub](https://github.com/bunkerity)
|
||||
- Report bugs and propose new features using [issues](https://github.com/bunkerity/bunkerweb/issues)
|
||||
- Contribute to the code using [pull requests](https://github.com/bunkerity/bunkerweb/pulls)
|
||||
- Write an awesome [plugin](/1.4/plugins)
|
||||
- Write an awesome [plugin](/1.5.0-beta/plugins)
|
||||
- Talk about BunkerWeb to your friends/colleagues, on social media, on your blog, ...
|
||||
|
||||
## How to report security issue ?
|
||||
|
|
|
@ -1,441 +0,0 @@
|
|||
****** INTEGRATIONS ******
|
||||
=== "RHEL"
|
||||
|
||||
The first step is to add NGINX official repository. Create the following file at `/etc/yum.repos.d/nginx.repo` :
|
||||
```conf
|
||||
[nginx-stable]
|
||||
name=nginx stable repo
|
||||
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
|
||||
gpgcheck=1
|
||||
enabled=1
|
||||
gpgkey=https://nginx.org/keys/nginx_signing.key
|
||||
module_hotfixes=true
|
||||
```
|
||||
|
||||
You should now be able to install NGINX 1.20.2 :
|
||||
```shell
|
||||
sudo dnf install nginx-1.20.2
|
||||
```
|
||||
|
||||
And finally install BunkerWeb 1.5.0-beta :
|
||||
```shell
|
||||
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
rpm -Uvh epel-release*rpm && \
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
|
||||
sudo dnf check-update && \
|
||||
sudo dnf install -y bunkerweb-1.5.0-beta
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
|
||||
```shell
|
||||
sudo dnf versionlock add nginx && \
|
||||
sudo dnf versionlock add bunkerweb
|
||||
```
|
||||
|
||||
## Vagrant
|
||||
|
||||
<figure markdown>
|
||||
![Overwiew](assets/img/integration-ansible.svg){ align=center }
|
||||
<figcaption>Vagrant integration</figcaption>
|
||||
</figure>
|
||||
|
||||
List of supported Linux distros :
|
||||
|
||||
- Ubuntu 22.04 "Jammy"
|
||||
|
||||
[Vagrant](https://www.vagrantup.com/docs) is a tool for building and managing virtual machine environments in a single workflow. With an easy-to-use workflow and focus on automation, Vagrant lowers development environment setup time, increases production parity, and makes the "works on my machine" excuse a relic of the past.
|
||||
|
||||
A specific BunkerWeb box is available on vagrantup.
|
||||
|
||||
First of all download the box from vagrantup : ```shell vagrant box add bunkerity/bunkerity```
|
||||
|
||||
Then an list of boxes should appear, select the one whith your provider (virtualbox, vmware, libvirt).
|
||||
|
||||
This will download the box named bunkerity/bunkerity from [HashiCorp's Vagrant Cloud box catalog](https://vagrantcloud.com/boxes/search), where you can find and host boxes.
|
||||
|
||||
Now you've added a box to Vagrant either by initializing or adding it explicitly, you need to configure your project to use it as a base.
|
||||
For initializing a new Vagrant project, you can use the `vagrant init bunkerity/bunkerity` command. This will create a Vagrantfile in the current directory.
|
||||
|
||||
Open the Vagrantfile and replace the contents with the following.
|
||||
|
||||
```shell
|
||||
Vagrant.configure("2") do |config|
|
||||
config.vm.box = "bunkerity/bunkerity"
|
||||
end
|
||||
```
|
||||
|
||||
Vagrant will automatically download the box in his latest version and add it to your Vagrant environment. If you want to use a specific version of the box, you can use the `config.vm.box_version` option.
|
||||
|
||||
For exemple:
|
||||
|
||||
```shell
|
||||
Vagrant.configure("2") do |config|
|
||||
config.vm.box = "bunkerity/bunkerity"
|
||||
config.vm.box_version = "1.4.2"
|
||||
end
|
||||
```
|
||||
|
||||
Now you can start the box :
|
||||
```shell
|
||||
vagrant up
|
||||
```
|
||||
|
||||
And then connect to it :
|
||||
```shell
|
||||
vagrant ssh
|
||||
```
|
||||
|
||||
****** QUICKSTART ******
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
We will assume that you already have the [Vagrant integration](/1.4/integrations/#vagrant) stack running on your machine.
|
||||
|
||||
The following command will run a basic HTTP server on the port 8000 and deliver the files in the current directory :
|
||||
```shell
|
||||
python3 -m http.server -b 127.0.0.1
|
||||
```
|
||||
|
||||
Configuration of BunkerWeb is done by editing the `/etc/bunkerweb/variables.env` file.
|
||||
|
||||
Connect to your vagrant machine :
|
||||
```shell
|
||||
vagrant ssh
|
||||
```
|
||||
|
||||
And then you can edit the `variables.env` file in your host machine like this :
|
||||
|
||||
```conf
|
||||
SERVER_NAME=www.example.com
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
USE_REVERSE_PROXY=yes
|
||||
REVERSE_PROXY_URL=/
|
||||
REVERSE_PROXY_HOST=http://127.0.0.1:8000
|
||||
```
|
||||
|
||||
If it's already running we can restart it :
|
||||
```shell
|
||||
systemctl restart bunkerweb
|
||||
```
|
||||
|
||||
Otherwise, we will need to start it :
|
||||
```shell
|
||||
systemctl start bunkerweb
|
||||
```
|
||||
|
||||
Let's check the status of BunkerWeb :
|
||||
```shell
|
||||
systemctl status bunkerweb
|
||||
```
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
We will assume that you already have the [Vagrant integration](/1.4/integrations/#Vagrant) stack running on your machine with some web applications running on the same machine as BunkerWeb.
|
||||
|
||||
Let's assume that you have some web applications running on the same machine as BunkerWeb :
|
||||
|
||||
=== "App #1"
|
||||
The following command will run a basic HTTP server on the port 8001 and deliver the files in the current directory :
|
||||
```shell
|
||||
python3 -m http.server -b 127.0.0.1 8001
|
||||
```
|
||||
|
||||
=== "App #2"
|
||||
The following command will run a basic HTTP server on the port 8002 and deliver the files in the current directory :
|
||||
```shell
|
||||
python3 -m http.server -b 127.0.0.1 8002
|
||||
```
|
||||
|
||||
=== "App #3"
|
||||
The following command will run a basic HTTP server on the port 8003 and deliver the files in the current directory :
|
||||
```shell
|
||||
python3 -m http.server -b 127.0.0.1 8003
|
||||
```
|
||||
|
||||
Connect to your vagrant machine :
|
||||
```shell
|
||||
vagrant ssh
|
||||
```
|
||||
|
||||
Configuration of BunkerWeb is done by editing the /etc/bunkerweb/variables.env file :
|
||||
```conf
|
||||
SERVER_NAME=app1.example.com app2.example.com app3.example.com
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
MULTISITE=yes
|
||||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
USE_REVERSE_PROXY=yes
|
||||
REVERSE_PROXY_URL=/
|
||||
app1.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:8001
|
||||
app2.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:8002
|
||||
app3.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:8003
|
||||
```
|
||||
|
||||
If it's already running we can restart it :
|
||||
```shell
|
||||
systemctl restart bunkerweb
|
||||
```
|
||||
|
||||
Otherwise, we will need to start it :
|
||||
```shell
|
||||
systemctl start bunkerweb
|
||||
```
|
||||
|
||||
Let's check the status of BunkerWeb :
|
||||
```shell
|
||||
systemctl status bunkerweb
|
||||
```
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
You will need to add the settings to the `/etc/bunkerweb/variables.env` file :
|
||||
|
||||
```conf
|
||||
...
|
||||
USE_REAL_IP=yes
|
||||
REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16
|
||||
REAL_IP_HEADER=X-Forwarded-For
|
||||
...
|
||||
```
|
||||
|
||||
Don't forget to restart the BunkerWeb service once it's done.
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
You will need to add the settings to the `/etc/bunkerweb/variables.env` file :
|
||||
|
||||
```conf
|
||||
...
|
||||
USE_REAL_IP=yes
|
||||
USE_PROXY_PROTOCOL=yes
|
||||
REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16
|
||||
REAL_IP_HEADER=proxy_protocol
|
||||
...
|
||||
```
|
||||
|
||||
Don't forget to restart the BunkerWeb service once it's done.
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
When using the [Vagrant integration](/1.4/integrations/#vagrant), custom configurations must be written to the `/etc/bunkerweb/configs` folder.
|
||||
|
||||
Here is an example for server-http/hello-world.conf :
|
||||
```conf
|
||||
location /hello {
|
||||
default_type 'text/plain';
|
||||
content_by_lua_block {
|
||||
ngx.say('world')
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Because BunkerWeb runs as an unprivileged user (nginx:nginx), you will need to edit the permissions :
|
||||
```shell
|
||||
chown -R root:nginx /etc/bunkerweb/configs && \
|
||||
chmod -R 770 /etc/bunkerweb/configs
|
||||
```
|
||||
|
||||
Don't forget to restart the BunkerWeb service once it's done.
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
We will assume that you already have the [Vagrant integration](/1.4/integrations/#vagrant) stack running on your machine.
|
||||
|
||||
By default, BunkerWeb will search for web files inside the `/var/www/html` folder. You can use it to store your PHP application. Please note that you will need to configure your PHP-FPM service to get or set the user/group of the running processes and the UNIX socket file used to communicate with BunkerWeb.
|
||||
|
||||
First of all, you will need to make sure that your PHP-FPM instance can access the files inside the `/var/www/html` folder and also that BunkerWeb can access the UNIX socket file in order to communicate with PHP-FPM. We recommend to set a different user like `www-data` for the PHP-FPM service and to give the nginx group access to the UNIX socket file. Here is corresponding PHP-FPM configuration :
|
||||
```ini
|
||||
...
|
||||
[www]
|
||||
user = www-data
|
||||
group = www-data
|
||||
listen = /run/php/php-fpm.sock
|
||||
listen.owner = www-data
|
||||
listen.group = nginx
|
||||
listen.mode = 0660
|
||||
...
|
||||
```
|
||||
|
||||
Don't forget to restart your PHP-FPM service :
|
||||
```shell
|
||||
systemctl restart php8.1-fpm
|
||||
```
|
||||
|
||||
Once your application is copied to the `/var/www/html` folder, you will need to fix the permissions so BunkerWeb (user/group nginx) can at least read files and list folders and PHP-FPM (user/group www-data) is the owner of the files and folders :
|
||||
```shell
|
||||
chown -R www-data:nginx /var/www/html && \
|
||||
find /var/www/html -type f -exec chmod 0640 {} \; && \
|
||||
find /var/www/html -type d -exec chmod 0750 {} \;
|
||||
```
|
||||
|
||||
You can now edit the `/etc/bunkerweb/variable.env` file :
|
||||
```env
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
SERVER_NAME=www.example.com
|
||||
AUTO_LETS_ENCRYPT=yes
|
||||
LOCAL_PHP=/run/php/php-fpm.sock
|
||||
LOCAL_PHP_PATH=/var/www/html/
|
||||
```
|
||||
|
||||
Let's check the status of BunkerWeb :
|
||||
```shell
|
||||
systemctl status bunkerweb
|
||||
```
|
||||
If it's already running we can restart it :
|
||||
```shell
|
||||
systemctl restart bunkerweb
|
||||
```
|
||||
|
||||
Otherwise, we will need to start it :
|
||||
```shell
|
||||
systemctl start bunkerweb
|
||||
```
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
We will assume that you already have the [Vagrant integration](/1.4/integrations/#vagrant) stack running on your machine.
|
||||
|
||||
By default, BunkerWeb will search for web files inside the `/var/www/html` folder. You can use it to store your PHP applications : each application will be in its own subfolder named the same as the primary server name. Please note that you will need to configure your PHP-FPM service to get or set the user/group of the running processes and the UNIX socket file used to communicate with BunkerWeb.
|
||||
|
||||
First of all, you will need to make sure that your PHP-FPM instance can access the files inside the `/var/www/html` folder and also that BunkerWeb can access the UNIX socket file in order to communicate with PHP-FPM. We recommend to set a different user like `www-data` for the PHP-FPM service and to give the nginx group access to the UNIX socket file. Here is corresponding PHP-FPM configuration :
|
||||
```ini
|
||||
...
|
||||
[www]
|
||||
user = www-data
|
||||
group = www-data
|
||||
listen = /run/php/php-fpm.sock
|
||||
listen.owner = www-data
|
||||
listen.group = nginx
|
||||
listen.mode = 0660
|
||||
...
|
||||
```
|
||||
|
||||
Don't forget to restart your PHP-FPM service :
|
||||
```shell
|
||||
systemctl restart php8.1-fpm
|
||||
```
|
||||
|
||||
Once your application is copied to the `/var/www/html` folder, you will need to fix the permissions so BunkerWeb (user/group nginx) can at least read files and list folders and PHP-FPM (user/group www-data) is the owner of the files and folders :
|
||||
```shell
|
||||
chown -R www-data:nginx /var/www/html && \
|
||||
find /var/www/html -type f -exec chmod 0640 {} \; && \
|
||||
find /var/www/html -type d -exec chmod 0750 {} \;
|
||||
```
|
||||
|
||||
You can now edit the `/etc/bunkerweb/variable.env` file :
|
||||
```env
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
SERVER_NAME=app1.example.com app2.example.com app3.example.com
|
||||
MULTISITE=yes
|
||||
AUTO_LETS_ENCRYPT=yes
|
||||
app1.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||
app1.example.com_LOCAL_PHP_PATH=/var/www/html/app1.example.com
|
||||
app2.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||
app2.example.com_LOCAL_PHP_PATH=/var/www/html/app2.example.com
|
||||
app3.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||
app3.example.com_LOCAL_PHP_PATH=/var/www/html/app3.example.com
|
||||
```
|
||||
|
||||
Let's check the status of BunkerWeb :
|
||||
```shell
|
||||
systemctl status bunkerweb
|
||||
```
|
||||
If it's already running we can restart it :
|
||||
```shell
|
||||
systemctl restart bunkerweb
|
||||
```
|
||||
|
||||
Otherwise, we will need to start it :
|
||||
```shell
|
||||
systemctl start bunkerweb
|
||||
```
|
||||
|
||||
****** PLUGINS ******
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
When using the [Linux integration](/1.4/integrations/#linux), plugins must be written to the `/etc/bunkerweb/plugins` folder :
|
||||
```shell
|
||||
git clone https://github.com/bunkerity/bunkerweb-plugins && \
|
||||
cp -rp ./bunkerweb-plugins/* /data/plugins
|
||||
```
|
||||
|
||||
****** UI ******
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
The installation of the web UI using the [Vagrant integration](/1.4/integrations/#vagrant) is pretty straightforward because it is installed with BunkerWeb.
|
||||
|
||||
The first thing to do is to edit the BunkerWeb configuration located at **/etc/bunkerweb/variables.env** to add settings related to the web UI :
|
||||
```conf
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
...
|
||||
SERVER_NAME=bwadm.example.com
|
||||
MULTISITE=yes
|
||||
USE_API=yes
|
||||
API_WHITELIST_IP=127.0.0.0/8
|
||||
bwadm.example.com_USE_UI=yes
|
||||
bwadm.example.com_USE_REVERSE_PROXY=yes
|
||||
bwadm.example.com_REVERSE_PROXY_URL=/changeme/
|
||||
bwadm.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
|
||||
bwadm.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
bwadm.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
...
|
||||
```
|
||||
|
||||
Important things to note :
|
||||
|
||||
* `bwadm.example.com` is the dedicated (sub)domain for accessing the web UI
|
||||
* replace the `/changeme` URLs with a custom one of your choice
|
||||
|
||||
Once the configuration file is edited, you will need to restart BunkerWeb :
|
||||
```shell
|
||||
systemctl restart bunkerweb
|
||||
```
|
||||
|
||||
You can edit the **/etc/bunkerweb/ui.env** file containing the settings of the web UI :
|
||||
```conf
|
||||
ADMIN_USERNAME=admin
|
||||
ADMIN_PASSWORD=changeme
|
||||
ABSOLUTE_URI=http(s)://bwadm.example.com/changeme/
|
||||
```
|
||||
|
||||
Important things to note :
|
||||
|
||||
* `http(s)://bwadmin.example.com/changeme/` is the full base URL of the web UI (must match the sub(domain) and /changeme URL used in **/etc/bunkerweb/variables.env**)
|
||||
* replace the username `admin` and password `changeme` with strong ones
|
||||
|
||||
Restart the BunkerWeb UI service and you are now ready to access it :
|
||||
```shell
|
||||
systemctl restart bunkerweb-ui
|
||||
```
|
||||
|
||||
****** TROUBLE ******
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
For errors related to BunkerWeb services (e.g. not starting), you can use `journalctl` :
|
||||
```shell
|
||||
journalctl -u bunkerweb --no-pager
|
||||
```
|
||||
|
||||
Common logs are located inside the `/var/log/nginx` directory :
|
||||
```shell
|
||||
cat /var/log/nginx/error.log
|
||||
cat /var/log/nginx/access.log
|
||||
```
|
||||
|
||||
=== "Vagrant"
|
||||
|
||||
You can use the `bwcli` command (as root) :
|
||||
```shell
|
||||
sudo bwcli unban 1.2.3.4
|
||||
```
|
|
@ -13,7 +13,7 @@ The following integrations are officially supported :
|
|||
- [Docker](/1.5.0-beta/integrations/#docker)
|
||||
- [Docker autoconf](/1.5.0-beta/integrations/#docker-autoconf)
|
||||
- [Swarm](/1.5.0-beta/integrations/#swarm)
|
||||
- [Kubernetes](/1.4/integrations/#kubernetes)
|
||||
- [Kubernetes](/1.5.0-beta/integrations/#kubernetes)
|
||||
- [Linux](/1.5.0-beta/integrations/#linux)
|
||||
- [Ansible](/1.5.0-beta/integrations/#ansible)
|
||||
- [Vagrant](/1.5.0-beta/integrations/#vagrant)
|
||||
|
@ -44,7 +44,7 @@ USE_BROTLI=no
|
|||
|
||||
!!! info "Going further"
|
||||
|
||||
The complete list of available settings with descriptions and possible values is available in the [settings section](/1.4/settings) of the documentation.
|
||||
The complete list of available settings with descriptions and possible values is available in the [settings section](/1.5.0-beta/settings) of the documentation.
|
||||
|
||||
!!! info "Settings generator tool"
|
||||
|
||||
|
@ -79,7 +79,7 @@ app3.example.com_USE_BAD_BEHAVIOR=no
|
|||
|
||||
!!! info "Going further"
|
||||
|
||||
You will find concrete examples of multisite mode in the [quickstart guide](/1.5.0-beta/quickstart-guide) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/master/examples) directory of the repository.
|
||||
You will find concrete examples of multisite mode in the [quickstart guide](/1.5.0-beta/quickstart-guide) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/1.5.0-beta/examples) directory of the repository.
|
||||
|
||||
## Custom configurations
|
||||
|
||||
|
@ -91,7 +91,7 @@ Another core component of BunkerWeb is the ModSecurity Web Application Firewall
|
|||
|
||||
!!! info "Going further"
|
||||
|
||||
You will find concrete examples of custom configurations in the [quickstart guide](/1.5.0-beta/quickstart-guide) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/master/examples) directory of the repository.
|
||||
You will find concrete examples of custom configurations in the [quickstart guide](/1.5.0-beta/quickstart-guide) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/1.5.0-beta/examples) directory of the repository.
|
||||
|
||||
## Database
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ Docker integration key concepts are :
|
|||
- **Networks** to expose ports for clients and connect to upstream web services
|
||||
|
||||
!!! info "Database backend"
|
||||
Please note that we assume you are using SQLite as database backend (which is the default for the `DATABASE_URI` setting). Other backends for this integration are still possible if you want to : see docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/dev/misc/integrations) folder of the repostiory for more information.
|
||||
Please note that we assume you are using SQLite as database backend (which is the default for the `DATABASE_URI` setting). Other backends for this integration are still possible if you want to : see docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/1.5.0-beta/misc/integrations) folder of the repostiory for more information.
|
||||
|
||||
### Environment variables
|
||||
|
||||
|
@ -52,7 +52,7 @@ services:
|
|||
Please note that the `bunkerweb.INSTANCE` is mandatory to make sure the scheduler can detect BunkerWeb instance(s).
|
||||
|
||||
!!! info "Full list"
|
||||
For the complete list of environment variables, see the [settings section](/1.4/settings) of the documentation.
|
||||
For the complete list of environment variables, see the [settings section](/1.5.0-beta/settings) of the documentation.
|
||||
|
||||
### Scheduler
|
||||
|
||||
|
@ -224,10 +224,10 @@ The downside of using environment variables is that the container needs to be re
|
|||
Instead of defining environment variables for the BunkerWeb container, you simply add **labels** to your web applications containers and the **autoconf** will "automagically" take care of the rest.
|
||||
|
||||
!!! info "Multisite mode"
|
||||
The Docker autoconf integration implies the use of **multisite mode**. Please refer to the [multisite section](/1.4/concepts/#multisite-mode) of the documentation for more information.
|
||||
The Docker autoconf integration implies the use of **multisite mode**. Please refer to the [multisite section](/1.5.0-beta/concepts/#multisite-mode) of the documentation for more information.
|
||||
|
||||
!!! info "Database backend"
|
||||
Please note that we assume you are using MariaDB as database backend (which is defined using the `DATABASE_URI` setting). Other backends for this integration are still possible if you want to : see docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/dev/misc/integrations) folder of the repostiory for more information.
|
||||
Please note that we assume you are using MariaDB as database backend (which is defined using the `DATABASE_URI` setting). Other backends for this integration are still possible if you want to : see docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/1.5.0-beta/misc/integrations) folder of the repostiory for more information.
|
||||
|
||||
Another container, named `bw-autoconf` for example, containing the autoconf service must be added to the stack. Since two services will generate the configuration for BunkerWeb, a "real" database backend (in other words, not SQLite) also needs to be added :
|
||||
|
||||
|
@ -341,7 +341,7 @@ Since we have multiple instances of BunkerWeb running, a shared data store imple
|
|||
Using a shared folder or a specific driver for the database volume is left as an exercise for the reader (and depends on your own use-case).
|
||||
|
||||
!!! info "Database backend"
|
||||
Please note that we assume you are using MariaDB as database backend (which is defined using the `DATABASE_URI` setting). Other backends for this integration are still possible if you want to : see docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/dev/misc/integrations) folder of the repostiory for more information. Clustered database backends setup are out-of-the-scope of this documentation.
|
||||
Please note that we assume you are using MariaDB as database backend (which is defined using the `DATABASE_URI` setting). Other backends for this integration are still possible if you want to : see docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/1.5.0-beta/misc/integrations) folder of the repostiory for more information. Clustered database backends setup are out-of-the-scope of this documentation.
|
||||
|
||||
Here is the stack boilerplate that you can deploy using `docker stack deploy` :
|
||||
|
||||
|
@ -510,7 +510,7 @@ The recommended setup is to define **BunkerWeb** as a **[DaemonSet](https://kube
|
|||
Since we have multiple instances of BunkerWeb running, a shared data store implemented as a [Redis](https://redis.io/) service must be created : the instances will use it to cache and share data. You will find more information about the Redis settings [here](/1.5.0-beta/settings/#redis)
|
||||
|
||||
!!! info "Database backend"
|
||||
Please note that we assume you are using MariaDB as database backend (which is defined using the `DATABASE_URI` setting). Other backends for this integration are still possible if you want to : see yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/dev/misc/integrations) folder of the repostiory for more information. Clustered database backends setup are out-of-the-scope of this documentation.
|
||||
Please note that we assume you are using MariaDB as database backend (which is defined using the `DATABASE_URI` setting). Other backends for this integration are still possible if you want to : see yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/1.5.0-beta/misc/integrations) folder of the repostiory for more information. Clustered database backends setup are out-of-the-scope of this documentation.
|
||||
|
||||
Please note that both scheduler and autoconf services needs to access the Kubernetes API. The recommended way of doing it is using [RBAC authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/).
|
||||
|
||||
|
@ -568,7 +568,7 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
image: bunkerity/bunkerweb:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
|
@ -638,7 +638,7 @@ spec:
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
image: bunkerity/bunkerweb-autoconf:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
@ -665,7 +665,7 @@ spec:
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-scheduler
|
||||
image: bunkerity/bunkerweb-scheduler:1.4.6
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
@ -780,7 +780,7 @@ spec:
|
|||
storage: 5Gi
|
||||
```
|
||||
|
||||
Once the BunkerWeb Kubernetes stack is set up and running (see autoconf logs for more information), you will be able to deploy web applications in the cluster and declare your Ingress resource. Please note that [settings](/1.4/settings) need to be set as annotations for the Ingress resource with the special value **bunkerweb.io** for the domain part :
|
||||
Once the BunkerWeb Kubernetes stack is set up and running (see autoconf logs for more information), you will be able to deploy web applications in the cluster and declare your Ingress resource. Please note that [settings](/1.5.0-beta/settings) need to be set as annotations for the Ingress resource with the special value **bunkerweb.io** for the domain part :
|
||||
|
||||
```yaml
|
||||
apiVersion: networking.k8s.io/v1
|
||||
|
@ -817,7 +817,6 @@ List of supported Linux distros :
|
|||
- Debian 11 "Bullseye"
|
||||
- Ubuntu 22.04 "Jammy"
|
||||
- Fedora 37
|
||||
- CentOS Stream 8
|
||||
- RedHat Enterprise Linux (RHEL) 8.7
|
||||
|
||||
Please note that you will need to **install NGINX 1.24.0 before BunkerWeb**. For all distros, except Fedora, using prebuilt packages from [official NGINX repository](https://nginx.org/en/linux_packages.html) is mandatory. Compiling NGINX from source or using packages from different repositories won't work with the official prebuilt packages of BunkerWeb but you can build it from source.
|
||||
|
@ -827,71 +826,81 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
=== "Debian"
|
||||
|
||||
The first step is to add NGINX official repository :
|
||||
|
||||
```shell
|
||||
sudo apt install -y curl gnupg2 ca-certificates lsb-release debian-archive-keyring && \
|
||||
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
|
||||
sudo apt install -y curl gnupg2 ca-certificates lsb-release debian-archive-keyring && \
|
||||
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
|
||||
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && \
|
||||
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
|
||||
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
|
||||
http://nginx.org/packages/debian `lsb_release -cs` nginx" \
|
||||
| sudo tee /etc/apt/sources.list.d/nginx.list
|
||||
```
|
||||
```
|
||||
|
||||
You should now be able to install NGINX 1.24.0 :
|
||||
```shell
|
||||
sudo apt update && \
|
||||
sudo apt install -y nginx=1.24.0-1~$(lsb_release -cs)
|
||||
```
|
||||
|
||||
And finally install BunkerWeb 1.5.0-beta :
|
||||
```shell
|
||||
sudo apt update && \
|
||||
sudo apt install -y nginx=1.24.0-1~$(lsb_release -cs)
|
||||
```
|
||||
|
||||
And finally install BunkerWeb 1.5.0-beta :
|
||||
|
||||
```shell
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
|
||||
sudo apt update && \
|
||||
sudo apt install -y bunkerweb=1.5.0-beta
|
||||
sudo apt update && \
|
||||
sudo apt install -y bunkerweb=1.5.0-beta
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
|
||||
```shell
|
||||
sudo apt-mark hold nginx bunkerweb
|
||||
```
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
|
||||
|
||||
```shell
|
||||
sudo apt-mark hold nginx bunkerweb
|
||||
```
|
||||
|
||||
=== "Ubuntu"
|
||||
|
||||
The first step is to add NGINX official repository :
|
||||
|
||||
```shell
|
||||
sudo apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring && \
|
||||
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
|
||||
sudo apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring && \
|
||||
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
|
||||
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && \
|
||||
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
|
||||
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
|
||||
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
|
||||
| sudo tee /etc/apt/sources.list.d/nginx.list
|
||||
```
|
||||
```
|
||||
|
||||
You should now be able to install NGINX 1.24.0 :
|
||||
```shell
|
||||
sudo apt update && \
|
||||
sudo apt install -y nginx=1.24.0-1~jammy
|
||||
```
|
||||
|
||||
And finally install BunkerWeb 1.5.0-beta :
|
||||
```shell
|
||||
sudo apt update && \
|
||||
sudo apt install -y nginx=1.24.0-1~jammy
|
||||
```
|
||||
|
||||
And finally install BunkerWeb 1.5.0-beta :
|
||||
|
||||
```shell
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
|
||||
sudo apt update && \
|
||||
sudo apt install -y bunkerweb=1.5.0-beta
|
||||
sudo apt update && \
|
||||
sudo apt install -y bunkerweb=1.5.0-beta
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
|
||||
```shell
|
||||
sudo apt-mark hold nginx bunkerweb
|
||||
```
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
|
||||
|
||||
```shell
|
||||
sudo apt-mark hold nginx bunkerweb
|
||||
```
|
||||
|
||||
=== "Fedora"
|
||||
|
||||
Fedora already provides NGINX 1.24.0 that we support :
|
||||
```shell
|
||||
sudo dnf install -y nginx-1.24.0
|
||||
```
|
||||
|
||||
```shell
|
||||
sudo dnf install -y nginx-1.24.0
|
||||
```
|
||||
|
||||
And finally install BunkerWeb 1.5.0-beta :
|
||||
|
||||
```shell
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | \
|
||||
sed 's/yum install -y pygpgme --disablerepo='\''bunkerity_bunkerweb'\''/yum install -y python-gnupg/g' | \
|
||||
|
@ -900,12 +909,57 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
sudo dnf install -y bunkerweb-1.5.0-beta
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
|
||||
```shell
|
||||
sudo dnf versionlock add nginx && \
|
||||
sudo dnf versionlock add bunkerweb
|
||||
```
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
|
||||
|
||||
```shell
|
||||
sudo dnf versionlock add nginx && \
|
||||
sudo dnf versionlock add bunkerweb
|
||||
```
|
||||
|
||||
=== "RedHat"
|
||||
|
||||
The first step is to add NGINX official repository. Create the following file at `/etc/yum.repos.d/nginx.repo` :
|
||||
|
||||
```conf
|
||||
[nginx-stable]
|
||||
name=nginx stable repo
|
||||
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
|
||||
gpgcheck=1
|
||||
enabled=1
|
||||
gpgkey=https://nginx.org/keys/nginx_signing.key
|
||||
module_hotfixes=true
|
||||
|
||||
[nginx-mainline]
|
||||
name=nginx mainline repo
|
||||
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
|
||||
gpgcheck=1
|
||||
enabled=0
|
||||
gpgkey=https://nginx.org/keys/nginx_signing.key
|
||||
module_hotfixes=true
|
||||
```
|
||||
|
||||
You should now be able to install NGINX 1.24.0 :
|
||||
|
||||
```shell
|
||||
sudo dnf install nginx-1.24.0
|
||||
```
|
||||
And finally install BunkerWeb 1.5.0-beta :
|
||||
|
||||
```shell
|
||||
dnf install -y epel-release && \
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
|
||||
sudo dnf check-update && \
|
||||
sudo dnf install -y bunkerweb-1.5.0-beta
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
|
||||
|
||||
```shell
|
||||
sudo dnf versionlock add nginx && \
|
||||
sudo dnf versionlock add bunkerweb
|
||||
```
|
||||
|
||||
<!---
|
||||
=== "CentOS Stream"
|
||||
|
||||
The first step is to add NGINX official repository. Create the following file at `/etc/yum.repos.d/nginx.repo` :
|
||||
|
@ -926,7 +980,7 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
|
||||
And finally install BunkerWeb 1.5.0-beta :
|
||||
```shell
|
||||
dnf install -y epel-release && \
|
||||
dnf install -y epel-release && \
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
|
||||
sudo dnf check-update && \
|
||||
sudo dnf install -y bunkerweb-1.5.0-beta
|
||||
|
@ -938,6 +992,7 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
sudo dnf versionlock add bunkerweb
|
||||
```
|
||||
|
||||
|
||||
=== "From source"
|
||||
|
||||
The first step is to install NGINX 1.24.0 using the repository of your choice or by [compiling it from source](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/#compiling-and-installing-from-source).
|
||||
|
@ -952,7 +1007,7 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
https://github.com/bunkerity/bunkerweb.git /tmp/bunkerweb
|
||||
```
|
||||
|
||||
BunkerWeb needs some dependencies to be compiled and installed to `/usr/share/bunkerweb/deps`, the easiest way to do it is by executing the [install.sh helper script](https://github.com/bunkerity/bunkerweb/blob/master/deps/install.sh) (please note that you will need to install additional packages which is not covered in this procedure and depends on your own system) :
|
||||
BunkerWeb needs some dependencies to be compiled and installed to `/usr/share/bunkerweb/deps`, the easiest way to do it is by executing the [install.sh helper script](https://github.com/bunkerity/bunkerweb/blob/1.5.0-beta/deps/install.sh) (please note that you will need to install additional packages which is not covered in this procedure and depends on your own system) :
|
||||
```
|
||||
mkdir /usr/share/bunkerweb/deps && \
|
||||
/tmp/bunkerweb/src/deps/install.sh
|
||||
|
@ -999,6 +1054,7 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
systemctl enable bunkerweb && \
|
||||
systemctl enable bunkerweb-ui
|
||||
```
|
||||
--->
|
||||
|
||||
The configuration of BunkerWeb is done by editing the `/etc/bunkerweb/variables.env` file :
|
||||
|
||||
|
|
|
@ -260,7 +260,7 @@ The first step is to install the plugin by putting the plugin files inside the c
|
|||
|
||||
!!! tip "Existing plugins"
|
||||
|
||||
If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/master/core) (already included in BunkerWeb but they are plugins, technically speaking).
|
||||
If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/1.5.0-beta/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking).
|
||||
|
||||
The first step is to create a folder that will contain the plugin :
|
||||
|
||||
|
@ -426,7 +426,7 @@ The declared functions are automatically called during specific contexts. Here a
|
|||
|
||||
#### Libraries
|
||||
|
||||
All directives from [NGINX LUA module](https://github.com/openresty/lua-nginx-module) and are available and [NGINX stream LUA module](https://github.com/openresty/stream-lua-nginx-module). On top of that, you can use the LUA libraries included within BunkerWeb : see [this script](https://github.com/bunkerity/bunkerweb/blob/master/deps/clone.sh) for the complete list.
|
||||
All directives from [NGINX LUA module](https://github.com/openresty/lua-nginx-module) and are available and [NGINX stream LUA module](https://github.com/openresty/stream-lua-nginx-module). On top of that, you can use the LUA libraries included within BunkerWeb : see [this script](https://github.com/bunkerity/bunkerweb/blob/1.5.0-beta/src/deps/clone.sh) for the complete list.
|
||||
|
||||
If you need additional libraries, you can put them in the root folder of the plugin and access them by prefixing them with your plugin ID. Here is an example file named **mylibrary.lua** :
|
||||
|
||||
|
@ -507,7 +507,7 @@ end
|
|||
|
||||
!!! tip "More examples"
|
||||
|
||||
If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/master/lua) of the repository.
|
||||
If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/1.5.0-beta/src/bw/lua/bunkerweb) of the repository.
|
||||
|
||||
### Jobs
|
||||
|
||||
|
@ -554,4 +554,4 @@ def myplugin() :
|
|||
|
||||
!!! info "Python libraries"
|
||||
You can use Python libraries that are already available like :
|
||||
`Flask`, `Flask-Login`, `Flask-WTF`, `beautifulsoup4`, `docker`, `Jinja2`, `python-magic` and `requests`. To see the full list, you can have a look at the Web UI [requirements.txt](https://github.com/bunkerity/bunkerweb/blob/master/ui/requirements.txt). If you need external libraries, you can install them inside the **ui** folder of your plugin and then use the classical **import** directive.
|
||||
`Flask`, `Flask-Login`, `Flask-WTF`, `beautifulsoup4`, `docker`, `Jinja2`, `python-magic` and `requests`. To see the full list, you can have a look at the Web UI [requirements.txt](https://github.com/bunkerity/bunkerweb/blob/1.5.0-beta/src/ui/requirements.txt). If you need external libraries, you can install them inside the **ui** folder of your plugin and then use the classical **import** directive.
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
# Quickstart guide
|
||||
|
||||
!!! info "Prerequisites"
|
||||
We assume that you're already familiar with the [core concepts](/1.4/concepts) and you have followed the [integrations instructions](/1.4/integrations) for your environment.
|
||||
We assume that you're already familiar with the [core concepts](/1.5.0-beta/concepts) and you have followed the [integrations instructions](/1.5.0-beta/integrations) for your environment.
|
||||
|
||||
!!! tip "Going further"
|
||||
To demonstrate the use of BunkerWeb, we will deploy a dummy "Hello World" web application as an example. See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/master/examples) of the repository to get real-world examples.
|
||||
To demonstrate the use of BunkerWeb, we will deploy a dummy "Hello World" web application as an example. See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.0-beta/examples) of the repository to get real-world examples.
|
||||
|
||||
## Protect HTTP applications
|
||||
|
||||
|
@ -16,7 +16,7 @@ The following settings can be used :
|
|||
- `REVERSE_PROXY_URL` : the public path prefix
|
||||
- `REVERSE_PROXY_HOST` : (internal) address of the proxied web application
|
||||
|
||||
You will find more settings about reverse proxy in the [settings section](/1.4/settings/#reverse-proxy) of the documentation.
|
||||
You will find more settings about reverse proxy in the [settings section](/1.5.0-beta/settings/#reverse-proxy) of the documentation.
|
||||
|
||||
### Single application
|
||||
|
||||
|
@ -92,7 +92,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
|
||||
=== "Docker autoconf"
|
||||
|
||||
We will assume that you already have the [Docker autoconf integration](/1.4/integrations/#docker-autoconf) stack running on your machine and connected to a network called `bw-services` so you can connect your existing application and configure BunkerWeb with labels :
|
||||
We will assume that you already have the [Docker autoconf integration](/1.5.0-beta/integrations/#docker-autoconf) stack running on your machine and connected to a network called `bw-services` so you can connect your existing application and configure BunkerWeb with labels :
|
||||
|
||||
```yaml
|
||||
version: '3.5'
|
||||
|
@ -118,7 +118,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
|
||||
=== "Swarm"
|
||||
|
||||
We will assume that you already have the [Swarm integration](/1.4/integrations/#swarm) stack running on your cluster and connected to a network called `bw-services` so you can connect your existing application and configure BunkerWeb with labels :
|
||||
We will assume that you already have the [Swarm integration](/1.5.0-beta/integrations/#swarm) stack running on your cluster and connected to a network called `bw-services` so you can connect your existing application and configure BunkerWeb with labels :
|
||||
|
||||
```yaml
|
||||
version: "3"
|
||||
|
@ -148,7 +148,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
|
||||
=== "Kubernetes"
|
||||
|
||||
We will assume that you already have the [Kubernetes integration](/1.4/integrations/#kubernetes) stack running on your cluster.
|
||||
We will assume that you already have the [Kubernetes integration](/1.5.0-beta/integrations/#kubernetes) stack running on your cluster.
|
||||
|
||||
Let's assume that you have a typical Deployment with a Service to access the web application from within the cluster :
|
||||
|
||||
|
@ -213,7 +213,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
|
||||
=== "Linux"
|
||||
|
||||
We will assume that you already have the [Linux integration](/1.4/integrations/#linux) stack running on your machine.
|
||||
We will assume that you already have the [Linux integration](/1.5.0-beta/integrations/#linux) stack running on your machine.
|
||||
|
||||
The following command will run a basic HTTP server on the port 8000 and deliver the files in the current directory :
|
||||
|
||||
|
@ -299,7 +299,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
|
||||
=== "Vagrant"
|
||||
|
||||
We will assume that you already have the [Vagrant integration](/1.4/integrations/#vagrant) stack running on your machine.
|
||||
We will assume that you already have the [Vagrant integration](/1.5.0-beta/integrations/#vagrant) stack running on your machine.
|
||||
|
||||
The following command will run a basic HTTP server on the port 8000 and deliver the files in the current directory :
|
||||
|
||||
|
@ -444,7 +444,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
|
||||
=== "Docker autoconf"
|
||||
|
||||
We will assume that you already have the [Docker autoconf integration](/1.4/integrations/#docker-autoconf) stack running on your machine and connected to a network called `bw-services` so you can connect your existing application and configure BunkerWeb with labels :
|
||||
We will assume that you already have the [Docker autoconf integration](/1.5.0-beta/integrations/#docker-autoconf) stack running on your machine and connected to a network called `bw-services` so you can connect your existing application and configure BunkerWeb with labels :
|
||||
|
||||
```yaml
|
||||
version: '3.5'
|
||||
|
@ -494,7 +494,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
|
||||
=== "Swarm"
|
||||
|
||||
We will assume that you already have the [Swarm integration](/1.4/integrations/#swarm) stack running on your cluster and connected to a network called `bw-services` so you can connect your existing application and configure BunkerWeb with labels :
|
||||
We will assume that you already have the [Swarm integration](/1.5.0-beta/integrations/#swarm) stack running on your cluster and connected to a network called `bw-services` so you can connect your existing application and configure BunkerWeb with labels :
|
||||
|
||||
```yaml
|
||||
version: "3"
|
||||
|
@ -556,7 +556,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
|
||||
=== "Kubernetes"
|
||||
|
||||
We will assume that you already have the [Kubernetes integration](/1.4/integrations/#kubernetes) stack running on your cluster.
|
||||
We will assume that you already have the [Kubernetes integration](/1.5.0-beta/integrations/#kubernetes) stack running on your cluster.
|
||||
|
||||
Let's assume that you have typical Deployments with a Service to access the web applications from within the cluster :
|
||||
|
||||
|
@ -642,7 +642,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
|
||||
=== "Linux"
|
||||
|
||||
We will assume that you already have the [Linux integration](/1.4/integrations/#linux) stack running on your machine.
|
||||
We will assume that you already have the [Linux integration](/1.5.0-beta/integrations/#linux) stack running on your machine.
|
||||
|
||||
The following command will run a basic HTTP server on the port 8001 and deliver the files in the current directory (repeat it and change the port if you want to test BunkerWeb) :
|
||||
|
||||
|
@ -734,7 +734,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
|
||||
=== "Vagrant"
|
||||
|
||||
We will assume that you already have the [Vagrant integration](/1.4/integrations/#vagrant) stack running on your machine.
|
||||
We will assume that you already have the [Vagrant integration](/1.5.0-beta/integrations/#vagrant) stack running on your machine.
|
||||
|
||||
First of all, connect to your vagrant machine :
|
||||
|
||||
|
@ -797,7 +797,7 @@ The following settings can be used :
|
|||
- `REAL_IP_FROM` : list of trusted IP/network address allowed to send us the "real IP"
|
||||
- `REAL_IP_HEADER` : the HTTP header containing the real IP or special value `proxy_protocol` when using PROXY protocol
|
||||
|
||||
You will find more settings about real IP in the [settings section](/1.4/settings/#real-ip) of the documentation.
|
||||
You will find more settings about real IP in the [settings section](/1.5.0-beta/settings/#real-ip) of the documentation.
|
||||
|
||||
### HTTP header
|
||||
|
||||
|
@ -831,7 +831,7 @@ REAL_IP_HEADER=X-Forwarded-For
|
|||
|
||||
=== "Docker autoconf"
|
||||
|
||||
Before running the [Docker autoconf integration](/1.4/integrations/#docker-autoconf) stack, you will need to add the settings for the BunkerWeb container :
|
||||
Before running the [Docker autoconf integration](/1.5.0-beta/integrations/#docker-autoconf) stack, you will need to add the settings for the BunkerWeb container :
|
||||
|
||||
```yaml
|
||||
mybunker:
|
||||
|
@ -846,7 +846,7 @@ REAL_IP_HEADER=X-Forwarded-For
|
|||
|
||||
=== "Swarm"
|
||||
|
||||
Before running the [Swarm integration](/1.4/integrations/#swarm) stack, you will need to add the settings for the BunkerWeb service :
|
||||
Before running the [Swarm integration](/1.5.0-beta/integrations/#swarm) stack, you will need to add the settings for the BunkerWeb service :
|
||||
|
||||
```yaml
|
||||
mybunker:
|
||||
|
@ -982,7 +982,7 @@ REAL_IP_HEADER=proxy_protocol
|
|||
|
||||
=== "Docker autoconf"
|
||||
|
||||
Before running the [Docker autoconf integration](/1.4/integrations/#docker-autoconf) stack, you will need to add the settings for the BunkerWeb container :
|
||||
Before running the [Docker autoconf integration](/1.5.0-beta/integrations/#docker-autoconf) stack, you will need to add the settings for the BunkerWeb container :
|
||||
|
||||
```yaml
|
||||
mybunker:
|
||||
|
@ -998,7 +998,7 @@ REAL_IP_HEADER=proxy_protocol
|
|||
|
||||
=== "Swarm"
|
||||
|
||||
Before running the [Swarm integration](/1.4/integrations/#swarm) stack, you will need to add the settings for the BunkerWeb service :
|
||||
Before running the [Swarm integration](/1.5.0-beta/integrations/#swarm) stack, you will need to add the settings for the BunkerWeb service :
|
||||
|
||||
```yaml
|
||||
mybunker:
|
||||
|
@ -1210,7 +1210,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
|
|||
|
||||
=== "Docker autoconf"
|
||||
|
||||
Before running the [Docker autoconf integration](/1.4/integrations/#docker-autoconf) stack on your machine, you will need to edit the ports :
|
||||
Before running the [Docker autoconf integration](/1.5.0-beta/integrations/#docker-autoconf) stack on your machine, you will need to edit the ports :
|
||||
|
||||
```yaml
|
||||
version: "3.5"
|
||||
|
@ -1269,7 +1269,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
|
|||
|
||||
=== "Swarm"
|
||||
|
||||
Before running the [Swarm integration](/1.4/integrations/#swarm) stack on your machine, you will need to edit the ports :
|
||||
Before running the [Swarm integration](/1.5.0-beta/integrations/#swarm) stack on your machine, you will need to edit the ports :
|
||||
|
||||
```yaml
|
||||
version: "3.5"
|
||||
|
@ -1426,7 +1426,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
|
|||
|
||||
## Custom configurations
|
||||
|
||||
Because BunkerWeb is based on the NGINX web server, you can add custom NGINX configurations in different NGINX contexts. You can also apply custom configurations for the ModSecurity WAF which is a core component of BunkerWeb (more info [here](/1.4/security-tuning/#modsecurity)). Here is the list of custom configurations types :
|
||||
Because BunkerWeb is based on the NGINX web server, you can add custom NGINX configurations in different NGINX contexts. You can also apply custom configurations for the ModSecurity WAF which is a core component of BunkerWeb (more info [here](/1.5.0-beta/security-tuning/#modsecurity)). Here is the list of custom configurations types :
|
||||
|
||||
- **http** : http level of NGINX
|
||||
- **server-http** : http/server level of NGINX
|
||||
|
@ -1444,7 +1444,7 @@ Some integrations offer a more convenient way of applying configurations such as
|
|||
|
||||
=== "Docker"
|
||||
|
||||
When using the [Docker integration](/1.4/integrations/#docker), you have two choices for the addition of custom configurations :
|
||||
When using the [Docker integration](/1.5.0-beta/integrations/#docker), you have two choices for the addition of custom configurations :
|
||||
|
||||
- Using specific settings `*_CUSTOM_CONF_*` as environment variables (recommended)
|
||||
- Writing .conf files to the volume mounted on /data of the scheduler
|
||||
|
@ -1513,7 +1513,7 @@ Some integrations offer a more convenient way of applying configurations such as
|
|||
|
||||
=== "Docker autoconf"
|
||||
|
||||
When using the [Docker autoconf integration](/1.4/integrations/#docker-autoconf), you have two choices for adding custom configurations :
|
||||
When using the [Docker autoconf integration](/1.5.0-beta/integrations/#docker-autoconf), you have two choices for adding custom configurations :
|
||||
|
||||
- Using specific settings `*_CUSTOM_CONF_*` as labels (easiest)
|
||||
- Writing .conf files to the volume mounted on /data of the scheduler
|
||||
|
@ -1582,7 +1582,7 @@ Some integrations offer a more convenient way of applying configurations such as
|
|||
|
||||
=== "Swarm"
|
||||
|
||||
When using the [Swarm integration](/1.4/integrations/#swarm), custom configurations are managed using [Docker Configs](https://docs.docker.com/engine/swarm/configs/).
|
||||
When using the [Swarm integration](/1.5.0-beta/integrations/#swarm), custom configurations are managed using [Docker Configs](https://docs.docker.com/engine/swarm/configs/).
|
||||
|
||||
To keep it simple, you don't even need to attach the Config to a service : the autoconf service is listening for Config events and will update the custom configurations when needed.
|
||||
|
||||
|
@ -1606,7 +1606,7 @@ Some integrations offer a more convenient way of applying configurations such as
|
|||
|
||||
=== "Kubernetes"
|
||||
|
||||
When using the [Kubernetes integration](/1.4/integrations/#kubernetes), custom configurations are managed using [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/).
|
||||
When using the [Kubernetes integration](/1.5.0-beta/integrations/#kubernetes), custom configurations are managed using [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/).
|
||||
|
||||
To keep it simple, you don't even need to use the ConfigMap with a Pod (e.g. as environment variable or volume) : the autoconf Pod is listening for ConfigMap events and will update the custom configurations when needed.
|
||||
|
||||
|
@ -1636,7 +1636,7 @@ Some integrations offer a more convenient way of applying configurations such as
|
|||
|
||||
=== "Linux"
|
||||
|
||||
When using the [Linux integration](/1.4/integrations/#linux), custom configurations must be written to the /etc/bunkerweb/configs folder.
|
||||
When using the [Linux integration](/1.5.0-beta/integrations/#linux), custom configurations must be written to the /etc/bunkerweb/configs folder.
|
||||
|
||||
Here is an example for server-http/hello-world.conf :
|
||||
|
||||
|
@ -1701,7 +1701,7 @@ Some integrations offer a more convenient way of applying configurations such as
|
|||
|
||||
=== "Vagrant"
|
||||
|
||||
When using the [Vagrant integration](/1.4/integrations/#vagrant), custom configurations must be written to the `/etc/bunkerweb/configs` folder.
|
||||
When using the [Vagrant integration](/1.5.0-beta/integrations/#vagrant), custom configurations must be written to the `/etc/bunkerweb/configs` folder.
|
||||
|
||||
Here is an example for server-http/hello-world.conf :
|
||||
|
||||
|
@ -1750,7 +1750,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
|
||||
=== "Docker"
|
||||
|
||||
When using the [Docker integration](/1.4/integrations/#docker), to support PHP applications, you will need to :
|
||||
When using the [Docker integration](/1.5.0-beta/integrations/#docker), to support PHP applications, you will need to :
|
||||
|
||||
- Mount your PHP files into the `/var/www/html` folder of BunkerWeb
|
||||
- Set up a PHP-FPM container for your application and mount the folder containing PHP files
|
||||
|
@ -1870,9 +1870,9 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
=== "Docker autoconf"
|
||||
|
||||
!!! info "Multisite mode enabled"
|
||||
The [Docker autoconf integration](/1.4/integrations/#docker-autoconf) integration implies the use of multisite mode : protecting one PHP application is the same as protecting multiple ones.
|
||||
The [Docker autoconf integration](/1.5.0-beta/integrations/#docker-autoconf) integration implies the use of multisite mode : protecting one PHP application is the same as protecting multiple ones.
|
||||
|
||||
When using the [Docker autoconf integration](/1.4/integrations/#docker-autoconf), to support PHP applications, you will need to :
|
||||
When using the [Docker autoconf integration](/1.5.0-beta/integrations/#docker-autoconf), to support PHP applications, you will need to :
|
||||
|
||||
- Mount your PHP files into the `/var/www/html` folder of BunkerWeb
|
||||
- Set up a PHP-FPM containers for your applications and mount the folder containing PHP apps
|
||||
|
@ -2022,12 +2022,12 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
=== "Swarm"
|
||||
|
||||
!!! info "Multisite mode enabled"
|
||||
The [Swarm integration](/1.4/integrations/#docker-autoconf) integration implies the use of multisite mode : protecting one PHP application is the same as protecting multiple ones.
|
||||
The [Swarm integration](/1.5.0-beta/integrations/#docker-autoconf) integration implies the use of multisite mode : protecting one PHP application is the same as protecting multiple ones.
|
||||
|
||||
!!! info "Shared volume"
|
||||
Using PHP with the Docker Swarm integration needs a shared volume between all BunkerWeb and PHP-FPM instances which is not covered in this documentation.
|
||||
|
||||
When using the [Docker autoconf integration](/1.4/integrations/#docker-autoconf), to support PHP applications, you will need to :
|
||||
When using the [Docker autoconf integration](/1.5.0-beta/integrations/#docker-autoconf), to support PHP applications, you will need to :
|
||||
|
||||
- Mount your PHP files into the `/var/www/html` folder of BunkerWeb
|
||||
- Set up a PHP-FPM containers for your applications and mount the folder containing PHP apps
|
||||
|
@ -2139,7 +2139,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
|
||||
=== "Linux"
|
||||
|
||||
We will assume that you already have the [Linux integration](/1.4/integrations/#linux) stack running on your machine.
|
||||
We will assume that you already have the [Linux integration](/1.5.0-beta/integrations/#linux) stack running on your machine.
|
||||
|
||||
By default, BunkerWeb will search for web files inside the `/var/www/html` folder. You can use it to store your PHP applications. Please note that you will need to configure your PHP-FPM service to get or set the user/group of the running processes and the UNIX socket file used to communicate with BunkerWeb.
|
||||
|
||||
|
@ -2224,7 +2224,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
!!! info "Linux"
|
||||
Please follow the instruction for Linux integration to create a local `www` folder (permissions are not needed, Ansible will do it for you).
|
||||
|
||||
We will assume that you already have the [Ansible integration](/1.4/integrations/#ansible) setup on your machine.
|
||||
We will assume that you already have the [Ansible integration](/1.5.0-beta/integrations/#ansible) setup on your machine.
|
||||
|
||||
Content of the `my_variables.env` configuration file :
|
||||
|
||||
|
@ -2273,7 +2273,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
|
|||
!!! info "Linux"
|
||||
Please follow the instruction for Linux integration to create the `/var/www/html` folder.
|
||||
|
||||
We will assume that you already have the [Vagrant integration](/1.4/integrations/#vagrant) stack running on your machine.
|
||||
We will assume that you already have the [Vagrant integration](/1.5.0-beta/integrations/#vagrant) stack running on your machine.
|
||||
|
||||
Once PHP files are copied into the `/var/www/html`folder, you can now edit the `/etc/bunkerweb/variable.env` file :
|
||||
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
# Security tuning
|
||||
|
||||
BunkerWeb offers many security features that you can configure with [settings](/1.4/settings). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you tune them. By doing so you will be able to ensure the security level of your choice but also manage false positives.
|
||||
BunkerWeb offers many security features that you can configure with [settings](/1.5.0-beta/settings). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you tune them. By doing so you will be able to ensure the security level of your choice but also manage false positives.
|
||||
|
||||
!!! tip "Other settings"
|
||||
This section only focuses on security tuning, see the [settings section](/1.4/settings) of the documentation for other settings.
|
||||
This section only focuses on security tuning, see the [settings section](/1.5.0-beta/settings) of the documentation for other settings.
|
||||
|
||||
<figure markdown>
|
||||
![Overview](assets/img/core-order.svg){ align=center }
|
||||
|
@ -98,7 +98,7 @@ Various security headers are available and most of them can be set using BunkerW
|
|||
|
||||
STREAM support :x:
|
||||
|
||||
[Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) lets you manage how your service can be contacted from different origins. Please note that you will have to allow the `OPTIONS` HTTP method using the `ALLOWED_METHODS` if you want to enable it (more info [here](https://docs.bunkerweb.io/1.4/security-tuning/#allowed-methods)). Here is the list of settings related to CORS :
|
||||
[Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) lets you manage how your service can be contacted from different origins. Please note that you will have to allow the `OPTIONS` HTTP method using the `ALLOWED_METHODS` if you want to enable it (more info [here](https://docs.bunkerweb.io/1.5.0-beta/security-tuning/#allowed-methods)). Here is the list of settings related to CORS :
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|------------------------|------------------------------------------------------------------------------------|---------|--------|--------------------------------------------------|
|
||||
|
@ -183,7 +183,7 @@ ModSecurity is integrated and enabled by default alongside the OWASP Core Rule S
|
|||
|
||||
We strongly recommend keeping both ModSecurity and the OWASP Core Rule Set enabled. The only downsides are the false positives that may occur. But they can be fixed with some efforts and the CRS team maintains a list of exclusions for common applications (e.g., WordPress, Nextcloud, Drupal, Cpanel, ...).
|
||||
|
||||
Tuning ModSecurity and the CRS can be done using [custom configurations](/1.4/quickstart-guide/#custom-configurations) :
|
||||
Tuning ModSecurity and the CRS can be done using [custom configurations](/1.5.0-beta/quickstart-guide/#custom-configurations) :
|
||||
|
||||
- modsec-crs : before the OWASP Core Rule Set is loaded
|
||||
- modsec : after the OWASP Core Rule Set is loaded (also used if CRS is not loaded)
|
||||
|
@ -456,7 +456,7 @@ You can quickly protect sensitive resources like the admin area for example, by
|
|||
|
||||
### Auth request
|
||||
|
||||
You can deploy complex authentication (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/master/examples).
|
||||
You can deploy complex authentication (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/1.5.0-beta/examples).
|
||||
|
||||
**Auth request settings are related to reverse proxy rules.**
|
||||
|
||||
|
|
|
@ -114,7 +114,7 @@ Here is how you can access the logs, depending on your integration :
|
|||
|
||||
## Permissions
|
||||
|
||||
Don't forget that BunkerWeb runs as an unprivileged user for obvious security reasons. Double-check the permissions of files and folders used by BunkerWeb, especially if you use custom configurations (more info [here](/1.4/quickstart-guide/#custom-configurations)). You will need to set at least **RW** rights on files and **_RWX_** on folders.
|
||||
Don't forget that BunkerWeb runs as an unprivileged user for obvious security reasons. Double-check the permissions of files and folders used by BunkerWeb, especially if you use custom configurations (more info [here](/1.5.0-beta/quickstart-guide/#custom-configurations)). You will need to set at least **RW** rights on files and **_RWX_** on folders.
|
||||
|
||||
## ModSecurity
|
||||
|
||||
|
@ -205,11 +205,11 @@ As we can see, there are 3 different logs :
|
|||
|
||||
One important thing to understand is that rule **949110** is not a "real" one : it's the one that will deny the request because the anomaly threshold is reached (which is **10** in this example). You should never remove the **949110** rule !
|
||||
|
||||
If it's a false-positive, you should then focus on both **930120** and **932160** rules. ModSecurity and/or CRS tuning is out of the scope of this documentation but don't forget that you can apply custom configurations before and after the CRS is loaded (more info [here](/1.4/quickstart-guide/#custom-configurations)).
|
||||
If it's a false-positive, you should then focus on both **930120** and **932160** rules. ModSecurity and/or CRS tuning is out of the scope of this documentation but don't forget that you can apply custom configurations before and after the CRS is loaded (more info [here](/1.5.0-beta/quickstart-guide/#custom-configurations)).
|
||||
|
||||
## Bad Behavior
|
||||
|
||||
A common false-positive case is when the client is banned because of the "bad behavior" feature which means that too many suspicious HTTP status codes were generated within a time period (more info [here](/1.4/security-tuning/#bad-behavior)). You should start by reviewing the settings and then edit them according to your web application(s) like removing a suspicious HTTP code, decreasing the count time, increasing the threshold, ...
|
||||
A common false-positive case is when the client is banned because of the "bad behavior" feature which means that too many suspicious HTTP status codes were generated within a time period (more info [here](/1.5.0-beta/security-tuning/#bad-behavior)). You should start by reviewing the settings and then edit them according to your web application(s) like removing a suspicious HTTP code, decreasing the count time, increasing the threshold, ...
|
||||
|
||||
## IP unban
|
||||
|
||||
|
@ -276,7 +276,7 @@ You can manually unban an IP which can be useful when doing some tests but it ne
|
|||
|
||||
## Whitelisting
|
||||
|
||||
If you have bots that need to access your website, the recommended way to avoid any false positive is to whitelist them using the [whitelisting feature](/1.4/security-tuning/#blacklisting-and-whitelisting). We don't recommend using the `WHITELIST_URI*` or `WHITELIST_USER_AGENT*` settings unless they are set to secret and unpredictable values. Common use cases are :
|
||||
If you have bots that need to access your website, the recommended way to avoid any false positive is to whitelist them using the [whitelisting feature](/1.5.0-beta/security-tuning/#blacklisting-and-whitelisting). We don't recommend using the `WHITELIST_URI*` or `WHITELIST_USER_AGENT*` settings unless they are set to secret and unpredictable values. Common use cases are :
|
||||
|
||||
- Healthcheck / status bot
|
||||
- Callback like IPN or webhook
|
||||
|
|
|
@ -29,11 +29,11 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
* Choose a strong password for the login
|
||||
* Put the web UI under a "hard to guess" URI
|
||||
* Do not open the web UI on the Internet without any further restrictions
|
||||
* Apply settings listed in the [security tuning section](/1.4/security-tuning/) of the documentation
|
||||
* Apply settings listed in the [security tuning section](/1.5.0-beta/security-tuning/) of the documentation
|
||||
|
||||
!!! info "Multisite mode"
|
||||
|
||||
The usage of the web UI implies enabling the [multisite mode](/1.4/concepts/#multisite-mode).
|
||||
The usage of the web UI implies enabling the [multisite mode](/1.5.0-beta/concepts/#multisite-mode).
|
||||
|
||||
=== "Docker"
|
||||
|
||||
|
@ -61,7 +61,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
|
||||
!!! info "Database backend"
|
||||
|
||||
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/master/misc/integrations) of the repository.
|
||||
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/1.5.0-beta/misc/integrations) of the repository.
|
||||
|
||||
Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) :
|
||||
|
||||
|
@ -89,7 +89,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
- www.example.com_REVERSE_PROXY_URL=/changeme/
|
||||
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
- www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
@ -183,7 +183,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
|
||||
!!! info "Database backend"
|
||||
|
||||
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/master/misc/integrations) of the repository.
|
||||
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/1.5.0-beta/misc/integrations) of the repository.
|
||||
|
||||
Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) :
|
||||
|
||||
|
@ -276,7 +276,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
|
||||
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
|
||||
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
|
||||
- "bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no"
|
||||
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
@ -320,7 +320,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
|
||||
!!! info "Database backend"
|
||||
|
||||
If you want another Database backend than MariaDB please refer to the stack files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/master/misc/integrations) of the repository.
|
||||
If you want another Database backend than MariaDB please refer to the stack files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/1.5.0-beta/misc/integrations) of the repository.
|
||||
|
||||
Here is the stack boilerplate that you can use (don't forget to edit the `changeme` data) :
|
||||
|
||||
|
@ -425,13 +425,14 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
- bw-docker
|
||||
deploy:
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.USE_UI=yes
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/changeme/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
- bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
- "bunkerweb.SERVER_NAME=www.example.com"
|
||||
- "bunkerweb.USE_UI=yes"
|
||||
- "bunkerweb.USE_REVERSE_PROXY=yes"
|
||||
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
|
||||
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
|
||||
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
|
||||
- "bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no"
|
||||
- "INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
@ -468,7 +469,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
|
||||
!!! info "Database backend"
|
||||
|
||||
If you want another Database backend than MariaDB please refer to the yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/master/misc/integrations) of the repository.
|
||||
If you want another Database backend than MariaDB please refer to the yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/1.5.0-beta/misc/integrations) of the repository.
|
||||
|
||||
Here is the yaml boilerplate that you can use (don't forget to edit the `changeme` data) :
|
||||
|
||||
|
@ -522,7 +523,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
image: bunkerity/bunkerweb:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
|
@ -592,7 +593,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
image: bunkerity/bunkerweb-autoconf:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
@ -619,7 +620,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-scheduler
|
||||
image: bunkerity/bunkerweb-scheduler:1.4.6
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
@ -804,7 +805,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
|
||||
=== "Linux"
|
||||
|
||||
The installation of the web UI using the [Linux integration](/1.4/integrations/#linux) is pretty straightforward because it is installed with BunkerWeb.
|
||||
The installation of the web UI using the [Linux integration](/1.5.0-beta/integrations/#linux) is pretty straightforward because it is installed with BunkerWeb.
|
||||
|
||||
The web UI comes as systemd service named `bunkerweb-ui` which is not enabled by default. If you want to start the web UI when on startup you can run the following command :
|
||||
|
||||
|
@ -836,12 +837,12 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
SERVER_NAME=www.example.com
|
||||
MULTISITE=yes
|
||||
USE_UI=yes
|
||||
USE_REVERSE_PROXY=yes
|
||||
REVERSE_PROXY_URL=/changeme/
|
||||
REVERSE_PROXY_HOST=http://127.0.0.1:7000
|
||||
REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
www.example.com_USE_UI=yes
|
||||
www.example.com_USE_REVERSE_PROXY=yes
|
||||
www.example.com_REVERSE_PROXY_URL=/changeme/
|
||||
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
|
||||
www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
|
||||
```
|
||||
|
||||
Don't forget to restart the `bunkerweb` service :
|
||||
|
@ -852,7 +853,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
|
||||
=== "Ansible"
|
||||
|
||||
The installation of the web UI using the [Vagrant integration](/1.4/integrations/#linux) is pretty straightforward because it is installed with BunkerWeb.
|
||||
The installation of the web UI using the [Vagrant integration](/1.5.0-beta/integrations/#linux) is pretty straightforward because it is installed with BunkerWeb.
|
||||
|
||||
Create a `my_ui.env` filed used to configure the web UI :
|
||||
|
||||
|
@ -870,12 +871,12 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
SERVER_NAME=www.example.com
|
||||
MULTISITE=yes
|
||||
USE_UI=yes
|
||||
USE_REVERSE_PROXY=yes
|
||||
REVERSE_PROXY_URL=/changeme/
|
||||
REVERSE_PROXY_HOST=http://127.0.0.1:7000
|
||||
REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
www.example.com_USE_UI=yes
|
||||
www.example.com_USE_REVERSE_PROXY=yes
|
||||
www.example.com_REVERSE_PROXY_URL=/changeme/
|
||||
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
|
||||
www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
|
||||
```
|
||||
|
||||
The variable `enable_ui` can be set to `true` in order to activate the web UI service and the variable `custom_ui` can be used to specify the configuration file for the web UI :
|
||||
|
@ -907,7 +908,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
|
||||
=== "Vagrant"
|
||||
|
||||
The installation of the web UI using the [Vagrant integration](/1.4/integrations/#vagrant) is pretty straightforward because it is installed with BunkerWeb.
|
||||
The installation of the web UI using the [Vagrant integration](/1.5.0-beta/integrations/#vagrant) is pretty straightforward because it is installed with BunkerWeb.
|
||||
|
||||
First of all, you will need to get a shell on your Vagrant box :
|
||||
|
||||
|
@ -945,12 +946,12 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
SERVER_NAME=www.example.com
|
||||
MULTISITE=yes
|
||||
USE_UI=yes
|
||||
USE_REVERSE_PROXY=yes
|
||||
REVERSE_PROXY_URL=/changeme/
|
||||
REVERSE_PROXY_HOST=http://127.0.0.1:7000
|
||||
REVERSE_PROXY_HEADERS=X-Script-Name /changeme # replace with another url
|
||||
REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
www.example.com_USE_UI=yes
|
||||
www.example.com_USE_REVERSE_PROXY=yes
|
||||
www.example.com_REVERSE_PROXY_URL=/changeme/
|
||||
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
|
||||
www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
|
||||
```
|
||||
|
||||
Don't forget to restart the `bunkerweb` service :
|
||||
|
|
|
@ -86,7 +86,7 @@ services:
|
|||
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
|
||||
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
|
||||
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
|
||||
- "bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no"
|
||||
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
|
|
@ -86,7 +86,7 @@ services:
|
|||
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
|
||||
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
|
||||
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
|
||||
- "bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no"
|
||||
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
|
|
@ -85,7 +85,7 @@ services:
|
|||
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
|
||||
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
|
||||
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
|
||||
- "bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no"
|
||||
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
|
|
@ -76,7 +76,7 @@ services:
|
|||
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
|
||||
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
|
||||
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
|
||||
- "bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no"
|
||||
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
|
|
@ -21,7 +21,7 @@ services:
|
|||
- www.example.com_REVERSE_PROXY_URL=/changeme/
|
||||
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
- www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
|
|
@ -21,7 +21,7 @@ services:
|
|||
- www.example.com_REVERSE_PROXY_URL=/admin/
|
||||
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /admin
|
||||
- www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
|
|
@ -22,7 +22,7 @@ services:
|
|||
- www.example.com_REVERSE_PROXY_URL=/admin/
|
||||
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /admin
|
||||
- www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
|
|
@ -17,7 +17,7 @@ services:
|
|||
- www.example.com_REVERSE_PROXY_URL=/changeme/
|
||||
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
- www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
|
|
@ -47,7 +47,7 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
image: bunkerity/bunkerweb:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
|
@ -117,7 +117,7 @@ spec:
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
image: bunkerity/bunkerweb-autoconf:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
@ -144,7 +144,7 @@ spec:
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-scheduler
|
||||
image: bunkerity/bunkerweb-scheduler:1.4.6
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
@ -313,7 +313,7 @@ metadata:
|
|||
annotations:
|
||||
bunkerweb.io/www.example.com_USE_UI: "yes"
|
||||
bunkerweb.io/www.example.com_REVERSE_PROXY_HEADERS_1: "X-Script-Name /changeme"
|
||||
bunkerweb.io/www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS: "no"
|
||||
bunkerweb.io/www.example.com_INTERCEPTED_ERROR_CODES: "400 404 405 413 429 500 501 502 503 504"
|
||||
spec:
|
||||
rules:
|
||||
- host: www.example.com
|
||||
|
|
|
@ -47,7 +47,7 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
image: bunkerity/bunkerweb:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
|
@ -117,7 +117,7 @@ spec:
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
image: bunkerity/bunkerweb-autoconf:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
@ -144,7 +144,7 @@ spec:
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-scheduler
|
||||
image: bunkerity/bunkerweb-scheduler:1.4.6
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
|
|
@ -47,7 +47,7 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
image: bunkerity/bunkerweb:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
|
@ -117,7 +117,7 @@ spec:
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
image: bunkerity/bunkerweb-autoconf:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
@ -144,7 +144,7 @@ spec:
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-scheduler
|
||||
image: bunkerity/bunkerweb-scheduler:1.4.6
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
@ -371,7 +371,7 @@ metadata:
|
|||
annotations:
|
||||
bunkerweb.io/www.example.com_USE_UI: "yes"
|
||||
bunkerweb.io/www.example.com_REVERSE_PROXY_HEADERS_1: "X-Script-Name /changeme"
|
||||
bunkerweb.io/www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS: "no"
|
||||
bunkerweb.io/www.example.com_INTERCEPTED_ERROR_CODES: "400 404 405 413 429 500 501 502 503 504"
|
||||
spec:
|
||||
rules:
|
||||
- host: www.example.com
|
||||
|
|
|
@ -47,7 +47,7 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
image: bunkerity/bunkerweb:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
|
@ -117,7 +117,7 @@ spec:
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
image: bunkerity/bunkerweb-autoconf:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
@ -143,7 +143,7 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
image: bunkerity/bunkerweb-autoconf:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
|
|
@ -47,7 +47,7 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
image: bunkerity/bunkerweb:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
|
@ -117,7 +117,7 @@ spec:
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
image: bunkerity/bunkerweb-autoconf:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
@ -144,7 +144,7 @@ spec:
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-scheduler
|
||||
image: bunkerity/bunkerweb-scheduler:1.4.6
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
@ -323,7 +323,7 @@ metadata:
|
|||
annotations:
|
||||
bunkerweb.io/www.example.com_USE_UI: "yes"
|
||||
bunkerweb.io/www.example.com_REVERSE_PROXY_HEADERS_1: "X-Script-Name /changeme"
|
||||
bunkerweb.io/www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS: "no"
|
||||
bunkerweb.io/www.example.com_INTERCEPTED_ERROR_CODES: "400 404 405 413 429 500 501 502 503 504"
|
||||
spec:
|
||||
rules:
|
||||
- host: www.example.com
|
||||
|
|
|
@ -47,7 +47,7 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
image: bunkerity/bunkerweb:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
|
@ -117,7 +117,7 @@ spec:
|
|||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
image: bunkerity/bunkerweb-autoconf:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
@ -143,7 +143,7 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
image: bunkerity/bunkerweb-autoconf:1.5.0-beta
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
|
|
@ -98,13 +98,13 @@ services:
|
|||
- bw-docker
|
||||
deploy:
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.USE_UI=yes
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/changeme/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
- bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
- "bunkerweb.SERVER_NAME=www.example.com"
|
||||
- "bunkerweb.USE_UI=yes"
|
||||
- "bunkerweb.USE_REVERSE_PROXY=yes"
|
||||
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
|
||||
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
|
||||
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
|
||||
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
|
|
@ -98,13 +98,13 @@ services:
|
|||
- bw-docker
|
||||
deploy:
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.USE_UI=yes
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/changeme/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
- bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
- "bunkerweb.SERVER_NAME=www.example.com"
|
||||
- "bunkerweb.USE_UI=yes"
|
||||
- "bunkerweb.USE_REVERSE_PROXY=yes"
|
||||
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
|
||||
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
|
||||
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
|
||||
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
|
|
@ -97,13 +97,13 @@ services:
|
|||
- bw-docker
|
||||
deploy:
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.USE_UI=yes
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/changeme/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme
|
||||
- bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
- "bunkerweb.SERVER_NAME=www.example.com"
|
||||
- "bunkerweb.USE_UI=yes"
|
||||
- "bunkerweb.USE_REVERSE_PROXY=yes"
|
||||
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
|
||||
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
|
||||
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
|
||||
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
|
|
@ -107,7 +107,7 @@ api.global.POST["^/unban$"] = function(self)
|
|||
end
|
||||
local ok, ip = pcall(cjson.decode, data)
|
||||
if not ok then
|
||||
return self:response(ngx.HTTP_INTERNAL_SERVER_ERROR, "error", "can't decode JSON : " .. env)
|
||||
return self:response(ngx.HTTP_INTERNAL_SERVER_ERROR, "error", "can't decode JSON : " .. ip)
|
||||
end
|
||||
self.datastore:delete("bans_ip_" .. ip["ip"])
|
||||
return self:response(ngx.HTTP_OK, "success", "ip " .. ip["ip"] .. " unbanned")
|
||||
|
@ -126,7 +126,7 @@ api.global.POST["^/ban$"] = function(self)
|
|||
end
|
||||
local ok, ip = pcall(cjson.decode, data)
|
||||
if not ok then
|
||||
return self:response(ngx.HTTP_INTERNAL_SERVER_ERROR, "error", "can't decode JSON : " .. env)
|
||||
return self:response(ngx.HTTP_INTERNAL_SERVER_ERROR, "error", "can't decode JSON : " .. ip)
|
||||
end
|
||||
self.datastore:set("bans_ip_" .. ip["ip"], "manual", ip["exp"])
|
||||
return self:response(ngx.HTTP_OK, "success", "ip " .. ip["ip"] .. " banned")
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
lua_shared_dict ready_lock_stream 16k;
|
||||
|
||||
init_worker_by_lua_block {
|
||||
|
||||
-- Our timer function
|
||||
local ready_log = function(premature)
|
||||
-- Instantiate objects
|
||||
local logger = require "bunkerweb.logger":new("INIT")
|
||||
local datastore = require "bunkerweb.datastore":new()
|
||||
-- Don't print the ready log if we are in loading state
|
||||
local is_loading, err = require "bunkerweb.utils".get_variable("IS_LOADING", false)
|
||||
if not is_loading then
|
||||
logger:log(ngx.ERR, "utils.get_variable() failed : " .. err)
|
||||
return
|
||||
elseif is_loading == "yes" then
|
||||
return
|
||||
end
|
||||
-- Instantiate lock
|
||||
local lock = require "resty.lock":new("ready_lock_stream")
|
||||
if not lock then
|
||||
logger:log(ngx.ERR, "lock:new() failed : " .. err)
|
||||
return
|
||||
end
|
||||
-- Acquire lock
|
||||
local elapsed, err = lock:lock("ready")
|
||||
if elapsed == nil then
|
||||
logger:log(ngx.ERR, "lock:lock() failed : " .. err)
|
||||
else
|
||||
-- Display ready log
|
||||
local ok, err = datastore:get("misc_ready")
|
||||
if not ok and err ~= "not found" then
|
||||
logger:log(ngx.ERR, "datastore:get() failed : " .. err)
|
||||
elseif not ok and err == "not found" then
|
||||
logger:log(ngx.NOTICE, "BunkerWeb is ready to fool hackers ! 🚀")
|
||||
local ok, err = datastore:set("misc_ready", "ok")
|
||||
if not ok then
|
||||
logger:log(ngx.ERR, "datastore:set() failed : " .. err)
|
||||
end
|
||||
end
|
||||
end
|
||||
-- Release lock
|
||||
lock:unlock()
|
||||
end
|
||||
|
||||
-- Start timer
|
||||
ngx.timer.at(5, ready_log)
|
||||
|
||||
}
|
|
@ -37,9 +37,6 @@ lua_shared_dict cachestore_locks_stream {{ CACHESTORE_LOCKS_MEMORY_SIZE }};
|
|||
# LUA init block
|
||||
include /etc/nginx/init-stream-lua.conf;
|
||||
|
||||
# LUA init worker block
|
||||
include /etc/nginx/init-worker-stream-lua.conf;
|
||||
|
||||
# TODO add default stream server if that makes any sense ?
|
||||
|
||||
# server config(s)
|
||||
|
|
|
@ -2,7 +2,7 @@ local class = require "middleclass"
|
|||
local plugin = require "bunkerweb.plugin"
|
||||
local utils = require "bunkerweb.utils"
|
||||
local datastore = require "bunkerweb.datastore"
|
||||
local json = require "cjson"
|
||||
local cjson = require "cjson"
|
||||
local http = require "resty.http"
|
||||
|
||||
local bunkernet = class("bunkernet", plugin)
|
||||
|
@ -40,7 +40,7 @@ function bunkernet:init()
|
|||
return self:ret(false, "can't read instance id : " .. err)
|
||||
end
|
||||
-- Retrieve instance ID
|
||||
id = f:read("*all"):gsub("[\r\n]", "")
|
||||
local id = f:read("*all"):gsub("[\r\n]", "")
|
||||
f:close()
|
||||
-- Store ID in datastore
|
||||
local ok, err = self.datastore:set("plugin_bunkernet_id", id)
|
||||
|
@ -53,7 +53,7 @@ function bunkernet:init()
|
|||
local db = {
|
||||
ip = {}
|
||||
}
|
||||
f, err = io.open("/var/cache/bunkerweb/bunkernet/ip.list", "r")
|
||||
local f, err = io.open("/var/cache/bunkerweb/bunkernet/ip.list", "r")
|
||||
if not f then
|
||||
ret = false
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue