v1.4.1 release
This commit is contained in:
parent
424214fd56
commit
bcaca6f034
|
@ -181,7 +181,7 @@ jobs:
|
|||
- name: Set variables
|
||||
run: |
|
||||
VER=$(cat VERSION | tr -d '\n')
|
||||
if [ "$GITHUB_REF" = "refs/heads/main" ] ; then
|
||||
if [ "$GITHUB_REF" = "refs/heads/master" ] ; then
|
||||
echo "BUILD_MODE=prod" >> $GITHUB_ENV
|
||||
else
|
||||
echo "BUILD_MODE=dev" >> $GITHUB_ENV
|
||||
|
|
|
@ -70,12 +70,6 @@ jobs:
|
|||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Login to private repository
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
|
||||
# Build images
|
||||
- name: Build BW for 386
|
||||
|
@ -91,7 +85,7 @@ jobs:
|
|||
context: .
|
||||
file: autoconf/Dockerfile
|
||||
platforms: linux/386
|
||||
tags: /bunkerweb-autoconf-tests-386:latest
|
||||
tags: bunkerweb-autoconf-tests-386:latest
|
||||
cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-386-cache,mode=min
|
||||
- name: Build BW UI for 386
|
||||
uses: docker/build-push-action@v3
|
||||
|
@ -103,82 +97,57 @@ jobs:
|
|||
cache-to: type=registry,ref=bunkerity/cache:bw-ui-386-cache,mode=min
|
||||
|
||||
# Build bunkerweb/arm
|
||||
# build-bw-arm:
|
||||
# runs-on: [self-hosted, ARM64]
|
||||
# steps:
|
||||
build-bw-arm:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Prepare
|
||||
# - name: Checkout source code
|
||||
# uses: actions/checkout@v3
|
||||
# - name: Setup Buildx
|
||||
# uses: docker/setup-buildx-action@v2
|
||||
# - name: Login to Docker Hub
|
||||
# uses: docker/login-action@v2
|
||||
# with:
|
||||
# username: ${{ secrets.DOCKER_USERNAME }}
|
||||
# password: ${{ secrets.DOCKER_TOKEN }}
|
||||
# - name: Login to private repository
|
||||
# uses: docker/login-action@v2
|
||||
# with:
|
||||
# registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
# username: registry
|
||||
# password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Setup Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
- name: Setup SSH for ARM node
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
|
||||
chmod 600 ~/.ssh/id_rsa_arm
|
||||
echo "$SSH_CONFIG" > ~/.ssh/config
|
||||
env:
|
||||
SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
- name: Append ARM node to buildx
|
||||
run: |
|
||||
docker buildx create --append --name ${{ steps.buildx.outputs.name }} --node arm --platform linux/arm64,linux/arm/v7,linux/arm/v6 ssh://ubuntu@arm
|
||||
|
||||
# Build images
|
||||
# - name: Build BW for armv7
|
||||
# uses: docker/build-push-action@v3
|
||||
# with:
|
||||
# context: .
|
||||
# platforms: linux/arm/v7
|
||||
# push: true
|
||||
# tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-armv7:latest
|
||||
# cache-from: type=registry,ref=bunkerity/cache:bw-armv7-cache
|
||||
# cache-to: type=registry,ref=bunkerity/cache:bw-armv7-cache,mode=min
|
||||
# - name: Build BW for armv8
|
||||
# uses: docker/build-push-action@v3
|
||||
# with:
|
||||
# context: .
|
||||
# platforms: linux/arm64/v8
|
||||
# push: true
|
||||
# tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-armv8:latest
|
||||
# cache-to: type=registry,ref=bunkerity/cache:bw-armv8-cache,mode=min
|
||||
# - name: Build BW autoconf for armv7
|
||||
# uses: docker/build-push-action@v3
|
||||
# with:
|
||||
# context: .
|
||||
# file: autoconf/Dockerfile
|
||||
# platforms: linux/arm/v7
|
||||
# push: true
|
||||
# tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-armv7:latest
|
||||
# cache-from: type=registry,ref=bunkerity/cache:bw-autoconf-armv7-cache
|
||||
# cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-armv7-cache,mode=min
|
||||
# - name: Build BW autoconf for armv8
|
||||
# uses: docker/build-push-action@v3
|
||||
# with:
|
||||
# context: .
|
||||
# file: autoconf/Dockerfile
|
||||
# platforms: linux/arm64/v8
|
||||
# push: true
|
||||
# tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-armv8:latest
|
||||
# cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache,mode=min
|
||||
# - name: Build BW UI for armv7
|
||||
# uses: docker/build-push-action@v3
|
||||
# with:
|
||||
# context: .
|
||||
# file: ui/Dockerfile
|
||||
# platforms: linux/arm/v7
|
||||
# push: true
|
||||
# tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-armv7:latest
|
||||
# cache-from: type=registry,ref=bunkerity/cache:bw-ui-armv7-cache
|
||||
# cache-to: type=registry,ref=bunkerity/cache:bw-ui-armv7-cache,mode=min
|
||||
# - name: Build BW UI for armv8
|
||||
# uses: docker/build-push-action@v3
|
||||
# with:
|
||||
# context: .
|
||||
# file: ui/Dockerfile
|
||||
# platforms: linux/arm64/v8
|
||||
# push: true
|
||||
# tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-armv8:latest
|
||||
# cache-to: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache,mode=min
|
||||
- name: Build BW for ARM
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
platforms: linux/arm64,linux/arm/v7
|
||||
tags: bunkerweb-tests-arm:latest
|
||||
cache-to: type=registry,ref=bunkerity/cache:bw-arm-cache,mode=min
|
||||
- name: Build BW autoconf for ARM
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
file: autoconf/Dockerfile
|
||||
platforms: linux/arm64,linux/arm/v7
|
||||
tags: bunkerweb-autoconf-tests-arm:latest
|
||||
cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-arm-cache,mode=min
|
||||
- name: Build BW UI for ARM
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
file: ui/Dockerfile
|
||||
platforms: linux/arm64,linux/arm/v7
|
||||
tags: bunkerweb-ui-tests-arm:latest
|
||||
cache-to: type=registry,ref=bunkerity/cache:bw-ui-arm-cache,mode=min
|
||||
|
||||
# Run tests
|
||||
tests:
|
||||
|
@ -203,7 +172,7 @@ jobs:
|
|||
- name: Set variables
|
||||
run: |
|
||||
VER=$(cat VERSION | tr -d '\n')
|
||||
if [ "$GITHUB_REF" = "refs/heads/main" ] ; then
|
||||
if [ "$GITHUB_REF" = "refs/heads/master" ] ; then
|
||||
echo "BUILD_MODE=prod" >> $GITHUB_ENV
|
||||
else
|
||||
echo "BUILD_MODE=dev" >> $GITHUB_ENV
|
||||
|
@ -260,16 +229,19 @@ jobs:
|
|||
|
||||
# Push to dev registries
|
||||
push-docker:
|
||||
needs: [tests, build-bw-386]
|
||||
needs: [tests, build-bw-386, build-bw-arm]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v2
|
||||
- name: Set variables
|
||||
run: |
|
||||
VER=$(cat VERSION | tr -d '\n')
|
||||
echo "VERSION=$VER" >> $GITHUB_ENV
|
||||
- name: Setup Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v2
|
||||
|
@ -282,44 +254,55 @@ jobs:
|
|||
registry: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
username: registry
|
||||
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
|
||||
- name: Set variables
|
||||
- name: Setup SSH for ARM node
|
||||
run: |
|
||||
VER=$(cat VERSION | tr -d '\n')
|
||||
echo "VERSION=$VER" >> $GITHUB_ENV
|
||||
mkdir -p ~/.ssh
|
||||
echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
|
||||
chmod 600 ~/.ssh/id_rsa_arm
|
||||
echo "$SSH_CONFIG" > ~/.ssh/config
|
||||
env:
|
||||
SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
|
||||
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
|
||||
- name: Append ARM node to buildx
|
||||
run: |
|
||||
docker buildx create --append --name ${{ steps.buildx.outputs.name }} --node arm --platform linux/arm64,linux/arm/v7,linux/arm/v6 ssh://ubuntu@arm
|
||||
|
||||
# Build and push
|
||||
- name: Build and push BW
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
platforms: linux/amd64,linux/386
|
||||
platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7
|
||||
push: true
|
||||
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb:latest,bunkerity/bunkerweb:latest,bunkerity/bunkerweb:${{ env.VERSION }}
|
||||
cache-from: |
|
||||
type=registry,ref=bunkerity/cache:bw-amd64-cache
|
||||
type=registry,ref=bunkerity/cache:bw-386-cache
|
||||
type=registry,ref=bunkerity/cache:bw-arm-cache
|
||||
- name: Build and push BW autoconf
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
file: autoconf/Dockerfile
|
||||
platforms: linux/amd64,linux/386
|
||||
platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7
|
||||
push: true
|
||||
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:${{ env.VERSION }}
|
||||
cache-from: |
|
||||
type=registry,ref=bunkerity/cache:bw-autoconf-amd64-cache
|
||||
type=registry,ref=bunkerity/cache:bw-autoconf-386-cache
|
||||
type=registry,ref=bunkerity/cache:bw-autoconf-arm-cache
|
||||
- name: Build and push BW UI
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
file: ui/Dockerfile
|
||||
platforms: linux/amd64,linux/386
|
||||
platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7
|
||||
push: true
|
||||
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:${{ env.VERSION }}
|
||||
cache-from: |
|
||||
type=registry,ref=bunkerity/cache:bw-ui-amd64-cache
|
||||
type=registry,ref=bunkerity/cache:bw-ui-386-cache
|
||||
type=registry,ref=bunkerity/cache:bw-ui-arm-cache
|
||||
|
||||
# Push to PackageCloud
|
||||
push-linux:
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Changelog
|
||||
|
||||
## v1.4.1 -
|
||||
## v1.4.1 - 2022/16/06
|
||||
- Fix sending local IPs to BunkerNet when DISABLE_DEFAULT_SERVER=yes
|
||||
- Fix certbot bug when AUTOCONF_MODE=yes
|
||||
- Fix certbot bug when MULTISITE=no
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
</p>
|
||||
|
||||
<p align="center">
|
||||
<img src="https://img.shields.io/badge/bunkerweb-1.4.0-blue" />
|
||||
<img src="https://img.shields.io/badge/bunkerweb-1.4.1-blue" />
|
||||
<img src="https://img.shields.io/github/last-commit/bunkerity/bunkerweb" />
|
||||
<img src="https://img.shields.io/github/workflow/status/bunkerity/bunkerweb/Automatic%20test%2C%20build%2C%20push%20and%20deploy%20%28DEV%29?label=CI%2FCD%20dev" />
|
||||
<img src="https://img.shields.io/github/workflow/status/bunkerity/bunkerweb/Automatic%20test%2C%20build%2C%20push%20and%20deploy%20%28PROD%29?label=CI%2FCD%20prod" />
|
||||
|
|
|
@ -26,11 +26,6 @@ class DockerController(Controller) :
|
|||
continue
|
||||
value = env.replace(variable + "=", "", 1)
|
||||
instance["env"][variable] = value
|
||||
server_name = []
|
||||
for controller_service in self._get_controller_services() :
|
||||
if "bunkerweb.SERVER_NAME" in controller_service.labels :
|
||||
server_name.append(controller_service.labels["bunkerweb.SERVER_NAME"].split(" ")[0])
|
||||
instance["env"]["SERVER_NAME"] = " ".join(server_name)
|
||||
return [instance]
|
||||
|
||||
def _get_controller_services(self) :
|
||||
|
|
|
@ -12,7 +12,7 @@ Using BunkerWeb as a [Docker](https://www.docker.com/) container is a quick and
|
|||
We provide ready to use prebuilt images for x64 and x86 architectures (armv7 and armv8 are not supported at the moment) on [Docker Hub](https://hub.docker.com/r/bunkerity/bunkerweb) :
|
||||
|
||||
```shell
|
||||
docker pull bunkerity/bunkerweb:1.4.0
|
||||
docker pull bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Alternatively, you can build the Docker images directly from the [source](https://github.com/bunkerity/bunkerweb) (and take a coffee ☕ because it may be long depending on your hardware) :
|
||||
|
@ -39,7 +39,7 @@ docker run \
|
|||
-e MY_SETTING=value \
|
||||
-e "MY_OTHER_SETTING=value with spaces" \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
|
@ -48,7 +48,7 @@ Here is the docker-compose equivalent :
|
|||
...
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
environment:
|
||||
- MY_SETTING=value
|
||||
```
|
||||
|
@ -73,7 +73,7 @@ docker run \
|
|||
...
|
||||
-v "${PWD}/bw-data:/data" \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
|
@ -82,7 +82,7 @@ Here is the docker-compose equivalent :
|
|||
...
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
...
|
||||
|
@ -109,7 +109,7 @@ docker run \
|
|||
...
|
||||
-v ./bw-data:/data \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
|
@ -119,7 +119,7 @@ Here is the docker-compose equivalent :
|
|||
...
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
```
|
||||
|
@ -141,7 +141,7 @@ docker run \
|
|||
...
|
||||
--network mynetwork \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
You will also need to do the same with your web application(s). Please note that the other containers are accessible using their name as the hostname.
|
||||
|
@ -152,7 +152,7 @@ Here is the docker-compose equivalent :
|
|||
...
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
networks:
|
||||
- bw-net
|
||||
...
|
||||
|
@ -183,9 +183,6 @@ First of all, you will need to create the data volume :
|
|||
docker volume create bw-data
|
||||
```
|
||||
|
||||
- One for sharing the persistent data, mounted on **/data**
|
||||
- Another one for sharing the generated Nginx configurations, mounted on **/etc/nginx**
|
||||
|
||||
Then, you can create two networks (replace 10.20.30.0/24 with an unused subnet of your choice) :
|
||||
|
||||
```shell
|
||||
|
@ -210,7 +207,7 @@ docker run \
|
|||
-e SERVER_NAME= \
|
||||
-e "API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24" \
|
||||
-l bunkerweb.AUTOCONF \
|
||||
bunkerity/bunkerweb:1.4.0 && \
|
||||
bunkerity/bunkerweb:1.4.1 && \
|
||||
|
||||
docker network connect bw-services mybunker
|
||||
```
|
||||
|
@ -224,7 +221,7 @@ docker run \
|
|||
--network bw-autoconf \
|
||||
-v bw-data:/data \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock:ro \
|
||||
bunkerity/bunkerweb-autoconf:1.4.0
|
||||
bunkerity/bunkerweb-autoconf:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent for the BunkerWeb autoconf stack :
|
||||
|
@ -235,12 +232,10 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- AUTOCONF_MODE=yes
|
||||
- MULTISITE=yes
|
||||
|
@ -253,7 +248,7 @@ services:
|
|||
- bw-services
|
||||
|
||||
myautoconf:
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.0
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.1
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
|
@ -355,7 +350,7 @@ docker service create \
|
|||
-e MULTISITE=yes \
|
||||
-e "API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24" \
|
||||
-l bunkerweb.AUTOCONF \
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
And the autoconf one :
|
||||
|
@ -369,7 +364,7 @@ docker service \
|
|||
--mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock,ro \
|
||||
--mount type=volume,source=bw-data,destination=/data \
|
||||
-e SWARM_MODE=yes \
|
||||
bunkerity/bunkerweb-autoconf:1.4.0
|
||||
bunkerity/bunkerweb-autoconf:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent (using `docker stack deploy`) :
|
||||
|
@ -380,7 +375,7 @@ version: '3.5'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- published: 80
|
||||
target: 8080
|
||||
|
@ -407,7 +402,7 @@ services:
|
|||
- "bunkerweb.AUTOCONF"
|
||||
|
||||
myautoconf:
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.0
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.1
|
||||
environment:
|
||||
- SWARM_MODE=yes
|
||||
volumes:
|
||||
|
@ -697,11 +692,11 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
sudo apt install -y nginx=1.20.2-1~bullseye
|
||||
```
|
||||
|
||||
And finally install BunkerWeb 1.4.0 :
|
||||
And finally install BunkerWeb 1.4.1 :
|
||||
```shell
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
|
||||
sudo apt update && \
|
||||
sudo apt install -y bunkerweb=1.4.0
|
||||
sudo apt install -y bunkerweb=1.4.1
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
|
||||
|
@ -727,11 +722,11 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
sudo apt install -y nginx=1.20.2-1~jammy
|
||||
```
|
||||
|
||||
And finally install BunkerWeb 1.4.0 :
|
||||
And finally install BunkerWeb 1.4.1 :
|
||||
```shell
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
|
||||
sudo apt update && \
|
||||
sudo apt install -y bunkerweb=1.4.0
|
||||
sudo apt install -y bunkerweb=1.4.1
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
|
||||
|
@ -749,7 +744,7 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
```shell
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
|
||||
sudo dnf check-update && \
|
||||
sudo dnf install -y bunkerweb-1.4.0
|
||||
sudo dnf install -y bunkerweb-1.4.1
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
|
||||
|
@ -776,12 +771,12 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
|
|||
sudo dnf install nginx-1.20.2
|
||||
```
|
||||
|
||||
And finally install BunkerWeb 1.4.0 :
|
||||
And finally install BunkerWeb 1.4.1 :
|
||||
```shell
|
||||
dnf install -y epel-release && \
|
||||
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
|
||||
sudo dnf check-update && \
|
||||
sudo dnf install -y bunkerweb-1.4.0
|
||||
sudo dnf install -y bunkerweb-1.4.1
|
||||
```
|
||||
|
||||
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
!!! warning "Read this if you were a bunkerized user"
|
||||
|
||||
A lot of things have changed since the last bunkerized release. If you want to an upgrade, which we recommend you to do because BunkerWeb is by far better than bunkerized, please read carefully this section and also the whole documentation.
|
||||
A lot of things have changed since the last bunkerized release. If you want to do an upgrade, which we recommend you to do because BunkerWeb is by far better than bunkerized, please read carefully this section and also the whole documentation.
|
||||
|
||||
## Volumes
|
||||
|
||||
|
@ -12,11 +12,14 @@ When using container-based integrations like [Docker](/1.4/integrations/#docker)
|
|||
|
||||
We decided to drop the following features :
|
||||
|
||||
- Authelia : we will make an official [plugin](/1.4/plugins) for that
|
||||
- Blocking "bad" referrers : we may add it again in the future
|
||||
- ROOT_SITE_SUBFOLDER : we will need to redesign this in the future
|
||||
|
||||
## Replaced BLOCK_*, WHITELIST_* and BLACKLIST_* settings
|
||||
## Changed Authelia support
|
||||
|
||||
Instead of supporting only Authelia, we decided to support generic auth request settings. See the new [authelia example](https://github.com/bunkerity/bunkerweb/tree/master/examples/authelia) and [auth request documentation](https://docs.bunkerweb.io/1.4/security-tuning/#auth-request) for more information.
|
||||
|
||||
## Replaced BLOCK_\*, WHITELIST_\* and BLACKLIST_\* settings
|
||||
|
||||
The blocking mechanisms has been completely redesigned. We have detected that a lot of false positives came from the default blacklists hardcoded into bunkerized. That's why we decided to give the users the choice of their blacklists (and also whitelists) for IP address, reverse DNS, user-agent, URI and ASN, see the [Blacklisting and whitelisting](/1.4/security-tuning/#blacklisting-and-whitelisting) section of the [security tuning](/1.4/security-tuning).
|
||||
|
||||
|
|
|
@ -43,13 +43,13 @@ The first step is to install the plugin by putting the plugin files inside the c
|
|||
...
|
||||
-v "${PWD}/bw-data:/data" \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
...
|
||||
|
|
|
@ -54,7 +54,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
-e USE_REVERSE_PROXY=yes \
|
||||
-e REVERSE_PROXY_URL=/ \
|
||||
-e REVERSE_PROXY_HOST=http://myapp \
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
|
@ -64,7 +64,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -331,7 +331,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
-e app1.example.com_REVERSE_PROXY_HOST=http://myapp1 \
|
||||
-e app2.example.com_REVERSE_PROXY_HOST=http://myapp2 \
|
||||
-e app3.example.com_REVERSE_PROXY_HOST=http://myapp3 \
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
|
@ -341,7 +341,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -875,13 +875,13 @@ REAL_IP_HEADER=X-Forwarded-For
|
|||
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
|
||||
-e REAL_IP_HEADER=X-Forwarded-For \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
...
|
||||
environment:
|
||||
- USE_REAL_IP=yes
|
||||
|
@ -900,13 +900,13 @@ REAL_IP_HEADER=X-Forwarded-For
|
|||
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
|
||||
-e REAL_IP_HEADER=X-Forwarded-For \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
...
|
||||
environment:
|
||||
- USE_REAL_IP=yes
|
||||
|
@ -925,13 +925,13 @@ REAL_IP_HEADER=X-Forwarded-For
|
|||
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
|
||||
-e REAL_IP_HEADER=X-Forwarded-For \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent (using `docker stack deploy`) :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
...
|
||||
environment:
|
||||
- USE_REAL_IP=yes
|
||||
|
@ -956,7 +956,7 @@ REAL_IP_HEADER=X-Forwarded-For
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
...
|
||||
env:
|
||||
- name: USE_REAL_IP
|
||||
|
@ -1008,13 +1008,13 @@ REAL_IP_HEADER=proxy_protocol
|
|||
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
|
||||
-e REAL_IP_HEADER=proxy_protocol \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
...
|
||||
environment:
|
||||
- USE_REAL_IP=yes
|
||||
|
@ -1035,13 +1035,13 @@ REAL_IP_HEADER=proxy_protocol
|
|||
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
|
||||
-e REAL_IP_HEADER=proxy_protocol \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
...
|
||||
environment:
|
||||
- USE_REAL_IP=yes
|
||||
|
@ -1062,13 +1062,13 @@ REAL_IP_HEADER=proxy_protocol
|
|||
-e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \
|
||||
-e REAL_IP_HEADER=proxy_protocol \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent (using `docker stack deploy`) :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
...
|
||||
environment:
|
||||
- USE_REAL_IP=yes
|
||||
|
@ -1094,7 +1094,7 @@ REAL_IP_HEADER=proxy_protocol
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
...
|
||||
env:
|
||||
- name: USE_REAL_IP
|
||||
|
@ -1169,13 +1169,13 @@ Some integrations offer a more convenient way of applying configurations for exa
|
|||
...
|
||||
-v "${PWD}/bw-data:/data" \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
...
|
||||
|
@ -1212,13 +1212,13 @@ Some integrations offer a more convenient way of applying configurations for exa
|
|||
...
|
||||
-v "${PWD}/bw-data:/data" \
|
||||
...
|
||||
bunkerity/bunkerweb:1.4.0
|
||||
bunkerity/bunkerweb:1.4.1
|
||||
```
|
||||
|
||||
Here is the docker-compose equivalent :
|
||||
```yaml
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
...
|
||||
|
|
|
@ -297,6 +297,7 @@ Using both country blacklist and whitelist at the same time makes no sense. If y
|
|||
|
||||
## Authentication
|
||||
|
||||
### Auth basic
|
||||
You can quickly protect sensitive resources like the admin area for example by requiring HTTP basic authentication. Here is the list of related settings :
|
||||
|
||||
| Setting | Default | Description |
|
||||
|
@ -306,3 +307,14 @@ You can quickly protect sensitive resources like the admin area for example by r
|
|||
| `AUTH_BASIC_USER` | `changeme` | The username required. |
|
||||
| `AUTH_BASIC_PASSWORD` | `changeme` | The password required. |
|
||||
| `AUTH_BASIC_TEXT` | `Restricted area` | Text to display in the auth prompt. |
|
||||
|
||||
### Auth request
|
||||
You can deploy complex authentification (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/master/examples).
|
||||
|
||||
**Auth request settings are related to reverse proxy rules.**
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|---------------------------------------|----------------------------------|---------|--------|--------------------------------------------------------------------------------------------------------------------|
|
||||
|`REVERSE_PROXY_AUTH_REQUEST` | |multisite|yes |Enable authentication using an external provider (value of auth_request directive). |
|
||||
|`REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL`| |multisite|yes |Redirect clients to signin URL when using REVERSE_PROXY_AUTH_REQUEST (used when auth_request call returned 401). |
|
||||
|`REVERSE_PROXY_AUTH_REQUEST_SET` | |multisite|yes |List of variables to set from the authentication provider, separated with ; (values of auth_request_set directives).|
|
|
@ -249,26 +249,33 @@ When settings are considered as "multiple", it means that you can have multiple
|
|||
|
||||
### Reverse proxy
|
||||
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|--------------------------------|----------------------------------|---------|--------|-----------------------------------------------------------------------------------|
|
||||
|`USE_REVERSE_PROXY` |`no` |multisite|no |Activate reverse proxy mode. |
|
||||
|`REVERSE_PROXY_INTERCEPT_ERRORS`|`yes` |multisite|no |Intercept and rewrite errors. |
|
||||
|`REVERSE_PROXY_HOST` | |multisite|yes |Full URL of the proxied resource (proxy_pass). |
|
||||
|`REVERSE_PROXY_URL` | |multisite|yes |Location URL that will be proxied. |
|
||||
|`REVERSE_PROXY_WS` |`no` |multisite|yes |Enable websocket on the proxied resource. |
|
||||
|`REVERSE_PROXY_HEADERS` | |multisite|yes |List of HTTP headers to send to proxied resource. |
|
||||
|`REVERSE_PROXY_BUFFERING` |`yes` |multisite|yes |Enable or disable buffering of responses from proxied resource. |
|
||||
|`REVERSE_PROXY_KEEPALIVE` |`no` |multisite|yes |Enable or disable keepalive connections with the proxied resource. |
|
||||
|`USE_PROXY_CACHE` |`no` |multisite|no |Enable or disable caching of the proxied resources. |
|
||||
|`PROXY_CACHE_PATH_LEVELS` |`1:2` |global |no |Hierarchy levels of the cache. |
|
||||
|`PROXY_CACHE_PATH_ZONE_SIZE` |`10m` |global |no |Maximum size of cached metadata when caching proxied resources. |
|
||||
|`PROXY_CACHE_PATH_PARAMS` |`max_size=100m` |global |no |Additional parameters to add to the proxy_cache directive. |
|
||||
|`PROXY_CACHE_METHODS` |`GET HEAD` |multisite|no |HTTP methods that should trigger a cache operation. |
|
||||
|`PROXY_CACHE_MIN_USES` |`2` |multisite|no |The minimimum number of requests before a response is cached. |
|
||||
|`PROXY_CACHE_KEY` |`$scheme$host$request_uri` |multisite|no |The key used to uniquely identify a cached response. |
|
||||
|`PROXY_CACHE_VALID` |`200=24h 301=1h 302=24h` |multisite|no |Define the caching time dependending on the HTTP status code (list of status=time).|
|
||||
|`PROXY_NO_CACHE` |`$http_pragma $http_authorization`|multisite|no |Conditions to disable caching of responses. |
|
||||
|`PROXY_CACHE_BYPASS` |`0` |multisite|no |Conditions to bypass caching of responses. |
|
||||
| Setting | Default | Context |Multiple| Description |
|
||||
|---------------------------------------|----------------------------------|---------|--------|--------------------------------------------------------------------------------------------------------------------|
|
||||
|`USE_REVERSE_PROXY` |`no` |multisite|no |Activate reverse proxy mode. |
|
||||
|`REVERSE_PROXY_INTERCEPT_ERRORS` |`yes` |multisite|no |Intercept and rewrite errors. |
|
||||
|`REVERSE_PROXY_HOST` | |multisite|yes |Full URL of the proxied resource (proxy_pass). |
|
||||
|`REVERSE_PROXY_URL` | |multisite|yes |Location URL that will be proxied. |
|
||||
|`REVERSE_PROXY_WS` |`no` |multisite|yes |Enable websocket on the proxied resource. |
|
||||
|`REVERSE_PROXY_HEADERS` | |multisite|yes |List of HTTP headers to send to proxied resource separated with ; (values for proxy_set_header directive). |
|
||||
|`REVERSE_PROXY_HEADERS_CLIENT` | |multisite|yes |List of HTTP headers to send to client separated with ; (values for add_header directive). |
|
||||
|`REVERSE_PROXY_BUFFERING` |`yes` |multisite|yes |Enable or disable buffering of responses from proxied resource. |
|
||||
|`REVERSE_PROXY_KEEPALIVE` |`no` |multisite|yes |Enable or disable keepalive connections with the proxied resource. |
|
||||
|`REVERSE_PROXY_AUTH_REQUEST` | |multisite|yes |Enable authentication using an external provider (value of auth_request directive). |
|
||||
|`REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL`| |multisite|yes |Redirect clients to signin URL when using REVERSE_PROXY_AUTH_REQUEST (used when auth_request call returned 401). |
|
||||
|`REVERSE_PROXY_AUTH_REQUEST_SET` | |multisite|yes |List of variables to set from the authentication provider, separated with ; (values of auth_request_set directives).|
|
||||
|`USE_PROXY_CACHE` |`no` |multisite|no |Enable or disable caching of the proxied resources. |
|
||||
|`PROXY_CACHE_PATH_LEVELS` |`1:2` |global |no |Hierarchy levels of the cache. |
|
||||
|`PROXY_CACHE_PATH_ZONE_SIZE` |`10m` |global |no |Maximum size of cached metadata when caching proxied resources. |
|
||||
|`PROXY_CACHE_PATH_PARAMS` |`max_size=100m` |global |no |Additional parameters to add to the proxy_cache directive. |
|
||||
|`PROXY_CACHE_METHODS` |`GET HEAD` |multisite|no |HTTP methods that should trigger a cache operation. |
|
||||
|`PROXY_CACHE_MIN_USES` |`2` |multisite|no |The minimimum number of requests before a response is cached. |
|
||||
|`PROXY_CACHE_KEY` |`$scheme$host$request_uri` |multisite|no |The key used to uniquely identify a cached response. |
|
||||
|`PROXY_CACHE_VALID` |`200=24h 301=1h 302=24h` |multisite|no |Define the caching time dependending on the HTTP status code (list of status=time). |
|
||||
|`PROXY_NO_CACHE` |`$http_pragma $http_authorization`|multisite|no |Conditions to disable caching of responses. |
|
||||
|`PROXY_CACHE_BYPASS` |`0` |multisite|no |Conditions to bypass caching of responses. |
|
||||
|`REVERSE_PROXY_CONNECT_TIMEOUT` |`60s` |multisite|yes |Timeout when connecting to the proxied resource. |
|
||||
|`REVERSE_PROXY_READ_TIMEOUT` |`60s` |multisite|yes |Timeout when reading from the proxied resource. |
|
||||
|`REVERSE_PROXY_SEND_TIMEOUT` |`60s` |multisite|yes |Timeout when sending to the proxied resource. |
|
||||
|
||||
### Self-signed certificate
|
||||
|
||||
|
|
|
@ -78,7 +78,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
-e "bwadm.example.com_REVERSE_PROXY_HEADER=X-Script-Name /changeme" \
|
||||
-e bwadm.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no \
|
||||
-l bunkerweb.UI \
|
||||
bunkerity/bunkerweb:1.4.0 && \
|
||||
bunkerity/bunkerweb:1.4.1 && \
|
||||
docker network connect bw-ui mybunker
|
||||
```
|
||||
|
||||
|
@ -117,7 +117,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
-e ADMIN_USERNAME=admin \
|
||||
-e ADMIN_PASSWORD=changeme \
|
||||
-e ABSOLUTE_URI=http(s)://bwadm.example.com/changeme/
|
||||
bunkerity/bunkerweb-ui:1.4.0 && \
|
||||
bunkerity/bunkerweb-ui:1.4.1 && \
|
||||
docker network connect bw-docker myui
|
||||
```
|
||||
|
||||
|
@ -133,7 +133,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
networks:
|
||||
- bw-services
|
||||
- bw-ui
|
||||
|
@ -156,7 +156,7 @@ Because the web UI is a web application, the recommended installation procedure
|
|||
- "bunkerweb.UI"
|
||||
|
||||
myui:
|
||||
image: bunkerity/bunkerweb-ui:1.4.0
|
||||
image: bunkerity/bunkerweb-ui:1.4.1
|
||||
depends_on:
|
||||
- mydocker
|
||||
networks:
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3.4'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -1 +1,3 @@
|
|||
We assume that you are already familiar with [Authentik]().
|
||||
We assume that you are already familiar with [Authentik](https://goauthentik.io/).
|
||||
|
||||
This example has been tested with a Proxy in Forward auth (domain level) mode (see [here](https://goauthentik.io/docs/providers/proxy/forward_auth) for more information).
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3.4'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
# ⚠️ read this if you use local folders for volumes ⚠️
|
||||
# bunkerweb runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
|
|
|
@ -27,7 +27,7 @@ services:
|
|||
...
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -31,7 +31,7 @@ services:
|
|||
volumes:
|
||||
- ./ghost-data:/var/lib/ghost/content
|
||||
environment:
|
||||
- url=http://www.example.com # replace with your domain
|
||||
- url=https://www.example.com # replace with your domain
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw_data:
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
# dropping all capabilities
|
||||
cap_drop:
|
||||
- ALL
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -24,7 +24,7 @@ services:
|
|||
- mongo
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
# ⚠️ read this if you use local folders for volumes ⚠️
|
||||
# bunkerweb runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
logging:
|
||||
driver: syslog
|
||||
options:
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -11,7 +11,7 @@ services:
|
|||
- SERVICE1_TOR_SERVICE_VERSION=3
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
# ⚠️ read this if you use local folders for volumes ⚠️
|
||||
# bunkerweb runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -42,7 +42,7 @@ services:
|
|||
- net_svc
|
||||
|
||||
myui:
|
||||
image: bunkerity/bunkerweb-ui:1.4.0
|
||||
image: bunkerity/bunkerweb-ui:1.4.1
|
||||
depends_on:
|
||||
- myuiproxy
|
||||
volumes:
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -20,7 +20,7 @@ services:
|
|||
- bw-services
|
||||
|
||||
myautoconf:
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.0
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.1
|
||||
volumes:
|
||||
- ./bw-data:/data
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
|
@ -29,7 +29,6 @@ services:
|
|||
|
||||
volumes:
|
||||
bw-data:
|
||||
bw-conf:
|
||||
|
||||
networks:
|
||||
bw-autoconf:
|
||||
|
|
|
@ -16,7 +16,7 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
|
@ -106,7 +106,7 @@ spec:
|
|||
claimName: pvc-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.0
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.1
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
|
|
|
@ -3,7 +3,7 @@ version: '3.5'
|
|||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
image: bunkerity/bunkerweb:1.4.1
|
||||
ports:
|
||||
- published: 80
|
||||
target: 8080
|
||||
|
@ -31,7 +31,7 @@ services:
|
|||
- "bunkerweb.AUTOCONF"
|
||||
|
||||
myautoconf:
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.0
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.1
|
||||
environment:
|
||||
- SWARM_MODE=yes
|
||||
volumes:
|
||||
|
|
Loading…
Reference in New Issue