mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
check permissions for missing volumes and add comment about permissions on examples
This commit is contained in:
parent
b0ca85ff75
commit
d02985d213
26 changed files with 97 additions and 7 deletions
|
@ -12,14 +12,36 @@ if [ ! -r "/www" ] || [ ! -x "/www" ] ; then
|
|||
exit 2
|
||||
fi
|
||||
|
||||
# /modsec-confs
|
||||
if [ ! -r "/modsec-confs" ] || [ ! -x "/modsec-confs" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /modsec-confs"
|
||||
exit 3
|
||||
fi
|
||||
# /modsec-crs-confs
|
||||
if [ ! -r "/modsec-crs-confs" ] || [ ! -x "/modsec-crs-confs" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /modsec-crs-confs"
|
||||
exit 4
|
||||
fi
|
||||
# /server-confs
|
||||
if [ ! -r "/server-confs" ] || [ ! -x "/server-confs" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /server-confs"
|
||||
exit 5
|
||||
fi
|
||||
# /http-confs
|
||||
if [ ! -r "/http-confs" ] || [ ! -x "/http-confs" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /http-confs"
|
||||
exit 6
|
||||
fi
|
||||
|
||||
# /etc/nginx
|
||||
if [ ! -r "/etc/nginx" ] || [ ! -x "/etc/nginx" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /etc/nginx"
|
||||
exit 3
|
||||
exit 7
|
||||
fi
|
||||
|
||||
# /acme-challenge
|
||||
if [ ! -r "/acme-challenge" ] || [ ! -x "/acme-challenge" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /acme-challenge"
|
||||
exit 4
|
||||
exit 8
|
||||
fi
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
# /etc/letsencrypt
|
||||
if [ ! -w "/etc/letsencrypt" ] || [ ! -r "/etc/letsencrypt" ] || [ ! -x "/etc/letsencrypt" ] ; then
|
||||
echo "[!] WARNING - wrong permissions on /etc/letsencrypt"
|
||||
echo "[!] ERROR - wrong permissions on /etc/letsencrypt"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
@ -12,18 +12,36 @@ if [ -f "/usr/sbin/nginx" ] ; then
|
|||
echo "[!] ERROR - wrong permissions on /www"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
# /modsec-confs
|
||||
if [ ! -r "/modsec-confs" ] || [ ! -x "/modsec-confs" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /modsec-confs"
|
||||
exit 3
|
||||
fi
|
||||
# /modsec-crs-confs
|
||||
if [ ! -r "/modsec-crs-confs" ] || [ ! -x "/modsec-crs-confs" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /modsec-crs-confs"
|
||||
exit 4
|
||||
fi
|
||||
# /server-confs
|
||||
if [ ! -r "/server-confs" ] || [ ! -x "/server-confs" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /server-confs"
|
||||
exit 5
|
||||
fi
|
||||
# /http-confs
|
||||
if [ ! -r "/http-confs" ] || [ ! -x "/http-confs" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /http-confs"
|
||||
exit 6
|
||||
fi
|
||||
fi
|
||||
|
||||
# /acme-challenge
|
||||
if [ ! -w "/acme-challenge" ] || [ ! -r "/acme-challenge" ] || [ ! -x "/acme-challenge" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /acme-challenge"
|
||||
exit 3
|
||||
exit 7
|
||||
fi
|
||||
|
||||
# /etc/nginx
|
||||
if [ ! -w "/etc/nginx" ] || [ ! -r "/etc/nginx" ] || [ ! -x "/etc/nginx" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /etc/nginx"
|
||||
exit 4
|
||||
exit 8
|
||||
fi
|
||||
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./web-files:/www:ro
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- autoconf:/etc/nginx
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./web-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./traefik/traefik.toml:/traefik.toml
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./web-files:/www:ro
|
||||
- ./letsencrypt:/letsencrypt:ro
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./web-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
environment:
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./joomla-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./http-confs:/http-confs:ro
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
environment:
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./web-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./web-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./apps:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./nc-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./modsec-crs-confs:/modsec-crs-confs:ro # disable some false positive
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
environment:
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
environment:
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./server-confs:/server-confs:ro # redirect /app1 and /app2 to /app1/ and /app2/
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
environment:
|
||||
|
|
|
@ -4,6 +4,8 @@ services:
|
|||
|
||||
autoconf:
|
||||
image: bunkerity/bunkerized-nginx-autoconf
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- /shared/confs:/etc/nginx
|
||||
|
@ -31,6 +33,8 @@ services:
|
|||
target: 8443
|
||||
mode: host
|
||||
protocol: tcp
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- /shared/confs:/etc/nginx
|
||||
- /shared/letsencrypt:/etc/letsencrypt:ro
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
environment:
|
||||
|
|
|
@ -14,6 +14,8 @@ services:
|
|||
mywww:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./web-files:/www:ro
|
||||
environment:
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./web-files:/www:ro
|
||||
|
|
|
@ -8,6 +8,8 @@ services:
|
|||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
volumes:
|
||||
- ./wp-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
|
|
Loading…
Reference in a new issue