examples - refactoring in progress
This commit is contained in:
parent
7eae497194
commit
d3014b42f7
|
@ -0,0 +1,61 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
myapp1:
|
||||
image: php:fpm
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- myapp1
|
||||
# ⚠️ UID and GID of mywww (101:101) and php:fpm (33:33) are not the same ⚠️
|
||||
# but both needs access to the files and folders of web-files
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
|
||||
volumes:
|
||||
- ./bw-data/www/app1.example.com:/app # folder containing PHP app1 (don't forget to rename it)
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=app1.example.com
|
||||
- bunkerweb.USE_CORS=yes
|
||||
- bunkerweb.CORS_ALLOW_ORIGIN=https://app2.example.com
|
||||
- bunkerweb.REMOTE_PHP=myapp1
|
||||
- bunkerweb.REMOTE_PHP_PATH=/app
|
||||
|
||||
myapp2:
|
||||
image: php:fpm
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- myapp2
|
||||
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (33:33) are not the same ⚠️
|
||||
# but both needs access to the files and folders of web-files
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
|
||||
volumes:
|
||||
- ./bw-data/www/app2.example.com:/app # folder containing PHP app2 (don't forget to rename it)
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=app2.example.com
|
||||
- bunkerweb.REMOTE_PHP=myapp2
|
||||
- bunkerweb.REMOTE_PHP_PATH=/app
|
||||
|
||||
myapp3:
|
||||
image: php:fpm
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- myapp3
|
||||
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (33:33) are not the same ⚠️
|
||||
# but both needs access to the files and folders of web-files
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
|
||||
volumes:
|
||||
- ./bw-data/www/app3.example.com:/app # folder containing PHP app3 (don't forget to rename it)
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=app2.example.com
|
||||
- bunkerweb.REMOTE_PHP=myapp2
|
||||
- bunkerweb.REMOTE_PHP_PATH=/app
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
external:
|
||||
name: bw-services
|
|
@ -0,0 +1,29 @@
|
|||
{
|
||||
"name": "docker-configs",
|
||||
"kinds": [
|
||||
"docker"
|
||||
],
|
||||
"timeout": 60,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
||||
"url": "http://app1.example.com/hello",
|
||||
"string": "hello"
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"url": "http://app2.example.com/hello",
|
||||
"string": "hello"
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"url": "http://app1.example.com/app1",
|
||||
"string": "app1"
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"url": "http://app2.example.com/app2",
|
||||
"string": "app2"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
myghost:
|
||||
image: ghost:alpine
|
||||
volumes:
|
||||
- ./ghost_data:/var/lib/ghost/content
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- myghost
|
||||
environment:
|
||||
- url=https://www.example.com # replace with your domain
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com # replace with your domain
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://myghost:2368
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
external:
|
||||
name: bw-services
|
|
@ -0,0 +1,54 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ingress
|
||||
annotations:
|
||||
bunkerweb.io/AUTO_LETS_ENCRYPT: "yes"
|
||||
bunkerweb.io/USE_GZIP: "yes"
|
||||
spec:
|
||||
rules:
|
||||
- host: www.example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: svc-ghost
|
||||
port:
|
||||
number: 2368
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ghost
|
||||
labels:
|
||||
app: ghost
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: ghost
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: ghost
|
||||
spec:
|
||||
containers:
|
||||
- name: ghost
|
||||
image: ghost:alpine
|
||||
env:
|
||||
- name: URL
|
||||
value: "https://www.example.com"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-ghost
|
||||
spec:
|
||||
selector:
|
||||
app: ghost
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 2368
|
||||
targetPort: 2368
|
|
@ -0,0 +1,29 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
myghost:
|
||||
image: ghost:alpine
|
||||
volumes:
|
||||
- ghost_data:/var/lib/ghost/content
|
||||
networks:
|
||||
- bw-services
|
||||
environment:
|
||||
- url=https://www.example.com # replace with your domain
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com # replace with your domain
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://myghost:2368
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
external:
|
||||
name: bw-services
|
||||
|
||||
volumes:
|
||||
ghost_data:
|
|
@ -0,0 +1,18 @@
|
|||
{
|
||||
"name": "ghost",
|
||||
"kinds": [
|
||||
"docker",
|
||||
"autoconf",
|
||||
"swarm",
|
||||
"kubernetes",
|
||||
"linux"
|
||||
],
|
||||
"timeout": 60,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
||||
"url": "https://www.example.com",
|
||||
"string": "ghost"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,23 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
mygogs:
|
||||
image: gogs/gogs
|
||||
volumes:
|
||||
- ./gogs-data:/data
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- mygogs
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://mygogs:3000
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
|
||||
- bunkerweb.MAX_CLIENT_SIZE=1G
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
external:
|
||||
name: bw-services
|
|
@ -25,7 +25,6 @@ services:
|
|||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://mygogs:3000
|
||||
- WHITELIST_USER_AGENT=^git
|
||||
- REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
|
||||
- MAX_CLIENT_SIZE=1G
|
||||
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ingress
|
||||
annotations:
|
||||
bunkerweb.io/AUTO_LETS_ENCRYPT: "yes"
|
||||
bunkerweb.io/www.example.com_MAX_CLIENT_SIZE: "1G"
|
||||
spec:
|
||||
rules:
|
||||
- host: www.example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: svc-gogs
|
||||
port:
|
||||
number: 3000
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: gogs
|
||||
labels:
|
||||
app: gogs
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: gogs
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: gogs
|
||||
spec:
|
||||
containers:
|
||||
- name: gogs
|
||||
image: gogs/gogs
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /data/gogs/conf/app.ini
|
||||
subPath: app.ini
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: cfg-gogs
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-gogs
|
||||
spec:
|
||||
selector:
|
||||
app: gogs
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3000
|
||||
targetPort: 3000
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: cfg-gogs
|
||||
data:
|
||||
app.ini: |
|
||||
[server]
|
||||
EXTERNAL_URL = https://www.example.com/
|
||||
DOMAIN = www.example.com
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
chown -R root:101 bw-data
|
||||
chmod -R 770 bw-data
|
|
@ -0,0 +1,35 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
mygogs:
|
||||
image: gogs/gogs
|
||||
volumes:
|
||||
- gogs_data:/data/gogs/data
|
||||
networks:
|
||||
- bw-services
|
||||
configs:
|
||||
- source: config_gogs_app
|
||||
target: /data/gogs/conf/app.ini
|
||||
uid: "0"
|
||||
gid: "0"
|
||||
mode: 0444
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://mygogs:3000
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
|
||||
- bunkerweb.MAX_CLIENT_SIZE=1G
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
external:
|
||||
name: bw-services
|
||||
|
||||
configs:
|
||||
config_gogs_app:
|
||||
file: ./gogs-data/gogs/conf/app.ini
|
|
@ -0,0 +1,18 @@
|
|||
{
|
||||
"name": "gogs",
|
||||
"kinds": [
|
||||
"docker",
|
||||
"autoconf",
|
||||
"swarm",
|
||||
"kubernetes",
|
||||
"linux"
|
||||
],
|
||||
"timeout": 60,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
||||
"url": "https://www.example.com",
|
||||
"string": "hello"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
"name": "hardened",
|
||||
"kinds": [
|
||||
"docker"
|
||||
],
|
||||
"timeout": 60,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
||||
"url": "https://www.example.com",
|
||||
"string": "gogs"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,45 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
myjoomla:
|
||||
image: joomla:4-apache
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- myjoomla
|
||||
volumes:
|
||||
- ./joomla-files:/var/www/html
|
||||
environment:
|
||||
- JOOMLA_DB_HOST=mydb
|
||||
- JOOMLA_DB_NAME=joomla_db
|
||||
- JOOMLA_DB_USER=user
|
||||
- JOOMLA_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://myjoomla
|
||||
- bunkerweb.LIMIT_REQ_URL_1=/administrator/
|
||||
- bunkerweb.LIMIT_REQ_RATE_1=8r/s
|
||||
- bunkerweb.LIMIT_REQ_URL_2=/installation/index.php
|
||||
- bunkerweb.LIMIT_REQ_RATE_2=8r/s
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- mydb
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=joomla_db
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD)
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
external:
|
||||
name: bw-services
|
|
@ -27,7 +27,6 @@ services:
|
|||
- REVERSE_PROXY_HOST=http://myjoomla
|
||||
- LIMIT_REQ_URL_1=/administrator/
|
||||
- LIMIT_REQ_RATE_1=8r/s
|
||||
# Remove the following lines after finishing the installation of PrestaShop
|
||||
- LIMIT_REQ_URL_2=/installation/index.php
|
||||
- LIMIT_REQ_RATE_2=8r/s
|
||||
|
||||
|
|
|
@ -0,0 +1,104 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ingress
|
||||
annotations:
|
||||
bunkerweb.io/AUTO_LETS_ENCRYPT: "yes"
|
||||
bunkerweb.io/www.example.com_LIMIT_REQ_URL_1: "/administrator/"
|
||||
bunkerweb.io/www.example.com_LIMIT_REQ_RATE_1: "8r/s"
|
||||
bunkerweb.io/www.example.com_LIMIT_REQ_URL_2: "/installation/index.php"
|
||||
bunkerweb.io/www.example.com_LIMIT_REQ_RATE_2: "8r/s"
|
||||
spec:
|
||||
rules:
|
||||
- host: www.example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: svc-joomla
|
||||
port:
|
||||
number: 80
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: joomla
|
||||
labels:
|
||||
app: joomla
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: joomla
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: joomla
|
||||
spec:
|
||||
containers:
|
||||
- name: joomla
|
||||
image: joomla:4-apache
|
||||
env:
|
||||
- name: JOOMLA_DB_HOST
|
||||
value: "svc-db"
|
||||
- name: JOOMLA_DB_NAME
|
||||
value: "joomla_db"
|
||||
- name: JOOMLA_DB_USER
|
||||
value: "user"
|
||||
- name: JOOMLA_DB_PASSWORD
|
||||
value: "db-user-pwd"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-joomla
|
||||
spec:
|
||||
selector:
|
||||
app: svc-joomla
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 80
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: db
|
||||
labels:
|
||||
app: db
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: db
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: db
|
||||
spec:
|
||||
containers:
|
||||
- name: db
|
||||
image: mariadb
|
||||
env:
|
||||
- name: MYSQL_ROOT_PASSWORD
|
||||
value: "db-root-password"
|
||||
- name: MYSQL_DATABASE
|
||||
value: "joomla_db"
|
||||
- name: MYSQL_USER
|
||||
value: "user"
|
||||
- name: MYSQL_PASSWORD
|
||||
value: "db-user-pwd"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-db
|
||||
spec:
|
||||
selector:
|
||||
app: db
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3306
|
||||
targetPort: 3306
|
|
@ -0,0 +1,14 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
curl https://downloads.joomla.org/fr/cms/joomla4/4-1-5/Joomla_4-1-5-Stable-Full_Package.zip?format=zip -Lo /tmp/joomla.zip
|
||||
unzip /tmp/joomla.zip -d /opt/bunkerweb/www
|
||||
chown -R www-data:nginx /opt/bunkerweb/www
|
||||
find /opt/bunkerweb/www -type d -exec chmod 750 /opt/bunkerweb/www {} \;
|
||||
find /opt/bunkerweb/www -type f -exec chmod 640 /opt/bunkerweb/www {} \;
|
||||
systemctl start php-fpm
|
||||
cp variables.env /opt/bunkerweb/variables.env
|
|
@ -0,0 +1,49 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
myjoomla:
|
||||
image: joomla:4-apache
|
||||
networks:
|
||||
- bw-services
|
||||
volumes:
|
||||
- ./joomla-files:/var/www/html
|
||||
environment:
|
||||
- JOOMLA_DB_HOST=mydb
|
||||
- JOOMLA_DB_NAME=joomla_db
|
||||
- JOOMLA_DB_USER=user
|
||||
- JOOMLA_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://myjoomla
|
||||
- bunkerweb.LIMIT_REQ_URL_1=/administrator/
|
||||
- bunkerweb.LIMIT_REQ_RATE_1=8r/s
|
||||
- bunkerweb.LIMIT_REQ_URL_2=/installation/index.php
|
||||
- bunkerweb.LIMIT_REQ_RATE_2=8r/s
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
networks:
|
||||
- bw-services
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=joomla_db
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD)
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
external:
|
||||
name: bw-services
|
|
@ -0,0 +1,18 @@
|
|||
{
|
||||
"name": "joomla",
|
||||
"kinds": [
|
||||
"docker",
|
||||
"autoconf",
|
||||
"swarm",
|
||||
"kubernetes",
|
||||
"linux"
|
||||
],
|
||||
"timeout": 60,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
||||
"url": "https://www.example.com",
|
||||
"string": "joomla"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||
# Replace with your domain
|
||||
SERVER_NAME=www.example.com
|
||||
DISABLE_DEFAULT_SERVER=yes
|
||||
AUTO_LETS_ENCRYPT=yes
|
||||
USE_CLIENT_CACHE=yes
|
||||
USE_GZIP=yes
|
||||
LIMIT_REQ_URL_1=/administrator/
|
||||
LIMIT_REQ_RATE_1=8r/s
|
||||
LIMIT_REQ_URL_2=/installation/index.php
|
||||
LIMIT_REQ_RATE_2=8r/s
|
||||
LOCAL_PHP=/run/php/php-fpm.sock
|
||||
LOCAL_PHP_PATH=/opt/bunkerweb/www
|
Loading…
Reference in New Issue