librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

examples - refactoring in progress

This commit is contained in:
bunkerity 2022-07-21 11:39:35 +02:00
parent 7eae497194
commit d3014b42f7
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
20 changed files with 619 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
examples/cors/autoconf.yml Normal file
View File

@ -0,0 +1,61 @@
version: '3'
services:
myapp1:
image: php:fpm
networks:
bw-services:
aliases:
- myapp1
# ⚠️ UID and GID of mywww (101:101) and php:fpm (33:33) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www/app1.example.com:/app # folder containing PHP app1 (don't forget to rename it)
labels:
- bunkerweb.SERVER_NAME=app1.example.com
- bunkerweb.USE_CORS=yes
- bunkerweb.CORS_ALLOW_ORIGIN=https://app2.example.com
- bunkerweb.REMOTE_PHP=myapp1
- bunkerweb.REMOTE_PHP_PATH=/app
myapp2:
image: php:fpm
networks:
bw-services:
aliases:
- myapp2
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (33:33) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www/app2.example.com:/app # folder containing PHP app2 (don't forget to rename it)
labels:
- bunkerweb.SERVER_NAME=app2.example.com
- bunkerweb.REMOTE_PHP=myapp2
- bunkerweb.REMOTE_PHP_PATH=/app
myapp3:
image: php:fpm
networks:
bw-services:
aliases:
- myapp3
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (33:33) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www/app3.example.com:/app # folder containing PHP app3 (don't forget to rename it)
labels:
- bunkerweb.SERVER_NAME=app2.example.com
- bunkerweb.REMOTE_PHP=myapp2
- bunkerweb.REMOTE_PHP_PATH=/app
networks:
bw-services:
external:
name: bw-services

29
examples/docker-configs/tests.json Normal file
View File

@ -0,0 +1,29 @@
{
"name": "docker-configs",
"kinds": [
"docker"
],
"timeout": 60,
"tests": [
{
"type": "string",
"url": "http://app1.example.com/hello",
"string": "hello"
},
{
"type": "string",
"url": "http://app2.example.com/hello",
"string": "hello"
},
{
"type": "string",
"url": "http://app1.example.com/app1",
"string": "app1"
},
{
"type": "string",
"url": "http://app2.example.com/app2",
"string": "app2"
}
]
}

24
examples/ghost/autoconf.yml Normal file
View File

@ -0,0 +1,24 @@
version: '3'
services:
myghost:
image: ghost:alpine
volumes:
- ./ghost_data:/var/lib/ghost/content
networks:
bw-services:
aliases:
- myghost
environment:
- url=https://www.example.com # replace with your domain
labels:
- bunkerweb.SERVER_NAME=www.example.com # replace with your domain
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://myghost:2368
networks:
bw-services:
external:
name: bw-services

54
examples/ghost/kubernetes.yml Normal file
View File

@ -0,0 +1,54 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
annotations:
bunkerweb.io/AUTO_LETS_ENCRYPT: "yes"
bunkerweb.io/USE_GZIP: "yes"
spec:
rules:
- host: www.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: svc-ghost
port:
number: 2368
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ghost
labels:
app: ghost
spec:
replicas: 1
selector:
matchLabels:
app: ghost
template:
metadata:
labels:
app: ghost
spec:
containers:
- name: ghost
image: ghost:alpine
env:
- name: URL
value: "https://www.example.com"
---
apiVersion: v1
kind: Service
metadata:
name: svc-ghost
spec:
selector:
app: ghost
ports:
- protocol: TCP
port: 2368
targetPort: 2368

29
examples/ghost/swarm.yml Normal file
View File

@ -0,0 +1,29 @@
version: '3'
services:
myghost:
image: ghost:alpine
volumes:
- ghost_data:/var/lib/ghost/content
networks:
- bw-services
environment:
- url=https://www.example.com # replace with your domain
deploy:
placement:
constraints:
- "node.role==worker"
labels:
- bunkerweb.SERVER_NAME=www.example.com # replace with your domain
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://myghost:2368
networks:
bw-services:
external:
name: bw-services
volumes:
ghost_data:

18
examples/ghost/tests.json Normal file
View File

@ -0,0 +1,18 @@
{
"name": "ghost",
"kinds": [
"docker",
"autoconf",
"swarm",
"kubernetes",
"linux"
],
"timeout": 60,
"tests": [
{
"type": "string",
"url": "https://www.example.com",
"string": "ghost"
}
]
}

23
examples/gogs/autoconf.yml Normal file
View File

@ -0,0 +1,23 @@
version: '3'
services:
mygogs:
image: gogs/gogs
volumes:
- ./gogs-data:/data
networks:
bw-services:
aliases:
- mygogs
labels:
- bunkerweb.SERVER_NAME=www.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_HOST=http://mygogs:3000
- bunkerweb.REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
- bunkerweb.MAX_CLIENT_SIZE=1G
networks:
bw-services:
external:
name: bw-services

1
examples/gogs/docker-compose.yml
View File

@ -25,7 +25,6 @@ services:
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://mygogs:3000
- WHITELIST_USER_AGENT=^git
- REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
- MAX_CLIENT_SIZE=1G

69
examples/gogs/kubernetes.yml Normal file
View File

@ -0,0 +1,69 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
annotations:
bunkerweb.io/AUTO_LETS_ENCRYPT: "yes"
bunkerweb.io/www.example.com_MAX_CLIENT_SIZE: "1G"
spec:
rules:
- host: www.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: svc-gogs
port:
number: 3000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gogs
labels:
app: gogs
spec:
replicas: 1
selector:
matchLabels:
app: gogs
template:
metadata:
labels:
app: gogs
spec:
containers:
- name: gogs
image: gogs/gogs
volumeMounts:
- name: config
mountPath: /data/gogs/conf/app.ini
subPath: app.ini
volumes:
- name: config
configMap:
name: cfg-gogs
---
apiVersion: v1
kind: Service
metadata:
name: svc-gogs
spec:
selector:
app: gogs
ports:
- protocol: TCP
port: 3000
targetPort: 3000
---
apiVersion: v1
kind: ConfigMap
metadata:
name: cfg-gogs
data:
app.ini: |
[server]
EXTERNAL_URL = https://www.example.com/
DOMAIN = www.example.com

9
examples/gogs/setup.sh
View File

@ -1,9 +0,0 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
chown -R root:101 bw-data
chmod -R 770 bw-data

35
examples/gogs/swarm.yml Normal file
View File

@ -0,0 +1,35 @@
version: '3'
services:
mygogs:
image: gogs/gogs
volumes:
- gogs_data:/data/gogs/data
networks:
- bw-services
configs:
- source: config_gogs_app
target: /data/gogs/conf/app.ini
uid: "0"
gid: "0"
mode: 0444
deploy:
placement:
constraints:
- "node.role==worker"
labels:
- bunkerweb.SERVER_NAME=www.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_HOST=http://mygogs:3000
- bunkerweb.REVERSE_PROXY_HEADERS_1=Authorization $http_authorization
- bunkerweb.MAX_CLIENT_SIZE=1G
networks:
bw-services:
external:
name: bw-services
configs:
config_gogs_app:
file: ./gogs-data/gogs/conf/app.ini

18
examples/gogs/tests.json Normal file
View File

@ -0,0 +1,18 @@
{
"name": "gogs",
"kinds": [
"docker",
"autoconf",
"swarm",
"kubernetes",
"linux"
],
"timeout": 60,
"tests": [
{
"type": "string",
"url": "https://www.example.com",
"string": "hello"
}
]
}

14
examples/hardened/tests.json Normal file
View File

@ -0,0 +1,14 @@
{
"name": "hardened",
"kinds": [
"docker"
],
"timeout": 60,
"tests": [
{
"type": "string",
"url": "https://www.example.com",
"string": "gogs"
}
]
}

45
examples/joomla/autoconf.yml Normal file
View File

@ -0,0 +1,45 @@
version: '3'
services:
myjoomla:
image: joomla:4-apache
networks:
bw-services:
aliases:
- myjoomla
volumes:
- ./joomla-files:/var/www/html
environment:
- JOOMLA_DB_HOST=mydb
- JOOMLA_DB_NAME=joomla_db
- JOOMLA_DB_USER=user
- JOOMLA_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
labels:
- bunkerweb.SERVER_NAME=www.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://myjoomla
- bunkerweb.LIMIT_REQ_URL_1=/administrator/
- bunkerweb.LIMIT_REQ_RATE_1=8r/s
- bunkerweb.LIMIT_REQ_URL_2=/installation/index.php
- bunkerweb.LIMIT_REQ_RATE_2=8r/s
mydb:
image: mariadb
volumes:
- ./db-data:/var/lib/mysql
networks:
bw-services:
aliases:
- mydb
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=joomla_db
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD)
networks:
bw-services:
external:
name: bw-services

1
examples/joomla/docker-compose.yml
View File

@ -27,7 +27,6 @@ services:
- REVERSE_PROXY_HOST=http://myjoomla
- LIMIT_REQ_URL_1=/administrator/
- LIMIT_REQ_RATE_1=8r/s
# Remove the following lines after finishing the installation of PrestaShop
- LIMIT_REQ_URL_2=/installation/index.php
- LIMIT_REQ_RATE_2=8r/s

104
examples/joomla/kubernetes.yml Normal file
View File

@ -0,0 +1,104 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
annotations:
bunkerweb.io/AUTO_LETS_ENCRYPT: "yes"
bunkerweb.io/www.example.com_LIMIT_REQ_URL_1: "/administrator/"
bunkerweb.io/www.example.com_LIMIT_REQ_RATE_1: "8r/s"
bunkerweb.io/www.example.com_LIMIT_REQ_URL_2: "/installation/index.php"
bunkerweb.io/www.example.com_LIMIT_REQ_RATE_2: "8r/s"
spec:
rules:
- host: www.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: svc-joomla
port:
number: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: joomla
labels:
app: joomla
spec:
replicas: 1
selector:
matchLabels:
app: joomla
template:
metadata:
labels:
app: joomla
spec:
containers:
- name: joomla
image: joomla:4-apache
env:
- name: JOOMLA_DB_HOST
value: "svc-db"
- name: JOOMLA_DB_NAME
value: "joomla_db"
- name: JOOMLA_DB_USER
value: "user"
- name: JOOMLA_DB_PASSWORD
value: "db-user-pwd"
---
apiVersion: v1
kind: Service
metadata:
name: svc-joomla
spec:
selector:
app: svc-joomla
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: db
labels:
app: db
spec:
replicas: 1
selector:
matchLabels:
app: db
template:
metadata:
labels:
app: db
spec:
containers:
- name: db
image: mariadb
env:
- name: MYSQL_ROOT_PASSWORD
value: "db-root-password"
- name: MYSQL_DATABASE
value: "joomla_db"
- name: MYSQL_USER
value: "user"
- name: MYSQL_PASSWORD
value: "db-user-pwd"
---
apiVersion: v1
kind: Service
metadata:
name: svc-db
spec:
selector:
app: db
ports:
- protocol: TCP
port: 3306
targetPort: 3306

14
examples/joomla/setup-linux.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
curl https://downloads.joomla.org/fr/cms/joomla4/4-1-5/Joomla_4-1-5-Stable-Full_Package.zip?format=zip -Lo /tmp/joomla.zip
unzip /tmp/joomla.zip -d /opt/bunkerweb/www
chown -R www-data:nginx /opt/bunkerweb/www
find /opt/bunkerweb/www -type d -exec chmod 750 /opt/bunkerweb/www {} \;
find /opt/bunkerweb/www -type f -exec chmod 640 /opt/bunkerweb/www {} \;
systemctl start php-fpm
cp variables.env /opt/bunkerweb/variables.env

49
examples/joomla/swarm.yml Normal file
View File

@ -0,0 +1,49 @@
version: '3'
services:
myjoomla:
image: joomla:4-apache
networks:
- bw-services
volumes:
- ./joomla-files:/var/www/html
environment:
- JOOMLA_DB_HOST=mydb
- JOOMLA_DB_NAME=joomla_db
- JOOMLA_DB_USER=user
- JOOMLA_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
deploy:
placement:
constraints:
- "node.role==worker"
labels:
- bunkerweb.SERVER_NAME=www.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://myjoomla
- bunkerweb.LIMIT_REQ_URL_1=/administrator/
- bunkerweb.LIMIT_REQ_RATE_1=8r/s
- bunkerweb.LIMIT_REQ_URL_2=/installation/index.php
- bunkerweb.LIMIT_REQ_RATE_2=8r/s
mydb:
image: mariadb
volumes:
- ./db-data:/var/lib/mysql
networks:
- bw-services
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=joomla_db
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD)
deploy:
placement:
constraints:
- "node.role==worker"
networks:
bw-services:
external:
name: bw-services

18
examples/joomla/tests.json Normal file
View File

@ -0,0 +1,18 @@
{
"name": "joomla",
"kinds": [
"docker",
"autoconf",
"swarm",
"kubernetes",
"linux"
],
"timeout": 60,
"tests": [
{
"type": "string",
"url": "https://www.example.com",
"string": "joomla"
}
]
}

15
examples/joomla/variables.env Normal file
View File

@ -0,0 +1,15 @@
HTTP_PORT=80
HTTPS_PORT=443
DNS_RESOLVERS=8.8.8.8 8.8.4.4
# Replace with your domain
SERVER_NAME=www.example.com
DISABLE_DEFAULT_SERVER=yes
AUTO_LETS_ENCRYPT=yes
USE_CLIENT_CACHE=yes
USE_GZIP=yes
LIMIT_REQ_URL_1=/administrator/
LIMIT_REQ_RATE_1=8r/s
LIMIT_REQ_URL_2=/installation/index.php
LIMIT_REQ_RATE_2=8r/s
LOCAL_PHP=/run/php/php-fpm.sock
LOCAL_PHP_PATH=/opt/bunkerweb/www