examples improvement - certbot cloudflare and wildcard, clamav, crowdsec, ghost and gogs
This commit is contained in:
parent
44de2253d2
commit
d8286ced7c
|
@ -1,3 +1,7 @@
|
|||
[submodule "bunkerized-nginx-crowdsec"]
|
||||
path = examples/crowdsec/bunkerized-nginx-crowdsec
|
||||
url = https://github.com/bunkerity/bunkerized-nginx-crowdsec
|
||||
|
||||
[submodule "bunkerized-nginx-clamav"]
|
||||
path = examples/clamav/bunkerized-nginx-clamav
|
||||
url = https://github.com/bunkerity/bunkerized-nginx-clamav
|
||||
|
|
Binary file not shown.
|
@ -0,0 +1,21 @@
|
|||
# Certbot with Cloudflare
|
||||
|
||||
Cloudflare supports HTTPS traffic between their servers and the origin one. This examples shows how to automatically valid HTTPS certificates signed by Let's Encrypt using the Cloudflare API.
|
||||
|
||||
## Preamble
|
||||
|
||||
We will assume that you already have some basic knowledges about Cloudflare. If that's not the case, we have made a dedicated blog post [here](https://www.bunkerity.com/web-security-at-almost-no-cost-cloudflare-free-plan-with-bunkerized-nginx/).
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/certbot-cloudflare/architecture.png?raw=true" />
|
||||
|
||||
## Configuration
|
||||
|
||||
First of all you will need to edit the **certbot-new.sh** and **cloudflare.ini** files (e.g : domains, CF token, ...).
|
||||
|
||||
Then run the **certbot-new.sh** script to get the certificates and add cron job for **certbot-renew.sh** to setup automatic renewal.
|
||||
|
||||
## Docker
|
||||
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/certbot-cloudflare/docker-compose.yml).
|
Binary file not shown.
After Width: | Height: | Size: 16 KiB |
|
@ -14,7 +14,7 @@ docker run --rm \
|
|||
certbot/dns-cloudflare \
|
||||
renew
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "error while getting certificate for $DOMAINS"
|
||||
echo "error while renewing certificate for $DOMAINS"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
# Certbot wildcard
|
||||
|
||||
Simple example on how to get wildcard Let's Encrypt certificates through DNS challenge and use them with bunkerized-nginx.
|
||||
|
||||
## Preamble
|
||||
|
||||
We will assume that you already have some basic knowledges about Let's Encrypt DNS challenge. If that's not the case, you should read the [documentation](https://certbot.eff.org/docs/using.html#manual).
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/certbot-wildcard/architecture.png?raw=true" />
|
||||
|
||||
## Configuration
|
||||
|
||||
First of all you will need to edit the **certbot-wildcard.sh** file with your domain(s).
|
||||
|
||||
Then you can run the script to get the certificates. Don't forget that you will need to edit your DNS zone to prove that you own the domain(s).
|
||||
|
||||
## Docker
|
||||
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/certbot-wildcard/docker-compose.yml).
|
Binary file not shown.
After Width: | Height: | Size: 13 KiB |
|
@ -0,0 +1,19 @@
|
|||
# ClamAV plugin
|
||||
|
||||
Automatically scan files with ClamAV when they are uploaded and deny the upload if the file is detected. See the [bunkerized-nginx-clamav](https://github.com/bunkerity/bunkerized-nginx-clamav) repository for more information.
|
||||
|
||||
## Preamble
|
||||
|
||||
This example uses a bunkerized-nginx plugin, you can have a look at the [documentation](https://bunkerized-nginx.readthedocs.io/en/latest/plugins.html) to get more information about plugins.
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/clamav/architecture.png?raw=true" />
|
||||
|
||||
## Configuration
|
||||
|
||||
You will need to clone the bunkerized-nginx-clamav plugin and edit the **plugin.json** file.
|
||||
|
||||
## Docker
|
||||
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/clamav/docker-compose.yml).
|
Binary file not shown.
After Width: | Height: | Size: 22 KiB |
|
@ -0,0 +1,21 @@
|
|||
# Crowdsec plugin
|
||||
|
||||
Crowdsec integration example with bunkerized-nginx. See the [bunkerized-nginx-crowdsec](https://github.com/bunkerity/bunkerized-nginx-crowdsec) repository for more information.
|
||||
|
||||
## Preamble
|
||||
|
||||
This example uses a bunkerized-nginx plugin, you can have a look at the [documentation](https://bunkerized-nginx.readthedocs.io/en/latest/plugins.html) to get more information about plugins.
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/crowdsec/architecture.png?raw=true" />
|
||||
|
||||
## Configuration
|
||||
|
||||
First of all you will need to get a bouncer key, you can use the **bouncer_key.sh** to generate one.
|
||||
|
||||
Then you can clone the bunkerized-nginx-crowdsec plugin and edit the **plugin.json** file.
|
||||
|
||||
## Docker
|
||||
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/crowdsec/docker-compose.yml).
|
Binary file not shown.
After Width: | Height: | Size: 30 KiB |
|
@ -10,8 +10,8 @@ sleep 10
|
|||
# get the bouncer key
|
||||
docker-compose exec mycrowdsec cscli bouncers add MyBouncer
|
||||
|
||||
# enter the key into the CROWDSEC_KEY environment variable
|
||||
read -p "edit CROWDSEC_KEY env var in docker-compose.yml file and press enter" edited
|
||||
# enter the key into the CROWDSEC_KEY setting
|
||||
read -p "edit CROWDSEC_KEY env var in plugin.json file and press enter" edited
|
||||
|
||||
# start all services
|
||||
docker-compose up -d
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
# Ghost
|
||||
|
||||
Ghost is a free and open source blogging platform written in JavaScript and distributed under the MIT License, designed to simplify the process of online publishing for individual bloggers as well as online publications. More info at official [website](https://ghost.org) and [repository](https://github.com/TryGhost/Ghost).
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/ghost/architecture.png?raw=true" />
|
||||
|
||||
## Docker
|
||||
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/ghost/docker-compose.yml).
|
Binary file not shown.
After Width: | Height: | Size: 9.9 KiB |
|
@ -0,0 +1,11 @@
|
|||
# Gogs
|
||||
|
||||
Gogs is an easy to install, cross-platform and lightweight self-hosted Git service. More info on the [website](https://gogs.io/).
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/gogs/architecture.png?raw=true" />
|
||||
|
||||
## Docker
|
||||
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/gogs/docker-compose.yml).
|
Binary file not shown.
After Width: | Height: | Size: 17 KiB |
Loading…
Reference in New Issue