passbolt example

2020-11-04 11:16:26 +01:00 · 2020-11-04 11:16:26 +01:00 · e1274a6082
parent 3ec81cd849
commit e1274a6082
4 changed files with 60 additions and 0 deletions
--- a/examples/passbolt/docker-compose.yml
+++ b/examples/passbolt/docker-compose.yml
@ -0,0 +1,42 @@
+version: '3'
+
+services:
+
+  mywww:
+    image: bunkerity/bunkerized-nginx
+    restart: always
+    ports:
+      - 80:8080
+      - 443:8443
+    volumes:
+      - ./letsencrypt:/etc/letsencrypt
+      - ./server-confs:/server-confs              # custom confs to reverse proxy to passbolt
+      - ./modsec-crs-confs:/modsec-crs-confs      # disable some false positive
+      - ./modsec-confs:/modsec-confs              # disable some false positive
+    environment:
+      - SERVER_NAME=www.website.com               # replace with your domain
+      - AUTO_LETS_ENCRYPT=yes
+      - REDIRECT_HTTP_TO_HTTPS=yes
+      - DISABLE_DEFAULT_SERVER=yes
+      - ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE
+
+  mypassbolt:
+    image: passbolt/passbolt
+    restart: always
+    environment:
+      - DATASOURCES_DEFAULT_HOST=mydb
+      - DATASOURCES_DEFAULT_PASSWORD=db-user-pwd  # replace with a stronger password (must match MYSQL_PASSWORD)
+      - DATASOURCES_DEFAULT_USERNAME=user
+      - DATASOURCES_DEFAULT_DATABASE=passbolt
+      - APP_FULL_BASE_URL=https://www.website.com # replace with your URL
+
+  mydb:
+    image: mariadb
+    restart: always
+    volumes:
+      - ./db-data:/var/lib/mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD=db-root-pwd           # replace with a stronger password
+      - MYSQL_DATABASE=passbolt
+      - MYSQL_USER=user
+      - MYSQL_PASSWORD=db-user-pwd                # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD)
--- a/examples/passbolt/modsec-confs/passbolt.conf
+++ b/examples/passbolt/modsec-confs/passbolt.conf
@ -0,0 +1,2 @@
+SecRuleRemoveById 942100
+SecRuleRemoveById 930120
--- a/examples/passbolt/modsec-crs-confs/passbolt.conf
+++ b/examples/passbolt/modsec-crs-confs/passbolt.conf
@ -0,0 +1,7 @@
+SecAction \
+ "id:900200,\
+  phase:1,\
+  nolog,\
+  pass,\
+  t:none,\
+  setvar:'tx.allowed_methods=GET HEAD POST PUT DELETE'"
--- a/examples/passbolt/server-confs/reverse-proxy.conf
+++ b/examples/passbolt/server-confs/reverse-proxy.conf
@ -0,0 +1,9 @@
+proxy_set_header Host $host;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+location / {
+        if ($host = www.website.com) {
+                proxy_pass https://mypassbolt:443$request_uri;
+        }
+}
+