mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
passbolt example
This commit is contained in:
parent
3ec81cd849
commit
e1274a6082
4 changed files with 60 additions and 0 deletions
42
examples/passbolt/docker-compose.yml
Normal file
42
examples/passbolt/docker-compose.yml
Normal file
|
@ -0,0 +1,42 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
mywww:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./server-confs:/server-confs # custom confs to reverse proxy to passbolt
|
||||
- ./modsec-crs-confs:/modsec-crs-confs # disable some false positive
|
||||
- ./modsec-confs:/modsec-confs # disable some false positive
|
||||
environment:
|
||||
- SERVER_NAME=www.website.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE
|
||||
|
||||
mypassbolt:
|
||||
image: passbolt/passbolt
|
||||
restart: always
|
||||
environment:
|
||||
- DATASOURCES_DEFAULT_HOST=mydb
|
||||
- DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- DATASOURCES_DEFAULT_USERNAME=user
|
||||
- DATASOURCES_DEFAULT_DATABASE=passbolt
|
||||
- APP_FULL_BASE_URL=https://www.website.com # replace with your URL
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
restart: always
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=passbolt
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD)
|
2
examples/passbolt/modsec-confs/passbolt.conf
Normal file
2
examples/passbolt/modsec-confs/passbolt.conf
Normal file
|
@ -0,0 +1,2 @@
|
|||
SecRuleRemoveById 942100
|
||||
SecRuleRemoveById 930120
|
7
examples/passbolt/modsec-crs-confs/passbolt.conf
Normal file
7
examples/passbolt/modsec-crs-confs/passbolt.conf
Normal file
|
@ -0,0 +1,7 @@
|
|||
SecAction \
|
||||
"id:900200,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:'tx.allowed_methods=GET HEAD POST PUT DELETE'"
|
9
examples/passbolt/server-confs/reverse-proxy.conf
Normal file
9
examples/passbolt/server-confs/reverse-proxy.conf
Normal file
|
@ -0,0 +1,9 @@
|
|||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location / {
|
||||
if ($host = www.website.com) {
|
||||
proxy_pass https://mypassbolt:443$request_uri;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in a new issue