Fix comments + updated passbolt to support the 1.5

examples/drupal/swarm.yml

@@ -23,21 +23,7 @@ services:
         - bunkerweb.LIMIT_REQ_URL_1=/core/install.php
         - bunkerweb.LIMIT_REQ_RATE_1=5r/s
 
-  mydb:
-    image: mariadb
-    networks:
-      - bw-services
-    volumes:
-      - db-data:/var/lib/mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=drupaldb
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password
-    deploy:
-      placement:
-        constraints:
-          - "node.role==worker"
+  # For the database, you can refer to the swarm example including a database
 
 networks:
   bw-services:

examples/joomla/autoconf.yml

@@ -24,7 +24,7 @@ services:
       - bunkerweb.LIMIT_REQ_URL_2=/installation/index.php
       - bunkerweb.LIMIT_REQ_RATE_2=8r/s
 
-  # For the database, you can refer to the example of the autoconf including a database
+  # For the database, you can refer to the autoconf integration example including a database
 
 networks:
   bw-services:

examples/joomla/swarm.yml

@@ -26,21 +26,7 @@ services:
         - bunkerweb.LIMIT_REQ_URL_2=/installation/index.php
         - bunkerweb.LIMIT_REQ_RATE_2=8r/s
 
-  mydb:
-    image: mariadb
-    volumes:
-      - db_data:/var/lib/mysql
-    networks:
-      - bw-services
-    environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=joomla_db
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD)
-    deploy:
-      placement:
-        constraints:
-          - "node.role==worker"
+  # For the database, you can refer to the swarm integration example including a database
 
 networks:
   bw-services:

examples/magento/autoconf.yml

@@ -43,7 +43,7 @@ services:
     volumes:
       - ./elasticsearch-data:/bitnami/elasticsearch/data
 
-  # For the database, you can refer to the example of the autoconf including a database
+  # For the database, you can refer to the autoconf integration example including a database
 
 networks:
   bw-services:

examples/magento/swarm.yml

@@ -40,21 +40,7 @@ services:
         constraints:
           - "node.role==worker"
 
-  mydb:
-    image: mariadb:10.2
-    networks:
-      - bw-services
-    volumes:
-      - db_data:/var/lib/mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=magentodb
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MAGENTO_DATABASE_PASSWORD)
-    deploy:
-      placement:
-        constraints:
-          - "node.role==worker"
+  # For the database, you can refer to the swarm integration example including a database
 
 networks:
   bw-services:

examples/mattermost/autoconf.yml

@@ -63,7 +63,7 @@ services:
       - bunkerweb.LIMIT_REQ_URL_3=^/static/
       - bunkerweb.LIMIT_REQ_RATE_3=10r/s
 
-  # For the postgres database, you can refer to the example of the autoconf including a postgres database
+  # For the postgres database, you can refer to the autoconf integration example including a postgres database
 
 networks:
   bw-services:

examples/moodle/autoconf.yml

@@ -27,7 +27,7 @@ services:
       - bunkerweb.REVERSE_PROXY_URL=/
       - bunkerweb.REVERSE_PROXY_HOST=https://mymoodle:8443
 
-  # For the database, you can refer to the example of the autoconf including a database
+  # For the database, you can refer to the autoconf integration example including a database
   # In this example, you will need to add the following lines to the mydb service:
   # - MARIADB_CHARACTER_SET=utf8mb4
   # - MARIADB_COLLATE=utf8mb4_unicode_ci

examples/moodle/swarm.yml

@@ -29,23 +29,10 @@ services:
         - bunkerweb.REVERSE_PROXY_URL=/
         - bunkerweb.REVERSE_PROXY_HOST=https://mymoodle:8443
 
-  mydb:
-    image: mariadb:10.5
-    volumes:
-      - db_data:/var/lib/mysql
-    networks:
-      - bw-services
-    environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=moodle
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MOODLE_DATABASE_PASSWORD)
-      - MARIADB_CHARACTER_SET=utf8mb4
-      - MARIADB_COLLATE=utf8mb4_unicode_ci
-    deploy:
-      placement:
-        constraints:
-          - "node.role==worker"
+  # For the database, you can refer to the swarm integration example including a database
+  # In this example, you will need to add the following lines to the mydb service:
+  # - MARIADB_CHARACTER_SET=utf8mb4
+  # - MARIADB_COLLATE=utf8mb4_unicode_ci
 
 networks:
   bw-services:

examples/nextcloud/autoconf.yml

@@ -56,7 +56,7 @@ services:
         bunkerweb.CUSTOM_CONF_MODSEC_nextcloud=
         SecRule REQUEST_FILENAME "@rx ^/remote.php/dav/files/" "id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog"
 
-  # For the database, you can refer to the example of the autoconf including a database
+  # For the database, you can refer to the autoconf integration example including a database
 
 networks:
   bw-services:

examples/nextcloud/swarm.yml

@@ -37,7 +37,7 @@ services:
         - bunkerweb.LIMIT_REQ_URL_3=/core/preview
         - bunkerweb.LIMIT_REQ_RATE_3=5r/s
 
-  # For the database, you can refer to the example of the autoconf in swarm mode including a database
+  # For the database, you can refer to the swarm integration example including a database
 
 networks:
   bw-services:

examples/passbolt/autoconf.yml

@@ -2,10 +2,24 @@ version: "3"
 
 services:
   # you will need to add a user by hand
-  # example : docker-compose exec mypassbolt su -m -c "bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data
+  # example : docker-compose exec mypassbolt su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user -u <your@email.com> -f <yourname> -l <surname> -r admin" -s /bin/sh www-data
   # more info at https://github.com/passbolt/passbolt_docker
   mypassbolt:
-    image: passbolt/passbolt
+    image: passbolt/passbolt:3.8.1-1-ce
+    networks:
+      bw-services:
+        aliases:
+          - mypassbolt
+    environment:
+      - APP_FULL_BASE_URL=https://www.example.com # replace with your URL
+      - PASSBOLT_SSL_FORCE=false
+      - DATASOURCES_DEFAULT_HOST=mydb
+      - DATASOURCES_DEFAULT_DATABASE=${PASSBOLT_DATABASE:-passboltdb}
+      - DATASOURCES_DEFAULT_USERNAME=${PASSBOLT_USER:-user}
+      - DATASOURCES_DEFAULT_PASSWORD=${PASSBOLT_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
+    volumes:
+      - gpg_volume:/etc/passbolt/gpg
+      - jwt_volume:/etc/passbolt/jwt
     command:
       [
         "/usr/bin/wait-for.sh",
@@ -15,36 +29,19 @@ services:
         "--",
         "/docker-entrypoint.sh",
       ]
-    networks:
-      bw-services:
-        aliases:
-          - mypassbolt
-    environment:
-      - DATASOURCES_DEFAULT_HOST=mydb
-      - DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
-      - DATASOURCES_DEFAULT_USERNAME=user
-      - DATASOURCES_DEFAULT_DATABASE=passbolt
-      - APP_FULL_BASE_URL=https://www.example.com # replace with your URL
     labels:
       - bunkerweb.SERVER_NAME=www.example.com
       - bunkerweb.ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE
+      - bunkerweb.COOKIE_FLAGS=* SameSite=Lax
       - bunkerweb.USE_REVERSE_PROXY=yes
       - bunkerweb.REVERSE_PROXY_URL=/
       - bunkerweb.REVERSE_PROXY_HOST=https://mypassbolt
 
-  mydb:
-    image: mariadb
-    volumes:
-      - ./db-data:/var/lib/mysql
-    networks:
-      bw-services:
-        aliases:
-          - mydb
-    environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=passbolt
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD)
+  # For the database, you can refer to the autoconf integration example including a database
+
+volumes:
+  gpg_volume:
+  jwt_volume:
 
 networks:
   bw-services:

examples/passbolt/docker-compose.yml

@@ -1,8 +1,12 @@
 version: "3"
 
+x-bunkerweb-env:
+  &bunkerweb-env
+  DATABASE_URI: "mariadb+pymysql://${PASSBOLT_USER:-user}:${PASSBOLT_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
+
 services:
   mybunker:
-    image: bunkerity/bunkerweb:1.4.3
+    image: bunkerity/bunkerweb:1.5.0
     ports:
       - 80:8080
       - 443:8443
@@ -13,24 +17,68 @@ services:
     # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
     # more info at https://docs.bunkerweb.io
     volumes:
-      - bw_data:/data
+      - bw-data:/data
     environment:
-      - SERVER_NAME=www.example.com # replace with your domain
-      - AUTO_LETS_ENCRYPT=yes
-      - DISABLE_DEFAULT_SERVER=yes
-      - ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE
-      - SERVE_FILES=no
-      - USE_CLIENT_CACHE=yes
-      - USE_GZIP=yes
-      - USE_REVERSE_PROXY=yes
-      - REVERSE_PROXY_URL=/
-      - REVERSE_PROXY_HOST=https://mypassbolt
+      <<: *bunkerweb-env
+      SERVER_NAME: "www.example.com" # replace with your domain
+      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
+      AUTO_LETS_ENCRYPT: "yes"
+      COOKIE_FLAGS: "* SameSite=Lax"
+      DISABLE_DEFAULT_SERVER: "yes"
+      ALLOWED_METHODS: "GET|POST|HEAD|PUT|DELETE"
+      SERVE_FILES: "no"
+      USE_CLIENT_CACHE: "yes"
+      USE_GZIP: "yes"
+      USE_REVERSE_PROXY: "yes"
+      REVERSE_PROXY_URL: "/"
+      REVERSE_PROXY_HOST: "https://mypassbolt"
+    labels:
+      - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
+    networks:
+      - bw-universe
+      - bw-services
+
+  bw-scheduler:
+    image: bunkerity/bunkerweb-scheduler:1.5.0
+    depends_on:
+      - mybunker
+    environment:
+      <<: *bunkerweb-env
+      DOCKER_HOST: "tcp://docker-proxy:2375"
+    volumes:
+      - bw-data:/data
+    networks:
+      - bw-universe
+      - net-docker
+
+  docker-proxy:
+    image: tecnativa/docker-socket-proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - CONTAINERS=1
+    networks:
+      - net-docker
 
   # you will need to add a user by hand
-  # example : docker-compose exec mypassbolt su -m -c "bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data
+  # example : docker-compose exec mypassbolt su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user -u <your@email.com> -f <yourname> -l <surname> -r admin" -s /bin/sh www-data
   # more info at https://github.com/passbolt/passbolt_docker
   mypassbolt:
-    image: passbolt/passbolt
+    image: passbolt/passbolt:3.8.1-1-ce
+    #Alternatively you can use rootless:
+    # image: passbolt/passbolt:3.8.1-1-ce-non-root
+    depends_on:
+      - mydb
+    environment:
+      - APP_FULL_BASE_URL=https://www.example.com # replace with your URL
+      - PASSBOLT_SSL_FORCE=false
+      - DATASOURCES_DEFAULT_HOST=mydb
+      - DATASOURCES_DEFAULT_DATABASE=${PASSBOLT_DATABASE:-passboltdb}
+      - DATASOURCES_DEFAULT_USERNAME=${PASSBOLT_USER:-user}
+      - DATASOURCES_DEFAULT_PASSWORD=${PASSBOLT_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
+    volumes:
+      - gpg_volume:/etc/passbolt/gpg
+      - jwt_volume:/etc/passbolt/jwt
     command:
       [
         "/usr/bin/wait-for.sh",
@@ -38,24 +86,34 @@ services:
         "0",
         "mydb:3306",
         "--",
-        "/docker-entrypoint.sh",
+        "/docker-entrypoint.sh"
       ]
-    environment:
-      - DATASOURCES_DEFAULT_HOST=mydb
-      - DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
-      - DATASOURCES_DEFAULT_USERNAME=user
-      - DATASOURCES_DEFAULT_DATABASE=passbolt
-      - APP_FULL_BASE_URL=https://www.example.com # replace with your URL
+    networks:
+      - bw-services
 
   mydb:
     image: mariadb
     volumes:
-      - ./db-data:/var/lib/mysql
+      - db-data:/var/lib/mysql
     environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=passbolt
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD)
+      MARIADB_RANDOM_ROOT_PASSWORD: "yes"
+    entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${PASSBOLT_USER:-user}\"; CREATE USER \"${PASSBOLT_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${PASSBOLT_DATABASE:-passboltdb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${PASSBOLT_DATABASE:-passboltdb}.* TO \"${PASSBOLT_USER:-user}\"@\"%\" IDENTIFIED BY \"${PASSBOLT_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${PASSBOLT_USER:-user}\"@\"%\" IDENTIFIED BY \"${PASSBOLT_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
+    networks:
+      - bw-universe
+      - bw-services
 
 volumes:
-  bw_data:
+  gpg_volume:
+  jwt_volume:
+  db-data:
+  bw-data:
+
+
+networks:
+  bw-universe:
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+  net-docker:

examples/passbolt/swarm.yml

@@ -2,10 +2,22 @@ version: "3"
 
 services:
   # you will need to add a user by hand
-  # example : docker-compose exec mypassbolt su -m -c "bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data
+  # example : docker-compose exec mypassbolt su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user -u <your@email.com> -f <yourname> -l <surname> -r admin" -s /bin/sh www-data
   # more info at https://github.com/passbolt/passbolt_docker
   mypassbolt:
-    image: passbolt/passbolt
+    image: passbolt/passbolt:3.8.1-1-ce
+    networks:
+      - bw-services
+    environment:
+      - APP_FULL_BASE_URL=https://www.example.com # replace with your URL
+      - PASSBOLT_SSL_FORCE=false
+      - DATASOURCES_DEFAULT_HOST=mydb
+      - DATASOURCES_DEFAULT_DATABASE=${PASSBOLT_DATABASE:-passboltdb}
+      - DATASOURCES_DEFAULT_USERNAME=${PASSBOLT_USER:-user}
+      - DATASOURCES_DEFAULT_PASSWORD=${PASSBOLT_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
+    volumes:
+      - gpg_volume:/etc/passbolt/gpg
+      - jwt_volume:/etc/passbolt/jwt
     command:
       [
         "/usr/bin/wait-for.sh",
@@ -15,14 +27,6 @@ services:
         "--",
         "/docker-entrypoint.sh",
       ]
-    networks:
-      - bw-services
-    environment:
-      - DATASOURCES_DEFAULT_HOST=mydb
-      - DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
-      - DATASOURCES_DEFAULT_USERNAME=user
-      - DATASOURCES_DEFAULT_DATABASE=passbolt
-      - APP_FULL_BASE_URL=https://www.example.com # replace with your URL
     deploy:
       placement:
         constraints:
@@ -30,25 +34,12 @@ services:
       labels:
         - bunkerweb.SERVER_NAME=www.example.com
         - bunkerweb.ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE
+        - bunkerweb.COOKIE_FLAGS=* SameSite=Lax
         - bunkerweb.USE_REVERSE_PROXY=yes
         - bunkerweb.REVERSE_PROXY_URL=/
         - bunkerweb.REVERSE_PROXY_HOST=https://mypassbolt
 
-  mydb:
-    image: mariadb
-    volumes:
-      - db_data:/var/lib/mysql
-    networks:
-      - bw-services
-    environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=passbolt
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD)
-    deploy:
-      placement:
-        constraints:
-          - "node.role==worker"
+  # For the database, you can refer to the swarm integration example including a database
 
 networks:
   bw-services: