Fix comments + updated passbolt to support the 1.5
This commit is contained in:
parent
37f21c5d41
commit
e33bad4b9a
|
@ -23,21 +23,7 @@ services:
|
|||
- bunkerweb.LIMIT_REQ_URL_1=/core/install.php
|
||||
- bunkerweb.LIMIT_REQ_RATE_1=5r/s
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
networks:
|
||||
- bw-services
|
||||
volumes:
|
||||
- db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=drupaldb
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
# For the database, you can refer to the swarm example including a database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -24,7 +24,7 @@ services:
|
|||
- bunkerweb.LIMIT_REQ_URL_2=/installation/index.php
|
||||
- bunkerweb.LIMIT_REQ_RATE_2=8r/s
|
||||
|
||||
# For the database, you can refer to the example of the autoconf including a database
|
||||
# For the database, you can refer to the autoconf integration example including a database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -26,21 +26,7 @@ services:
|
|||
- bunkerweb.LIMIT_REQ_URL_2=/installation/index.php
|
||||
- bunkerweb.LIMIT_REQ_RATE_2=8r/s
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
volumes:
|
||||
- db_data:/var/lib/mysql
|
||||
networks:
|
||||
- bw-services
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=joomla_db
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD)
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
# For the database, you can refer to the swarm integration example including a database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -43,7 +43,7 @@ services:
|
|||
volumes:
|
||||
- ./elasticsearch-data:/bitnami/elasticsearch/data
|
||||
|
||||
# For the database, you can refer to the example of the autoconf including a database
|
||||
# For the database, you can refer to the autoconf integration example including a database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -40,21 +40,7 @@ services:
|
|||
constraints:
|
||||
- "node.role==worker"
|
||||
|
||||
mydb:
|
||||
image: mariadb:10.2
|
||||
networks:
|
||||
- bw-services
|
||||
volumes:
|
||||
- db_data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=magentodb
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MAGENTO_DATABASE_PASSWORD)
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
# For the database, you can refer to the swarm integration example including a database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -63,7 +63,7 @@ services:
|
|||
- bunkerweb.LIMIT_REQ_URL_3=^/static/
|
||||
- bunkerweb.LIMIT_REQ_RATE_3=10r/s
|
||||
|
||||
# For the postgres database, you can refer to the example of the autoconf including a postgres database
|
||||
# For the postgres database, you can refer to the autoconf integration example including a postgres database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -27,7 +27,7 @@ services:
|
|||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=https://mymoodle:8443
|
||||
|
||||
# For the database, you can refer to the example of the autoconf including a database
|
||||
# For the database, you can refer to the autoconf integration example including a database
|
||||
# In this example, you will need to add the following lines to the mydb service:
|
||||
# - MARIADB_CHARACTER_SET=utf8mb4
|
||||
# - MARIADB_COLLATE=utf8mb4_unicode_ci
|
||||
|
|
|
@ -29,23 +29,10 @@ services:
|
|||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=https://mymoodle:8443
|
||||
|
||||
mydb:
|
||||
image: mariadb:10.5
|
||||
volumes:
|
||||
- db_data:/var/lib/mysql
|
||||
networks:
|
||||
- bw-services
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=moodle
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MOODLE_DATABASE_PASSWORD)
|
||||
- MARIADB_CHARACTER_SET=utf8mb4
|
||||
- MARIADB_COLLATE=utf8mb4_unicode_ci
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
# For the database, you can refer to the swarm integration example including a database
|
||||
# In this example, you will need to add the following lines to the mydb service:
|
||||
# - MARIADB_CHARACTER_SET=utf8mb4
|
||||
# - MARIADB_COLLATE=utf8mb4_unicode_ci
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -56,7 +56,7 @@ services:
|
|||
bunkerweb.CUSTOM_CONF_MODSEC_nextcloud=
|
||||
SecRule REQUEST_FILENAME "@rx ^/remote.php/dav/files/" "id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog"
|
||||
|
||||
# For the database, you can refer to the example of the autoconf including a database
|
||||
# For the database, you can refer to the autoconf integration example including a database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -37,7 +37,7 @@ services:
|
|||
- bunkerweb.LIMIT_REQ_URL_3=/core/preview
|
||||
- bunkerweb.LIMIT_REQ_RATE_3=5r/s
|
||||
|
||||
# For the database, you can refer to the example of the autoconf in swarm mode including a database
|
||||
# For the database, you can refer to the swarm integration example including a database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -2,10 +2,24 @@ version: "3"
|
|||
|
||||
services:
|
||||
# you will need to add a user by hand
|
||||
# example : docker-compose exec mypassbolt su -m -c "bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data
|
||||
# example : docker-compose exec mypassbolt su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user -u <your@email.com> -f <yourname> -l <surname> -r admin" -s /bin/sh www-data
|
||||
# more info at https://github.com/passbolt/passbolt_docker
|
||||
mypassbolt:
|
||||
image: passbolt/passbolt
|
||||
image: passbolt/passbolt:3.8.1-1-ce
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- mypassbolt
|
||||
environment:
|
||||
- APP_FULL_BASE_URL=https://www.example.com # replace with your URL
|
||||
- PASSBOLT_SSL_FORCE=false
|
||||
- DATASOURCES_DEFAULT_HOST=mydb
|
||||
- DATASOURCES_DEFAULT_DATABASE=${PASSBOLT_DATABASE:-passboltdb}
|
||||
- DATASOURCES_DEFAULT_USERNAME=${PASSBOLT_USER:-user}
|
||||
- DATASOURCES_DEFAULT_PASSWORD=${PASSBOLT_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
|
||||
volumes:
|
||||
- gpg_volume:/etc/passbolt/gpg
|
||||
- jwt_volume:/etc/passbolt/jwt
|
||||
command:
|
||||
[
|
||||
"/usr/bin/wait-for.sh",
|
||||
|
@ -15,36 +29,19 @@ services:
|
|||
"--",
|
||||
"/docker-entrypoint.sh",
|
||||
]
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- mypassbolt
|
||||
environment:
|
||||
- DATASOURCES_DEFAULT_HOST=mydb
|
||||
- DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- DATASOURCES_DEFAULT_USERNAME=user
|
||||
- DATASOURCES_DEFAULT_DATABASE=passbolt
|
||||
- APP_FULL_BASE_URL=https://www.example.com # replace with your URL
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE
|
||||
- bunkerweb.COOKIE_FLAGS=* SameSite=Lax
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=https://mypassbolt
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- mydb
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=passbolt
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD)
|
||||
# For the database, you can refer to the autoconf integration example including a database
|
||||
|
||||
volumes:
|
||||
gpg_volume:
|
||||
jwt_volume:
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env:
|
||||
&bunkerweb-env
|
||||
DATABASE_URI: "mariadb+pymysql://${PASSBOLT_USER:-user}:${PASSBOLT_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,24 +17,68 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE
|
||||
- SERVE_FILES=no
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=https://mypassbolt
|
||||
<<: *bunkerweb-env
|
||||
SERVER_NAME: "www.example.com" # replace with your domain
|
||||
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
|
||||
AUTO_LETS_ENCRYPT: "yes"
|
||||
COOKIE_FLAGS: "* SameSite=Lax"
|
||||
DISABLE_DEFAULT_SERVER: "yes"
|
||||
ALLOWED_METHODS: "GET|POST|HEAD|PUT|DELETE"
|
||||
SERVE_FILES: "no"
|
||||
USE_CLIENT_CACHE: "yes"
|
||||
USE_GZIP: "yes"
|
||||
USE_REVERSE_PROXY: "yes"
|
||||
REVERSE_PROXY_URL: "/"
|
||||
REVERSE_PROXY_HOST: "https://mypassbolt"
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
<<: *bunkerweb-env
|
||||
DOCKER_HOST: "tcp://docker-proxy:2375"
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
# you will need to add a user by hand
|
||||
# example : docker-compose exec mypassbolt su -m -c "bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data
|
||||
# example : docker-compose exec mypassbolt su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user -u <your@email.com> -f <yourname> -l <surname> -r admin" -s /bin/sh www-data
|
||||
# more info at https://github.com/passbolt/passbolt_docker
|
||||
mypassbolt:
|
||||
image: passbolt/passbolt
|
||||
image: passbolt/passbolt:3.8.1-1-ce
|
||||
#Alternatively you can use rootless:
|
||||
# image: passbolt/passbolt:3.8.1-1-ce-non-root
|
||||
depends_on:
|
||||
- mydb
|
||||
environment:
|
||||
- APP_FULL_BASE_URL=https://www.example.com # replace with your URL
|
||||
- PASSBOLT_SSL_FORCE=false
|
||||
- DATASOURCES_DEFAULT_HOST=mydb
|
||||
- DATASOURCES_DEFAULT_DATABASE=${PASSBOLT_DATABASE:-passboltdb}
|
||||
- DATASOURCES_DEFAULT_USERNAME=${PASSBOLT_USER:-user}
|
||||
- DATASOURCES_DEFAULT_PASSWORD=${PASSBOLT_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
|
||||
volumes:
|
||||
- gpg_volume:/etc/passbolt/gpg
|
||||
- jwt_volume:/etc/passbolt/jwt
|
||||
command:
|
||||
[
|
||||
"/usr/bin/wait-for.sh",
|
||||
|
@ -38,24 +86,34 @@ services:
|
|||
"0",
|
||||
"mydb:3306",
|
||||
"--",
|
||||
"/docker-entrypoint.sh",
|
||||
"/docker-entrypoint.sh"
|
||||
]
|
||||
environment:
|
||||
- DATASOURCES_DEFAULT_HOST=mydb
|
||||
- DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- DATASOURCES_DEFAULT_USERNAME=user
|
||||
- DATASOURCES_DEFAULT_DATABASE=passbolt
|
||||
- APP_FULL_BASE_URL=https://www.example.com # replace with your URL
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
- db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=passbolt
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD)
|
||||
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
||||
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${PASSBOLT_USER:-user}\"; CREATE USER \"${PASSBOLT_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${PASSBOLT_DATABASE:-passboltdb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${PASSBOLT_DATABASE:-passboltdb}.* TO \"${PASSBOLT_USER:-user}\"@\"%\" IDENTIFIED BY \"${PASSBOLT_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${PASSBOLT_USER:-user}\"@\"%\" IDENTIFIED BY \"${PASSBOLT_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
gpg_volume:
|
||||
jwt_volume:
|
||||
db-data:
|
||||
bw-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -2,10 +2,22 @@ version: "3"
|
|||
|
||||
services:
|
||||
# you will need to add a user by hand
|
||||
# example : docker-compose exec mypassbolt su -m -c "bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data
|
||||
# example : docker-compose exec mypassbolt su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user -u <your@email.com> -f <yourname> -l <surname> -r admin" -s /bin/sh www-data
|
||||
# more info at https://github.com/passbolt/passbolt_docker
|
||||
mypassbolt:
|
||||
image: passbolt/passbolt
|
||||
image: passbolt/passbolt:3.8.1-1-ce
|
||||
networks:
|
||||
- bw-services
|
||||
environment:
|
||||
- APP_FULL_BASE_URL=https://www.example.com # replace with your URL
|
||||
- PASSBOLT_SSL_FORCE=false
|
||||
- DATASOURCES_DEFAULT_HOST=mydb
|
||||
- DATASOURCES_DEFAULT_DATABASE=${PASSBOLT_DATABASE:-passboltdb}
|
||||
- DATASOURCES_DEFAULT_USERNAME=${PASSBOLT_USER:-user}
|
||||
- DATASOURCES_DEFAULT_PASSWORD=${PASSBOLT_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
|
||||
volumes:
|
||||
- gpg_volume:/etc/passbolt/gpg
|
||||
- jwt_volume:/etc/passbolt/jwt
|
||||
command:
|
||||
[
|
||||
"/usr/bin/wait-for.sh",
|
||||
|
@ -15,14 +27,6 @@ services:
|
|||
"--",
|
||||
"/docker-entrypoint.sh",
|
||||
]
|
||||
networks:
|
||||
- bw-services
|
||||
environment:
|
||||
- DATASOURCES_DEFAULT_HOST=mydb
|
||||
- DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- DATASOURCES_DEFAULT_USERNAME=user
|
||||
- DATASOURCES_DEFAULT_DATABASE=passbolt
|
||||
- APP_FULL_BASE_URL=https://www.example.com # replace with your URL
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
|
@ -30,25 +34,12 @@ services:
|
|||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE
|
||||
- bunkerweb.COOKIE_FLAGS=* SameSite=Lax
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=https://mypassbolt
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
volumes:
|
||||
- db_data:/var/lib/mysql
|
||||
networks:
|
||||
- bw-services
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=passbolt
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD)
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
# For the database, you can refer to the swarm integration example including a database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
Loading…
Reference in New Issue