librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Update examples + add static versions

This commit is contained in:
Théophile Diot 2022-12-05 11:47:56 +01:00
parent c195ffc864
commit ff84656cd6
No known key found for this signature in database
GPG Key ID: E752C80DB72BB014
66 changed files with 144 additions and 237 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/behind-reverse-proxy/docker-compose.yml
View File

@ -45,7 +45,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -54,7 +54,7 @@ services:
- net-docker
myproxy:
image: haproxy
image: haproxy:2.7.0
ports:
- 80:8080
volumes:

2
examples/bigbluebutton/docker-compose.yml
View File

@ -70,7 +70,7 @@ services:
net-docker:
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

6
examples/certbot-dns-cloudflare/docker-compose.yml
View File

@ -14,7 +14,6 @@ services:
# more info at https://docs.bunkerweb.io
volumes:
- bw-data:/data
- certs:/certs
environment:
- MULTISITE=yes
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
@ -49,12 +48,13 @@ services:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
- certs:/certs
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -63,7 +63,7 @@ services:
- net-docker
mycertbot:
image: certbot/dns-cloudflare
image: certbot/dns-cloudflare:v2.0.0
environment:
- DOMAINS=*.example.com,example.com
- EMAIL=contact@example.com

6
examples/certbot-dns-digitalocean/docker-compose.yml
View File

@ -14,7 +14,6 @@ services:
# more info at https://docs.bunkerweb.io
volumes:
- bw-data:/data
- certs:/certs
environment:
- MULTISITE=yes
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
@ -49,12 +48,13 @@ services:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
- certs:/certs
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -63,7 +63,7 @@ services:
- net-docker
mycertbot:
image: certbot/dns-digitalocean
image: certbot/dns-digitalocean:v2.0.0
environment:
- DOMAINS=*.example.com,example.com
- EMAIL=contact@example.com

6
examples/certbot-dns-google/docker-compose.yml
View File

@ -14,7 +14,6 @@ services:
# more info at https://docs.bunkerweb.io
volumes:
- bw-data:/data
- certs:/certs
environment:
- MULTISITE=yes
- SERVER_NAME=app1.example.com app2.example.com app3.example.com # replace with your domains
@ -49,12 +48,13 @@ services:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
- certs:/certs
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -63,7 +63,7 @@ services:
- net-docker
mycertbot:
image: certbot/dns-google
image: certbot/dns-google:v2.0.0
environment:
- DOMAINS=*.example.com,example.com
- EMAIL=contact@example.com

4
examples/certbot-dns-ovh/docker-compose.yml
View File

@ -54,7 +54,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -63,7 +63,7 @@ services:
- net-docker
mycertbot:
image: certbot/dns-ovh
image: certbot/dns-ovh:v2.0.0
environment:
- DOMAINS=*.example.com,example.com
- EMAIL=contact@example.com

4
examples/certbot-dns-route53/docker-compose.yml
View File

@ -54,7 +54,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -63,7 +63,7 @@ services:
- net-docker
mycertbot:
image: certbot/dns-google
image: certbot/dns-google:v2.0.0
environment:
- DOMAINS=*.example.com,example.com
- EMAIL=contact@example.com

2
examples/community/brawdunoir-homelab/docker/bw/docker-compose.yaml
View File

@ -57,7 +57,7 @@ services:
- bw-universe
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

18
examples/cors/autoconf.yml
View File

@ -2,15 +2,15 @@ version: "3"
services:
myapp1:
image: php:fpm
image: php:fpm-alpine3.17
networks:
bw-services:
aliases:
- myapp1
# ⚠️ UID and GID of mywww (101:101) and php:fpm (33:33) are not the same ⚠️
# ⚠️ UID and GID of mywww (101:101) and php:fpm (82:82) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
# example : chown -R 82:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www/app1.example.com:/app # folder containing PHP app1 (don't forget to rename it)
labels:
@ -21,15 +21,15 @@ services:
- bunkerweb.REMOTE_PHP_PATH=/app
myapp2:
image: php:fpm
image: php:fpm-alpine3.17
networks:
bw-services:
aliases:
- myapp2
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (33:33) are not the same ⚠️
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (82:82) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
# example : chown -R 82:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www/app2.example.com:/app # folder containing PHP app2 (don't forget to rename it)
labels:
@ -38,15 +38,15 @@ services:
- bunkerweb.REMOTE_PHP_PATH=/app
myapp3:
image: php:fpm
image: php:fpm-alpine3.17
networks:
bw-services:
aliases:
- myapp3
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (33:33) are not the same ⚠️
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (82:82) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
# example : chown -R 82:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www/app3.example.com:/app # folder containing PHP app3 (don't forget to rename it)
labels:

22
examples/cors/docker-compose.yml
View File

@ -46,13 +46,13 @@ services:
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
volumes:
- bw-data:/data
- ./bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -61,33 +61,33 @@ services:
- net-docker
myapp1:
image: php:fpm
# ⚠️ UID and GID of mywww (101:101) and php:fpm (33:33) are not the same ⚠️
image: php:fpm-alpine3.17
# ⚠️ UID and GID of mywww (101:101) and php:fpm-alpine3.17 (82:82) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
# example : chown -R 82:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www/app1.example.com:/app # folder containing PHP app1 (don't forget to rename it)
networks:
- net_app1
myapp2:
image: php:fpm
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (33:33) are not the same ⚠️
image: php:fpm-alpine3.17
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm-alpine3.17 (82:82) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
# example : chown -R 82:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www/app2.example.com:/app # folder containing PHP app2 (don't forget to rename it)
networks:
- net_app2
myapp3:
image: php:fpm
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (33:33) are not the same ⚠️
image: php:fpm-alpine3.17
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm-alpine3.17 (82:82) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
# example : chown -R 82:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www/app3.example.com:/app # folder containing PHP app3 (don't forget to rename it)
networks:

2
examples/cors/setup-autoconf.sh
View File

@ -7,6 +7,6 @@ fi
chown -R root:101 bw-data
chmod -R 770 bw-data
chown -R 33:101 ./bw-data/www
chown -R 82:101 ./bw-data/www
find ./bw-data/www -type f -exec chmod 0640 {} \;
find ./bw-data/www -type d -exec chmod 0750 {} \;

2
examples/cors/setup-docker.sh
View File

@ -7,6 +7,6 @@ fi
chown -R root:101 bw-data
chmod -R 770 bw-data
chown -R 33:101 ./bw-data/www
chown -R 82:101 ./bw-data/www
find ./bw-data/www -type f -exec chmod 0640 {} \;
find ./bw-data/www -type d -exec chmod 0750 {} \;

6
examples/docker-configs/docker-compose.yml
View File

@ -20,9 +20,7 @@ services:
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- SERVE_FILES=no
- DISABLE_DEFAULT_SERVER=yes
# - AUTO_LETS_ENCRYPT=yes # TODO uncomment this line when the tests are done
- USE_BUNKERNET=no # TODO remove this line when the tests are done
- GENERATE_SELF_SIGNED_SSL=yes # TODO remove this line when the tests are done
- AUTO_LETS_ENCRYPT=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
@ -75,7 +73,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/drupal/autoconf.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mydrupal:
image: drupal:9-apache
image: drupal:9.4-apache
networks:
bw-services:
aliases:

9
examples/drupal/docker-compose.yml
View File

@ -29,9 +29,10 @@ services:
USE_REVERSE_PROXY: "yes"
REVERSE_PROXY_URL: "/"
REVERSE_PROXY_HOST: "http://mydrupal"
CUSTOM_CONF_MODSEC_CRS_drupal: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_drupal=1"'
# Onces the installation is done, you can remove these lines
LIMIT_REQ_URL_1: "/core/install.php"
LIMIT_REQ_RATE_1: "5r/s"
CUSTOM_CONF_MODSEC_CRS_drupal: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_drupal=1"'
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
@ -52,7 +53,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -61,7 +62,7 @@ services:
- net-docker
mydrupal:
image: drupal:9-apache
image: drupal:9.4-apache
volumes:
- ./drupal-modules:/var/www/html/modules
- ./drupal-profiles:/var/www/html/profiles
@ -71,7 +72,7 @@ services:
- bw-services
mydb:
image: mariadb
image: mariadb:10.10
volumes:
- db-data:/var/lib/mysql
environment:

10
examples/drupal/setup-docker.sh
View File

@ -1,10 +0,0 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
chown -R root:101 bw-data
find ./bw-data -type f -exec chmod 0660 {} \;
find ./bw-data -type d -exec chmod 0770 {} \;

2
examples/drupal/swarm.yml
View File

@ -2,7 +2,7 @@ version: "3.3"
services:
mydrupal:
image: drupal:9-apache
image: drupal:9.4-apache
networks:
- bw-services
volumes:

2
examples/ghost/autoconf.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
myghost:
image: ghost:alpine
image: ghost:5.25-alpine
volumes:
- ./ghost_data:/var/lib/ghost/content
networks:

4
examples/ghost/docker-compose.yml
View File

@ -44,7 +44,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -53,7 +53,7 @@ services:
- net-docker
myghost:
image: ghost:alpine
image: ghost:5.25-alpine
volumes:
- ./ghost-data:/var/lib/ghost/content
environment:

2
examples/ghost/swarm.yml
View File

@ -2,7 +2,7 @@ version: "3.3"
services:
myghost:
image: ghost:alpine
image: ghost:5.25-alpine
volumes:
- ghost_data:/var/lib/ghost/content
networks:

2
examples/gogs/autoconf.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mygogs:
image: gogs/gogs
image: gogs/gogs:0.12
volumes:
- ./gogs-data:/data
networks:

9
examples/gogs/docker-compose.yml
View File

@ -13,7 +13,7 @@ services:
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- ./bw-data:/data # contains some Core Rule Set configuration to fix FP
- bw-data:/data
environment:
- SERVER_NAME=www.example.com # replace with your domain
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
@ -48,7 +48,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -57,12 +57,15 @@ services:
- net-docker
mygogs:
image: gogs/gogs
image: gogs/gogs:0.12
volumes:
- ./gogs-data:/data
networks:
- bw-services
volumes:
bw-data:
networks:
bw-universe:
ipam:

10
examples/gogs/setup-docker.sh
View File

@ -1,10 +0,0 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
chown -R root:101 bw-data
find ./bw-data -type f -exec chmod 0660 {} \;
find ./bw-data -type d -exec chmod 0770 {} \;

2
examples/gogs/swarm.yml
View File

@ -2,7 +2,7 @@ version: "3.3"
services:
mygogs:
image: gogs/gogs
image: gogs/gogs:0.12
volumes:
- gogs_data:/data/gogs/data
networks:

2
examples/hardened/docker-compose.yml
View File

@ -57,7 +57,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

4
examples/joomla/docker-compose.yml
View File

@ -53,7 +53,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -74,7 +74,7 @@ services:
- bw-services
mydb:
image: mariadb
image: mariadb:10.10
volumes:
- db-data:/var/lib/mysql
environment:

2
examples/load-balancer/docker-compose.yml
View File

@ -51,7 +51,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

4
examples/magento/docker-compose.yml
View File

@ -50,7 +50,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -87,7 +87,7 @@ services:
- bw-services
mydb:
image: mariadb:10.2
image: mariadb:10.10
volumes:
- db-data:/var/lib/mysql
environment:

4
examples/mattermost/.env
View File

@ -14,7 +14,7 @@ RESTART_POLICY=unless-stopped
## Please keep in mind this will create a superuser and it's recommended to use a less privileged
## user to connect to the database.
## A guide on how to change the database user to a nonsuperuser can be found in docs/creation-of-nonsuperuser.md
POSTGRES_IMAGE_TAG=13-alpine
POSTGRES_IMAGE_TAG=15-alpine
POSTGRES_DATA_PATH=./volumes/db/var/lib/postgresql/data
POSTGRES_USER=mmuser
@ -60,7 +60,7 @@ MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes
## This will be 'mattermost-enterprise-edition' or 'mattermost-team-edition' based on the version of Mattermost you're installing.
MATTERMOST_IMAGE=mattermost-enterprise-edition
MATTERMOST_IMAGE_TAG=6.3
MATTERMOST_IMAGE_TAG=master
## Make Mattermost container readonly. This interferes with the regeneration of root.html inside the container. Only use
## it if you know what you're doing.

2
examples/mattermost/docker-compose.yml
View File

@ -69,7 +69,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

4
examples/mongo-express/autoconf.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mongo:
image: mongo:latest
image: mongo:5.0.14
networks:
bw-services:
aliases:
@ -15,7 +15,7 @@ services:
- MONGO_INITDB_DATABASE=mongo # replace with the database name of your choice
mongo-ui:
image: mongo-express:latest
image: mongo-express:0.54.0
networks:
bw-services:
aliases:

6
examples/mongo-express/docker-compose.yml
View File

@ -47,7 +47,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -56,7 +56,7 @@ services:
- net-docker
mongo:
image: mongo:latest
image: mongo:5.0.14
volumes:
- ./db:/data/db
environment:
@ -67,7 +67,7 @@ services:
- bw-services
mongo-ui:
image: mongo-express:latest
image: mongo-express:0.54.0
environment:
- ME_CONFIG_MONGODB_SERVER=mongo
- ME_CONFIG_MONGODB_ADMINUSERNAME=root # replace with a less obvious username

9
examples/mongo-express/setup-docker.sh
View File

@ -1,9 +0,0 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
chown -R root:101 bw-data
chmod -R 770 bw-data

4
examples/mongo-express/swarm.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mongo:
image: mongo:latest
image: mongo:5.0.14
networks:
- bw-services
volumes:
@ -17,7 +17,7 @@ services:
- "node.role==worker"
mongo-ui:
image: mongo-express:latest
image: mongo-express:0.54.0
networks:
- bw-services
environment:

2
examples/moodle/autoconf.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mymoodle:
image: bitnami/moodle:latest
image: bitnami/moodle:4.1.0
networks:
bw-services:
aliases:

6
examples/moodle/docker-compose.yml
View File

@ -50,7 +50,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -59,7 +59,7 @@ services:
- net-docker
mymoodle:
image: bitnami/moodle:latest
image: bitnami/moodle:4.1.0
depends_on:
- mydb
volumes:
@ -78,7 +78,7 @@ services:
- bw-services
mydb:
image: mariadb:10.5
image: mariadb:10.10
volumes:
- db-data:/var/lib/mysql
environment:

2
examples/moodle/setup-linux.sh
View File

@ -13,7 +13,7 @@ else
echo "❌ No PHP user found"
exit 1
fi
curl https://download.moodle.org/download.php/direct/stable400/moodle-4.0.2.tgz -Lo /tmp/moodle.tgz
curl https://download.moodle.org/download.php/direct/stable401/moodle-4.1.tgz -Lo /tmp/moodle.tgz
tar -xzf /tmp/moodle.tgz -C /tmp
cp -r /tmp/moodle/* /var/www/html
chown -R $user:nginx /var/www/html

2
examples/moodle/swarm.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mymoodle:
image: bitnami/moodle:latest
image: bitnami/moodle:4.1.0
networks:
- bw-services
depends_on:

26
examples/nextcloud/docker-compose.yml
View File

@ -39,25 +39,11 @@ services:
LIMIT_REQ_RATE_2: "8r/s"
LIMIT_REQ_URL_3: "/core/preview"
LIMIT_REQ_RATE_3: "5r/s"
CUSTOM_CONF_MODSEC_CRS_nextcloud: "\
SecAction \
\"id:900130,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_exclusions_nextcloud=1\"
CUSTOM_CONF_MODSEC_CRS_nextcloud:
'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_nextcloud=1"
# WebDAV
SecAction \
\"id:900200,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'\""
CUSTOM_CONF_MODSEC_nextcloud: "\
SecRule REQUEST_FILENAME \"@rx ^/remote.php/dav/files/\" \"id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog\""
# WebDAV SecAction "id:900200,phase:1,nolog,pass,t:none,setvar:''tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS''"'
CUSTOM_CONF_MODSEC_nextcloud: 'SecRule REQUEST_FILENAME "@rx ^/remote.php/dav/files/" "id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog"'
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
@ -78,7 +64,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -104,7 +90,7 @@ services:
- bw-services
mydb:
image: mariadb:10.5
image: mariadb:10.10
volumes:
- db-data:/var/lib/mysql
environment:

2
examples/passbolt/autoconf.yml
View File

@ -5,7 +5,7 @@ services:
# example : docker-compose exec mypassbolt su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user -u <your@email.com> -f <yourname> -l <surname> -r admin" -s /bin/sh www-data
# more info at https://github.com/passbolt/passbolt_docker
mypassbolt:
image: passbolt/passbolt:3.8.1-1-ce
image: passbolt/passbolt:3.8.3-1-ce
networks:
bw-services:
aliases:

6
examples/passbolt/docker-compose.yml
View File

@ -51,7 +51,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -63,9 +63,9 @@ services:
# example : docker-compose exec mypassbolt su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user -u <your@email.com> -f <yourname> -l <surname> -r admin" -s /bin/sh www-data
# more info at https://github.com/passbolt/passbolt_docker
mypassbolt:
image: passbolt/passbolt:3.8.1-1-ce
image: passbolt/passbolt:3.8.3-1-ce
#Alternatively you can use rootless:
# image: passbolt/passbolt:3.8.1-1-ce-non-root
# image: passbolt/passbolt:3.8.3-1-ce-non-root
depends_on:
- mydb
environment:

12
examples/php-multisite/autoconf.yml
View File

@ -2,11 +2,11 @@ version: "3"
services:
myapp1:
image: php:fpm
# ⚠️ UID and GID of mywww (101:101) and php:fpm (33:33) are not the same ⚠️
image: php:fpm-alpine3.17
# ⚠️ UID and GID of mywww (101:101) and php:fpm-alpine3.17 (82:82) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
# example : chown -R 82:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www/app1.example.com:/app # folder containing PHP app1 (don't forget to rename it)
networks:
@ -19,11 +19,11 @@ services:
- bunkerweb.REMOTE_PHP_PATH=/app
myapp2:
image: php:fpm
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (33:33) are not the same ⚠️
image: php:fpm-alpine3.17
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm-alpine3.17 (82:82) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
# example : chown -R 82:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www/app2.example.com:/app # folder containing PHP app2 (don't forget to rename it)
networks:

14
examples/php-multisite/docker-compose.yml
View File

@ -46,7 +46,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -55,22 +55,22 @@ services:
- net-docker
myapp1:
image: php:fpm
# ⚠️ UID and GID of mywww (101:101) and php:fpm (33:33) are not the same ⚠️
image: php:fpm-alpine3.17
# ⚠️ UID and GID of mywww (101:101) and php:fpm-alpine3.17 (82:82) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
# example : chown -R 82:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www/app1.example.com:/app # folder containing PHP app1 (don't forget to rename it)
networks:
- net-app1
myapp2:
image: php:fpm
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (33:33) are not the same ⚠️
image: php:fpm-alpine3.17
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm-alpine3.17 (82:82) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
# example : chown -R 82:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www/app2.example.com:/app # folder containing PHP app2 (don't forget to rename it)
networks:

2
examples/php-multisite/setup-autoconf.sh
View File

@ -7,6 +7,6 @@ fi
chown -R root:101 bw-data
chmod -R 770 bw-data
chown -R 33:101 ./bw-data/www
chown -R 82:101 ./bw-data/www
find ./bw-data/www -type f -exec chmod 0640 {} \;
find ./bw-data/www -type d -exec chmod 0750 {} \;

2
examples/php-multisite/setup-docker.sh
View File

@ -7,6 +7,6 @@ fi
chown -R root:101 bw-data
chmod -R 770 bw-data
chown -R 33:101 ./bw-data/www
chown -R 82:101 ./bw-data/www
find ./bw-data/www -type f -exec chmod 0640 {} \;
find ./bw-data/www -type d -exec chmod 0750 {} \;

8
examples/php-singlesite/docker-compose.yml
View File

@ -42,7 +42,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -51,11 +51,11 @@ services:
- net-docker
myphp:
image: php:fpm
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (33:33) are not the same ⚠️
image: php:fpm-alpine3.17
# ⚠️ UID and GID of bunkerweb (101:101) and php:fpm-alpine3.17 (82:82) are not the same ⚠️
# but both needs access to the files and folders of web-files
# don't forget to edit the permissions of the files and folders accordingly
# example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
# example : chown -R 82:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \;
volumes:
- ./bw-data/www:/app # folder containing PHP app
networks:

2
examples/php-singlesite/setup-docker.sh
View File

@ -7,6 +7,6 @@ fi
chown -R root:101 bw-data
chmod -R 770 bw-data
chown -R 33:101 ./bw-data/www
chown -R 82:101 ./bw-data/www
find ./bw-data/www -type f -exec chmod 0640 {} \;
find ./bw-data/www -type d -exec chmod 0750 {} \;

4
examples/prestashop/docker-compose.yml
View File

@ -53,7 +53,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -79,7 +79,7 @@ services:
- bw-services
mydb:
image: mariadb
image: mariadb:10.10
volumes:
- db-data:/var/lib/mysql
environment:

4
examples/proxy-protocol/docker-compose.yml
View File

@ -47,7 +47,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -56,7 +56,7 @@ services:
- net-docker
myproxy:
image: haproxy
image: haproxy:2.7-alpine
ports:
- 80:8080
- 443:8443

2
examples/radarr/autoconf.yml
View File

@ -2,7 +2,7 @@ version: "3.5"
services:
radarr:
image: lscr.io/linuxserver/radarr:latest
image: lscr.io/linuxserver/radarr:4.2.4.6635-ls157
networks:
bw-services:
aliases:

4
examples/radarr/docker-compose.yml
View File

@ -54,7 +54,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -63,7 +63,7 @@ services:
- net-docker
radarr:
image: lscr.io/linuxserver/radarr:latest
image: lscr.io/linuxserver/radarr:4.2.4.6635-ls157
container_name: radarr
environment:
- PUID=1000

2
examples/radarr/swarm.yml
View File

@ -2,7 +2,7 @@ version: "3.3"
services:
radarr:
image: linuxserver/radarr:latest
image: lscr.io/linuxserver/radarr:4.2.4.6635-ls157
networks:
- bw-services
environment:

16
examples/redmine/autoconf.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
myredmine:
image: redmine
image: redmine:5.0.4-alpine
restart: always
volumes:
- ./redmine-data:/usr/src/redmine/files
@ -21,19 +21,7 @@ services:
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://myredmine:3000
mydb:
image: mysql
volumes:
- ./db-data:/var/lib/mysql
networks:
bw-services:
aliases:
- mydb
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=redminedb
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match REDMINE_DB_PASSWORD)
# For the database, you can refer to the autoconf example including a database
networks:
bw-services:

6
examples/redmine/docker-compose.yml
View File

@ -47,7 +47,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -56,7 +56,7 @@ services:
- net-docker
myredmine:
image: redmine
image: redmine:5.0.4-alpine
restart: always
volumes:
- ./redmine-data:/usr/src/redmine/files
@ -69,7 +69,7 @@ services:
- bw-services
mydb:
image: mariadb
image: mariadb:10.10
volumes:
- db-data:/var/lib/mysql
environment:

16
examples/redmine/swarm.yml
View File

@ -23,21 +23,7 @@ services:
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://myredmine:3000
mydb:
image: mysql
volumes:
- db_data:/var/lib/mysql
networks:
- bw-services
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=redminedb
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match REDMINE_DB_PASSWORD)
deploy:
placement:
constraints:
- "node.role==worker"
# For the database, you can refer to the swarm example including a database
networks:
bw-services:

2
examples/reverse-proxy-multisite/docker-compose.yml
View File

@ -48,7 +48,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/reverse-proxy-singlesite/docker-compose.yml
View File

@ -52,7 +52,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/reverse-proxy-websocket/docker-compose.yml
View File

@ -45,7 +45,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

4
examples/syslog/docker-compose.yml
View File

@ -53,7 +53,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -62,7 +62,7 @@ services:
- net-docker
mysyslog:
image: balabit/syslog-ng
image: balabit/syslog-ng:3.38.1
command: --no-caps
volumes:
- ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf

4
examples/tomcat/docker-compose.yml
View File

@ -43,7 +43,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -52,7 +52,7 @@ services:
- net-docker
mytomcat:
image: tomcat
image: tomcat:10.1.2
volumes:
- ./app:/usr/local/tomcat/webapps/ # folder containing war files
networks:

4
examples/tor-hidden-service/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
myonion:
image: goldy/tor-hidden-service
image: goldy/tor-hidden-service:0.4.6.9
volumes:
- ./hidden-services:/var/lib/tor/hidden_service # .onion address and private key will be located in ./hidden_service
environment:
@ -54,7 +54,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

2
examples/web-ui/docker-compose.yml
View File

@ -67,7 +67,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:

16
examples/wordpress/autoconf.yml
View File

@ -2,7 +2,7 @@ version: "3"
services:
mywp:
image: wordpress:5-apache
image: wordpress:6.1.1-apache
volumes:
- ./wp-data:/var/www/html
networks:
@ -31,19 +31,7 @@ services:
t:none,\
setvar:tx.crs_exclusions_wordpress=1"
mydb:
image: mariadb
volumes:
- ./db-data:/var/lib/mysql
networks:
bw-services:
aliases:
- mydb
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=wp
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)
# For the database, you can refer to the autoconf integration example including a database
networks:
bw-services:

6
examples/wordpress/docker-compose.yml
View File

@ -49,7 +49,7 @@ services:
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
image: tecnativa/docker-socket-proxy:0.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -58,7 +58,7 @@ services:
- net-docker
mywp:
image: wordpress:5-apache
image: wordpress:6.1.1-apache
volumes:
- ./wp-data:/var/www/html
environment:
@ -71,7 +71,7 @@ services:
- bw-services
mydb:
image: mariadb
image: mariadb:10.10
volumes:
- db-data:/var/lib/mysql
environment:

4
examples/wordpress/setup-linux.sh
View File

@ -13,8 +13,8 @@ else
echo "❌ No PHP user found"
exit 1
fi
curl https://wordpress.org/latest.zip -Lo /tmp/wordpress.zip
unzip -qq /tmp/wordpress.zip -d /tmp
curl https://wordpress.org/wordpress-6.1.1.tar.gz -Lo /tmp/wordpress.tar.gz
tar -xzf /tmp/wordpress.tar.gz -C /tmp
cp -r /tmp/wordpress/* /var/www/html
chown -R $user:nginx /var/www/html
find /var/www/html -type f -exec chmod 0640 {} \;

16
examples/wordpress/swarm.yml
View File

@ -24,21 +24,7 @@ services:
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://mywp
mydb:
image: mariadb
volumes:
- db_data:/var/lib/mysql
networks:
- bw-services
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=wp
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)
deploy:
placement:
constraints:
- "node.role==worker"
# For the database, you can refer to the swarm integration example including a database
networks:
bw-services: