mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
93 lines
3.4 KiB
YAML
93 lines
3.4 KiB
YAML
version: "3.5"
|
|
|
|
services:
|
|
bw:
|
|
image: bunkerity/bunkerweb:1.5.3
|
|
pull_policy: never
|
|
labels:
|
|
- "bunkerweb.INSTANCE=yes"
|
|
volumes:
|
|
- ./www:/var/www/html
|
|
environment:
|
|
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24 192.168.0.3"
|
|
HTTP_PORT: "80"
|
|
HTTPS_PORT: "443"
|
|
USE_BUNKERNET: "no"
|
|
USE_BLACKLIST: "no"
|
|
LOG_LEVEL: "info"
|
|
GENERATE_SELF_SIGNED_SSL: "no"
|
|
REMOTE_PHP: "bw-php"
|
|
REMOTE_PHP_PATH: "/app"
|
|
|
|
# ? HEADERS settings
|
|
CUSTOM_HEADER: ""
|
|
REMOVE_HEADERS: "Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version"
|
|
STRICT_TRANSPORT_SECURITY: "max-age=31536000"
|
|
COOKIE_FLAGS: "* HttpOnly SameSite=Lax"
|
|
COOKIE_AUTO_SECURE_FLAG: "yes"
|
|
CONTENT_SECURITY_POLICY: "object-src 'none'; form-action 'self'; frame-ancestors 'self';"
|
|
REFERRER_POLICY: "strict-origin-when-cross-origin"
|
|
PERMISSIONS_POLICY: "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()"
|
|
FEATURE_POLICY: "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';"
|
|
X_FRAME_OPTIONS: "SAMEORIGIN"
|
|
X_CONTENT_TYPE_OPTIONS: "nosniff"
|
|
X_XSS_PROTECTION: "1; mode=block"
|
|
CUSTOM_CONF_SERVER_HTTP_ready: |
|
|
location /ready {
|
|
default_type 'text/plain';
|
|
rewrite_by_lua_block {
|
|
ngx.print('ready')
|
|
ngx.flush(true)
|
|
ngx.exit(ngx.HTTP_OK)
|
|
}
|
|
}
|
|
networks:
|
|
bw-universe:
|
|
bw-services:
|
|
ipv4_address: 192.168.0.2
|
|
|
|
bw-scheduler:
|
|
image: bunkerity/bunkerweb-scheduler:1.5.3
|
|
pull_policy: never
|
|
depends_on:
|
|
- bw
|
|
- bw-docker
|
|
environment:
|
|
DOCKER_HOST: "tcp://bw-docker:2375"
|
|
LOG_LEVEL: "info"
|
|
networks:
|
|
- bw-universe
|
|
- bw-docker
|
|
|
|
bw-docker:
|
|
image: tecnativa/docker-socket-proxy:nightly
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
environment:
|
|
CONTAINERS: "1"
|
|
networks:
|
|
- bw-docker
|
|
|
|
bw-php:
|
|
image: php:fpm-alpine3.17
|
|
volumes:
|
|
- ./www:/app
|
|
networks:
|
|
bw-services:
|
|
ipv4_address: 192.168.0.4
|
|
|
|
networks:
|
|
bw-universe:
|
|
name: bw-universe
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: 10.20.30.0/24
|
|
bw-services:
|
|
name: bw-services
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: 192.168.0.0/24
|
|
bw-docker:
|