Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

various bug fixes

Browse Source
This commit is contained in:
bunkerity 2020-11-15 20:49:43 +01:00
parent fbf81c94be
commit 0635eb368b
No known key found for this signature in database
GPG Key ID: 654FFF51CEF7CC47
9 changed files with 43 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
confs/site/php.conf
View File

@ -1,5 +1,5 @@
location ~ \.php$ { location ~ \.php$ {
fastcgi_pass %REMOTE_PHP%:9000; fastcgi_pass %REMOTE_PHP%:9000;
fastcgi_index index.php; fastcgi_index index.php;
include /etc/nginx/fastcgi.conf; include %FASTCGI_PATH%fastcgi.conf;
} }

2
confs/site/reverse-proxy.conf
View File

@ -1,3 +1,3 @@
location %REVERSE_PROXY_URL% { location %REVERSE_PROXY_URL% {
proxy_pass %REVERSE_PROXY_LOCATION%; proxy_pass %REVERSE_PROXY_HOST%;
} }

4
entrypoint/defaults.sh
View File

@ -21,8 +21,8 @@ PROXY_CACHE_METHODS="${PROXY_CACHE_METHODS-GET HEAD}"
PROXY_CACHE_MIN_USES="${PROXY_CACHE_MIN_USES-2}" PROXY_CACHE_MIN_USES="${PROXY_CACHE_MIN_USES-2}"
PROXY_CACHE_KEY="${PROXY_CACHE_KEY-\$scheme\$host\$request_uri}" PROXY_CACHE_KEY="${PROXY_CACHE_KEY-\$scheme\$host\$request_uri}"
PROXY_CACHE_VALID="${PROXY_CACHE_VALID-200=10m 301=10m 301=1h any=1m}" PROXY_CACHE_VALID="${PROXY_CACHE_VALID-200=10m 301=10m 301=1h any=1m}"
PROXY_NO_CACHE="${PROXY_NO_CACHE-\$http_pragma \$http_authorization}" PROXY_NO_CACHE="${PROXY_NO_CACHE-\$http_authorization}"
PROXY_CACHE_BYPASS="${PROXY_CACHE_BYPASS-\$http_pragma \$http_authorization}" PROXY_CACHE_BYPASS="${PROXY_CACHE_BYPASS-\$http_authorization}"
USE_GZIP="${USE_GZIP-no}" USE_GZIP="${USE_GZIP-no}"
GZIP_COMP_LEVEL="${GZIP_COMP_LEVEL-5}" GZIP_COMP_LEVEL="${GZIP_COMP_LEVEL-5}"
GZIP_MIN_LENGTH="${GZIP_MIN_LENGTH-1000}" GZIP_MIN_LENGTH="${GZIP_MIN_LENGTH-1000}"

2
entrypoint/global-config.sh
View File

@ -32,7 +32,7 @@ else
fi fi
# proxy_cache zone # proxy_cache zone
if [ "$(has_value USE_PROXY_CACHE yes)" = "yes" ] ; then if [ "$(has_value USE_PROXY_CACHE yes)" != "" ] ; then
replace_in_file "/etc/nginx/nginx.conf" "%PROXY_CACHE_PATH%" "proxy_cache_path /tmp/proxy_cache keys_zone=proxycache:${PROXY_CACHE_PATH_ZONE_SIZE} ${PROXY_CACHE_PATH_PARAMS};" replace_in_file "/etc/nginx/nginx.conf" "%PROXY_CACHE_PATH%" "proxy_cache_path /tmp/proxy_cache keys_zone=proxycache:${PROXY_CACHE_PATH_ZONE_SIZE} ${PROXY_CACHE_PATH_PARAMS};"
else else
replace_in_file "/etc/nginx/nginx.conf" "%PROXY_CACHE_PATH%" "" replace_in_file "/etc/nginx/nginx.conf" "%PROXY_CACHE_PATH%" ""

48
entrypoint/site-config.sh
View File

@ -37,27 +37,29 @@ else
fi fi
# max body size # max body size
replace_in_file "{NGINX_PREFIX}server.conf" "%MAX_CLIENT_SIZE%" "$MAX_CLIENT_SIZE" replace_in_file "${NGINX_PREFIX}server.conf" "%MAX_CLIENT_SIZE%" "$MAX_CLIENT_SIZE"
# server tokens # server tokens
replace_in_file "{NGINX_PREFIX}server.conf" "%SERVER_TOKENS%" "$SERVER_TOKENS" replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_TOKENS%" "$SERVER_TOKENS"
# reverse proxy # reverse proxy
if [ "$USE_REVERSE_PROXY" = "yes" ] ; then if [ "$USE_REVERSE_PROXY" = "yes" ] ; then
i=1 i=1
for var in $(env) ; do for var in $(env) ; do
check=$(echo "$var" | grep "^REVERSE_PROXY_URL") check1=$(echo "$var" | grep "^REVERSE_PROXY_URL")
if [ "$check" != "" ] ; then check2=$(echo "$var" | grep "^${1}_REVERSE_PROXY_URL")
if [ "$check1" != "" ] || [ "$check2" != "" ] ; then
name=$(echo "$var" | cut -d '=' -f 1) name=$(echo "$var" | cut -d '=' -f 1)
value=$(echo "$var" | sed "s/${name}//") value=$(echo "$var" | sed "s/${name}=//")
host=$(echo "$name" | sed "s/URL/HOST//") host=$(echo "$name" | sed "s/URL/HOST/")
host_value=$(env | grep "^${host}=" | sed "s/${host}=//")
cp "${NGINX_PREFIX}reverse-proxy.conf" "${NGINX_PREFIX}reverse-proxy-${i}.conf" cp "${NGINX_PREFIX}reverse-proxy.conf" "${NGINX_PREFIX}reverse-proxy-${i}.conf"
replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_URL%" "$value" replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_URL%" "$value"
replace_in_file "${NGINX_PREFIX}reverse-proxy.${i}conf" "%REVERSE_PROXY_HOST%" "${!host}" replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_HOST%" "$host_value"
i=$(($i + 1)) i=$(($i + 1))
fi fi
done done
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" "include ${NGINX_PREFIX}reverse-proxy-*.conf" replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" "include ${NGINX_PREFIX}reverse-proxy-*.conf;"
else else
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" "" replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" ""
fi fi
@ -127,6 +129,10 @@ fi
if [ "$REMOTE_PHP" != "" ] ; then if [ "$REMOTE_PHP" != "" ] ; then
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" "include ${NGINX_PREFIX}php.conf;" replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" "include ${NGINX_PREFIX}php.conf;"
replace_in_file "${NGINX_PREFIX}php.conf" "%REMOTE_PHP%" "$REMOTE_PHP" replace_in_file "${NGINX_PREFIX}php.conf" "%REMOTE_PHP%" "$REMOTE_PHP"
replace_in_file "${NGINX_PREFIX}php.conf" "%FASTCGI_PATH%" "$NGINX_PREFIX"
if [ "$MULTISITE" = "yes" ] ; then
cp /etc/nginx/fastcgi.conf ${NGINX_PREFIX}fastcgi.conf
fi
replace_in_file "${NGINX_PREFIX}fastcgi.conf" "\$document_root" "${REMOTE_PHP_PATH}/" replace_in_file "${NGINX_PREFIX}fastcgi.conf" "\$document_root" "${REMOTE_PHP_PATH}/"
else else
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" "" replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" ""
@ -321,26 +327,24 @@ fi
if [ "$USE_MODSECURITY" = "yes" ] ; then if [ "$USE_MODSECURITY" = "yes" ] ; then
replace_in_file "${NGINX_PREFIX}modsecurity.conf" "%MODSEC_RULES_FILE%" "${NGINX_PREFIX}/modsecurity-rules.conf" replace_in_file "${NGINX_PREFIX}modsecurity.conf" "%MODSEC_RULES_FILE%" "${NGINX_PREFIX}/modsecurity-rules.conf"
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_MODSECURITY%" "include ${NGINX_PREFIX}modsecurity.conf;" replace_in_file "${NGINX_PREFIX}server.conf" "%USE_MODSECURITY%" "include ${NGINX_PREFIX}modsecurity.conf;"
modsec_custom=""
if ls /modsec-confs/*.conf > /dev/null 2>&1 ; then if ls /modsec-confs/*.conf > /dev/null 2>&1 ; then
if [ "$MULTISITE" = "yes" ] ; then modsec_custom="include /modsec-confs/*.conf\n"
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_RULES%" "include /modsec-confs/${1}/*.conf"
else
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_RULES%" "include /modsec-confs/*.conf"
fi
else
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_RULES%" ""
fi fi
if [ "$MULTISITE" = "yes" ] && ls /modsec-confs/${1}/*.conf > /dev/null 2>&1 ; then
modsec_custom="${modsec_custom}include /modsec-confs/${1}/*.conf\n"
fi
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_RULES%" "$modsec_custom"
if [ "$USE_MODSECURITY_CRS" = "yes" ] ; then if [ "$USE_MODSECURITY_CRS" = "yes" ] ; then
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS%" "include /etc/nginx/owasp-crs.conf" replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS%" "include /etc/nginx/owasp-crs.conf"
modsec_crs_custom=""
if ls /modsec-crs-confs/*.conf > /dev/null 2>&1 ; then if ls /modsec-crs-confs/*.conf > /dev/null 2>&1 ; then
if [ "$MULTISITE" = "yes" ] ; then modsec_crs_custom="include /modsec-crs-confs/*.conf\n"
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" "include /modsec-crs-confs/${1}/*.conf"
else
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" "include /modsec-crs-confs/*.conf"
fi
else
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" ""
fi fi
if [ "$MULTISITE" = "yes" ] && ls /modsec-crs-confs/${1}/*.conf > /dev/null 2>&1 ; then
modsec_crs_custom="${modsec_custom}include /modsec-crs-confs/${1}/*.conf\n"
fi
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" "$modsec_crs_custom"
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS_RULES%" "include /etc/nginx/owasp-crs/*.conf" replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS_RULES%" "include /etc/nginx/owasp-crs/*.conf"
else else
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS%" "" replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS%" ""

19
examples/behind-traefik/docker-compose.yml
View File

@ -12,9 +12,6 @@ services:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- ./traefik/traefik.toml:/traefik.toml - ./traefik/traefik.toml:/traefik.toml
- ./traefik/acme.json:/acme.json - ./traefik/acme.json:/acme.json
networks:
- netwww1
- netwww2
mywww1: mywww1:
image: bunkerity/bunkerized-nginx image: bunkerity/bunkerized-nginx
@ -33,9 +30,6 @@ services:
- 'traefik.enable=true' - 'traefik.enable=true'
- 'traefik.port=8080' - 'traefik.port=8080'
- 'traefik.frontend.rule=Host:app1.website.com' # replace with your domain - 'traefik.frontend.rule=Host:app1.website.com' # replace with your domain
networks:
- netwww1
- netphp1
mywww2: mywww2:
image: bunkerity/bunkerized-nginx image: bunkerity/bunkerized-nginx
@ -54,28 +48,15 @@ services:
- 'traefik.enable=true' - 'traefik.enable=true'
- 'traefik.port=8080' - 'traefik.port=8080'
- 'traefik.frontend.rule=Host:app2.website.com' # replace with your domain - 'traefik.frontend.rule=Host:app2.website.com' # replace with your domain
networks:
- netwww2
- netphp2
myphp1: myphp1:
image: php:fpm image: php:fpm
restart: always restart: always
volumes: volumes:
- ./web1:/app - ./web1:/app
networks:
- netphp1
myphp2: myphp2:
image: php:fpm image: php:fpm
restart: always restart: always
volumes: volumes:
- ./web2:/app - ./web2:/app
networks:
- netphp2
networks:
netwww1:
netwww2:
netphp1:
netphp2:

12
examples/multisite-basic/docker-compose.yml
View File

@ -39,7 +39,7 @@ services:
image: php:fpm image: php:fpm
restart: always restart: always
volumes: volumes:
- ./web-files/app1:/app - ./web-files/app1.website.com:/app
networks: networks:
- net1 - net1
@ -47,7 +47,7 @@ services:
image: php:fpm image: php:fpm
restart: always restart: always
volumes: volumes:
- ./web-files/app2:/app - ./web-files/app2.website.com:/app
networks: networks:
- net2 - net2
@ -63,7 +63,7 @@ services:
networks: networks:
- net3 - net3
networks: networks:
net1: net1:
net2: net2:
net3: net3:

6
examples/multisite-custom-server-confs/docker-compose.yml
View File

@ -13,7 +13,7 @@ services:
- ./letsencrypt:/etc/letsencrypt - ./letsencrypt:/etc/letsencrypt
- ./server-confs:/server-confs:ro - ./server-confs:/server-confs:ro
- ./modsec-confs:/modsec-confs:ro - ./modsec-confs:/modsec-confs:ro
- ./modsec-crs-confs:/modsec-crs-conf:ro - ./modsec-crs-confs:/modsec-crs-confs:ro
environment: environment:
- SERVER_NAME=wp.website.com nc.website.com # replace with your domains - SERVER_NAME=wp.website.com nc.website.com # replace with your domains
- MULTISITE=yes - MULTISITE=yes
@ -88,3 +88,7 @@ services:
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
networks: networks:
- net2 - net2
networks:
net1:
net2:

1
examples/multisite-custom-server-confs/modsec-confs/wp.website.com/wordpress.conf Normal file
View File

@ -0,0 +1 @@
SecRuleRemoveById 953120