Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

various fixes

Browse Source
This commit is contained in:
bunkerity 2020-11-13 17:57:39 +01:00
parent 8cdc155ac0
commit 0f0593456c
No known key found for this signature in database
GPG Key ID: 654FFF51CEF7CC47
21 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -19,7 +19,7 @@ COPY logs/ /opt/logs
COPY lua/ /opt/lua COPY lua/ /opt/lua
COPY crowdsec/ /opt/crowdsec COPY crowdsec/ /opt/crowdsec
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
chmod +x /opt/entrypoint/* /opt/scripts/* && \ chmod +x /opt/entrypoint/* /opt/scripts/* && \
mkdir /opt/entrypoint.d && \ mkdir /opt/entrypoint.d && \
rm -f /var/log/nginx/* && \ rm -f /var/log/nginx/* && \

2
Dockerfile-amd64
View File

@ -19,7 +19,7 @@ COPY logs/ /opt/logs
COPY lua/ /opt/lua COPY lua/ /opt/lua
COPY crowdsec/ /opt/crowdsec COPY crowdsec/ /opt/crowdsec
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
chmod +x /opt/entrypoint/* /opt/scripts/* && \ chmod +x /opt/entrypoint/* /opt/scripts/* && \
mkdir /opt/entrypoint.d && \ mkdir /opt/entrypoint.d && \
rm -f /var/log/nginx/* && \ rm -f /var/log/nginx/* && \

2
Dockerfile-arm32v7
View File

@ -26,7 +26,7 @@ COPY logs/ /opt/logs
COPY lua/ /opt/lua COPY lua/ /opt/lua
COPY crowdsec/ /opt/crowdsec COPY crowdsec/ /opt/crowdsec
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
chmod +x /opt/entrypoint/* /opt/scripts/* && \ chmod +x /opt/entrypoint/* /opt/scripts/* && \
mkdir /opt/entrypoint.d && \ mkdir /opt/entrypoint.d && \
rm -f /var/log/nginx/* && \ rm -f /var/log/nginx/* && \

2
Dockerfile-arm64v8
View File

@ -26,7 +26,7 @@ COPY logs/ /opt/logs
COPY lua/ /opt/lua COPY lua/ /opt/lua
COPY crowdsec/ /opt/crowdsec COPY crowdsec/ /opt/crowdsec
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
chmod +x /opt/entrypoint/* /opt/scripts/* && \ chmod +x /opt/entrypoint/* /opt/scripts/* && \
mkdir /opt/entrypoint.d && \ mkdir /opt/entrypoint.d && \
rm -f /var/log/nginx/* && \ rm -f /var/log/nginx/* && \

2
Dockerfile-i386
View File

@ -19,7 +19,7 @@ COPY logs/ /opt/logs
COPY lua/ /opt/lua COPY lua/ /opt/lua
COPY crowdsec/ /opt/crowdsec COPY crowdsec/ /opt/crowdsec
RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash && \ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd go jq mariadb-connector-c bash brotli && \
chmod +x /opt/entrypoint/* /opt/scripts/* && \ chmod +x /opt/entrypoint/* /opt/scripts/* && \
mkdir /opt/entrypoint.d && \ mkdir /opt/entrypoint.d && \
rm -f /var/log/nginx/* && \ rm -f /var/log/nginx/* && \

2
compile.sh
View File

@ -30,7 +30,7 @@ function git_secure_clone() {
NTASK=$(nproc) NTASK=$(nproc)
# install build dependencies # install build dependencies
apk add --no-cache --virtual build autoconf libtool automake git geoip-dev yajl-dev g++ curl-dev libxml2-dev pcre-dev make linux-headers libmaxminddb-dev musl-dev lua-dev gd-dev gnupg apk add --no-cache --virtual build autoconf libtool automake git geoip-dev yajl-dev g++ curl-dev libxml2-dev pcre-dev make linux-headers libmaxminddb-dev musl-dev lua-dev gd-dev gnupg brotli-dev
# compile and install ModSecurity library # compile and install ModSecurity library
cd /tmp cd /tmp

3
confs/global/nginx.conf
View File

@ -47,9 +47,6 @@ http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
# load gzip custom config
include /etc/nginx/gzip.conf;
# maximum request body size # maximum request body size
client_max_body_size %MAX_CLIENT_SIZE%; client_max_body_size %MAX_CLIENT_SIZE%;

2
entrypoint/defaults.sh
View File

@ -4,7 +4,7 @@ HTTP_PORT="${HTTP_PORT-8080}"
HTTPS_PORT="${HTTPS_PORT-8443}" HTTPS_PORT="${HTTPS_PORT-8443}"
MAX_CLIENT_SIZE="${MAX_CLIENT_SIZE-10m}" MAX_CLIENT_SIZE="${MAX_CLIENT_SIZE-10m}"
SERVER_TOKENS="${SERVER_TOKENS-off}" SERVER_TOKENS="${SERVER_TOKENS-off}"
USE_CLIENT_CACHE="${USE_CLIENT_CACHE-yes}" USE_CLIENT_CACHE="${USE_CLIENT_CACHE-no}"
CLIENT_CACHE_EXTENSIONS="${CLIENT_CACHE_EXTENSIONS-jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2}" CLIENT_CACHE_EXTENSIONS="${CLIENT_CACHE_EXTENSIONS-jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2}"
CLIENT_CACHE_CONTROL="${CLIENT_CACHE_CONTROL-public, max-age=15552000}" CLIENT_CACHE_CONTROL="${CLIENT_CACHE_CONTROL-public, max-age=15552000}"
CLIENT_CACHE_ETAG="${CLIENT_CACHE_ETAG-on}" CLIENT_CACHE_ETAG="${CLIENT_CACHE_ETAG-on}"

2
entrypoint/site-config.sh
View File

@ -37,7 +37,7 @@ else
fi fi
# client caching # client caching
if [ "$USE_CLIENT_CACHE" = "yes" ] ; if [ "$USE_CLIENT_CACHE" = "yes" ] ; then
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_CLIENT_CACHE%" "include ${NGINX_PREFIX}client-cache.conf;" replace_in_file "${NGINX_PREFIX}server.conf" "%USE_CLIENT_CACHE%" "include ${NGINX_PREFIX}client-cache.conf;"
replace_in_file "${NGINX_PREFIX}client-cache.conf" "%CLIENT_CACHE_EXTENSIONS%" "$CLIENT_CACHE_EXTENSIONS" replace_in_file "${NGINX_PREFIX}client-cache.conf" "%CLIENT_CACHE_EXTENSIONS%" "$CLIENT_CACHE_EXTENSIONS"
replace_in_file "${NGINX_PREFIX}client-cache.conf" "%CLIENT_CACHE_ETAG%" "$CLIENT_CACHE_ETAG" replace_in_file "${NGINX_PREFIX}client-cache.conf" "%CLIENT_CACHE_ETAG%" "$CLIENT_CACHE_ETAG"

1
examples/basic-website-with-php/docker-compose.yml
View File

@ -16,6 +16,7 @@ services:
- AUTO_LETS_ENCRYPT=yes - AUTO_LETS_ENCRYPT=yes
- REDIRECT_HTTP_TO_HTTPS=yes - REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes - DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
- REMOTE_PHP=myphp - REMOTE_PHP=myphp
- REMOTE_PHP_PATH=/app - REMOTE_PHP_PATH=/app

2
examples/load-balancer/server-confs/reverse-proxy.conf
View File

@ -2,5 +2,5 @@ proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / { location / {
proxy_pass http://app$request_uri; proxy_pass http://app;
} }

4
examples/moodle/server-confs/reverse-proxy.conf
View File

@ -2,7 +2,5 @@ proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / { location / {
if ($host = www.website.com) { proxy_pass https://mymoodle:8443;
proxy_pass http://mymoodle:8443$request_uri;
}
} }

2
examples/multisite-basic/docker-compose.yml
View File

@ -18,11 +18,13 @@ services:
- AUTO_LETS_ENCRYPT=yes - AUTO_LETS_ENCRYPT=yes
- REDIRECT_HTTP_TO_HTTPS=yes - REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes - DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
- app1.website.com_REMOTE_PHP=myapp1 - app1.website.com_REMOTE_PHP=myapp1
- app1.website.com_REMOTE_PHP_PATH=/app - app1.website.com_REMOTE_PHP_PATH=/app
- app2.website.com_REMOTE_PHP=myapp2 - app2.website.com_REMOTE_PHP=myapp2
- app2.website.com_REMOTE_PHP_PATH=/app - app2.website.com_REMOTE_PHP_PATH=/app
- app3.website.com_SERVE_FILES=no - app3.website.com_SERVE_FILES=no
- app3.website.com_USE_CLIENT_CACHE=no
networks: networks:
- net1 - net1
- net2 - net2

2
examples/multisite-basic/server-confs/app3.website.com/reverse-proxy.conf
View File

@ -2,5 +2,5 @@ proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / { location / {
proxy_pass http://myapp3:3000$request_uri; proxy_pass http://myapp3:3000;
} }

1
examples/multisite-complex/docker-compose.yml
View File

@ -20,6 +20,7 @@ services:
- AUTO_LETS_ENCRYPT=yes - AUTO_LETS_ENCRYPT=yes
- REDIRECT_HTTP_TO_HTTPS=yes - REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes - DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
- wp.website.com_REMOTE_PHP=mywp - wp.website.com_REMOTE_PHP=mywp
- wp.website.com_REMOTE_PHP_PATH=/var/www/html - wp.website.com_REMOTE_PHP_PATH=/var/www/html
- nc.website.com_REMOTE_PHP=mync - nc.website.com_REMOTE_PHP=mync

1
examples/nextcloud/docker-compose.yml
View File

@ -20,6 +20,7 @@ services:
- REDIRECT_HTTP_TO_HTTPS=yes - REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes - DISABLE_DEFAULT_SERVER=yes
- MAX_CLIENT_SIZE=10G - MAX_CLIENT_SIZE=10G
- USE_CLIENT_CACHE=yes
- REMOTE_PHP=mync - REMOTE_PHP=mync
- REMOTE_PHP_PATH=/var/www/html - REMOTE_PHP_PATH=/var/www/html
- LIMIT_REQ_RATE=40r/s - LIMIT_REQ_RATE=40r/s

4
examples/passbolt/server-confs/reverse-proxy.conf
View File

@ -2,8 +2,6 @@ proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / { location / {
if ($host = www.website.com) { proxy_pass https://mypassbolt;
proxy_pass https://mypassbolt:443$request_uri;
}
} }

4
examples/reverse-proxy/server-confs/reverse-proxy.conf
View File

@ -3,10 +3,10 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / { location / {
if ($host = app1.website.com) { if ($host = app1.website.com) {
proxy_pass http://app1:3000$request_uri; proxy_pass http://app1:3000;
} }
if ($host = app2.website.com) { if ($host = app2.website.com) {
proxy_pass http://app2$request_uri; proxy_pass http://app2;
} }
} }

2
examples/tomcat/server-confs/reverse-proxy.conf
View File

@ -2,5 +2,5 @@ proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / { location / {
proxy_pass http://mytomcat:8080/sample$request_uri; proxy_pass http://mytomcat:8080/sample;
} }

1
examples/tor-hidden-service/docker-compose.yml
View File

@ -27,6 +27,7 @@ services:
- USE_BLACKLIST_IP=no - USE_BLACKLIST_IP=no
- USE_BLACKLIST_REVERSE=no - USE_BLACKLIST_REVERSE=no
- USE_FAIL2BAN=no - USE_FAIL2BAN=no
- USE_CLIENT_CACHE=yes
- REMOTE_PHP=myphp - REMOTE_PHP=myphp
- REMOTE_PHP_PATH=/app - REMOTE_PHP_PATH=/app

1
examples/wordpress/docker-compose.yml
View File

@ -19,6 +19,7 @@ services:
- REDIRECT_HTTP_TO_HTTPS=yes - REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes - DISABLE_DEFAULT_SERVER=yes
- MAX_CLIENT_SIZE=50m - MAX_CLIENT_SIZE=50m
- USE_CLIENT_CACHE=yes
- REMOTE_PHP=mywp - REMOTE_PHP=mywp
- REMOTE_PHP_PATH=/var/www/html - REMOTE_PHP_PATH=/var/www/html