diff --git a/examples/authelia/.README.md.swp b/examples/authelia/.README.md.swp
new file mode 100644
index 0000000..bd48a1f
Binary files /dev/null and b/examples/authelia/.README.md.swp differ
diff --git a/examples/autoconf-php/README.md b/examples/autoconf-php/README.md
index 8ca213b..d38d4cc 100644
--- a/examples/autoconf-php/README.md
+++ b/examples/autoconf-php/README.md
@@ -6,7 +6,7 @@ Quickly deploy PHP app on Docker containers without restarting bunkerized-nginx.
-## Docker
+## Autoconf
First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-php/docker-compose-nginx.yml).
diff --git a/examples/autoconf-reverse-proxy/README.md b/examples/autoconf-reverse-proxy/README.md
new file mode 100644
index 0000000..348b56c
--- /dev/null
+++ b/examples/autoconf-reverse-proxy/README.md
@@ -0,0 +1,13 @@
+# Autoconf reverse proxy
+
+Quickly deploy web app on Docker containers without restarting bunkerized-nginx.
+
+## Architecture
+
+
+
+## Autoconf
+
+First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-nginx.yml).
+
+Then, you can add and remove web apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose-apps.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-apps.yml).
diff --git a/examples/autoconf-reverse-proxy/architecture.png b/examples/autoconf-reverse-proxy/architecture.png
new file mode 100644
index 0000000..f25a83b
Binary files /dev/null and b/examples/autoconf-reverse-proxy/architecture.png differ
diff --git a/examples/autoconf-reverse-proxy/docker-compose-apps.yml b/examples/autoconf-reverse-proxy/docker-compose-apps.yml
new file mode 100644
index 0000000..56d93e6
--- /dev/null
+++ b/examples/autoconf-reverse-proxy/docker-compose-apps.yml
@@ -0,0 +1,50 @@
+version: '3'
+
+services:
+
+ myapp1:
+ build: js-app
+ restart: always
+ environment:
+ - NODE_ENV=production
+ labels:
+ - "bunkerized-nginx.SERVER_NAME=app1.example.com" # replace with your domain
+ - "bunkerized-nginx.REVERSE_PROXY_URL=/"
+ - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp1:3000"
+ networks:
+ myappnet:
+ aliases:
+ - myapp1
+
+ myapp2:
+ build: js-app
+ restart: always
+ environment:
+ - NODE_ENV=production
+ labels:
+ - "bunkerized-nginx.SERVER_NAME=app2.example.com" # replace with your domain
+ - "bunkerized-nginx.REVERSE_PROXY_URL=/"
+ - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2:3000"
+ networks:
+ myappnet:
+ aliases:
+ - myapp2
+
+ myapp3:
+ build: js-app
+ restart: always
+ environment:
+ - NODE_ENV=production
+ labels:
+ - "bunkerized-nginx.SERVER_NAME=app3.example.com" # replace with your domain
+ - "bunkerized-nginx.REVERSE_PROXY_URL=/"
+ - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp3:3000"
+ networks:
+ myappnet:
+ aliases:
+ - myapp3
+
+networks:
+ myphpnet:
+ external:
+ name: myphpnet
diff --git a/examples/autoconf-reverse-proxy/docker-compose-nginx.yml b/examples/autoconf-reverse-proxy/docker-compose-nginx.yml
new file mode 100644
index 0000000..957e82f
--- /dev/null
+++ b/examples/autoconf-reverse-proxy/docker-compose-nginx.yml
@@ -0,0 +1,45 @@
+version: '3'
+
+services:
+
+ mywww:
+ image: bunkerity/bunkerized-nginx
+ restart: always
+ ports:
+ - 80:8080
+ - 443:8443
+ # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+ # don't forget to edit the permissions of the files and folders accordingly
+ volumes:
+ - ./letsencrypt:/etc/letsencrypt
+ - autoconf:/etc/nginx
+ environment:
+ - SERVER_NAME= # must be left blank if you don't want to setup "static" conf
+ - MULTISITE=yes
+ - AUTO_LETS_ENCRYPT=yes
+ - REDIRECT_HTTP_TO_HTTPS=yes
+ - DISABLE_DEFAULT_SERVER=yes
+ - USE_CLIENT_CACHE=yes
+ - USE_PROXY_CACHE=yes
+ - USE_GZIP=yes
+ - USE_REVERSE_PROXY=yes
+ labels:
+ - "bunkerized-nginx.AUTOCONF"
+ networks:
+ - myappnet
+
+ myautoconf:
+ image: bunkerity/bunkerized-nginx-autoconf
+ restart: always
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ - autoconf:/etc/nginx
+ depends_on:
+ - mywww
+
+volumes:
+ autoconf:
+
+networks:
+ myappnet:
+ name: myappnet
diff --git a/examples/basic-website-with-php/README.md b/examples/basic-website-with-php/README.md
index 9014aeb..20c433a 100644
--- a/examples/basic-website-with-php/README.md
+++ b/examples/basic-website-with-php/README.md
@@ -2,28 +2,16 @@
This is a basic example for a typical PHP website/app.
+## Architecture
+
+
+
## Docker
-```shell
-$ mkdir letsencrypt
-$ chown root:101 letsencrypt
-$ chmod 770 letsencrypt
-$ chmod 755 web-files
-$ chmod -R 744 web-files/*
-$ docker-compose up
-```
+See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/basic-website-with-php/docker-compose.yml).
## Linux
-You will need to configure your php-fpm service to listen on localhost with the following directive :
-```conf
-listen = 127.0.0.1:9000
-```
+Please note that you need to install and configure a php-fpm instance on your server.
-```shell
-$ cp variables.env /opt/bunkerized-nginx/variables.env
-$ cp web-files/* /opt/bunkerized-nginx/www
-$ chown -R www-data:www-data /opt/bunkerized-nginx/www/*
-$ chmod -R 774 /opt/bunkerized-nginx/www/*
-$ bunkerized-nginx
-```
+See [variables.env](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/basic-website-with-php/variables.env).
diff --git a/examples/basic-website-with-php/architecture.png b/examples/basic-website-with-php/architecture.png
new file mode 100644
index 0000000..899064a
Binary files /dev/null and b/examples/basic-website-with-php/architecture.png differ
diff --git a/examples/behind-traefik/docker-compose.yml b/examples/behind-traefik/docker-compose.yml
deleted file mode 100644
index 54b8317..0000000
--- a/examples/behind-traefik/docker-compose.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-version: '3'
-
-services:
-
- mytraefik:
- image: traefik:v1.7.26
- restart: always
- ports:
- - 80:80
- - 443:443
- # bunkerized-nginx runs as an unprivileged user with UID/GID 101
- # don't forget to edit the permissions of the files and folders accordingly
- volumes:
- - /var/run/docker.sock:/var/run/docker.sock
- - ./traefik/traefik.toml:/traefik.toml
- - ./traefik/acme.json:/acme.json
-
- mywww1:
- image: bunkerity/bunkerized-nginx
- restart: always
- volumes:
- - ./web1:/www:ro
- environment:
- - SERVER_NAME=app1.example.com
- - PROXY_REAL_IP=yes
- - USE_CLIENT_CACHE=yes
- - USE_GZIP=yes
- - REMOTE_PHP=myphp1
- - REMOTE_PHP_PATH=/app
- labels:
- - 'traefik.enable=true'
- - 'traefik.port=8080'
- - 'traefik.frontend.rule=Host:app1.example.com' # replace with your domain
-
- mywww2:
- image: bunkerity/bunkerized-nginx
- restart: always
- volumes:
- - ./web2:/www:ro
- environment:
- - SERVER_NAME=app2.example.com
- - PROXY_REAL_IP=yes
- - USE_CLIENT_CACHE=yes
- - USE_GZIP=yes
- - REMOTE_PHP=myphp2
- - REMOTE_PHP_PATH=/app
- labels:
- - 'traefik.enable=true'
- - 'traefik.port=8080'
- - 'traefik.frontend.rule=Host:app2.example.com' # replace with your domain
-
- myphp1:
- image: php:fpm
- restart: always
- volumes:
- - ./web1:/app
-
- myphp2:
- image: php:fpm
- restart: always
- volumes:
- - ./web2:/app
diff --git a/examples/behind-traefik/traefik/acme.json b/examples/behind-traefik/traefik/acme.json
deleted file mode 100644
index e69de29..0000000
diff --git a/examples/behind-traefik/traefik/traefik.toml b/examples/behind-traefik/traefik/traefik.toml
deleted file mode 100644
index 9b535ff..0000000
--- a/examples/behind-traefik/traefik/traefik.toml
+++ /dev/null
@@ -1,29 +0,0 @@
-debug = false
-
-logLevel = "ERROR"
-defaultEntryPoints = ["https","http"]
-
-[entryPoints]
- [entryPoints.http]
- address = ":80"
- [entryPoints.http.redirect]
- entryPoint = "https"
- [entryPoints.https]
- address = ":443"
- [entryPoints.https.tls]
-
-[retry]
-
-[docker]
-endpoint = "unix:///var/run/docker.sock"
-domain = "example.com"
-watch = true
-exposedByDefault = false
-
-[acme]
-email = "contact@example.com"
-storage = "acme.json"
-entryPoint = "https"
-onHostRule = true
-[acme.httpChallenge]
-entryPoint = "http"
diff --git a/examples/behind-traefik/web1/index.php b/examples/behind-traefik/web1/index.php
deleted file mode 100644
index 1918c1e..0000000
--- a/examples/behind-traefik/web1/index.php
+++ /dev/null
@@ -1,5 +0,0 @@
-
diff --git a/examples/behind-traefik/web2/index.php b/examples/behind-traefik/web2/index.php
deleted file mode 100644
index bc4932d..0000000
--- a/examples/behind-traefik/web2/index.php
+++ /dev/null
@@ -1,5 +0,0 @@
-
diff --git a/examples/traefik-alternative/README.md b/examples/traefik-alternative/README.md
new file mode 100644
index 0000000..cf21c60
--- /dev/null
+++ b/examples/traefik-alternative/README.md
@@ -0,0 +1,13 @@
+# Traefik alternative
+
+Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. See [documentation](https://doc.traefik.io/traefik/) and [GitHub repo](https://github.com/traefik/traefik) for more information.
+
+You can easily switch from Traefik to bunkerized-nginx if you are more concerned about security.
+
+## Architecture
+
+
+
+## Autoconf
+
+See [docker-compose-bunkerized.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/traefik-alternative/docker-compose-bunkerized.yml) which is the equivalent of [docker-compose-traefik.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/traefik-alternative/docker-compose-traefik.yml).
diff --git a/examples/traefik-alternative/architecture.png b/examples/traefik-alternative/architecture.png
new file mode 100644
index 0000000..9a3aadd
Binary files /dev/null and b/examples/traefik-alternative/architecture.png differ
diff --git a/examples/autoconf-reverse-proxy/docker-compose.yml b/examples/traefik-alternative/docker-compose-bunkerized.yml
similarity index 52%
rename from examples/autoconf-reverse-proxy/docker-compose.yml
rename to examples/traefik-alternative/docker-compose-bunkerized.yml
index eac3e28..e8c61f8 100644
--- a/examples/autoconf-reverse-proxy/docker-compose.yml
+++ b/examples/traefik-alternative/docker-compose-bunkerized.yml
@@ -22,7 +22,6 @@ services:
- USE_CLIENT_CACHE=yes
- USE_PROXY_CACHE=yes
- USE_GZIP=yes
- - USE_REVERSE_PROXY=yes
labels:
- "bunkerized-nginx.AUTOCONF"
@@ -34,39 +33,15 @@ services:
- autoconf:/etc/nginx
depends_on:
- mywww
- - myapp1
- - myapp2
- - myapp3
+ - whoami
- myapp1:
- build: js-app
- restart: always
- environment:
- - NODE_ENV=production
+ whoami:
+ image: "traefik/whoami"
labels:
- - "bunkerized-nginx.SERVER_NAME=app1.example.com" # replace with your domain
+ - "bunkerized-nginx.SERVER_NAME=www.example.com"
+ - "bunkerized-nginx.USE_REVERSE_PROXY=yes"
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
- - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp1:3000"
-
- myapp2:
- build: js-app
- restart: always
- environment:
- - NODE_ENV=production
- labels:
- - "bunkerized-nginx.SERVER_NAME=app2.example.com" # replace with your domain
- - "bunkerized-nginx.REVERSE_PROXY_URL=/"
- - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2:3000"
-
- myapp3:
- build: js-app
- restart: always
- environment:
- - NODE_ENV=production
- labels:
- - "bunkerized-nginx.SERVER_NAME=app3.example.com" # replace with your domain
- - "bunkerized-nginx.REVERSE_PROXY_URL=/"
- - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp3:3000"
+ - "bunkerized-nginx.REVERSE_PROXY_HOST=http://whoami"
volumes:
autoconf:
diff --git a/examples/traefik-alternative/docker-compose-traefik.yml b/examples/traefik-alternative/docker-compose-traefik.yml
new file mode 100644
index 0000000..7641ae2
--- /dev/null
+++ b/examples/traefik-alternative/docker-compose-traefik.yml
@@ -0,0 +1,35 @@
+version: "3.3"
+
+services:
+
+ traefik:
+ image: "traefik:v2.4"
+ container_name: "traefik"
+ command:
+ #- "--log.level=DEBUG"
+ - "--api.insecure=true"
+ - "--providers.docker=true"
+ - "--providers.docker.exposedbydefault=false"
+ - "--entrypoints.web.address=:80"
+ - "--entrypoints.websecure.address=:443"
+ - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+ - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+ #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+ - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
+ - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+ ports:
+ - "80:80"
+ - "443:443"
+ - "8080:8080"
+ volumes:
+ - "./letsencrypt:/letsencrypt"
+ - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+ whoami:
+ image: "traefik/whoami"
+ container_name: "simple-service"
+ labels:
+ - "traefik.enable=true"
+ - "traefik.http.routers.whoami.rule=Host(`www.example.com`)"
+ - "traefik.http.routers.whoami.entrypoints=websecure"
+ - "traefik.http.routers.whoami.tls.certresolver=myresolver"