examples improvement - traefik alternative, autoconf reverse proxy and basic website

examples/traefik-alternative/README.md

@@ -0,0 +1,13 @@
+# Traefik alternative
+
+Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. See [documentation](https://doc.traefik.io/traefik/) and [GitHub repo](https://github.com/traefik/traefik) for more information.
+
+You can easily switch from Traefik to bunkerized-nginx if you are more concerned about security.
+
+## Architecture
+
+<img src="https://github.com/bunkerity/bunkerized-nginx/blob/dev/examples/traefik-alternative/architecture.png?raw=true" />
+
+## Autoconf
+
+See [docker-compose-bunkerized.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/traefik-alternative/docker-compose-bunkerized.yml) which is the equivalent of [docker-compose-traefik.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/traefik-alternative/docker-compose-traefik.yml).

examples/traefik-alternative/docker-compose-bunkerized.yml

@@ -0,0 +1,47 @@
+version: '3'
+
+services:
+
+  mywww:
+    image: bunkerity/bunkerized-nginx
+    restart: always
+    ports:
+      - 80:8080
+      - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
+    volumes:
+      - ./letsencrypt:/etc/letsencrypt
+      - autoconf:/etc/nginx
+    environment:
+      - SERVER_NAME=                                              # must be left blank if you don't want to setup "static" conf
+      - MULTISITE=yes
+      - AUTO_LETS_ENCRYPT=yes
+      - REDIRECT_HTTP_TO_HTTPS=yes
+      - DISABLE_DEFAULT_SERVER=yes
+      - USE_CLIENT_CACHE=yes
+      - USE_PROXY_CACHE=yes
+      - USE_GZIP=yes
+    labels:
+      - "bunkerized-nginx.AUTOCONF"
+
+  myautoconf:
+    image: bunkerity/bunkerized-nginx-autoconf
+    restart: always
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - autoconf:/etc/nginx
+    depends_on:
+      - mywww
+      - whoami
+
+  whoami:
+    image: "traefik/whoami"
+    labels:
+      - "bunkerized-nginx.SERVER_NAME=www.example.com"
+      - "bunkerized-nginx.USE_REVERSE_PROXY=yes"
+      - "bunkerized-nginx.REVERSE_PROXY_URL=/"
+      - "bunkerized-nginx.REVERSE_PROXY_HOST=http://whoami"
+
+volumes:
+  autoconf:

examples/traefik-alternative/docker-compose-traefik.yml

@@ -0,0 +1,35 @@
+version: "3.3"
+
+services:
+
+  traefik:
+    image: "traefik:v2.4"
+    container_name: "traefik"
+    command:
+      #- "--log.level=DEBUG"
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+    volumes:
+      - "./letsencrypt:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+  whoami:
+    image: "traefik/whoami"
+    container_name: "simple-service"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.whoami.rule=Host(`www.example.com`)"
+      - "traefik.http.routers.whoami.entrypoints=websecure"
+      - "traefik.http.routers.whoami.tls.certresolver=myresolver"