readme improve

README.md

@@ -28,6 +28,8 @@ Non-exhaustive list of features :
   * [PHP](#php)
   * [Fail2ban](#fail2ban)
   * [ClamAV](#clamav)
+  * [Misc](#misc)
+- [Include custom configurations](#include-custom-configurations)
 - [Create your own image](#create-your-own-image)
 - [TODO](#todo)
 
@@ -50,12 +52,12 @@ docker run -p 80:80 -p 443:443 -v /path/to/web/files:/www -v /where/to/save/cert
 ```
 
 Certificates are stored in the /etc/letsencrypt directory, you should save it on your local drive.  
-If you don't want your webserver to listen on HTTP add the environment variable LISTEN_HTTP with a "no" value. But Let's Encrypt needs the port 80 to be opened so redirecting the port is mandatory.
+If you don't want your webserver to listen on HTTP add the environment variable `LISTEN_HTTP` with a "no" value. But Let's Encrypt needs the port 80 to be opened so redirecting the port is mandatory.
 
 Here you have three environment variables :
-- SERVER_NAME : define the FQDN of your webserver, this is mandatory for Let's Encrypt (www.yourdomain.com should point to your IP address)
+- `SERVER_NAME` : define the FQDN of your webserver, this is mandatory for Let's Encrypt (www.yourdomain.com should point to your IP address)
-- AUTO_LETS_ENCRYPT : enable automatic Let's Encrypt creation and renewal of certificates
+- `AUTO_LETS_ENCRYPT` : enable automatic Let's Encrypt creation and renewal of certificates
-- REDIRECT_HTTP_TO_HTTPS : enable HTTP to HTTPS redirection
+- `REDIRECT_HTTP_TO_HTTPS` : enable HTTP to HTTPS redirection
 
 ## Reverse proxy
 You can setup a reverse proxy by adding your own custom configurations at server context.  
@@ -77,12 +79,12 @@ docker run -p 80:80 -e SERVER_NAME="www.website1.com www.website2.com" -e SERVE_
 ```
 
 Here you have three environment variables :
-- SERVER_NAME : list of valid Host headers sent by clients
+- `SERVER_NAME` : list of valid Host headers sent by clients
-- SERVE_FILES : nginx will not serve files from /www directory
+- `SERVE_FILES` : nginx will not serve files from the /www directory
-- DISABLE_DEFAULT_SERVER : nginx will not respond to requests if Host header is not in the SERVER_NAME list
+- `DISABLE_DEFAULT_SERVER` : nginx will not respond to requests if Host header is not in the SERVER_NAME list
 
 # Tutorials
-TODO : link tutorials from bunkerity website
+You will find some tutorials about bunkerized-nginx in our [blog](https://www.bunkerity.com/category/bunkerized-nginx/).  
 
 # List of environment variables
 
@@ -127,8 +129,8 @@ Sets the host names of the webserver separated with spaces. This must match the
 Useful when used with `AUTO_LETSENCRYPT=yes` and/or `DISABLE_DEFAULT_SERVER=yes`.
 
 `WRITE_ACCESS`  
-Values : *yes* | *no*
+Values : *yes* | *no*  
-Default value : *no*
+Default value : *no*  
 If set to yes, nginx will be granted write access to the /www directory.  
 Set it to yes if your website uses file upload or creates dynamic files for example.
 
@@ -291,9 +293,9 @@ Default value : *no*
 If set to yes, the PHP version will be sent within the X-Powered-By header.
 
 `PHP_OPEN_BASEDIR`  
-Values : *\<directory\>*  
+Values : *\<directories separated with : char\>*  
-Default value : */www/*  
+Default value : */www/:/tmp/*  
-Limits access to files within the given directory. For example include() or fopen() calls outside the directory will fail.
+Limits access to files within the given directories. For example include() or fopen() calls outside the directory will fail.
 
 `PHP_ALLOW_URL_FOPEN`  
 Values : *yes* | *no*  
@@ -315,6 +317,11 @@ Values : *\<size in bytes\>* | *XM*
 Default value : *10M*  
 Sets the maximum file size allowed when uploading files.
 
+`PHP_POST_MAX_SIZE`  
+Values : *\<size in bytes\>* | *XM*  
+Default value : *10M*  
+Sets the maximum POST size allowed for clients.
+
 `PHP_DISABLE_FUNCTIONS`  
 Values : *\<function 1\>, \<function 2\> ...*  
 Default value : *system, exec, shell_exec, passthru, phpinfo, show_source, highlight_file, popen, proc_open, fopen_with_path, dbmopen, dbase_open, putenv, filepro, filepro_rowcount, filepro_retrieve, posix_mkfifo*  
@@ -364,6 +371,13 @@ Values : *yes* | *no*
 Default value : *yes*  
 If set to yes, ClamAV will automatically remove the detected files.  
 
+## Misc
+`ADDITIONAL_MODULES` 
+Values : *\<list of packages separated with space\>*  
+Default value :  
+You can specify additional modules to install. All [alpine packages](https://pkgs.alpinelinux.org/packages) are valid.  
+A use case is to use this to install PHP extensions (e.g. : php7-json php7-xml php7-curl ...).
+
 # Create your own image
 
 You can use bunkerity/bunkerized-nginx as a base image for your web application.  
@@ -384,8 +398,17 @@ ENV PHP_UPLOAD_MAX_FILESIZE 100M
 ENV WRITE_ACCESS yes
 ```
 
+# Include custom configurations
+Custom configurations files (ending with .conf suffix) can be added in some directory inside the container :
+  - /http-confs : http context
+  - /server-confs : server context
+
+You just need to use a volume like this :
+```
+docker run ... -v /path/to/http/confs:/http-confs ... bunkerity/bunkerized-nginx
+```
+
 # TODO
-- README improve
 - docker tags
 - Tutorials
 - Full documentation

entrypoint.sh

@@ -91,7 +91,7 @@ USE_FAIL2BAN="${USE_FAIL2BAN-yes}"
 FAIL2BAN_STATUS_CODES="${FAIL2BAN_STATUS_CODES-400|401|403|404|405|444}"
 FAIL2BAN_BANTIME="${FAIL2BAN_BANTIME-3600}"
 FAIL2BAN_FINDTIME="${FAIL2BAN_FINDTIME-60}"
-FAIL2BAN_MAXRETRY="${FAIL2BAN_MAXRETRY-10}"
+FAIL2BAN_MAXRETRY="${FAIL2BAN_MAXRETRY-20}"
 USE_CLAMAV_UPLOAD="${USE_CLAMAV_UPLOAD-yes}"
 USE_CLAMAV_SCAN="${USE_CLAMAV_SCAN-yes}"
 CLAMAV_SCAN_REMOVE="${CLAMAV_SCAN_REMOVE-yes}"