fix client cache so it works in combination with reverse proxy and examples update

confs/site/client-cache.conf

@@ -1,4 +1,6 @@
-location ~* \.(%CLIENT_CACHE_EXTENSIONS%)$ {
-	etag %CLIENT_CACHE_ETAG%;
-	add_header Cache-Control "%CLIENT_CACHE_CONTROL%";
+etag %CLIENT_CACHE_ETAG%;
+set $cache "";
+if ($uri ~* \.(%CLIENT_CACHE_EXTENSIONS%)$) {
+	set $cache "%CLIENT_CACHE_CONTROL%";
 }
+add_header Cache-Control $cache;

examples/autoconf-php/docker-compose.yml

@@ -20,7 +20,6 @@ services:
       - DISABLE_DEFAULT_SERVER=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
     labels:
       - "bunkerized-nginx.AUTOCONF"
 

examples/autoconf-reverse-proxy/docker-compose.yml

@@ -20,7 +20,6 @@ services:
       - USE_CLIENT_CACHE=yes
       - USE_PROXY_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - USE_REVERSE_PROXY=yes
     labels:
       - "bunkerized-nginx.AUTOCONF"

examples/basic-website-with-php/docker-compose.yml

@@ -18,7 +18,6 @@ services:
       - DISABLE_DEFAULT_SERVER=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - REMOTE_PHP=myphp
       - REMOTE_PHP_PATH=/app
 

examples/behind-traefik/docker-compose.yml

@@ -23,7 +23,6 @@ services:
       - PROXY_REAL_IP=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - REMOTE_PHP=myphp1
       - REMOTE_PHP_PATH=/app
     labels:
@@ -41,7 +40,6 @@ services:
       - PROXY_REAL_IP=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - REMOTE_PHP=myphp2
       - REMOTE_PHP_PATH=/app
     labels:

examples/certbot-wildcard/docker-compose.yml

@@ -21,7 +21,6 @@ services:
       - DISABLE_DEFAULT_SERVER=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - app1.website.com_REMOTE_PHP=myapp1
       - app1.website.com_REMOTE_PHP_PATH=/app
       - app2.website.com_REMOTE_PHP=myapp2

examples/crowdsec/docker-compose.yml

@@ -20,7 +20,6 @@ services:
       - DISABLE_DEFAULT_SERVER=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - USE_CROWDSEC=yes
       - CROWDSEC_HOST=http://mycrowdsec:8080
       - CROWDSEC_KEY=                                 # you need to generate it (see bouncer_key.sh)

examples/drupal/docker-compose.yml

@@ -1,43 +0,0 @@
-version: '3'
-
-services:
-
-  mywww:
-    image: bunkerity/bunkerized-nginx
-    restart: always
-    ports:
-      - 80:8080
-      - 443:8443
-    volumes:
-      - ./drupal-files:/www:ro
-      - ./letsencrypt:/etc/letsencrypt
-      #- ./server-confs:/server-confs:ro         # custom confs at server context for permalinks
-      - ./modsec-crs-confs:/modsec-crs-confs:ro # custom Core Rule Set confs to add Drupal exclusions
-    environment:
-      - SERVER_NAME=www.website.com             # replace with your domain
-      - AUTO_LETS_ENCRYPT=yes
-      - REDIRECT_HTTP_TO_HTTPS=yes
-      - DISABLE_DEFAULT_SERVER=yes
-      - MAX_CLIENT_SIZE=50m
-      - USE_CLIENT_CACHE=yes
-      - USE_GZIP=yes
-      - USE_BROTLI=yes
-      - REMOTE_PHP=mydrupal
-      - REMOTE_PHP_PATH=/var/www/html
-
-  mydrupal:
-    image: drupal:fpm-alpine
-    restart: always
-    volumes:
-      - ./drupal-files:/var/www/html
-
-  mydb:
-    image: mariadb
-    restart: always
-    volumes:
-      - ./db-data:/var/lib/mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd         # replace with a stronger password
-      - MYSQL_DATABASE=drupaldb
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd              # replace with a stronger password

examples/drupal/modsec-crs-confs/drupal.conf

@@ -1,7 +0,0 @@
-SecAction \
- "id:900130,\
-  phase:1,\
-  nolog,\
-  pass,\
-  t:none,\
-  setvar:tx.crs_exclusions_drupal=1"

examples/ghost/docker-compose.yml

@@ -10,7 +10,6 @@ services:
       - 443:8443
     volumes:
       - ./letsencrypt:/etc/letsencrypt
-      #- ./modsec-crs-confs:/modsec-crs-confs:ro              # fix FP with CRS
     environment:
       - SERVER_NAME=www.website.com                          # replace with your domain
       - SERVE_FILES=no
@@ -18,9 +17,7 @@ services:
       - REDIRECT_HTTP_TO_HTTPS=yes
       - AUTO_LETS_ENCRYPT=yes
       - USE_PROXY_CACHE=yes
-      - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - USE_REVERSE_PROXY=yes
       - REVERSE_PROXY_URL=/
       - REVERSE_PROXY_HOST=http://myghost:2368/

examples/ghost/modsec-crs-confs/gogs.conf

@@ -1,7 +0,0 @@
-SecAction \
- "id:900220,\
-  phase:1,\
-  nolog,\
-  pass,\
-  t:none,\
-  setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"

examples/gogs/docker-compose.yml

@@ -20,7 +20,6 @@ services:
       - USE_PROXY_CACHE=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - USE_REVERSE_PROXY=yes
       - REVERSE_PROXY_URL=/
       - REVERSE_PROXY_HOST=http://mygogs:3000/

examples/joomla/docker-compose.yml

@@ -19,7 +19,6 @@ services:
       - MAX_CLIENT_SIZE=50m
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - REMOTE_PHP=myjoomla
       - REMOTE_PHP_PATH=/var/www/html
 

examples/load-balancer/docker-compose.yml

@@ -20,7 +20,6 @@ services:
       - USE_PROXY_CACHE=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - USE_REVERSE_PROXY=yes
       - REVERSE_PROXY_URL=/
       - REVERSE_PROXY_HOST=http://app

examples/moodle/docker-compose.yml

@@ -20,7 +20,6 @@ services:
       - USE_PROXY_CACHE=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - USE_REVERSE_PROXY=yes
       - REVERSE_PROXY_URL=/
       - REVERSE_PROXY_HOST=https://mymoodle:8443

examples/multisite-basic/docker-compose.yml

@@ -19,7 +19,6 @@ services:
       - DISABLE_DEFAULT_SERVER=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - app1.website.com_REMOTE_PHP=myapp1
       - app1.website.com_REMOTE_PHP_PATH=/app
       - app2.website.com_REMOTE_PHP=myapp2

examples/multisite-custom-server-confs/docker-compose.yml

@@ -22,7 +22,6 @@ services:
       - DISABLE_DEFAULT_SERVER=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - wp.website.com_REMOTE_PHP=mywp
       - wp.website.com_REMOTE_PHP_PATH=/var/www/html
       - nc.website.com_REMOTE_PHP=mync

examples/nextcloud/docker-compose.yml

@@ -28,7 +28,6 @@ services:
       - ALLOWED_METHODS=GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS
       - X_FRAME_OPTIONS=SAMEORIGIN
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - FAIL2BAN_STATUS_CODE=400|401|403|405|444
 
   mync:

examples/passbolt/docker-compose.yml

@@ -22,7 +22,6 @@ services:
       - USE_PROXY_CACHE=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - USE_REVERSE_PROXY=yes
       - REVERSE_PROXY_URL=/
       - REVERSE_PROXY_HOST=https://mypassbolt

examples/prestashop/docker-compose.yml

@@ -20,9 +20,10 @@ services:
       - MAX_CLIENT_SIZE=50m
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - REMOTE_PHP=myprestashop
       - REMOTE_PHP_PATH=/var/www/html
+      - LIMIT_REQ_RATE=5r/s
+      - LIMIT_REQ_BURST=10
 
   myprestashop:
     image: prestashop/prestashop:1.7-fpm

examples/redmine/docker-compose.yml

@@ -19,12 +19,11 @@ services:
       - USE_PROXY_CACHE=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - USE_REVERSE_PROXY=yes
       - REVERSE_PROXY_URL=/
       - REVERSE_PROXY_HOST=http://myredmine:3000/
 
-  redmine:
+  myredmine:
     image: redmine
     restart: always
     volumes:

examples/reverse-proxy-multisite/docker-compose.yml

@@ -20,7 +20,6 @@ services:
       - USE_PROXY_CACHE=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - USE_REVERSE_PROXY=yes
       - app1.website.com_REVERSE_PROXY_URL=/
       - app1.website.com_REVERSE_PROXY_HOST=http://app1:3000

examples/reverse-proxy-singlesite/docker-compose.yml

@@ -20,7 +20,6 @@ services:
       - USE_PROXY_CACHE=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - USE_REVERSE_PROXY=yes
       - REVERSE_PROXY_URL_1=/app1/
       - REVERSE_PROXY_HOST_1=http://app1:3000/

examples/reverse-proxy-websocket/docker-compose.yml

@@ -19,7 +19,6 @@ services:
       - USE_PROXY_CACHE=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - USE_REVERSE_PROXY=yes
       - REVERSE_PROXY_URL=/ws/
       - REVERSE_PROXY_HOST=http://myws:8010/

examples/tomcat/docker-compose.yml

@@ -19,7 +19,6 @@ services:
       - USE_PROXY_CACHE=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - USE_REVERSE_PROXY=yes
       - REVERSE_PROXY_URL=/
       - REVERSE_PROXY_HOST=http://mytomcat:8080/sample/

examples/tor-hidden-service/docker-compose.yml

@@ -29,7 +29,6 @@ services:
       - USE_ANTIBOT=captcha
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - REMOTE_PHP=myphp
       - REMOTE_PHP_PATH=/app
 

examples/web-ui/docker-compose.yml

@@ -20,7 +20,6 @@ services:
       - DISABLE_DEFAULT_SERVER=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - admin.website.com_SERVE_FILES=no
       - admin.website.com_USE_AUTH_BASIC=yes
       - admin.website.com_AUTH_BASIC_USER=admin                # change it to something hard to guess

examples/wordpress/docker-compose.yml

@@ -22,7 +22,6 @@ services:
       - MAX_CLIENT_SIZE=50m
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
-      - USE_BROTLI=yes
       - REMOTE_PHP=mywp
       - REMOTE_PHP_PATH=/var/www/html