From 6521d7a27a9fe3bdd6578fafea238e8617e13f15 Mon Sep 17 00:00:00 2001 From: bunkerity Date: Tue, 27 Apr 2021 15:31:56 +0200 Subject: [PATCH] fix client cache so it works in combination with reverse proxy and examples update --- confs/site/client-cache.conf | 8 ++-- examples/autoconf-php/docker-compose.yml | 1 - .../autoconf-reverse-proxy/docker-compose.yml | 1 - .../basic-website-with-php/docker-compose.yml | 1 - examples/behind-traefik/docker-compose.yml | 2 - examples/certbot-wildcard/docker-compose.yml | 1 - examples/crowdsec/docker-compose.yml | 1 - examples/drupal/docker-compose.yml | 43 ------------------- examples/drupal/modsec-crs-confs/drupal.conf | 7 --- examples/ghost/docker-compose.yml | 3 -- examples/ghost/modsec-crs-confs/gogs.conf | 7 --- examples/gogs/docker-compose.yml | 1 - examples/joomla/docker-compose.yml | 1 - examples/load-balancer/docker-compose.yml | 1 - examples/moodle/docker-compose.yml | 1 - examples/multisite-basic/docker-compose.yml | 1 - .../docker-compose.yml | 1 - examples/nextcloud/docker-compose.yml | 1 - examples/passbolt/docker-compose.yml | 1 - examples/prestashop/docker-compose.yml | 3 +- examples/redmine/docker-compose.yml | 3 +- .../docker-compose.yml | 1 - .../docker-compose.yml | 1 - .../docker-compose.yml | 1 - examples/tomcat/docker-compose.yml | 1 - .../tor-hidden-service/docker-compose.yml | 1 - examples/web-ui/docker-compose.yml | 1 - examples/wordpress/docker-compose.yml | 1 - 28 files changed, 8 insertions(+), 88 deletions(-) delete mode 100644 examples/drupal/docker-compose.yml delete mode 100644 examples/drupal/modsec-crs-confs/drupal.conf delete mode 100644 examples/ghost/modsec-crs-confs/gogs.conf diff --git a/confs/site/client-cache.conf b/confs/site/client-cache.conf index 19e98d6..21271f7 100644 --- a/confs/site/client-cache.conf +++ b/confs/site/client-cache.conf @@ -1,4 +1,6 @@ -location ~* \.(%CLIENT_CACHE_EXTENSIONS%)$ { - etag %CLIENT_CACHE_ETAG%; - add_header Cache-Control "%CLIENT_CACHE_CONTROL%"; +etag %CLIENT_CACHE_ETAG%; +set $cache ""; +if ($uri ~* \.(%CLIENT_CACHE_EXTENSIONS%)$) { + set $cache "%CLIENT_CACHE_CONTROL%"; } +add_header Cache-Control $cache; diff --git a/examples/autoconf-php/docker-compose.yml b/examples/autoconf-php/docker-compose.yml index 3f07d3d..6e3ae02 100644 --- a/examples/autoconf-php/docker-compose.yml +++ b/examples/autoconf-php/docker-compose.yml @@ -20,7 +20,6 @@ services: - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes labels: - "bunkerized-nginx.AUTOCONF" diff --git a/examples/autoconf-reverse-proxy/docker-compose.yml b/examples/autoconf-reverse-proxy/docker-compose.yml index 2c7a3c7..0888c80 100644 --- a/examples/autoconf-reverse-proxy/docker-compose.yml +++ b/examples/autoconf-reverse-proxy/docker-compose.yml @@ -20,7 +20,6 @@ services: - USE_CLIENT_CACHE=yes - USE_PROXY_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - USE_REVERSE_PROXY=yes labels: - "bunkerized-nginx.AUTOCONF" diff --git a/examples/basic-website-with-php/docker-compose.yml b/examples/basic-website-with-php/docker-compose.yml index 73eaaab..2eefc91 100644 --- a/examples/basic-website-with-php/docker-compose.yml +++ b/examples/basic-website-with-php/docker-compose.yml @@ -18,7 +18,6 @@ services: - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - REMOTE_PHP=myphp - REMOTE_PHP_PATH=/app diff --git a/examples/behind-traefik/docker-compose.yml b/examples/behind-traefik/docker-compose.yml index 8f594e4..f9ee463 100644 --- a/examples/behind-traefik/docker-compose.yml +++ b/examples/behind-traefik/docker-compose.yml @@ -23,7 +23,6 @@ services: - PROXY_REAL_IP=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - REMOTE_PHP=myphp1 - REMOTE_PHP_PATH=/app labels: @@ -41,7 +40,6 @@ services: - PROXY_REAL_IP=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - REMOTE_PHP=myphp2 - REMOTE_PHP_PATH=/app labels: diff --git a/examples/certbot-wildcard/docker-compose.yml b/examples/certbot-wildcard/docker-compose.yml index 9da94d3..1176c81 100644 --- a/examples/certbot-wildcard/docker-compose.yml +++ b/examples/certbot-wildcard/docker-compose.yml @@ -21,7 +21,6 @@ services: - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - app1.website.com_REMOTE_PHP=myapp1 - app1.website.com_REMOTE_PHP_PATH=/app - app2.website.com_REMOTE_PHP=myapp2 diff --git a/examples/crowdsec/docker-compose.yml b/examples/crowdsec/docker-compose.yml index 29a2be9..56fff61 100644 --- a/examples/crowdsec/docker-compose.yml +++ b/examples/crowdsec/docker-compose.yml @@ -20,7 +20,6 @@ services: - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - USE_CROWDSEC=yes - CROWDSEC_HOST=http://mycrowdsec:8080 - CROWDSEC_KEY= # you need to generate it (see bouncer_key.sh) diff --git a/examples/drupal/docker-compose.yml b/examples/drupal/docker-compose.yml deleted file mode 100644 index 68678d7..0000000 --- a/examples/drupal/docker-compose.yml +++ /dev/null @@ -1,43 +0,0 @@ -version: '3' - -services: - - mywww: - image: bunkerity/bunkerized-nginx - restart: always - ports: - - 80:8080 - - 443:8443 - volumes: - - ./drupal-files:/www:ro - - ./letsencrypt:/etc/letsencrypt - #- ./server-confs:/server-confs:ro # custom confs at server context for permalinks - - ./modsec-crs-confs:/modsec-crs-confs:ro # custom Core Rule Set confs to add Drupal exclusions - environment: - - SERVER_NAME=www.website.com # replace with your domain - - AUTO_LETS_ENCRYPT=yes - - REDIRECT_HTTP_TO_HTTPS=yes - - DISABLE_DEFAULT_SERVER=yes - - MAX_CLIENT_SIZE=50m - - USE_CLIENT_CACHE=yes - - USE_GZIP=yes - - USE_BROTLI=yes - - REMOTE_PHP=mydrupal - - REMOTE_PHP_PATH=/var/www/html - - mydrupal: - image: drupal:fpm-alpine - restart: always - volumes: - - ./drupal-files:/var/www/html - - mydb: - image: mariadb - restart: always - volumes: - - ./db-data:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password - - MYSQL_DATABASE=drupaldb - - MYSQL_USER=user - - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password diff --git a/examples/drupal/modsec-crs-confs/drupal.conf b/examples/drupal/modsec-crs-confs/drupal.conf deleted file mode 100644 index da9441e..0000000 --- a/examples/drupal/modsec-crs-confs/drupal.conf +++ /dev/null @@ -1,7 +0,0 @@ -SecAction \ - "id:900130,\ - phase:1,\ - nolog,\ - pass,\ - t:none,\ - setvar:tx.crs_exclusions_drupal=1" diff --git a/examples/ghost/docker-compose.yml b/examples/ghost/docker-compose.yml index 72cf0de..6a8024d 100644 --- a/examples/ghost/docker-compose.yml +++ b/examples/ghost/docker-compose.yml @@ -10,7 +10,6 @@ services: - 443:8443 volumes: - ./letsencrypt:/etc/letsencrypt - #- ./modsec-crs-confs:/modsec-crs-confs:ro # fix FP with CRS environment: - SERVER_NAME=www.website.com # replace with your domain - SERVE_FILES=no @@ -18,9 +17,7 @@ services: - REDIRECT_HTTP_TO_HTTPS=yes - AUTO_LETS_ENCRYPT=yes - USE_PROXY_CACHE=yes - - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL=/ - REVERSE_PROXY_HOST=http://myghost:2368/ diff --git a/examples/ghost/modsec-crs-confs/gogs.conf b/examples/ghost/modsec-crs-confs/gogs.conf deleted file mode 100644 index f6f11c0..0000000 --- a/examples/ghost/modsec-crs-confs/gogs.conf +++ /dev/null @@ -1,7 +0,0 @@ -SecAction \ - "id:900220,\ - phase:1,\ - nolog,\ - pass,\ - t:none,\ - setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'" diff --git a/examples/gogs/docker-compose.yml b/examples/gogs/docker-compose.yml index 369a5ca..cb40297 100644 --- a/examples/gogs/docker-compose.yml +++ b/examples/gogs/docker-compose.yml @@ -20,7 +20,6 @@ services: - USE_PROXY_CACHE=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL=/ - REVERSE_PROXY_HOST=http://mygogs:3000/ diff --git a/examples/joomla/docker-compose.yml b/examples/joomla/docker-compose.yml index 37b755c..c905c54 100644 --- a/examples/joomla/docker-compose.yml +++ b/examples/joomla/docker-compose.yml @@ -19,7 +19,6 @@ services: - MAX_CLIENT_SIZE=50m - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - REMOTE_PHP=myjoomla - REMOTE_PHP_PATH=/var/www/html diff --git a/examples/load-balancer/docker-compose.yml b/examples/load-balancer/docker-compose.yml index 46a8f73..8f575f7 100644 --- a/examples/load-balancer/docker-compose.yml +++ b/examples/load-balancer/docker-compose.yml @@ -20,7 +20,6 @@ services: - USE_PROXY_CACHE=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL=/ - REVERSE_PROXY_HOST=http://app diff --git a/examples/moodle/docker-compose.yml b/examples/moodle/docker-compose.yml index 040a077..5c10089 100644 --- a/examples/moodle/docker-compose.yml +++ b/examples/moodle/docker-compose.yml @@ -20,7 +20,6 @@ services: - USE_PROXY_CACHE=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL=/ - REVERSE_PROXY_HOST=https://mymoodle:8443 diff --git a/examples/multisite-basic/docker-compose.yml b/examples/multisite-basic/docker-compose.yml index 1b7dc36..ce8a784 100644 --- a/examples/multisite-basic/docker-compose.yml +++ b/examples/multisite-basic/docker-compose.yml @@ -19,7 +19,6 @@ services: - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - app1.website.com_REMOTE_PHP=myapp1 - app1.website.com_REMOTE_PHP_PATH=/app - app2.website.com_REMOTE_PHP=myapp2 diff --git a/examples/multisite-custom-server-confs/docker-compose.yml b/examples/multisite-custom-server-confs/docker-compose.yml index 5f809c0..01d8fb2 100644 --- a/examples/multisite-custom-server-confs/docker-compose.yml +++ b/examples/multisite-custom-server-confs/docker-compose.yml @@ -22,7 +22,6 @@ services: - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - wp.website.com_REMOTE_PHP=mywp - wp.website.com_REMOTE_PHP_PATH=/var/www/html - nc.website.com_REMOTE_PHP=mync diff --git a/examples/nextcloud/docker-compose.yml b/examples/nextcloud/docker-compose.yml index 233fac6..fa1dd6f 100644 --- a/examples/nextcloud/docker-compose.yml +++ b/examples/nextcloud/docker-compose.yml @@ -28,7 +28,6 @@ services: - ALLOWED_METHODS=GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS - X_FRAME_OPTIONS=SAMEORIGIN - USE_GZIP=yes - - USE_BROTLI=yes - FAIL2BAN_STATUS_CODE=400|401|403|405|444 mync: diff --git a/examples/passbolt/docker-compose.yml b/examples/passbolt/docker-compose.yml index de8ad92..f996604 100644 --- a/examples/passbolt/docker-compose.yml +++ b/examples/passbolt/docker-compose.yml @@ -22,7 +22,6 @@ services: - USE_PROXY_CACHE=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL=/ - REVERSE_PROXY_HOST=https://mypassbolt diff --git a/examples/prestashop/docker-compose.yml b/examples/prestashop/docker-compose.yml index 6d8282c..d3833c6 100644 --- a/examples/prestashop/docker-compose.yml +++ b/examples/prestashop/docker-compose.yml @@ -20,9 +20,10 @@ services: - MAX_CLIENT_SIZE=50m - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - REMOTE_PHP=myprestashop - REMOTE_PHP_PATH=/var/www/html + - LIMIT_REQ_RATE=5r/s + - LIMIT_REQ_BURST=10 myprestashop: image: prestashop/prestashop:1.7-fpm diff --git a/examples/redmine/docker-compose.yml b/examples/redmine/docker-compose.yml index 0a9cec0..6cf94ff 100644 --- a/examples/redmine/docker-compose.yml +++ b/examples/redmine/docker-compose.yml @@ -19,12 +19,11 @@ services: - USE_PROXY_CACHE=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL=/ - REVERSE_PROXY_HOST=http://myredmine:3000/ - redmine: + myredmine: image: redmine restart: always volumes: diff --git a/examples/reverse-proxy-multisite/docker-compose.yml b/examples/reverse-proxy-multisite/docker-compose.yml index e5dcd47..cba11ad 100644 --- a/examples/reverse-proxy-multisite/docker-compose.yml +++ b/examples/reverse-proxy-multisite/docker-compose.yml @@ -20,7 +20,6 @@ services: - USE_PROXY_CACHE=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - USE_REVERSE_PROXY=yes - app1.website.com_REVERSE_PROXY_URL=/ - app1.website.com_REVERSE_PROXY_HOST=http://app1:3000 diff --git a/examples/reverse-proxy-singlesite/docker-compose.yml b/examples/reverse-proxy-singlesite/docker-compose.yml index f496ee8..ffbf829 100644 --- a/examples/reverse-proxy-singlesite/docker-compose.yml +++ b/examples/reverse-proxy-singlesite/docker-compose.yml @@ -20,7 +20,6 @@ services: - USE_PROXY_CACHE=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL_1=/app1/ - REVERSE_PROXY_HOST_1=http://app1:3000/ diff --git a/examples/reverse-proxy-websocket/docker-compose.yml b/examples/reverse-proxy-websocket/docker-compose.yml index 80c6b68..fb8abbf 100644 --- a/examples/reverse-proxy-websocket/docker-compose.yml +++ b/examples/reverse-proxy-websocket/docker-compose.yml @@ -19,7 +19,6 @@ services: - USE_PROXY_CACHE=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL=/ws/ - REVERSE_PROXY_HOST=http://myws:8010/ diff --git a/examples/tomcat/docker-compose.yml b/examples/tomcat/docker-compose.yml index c60afdc..8584f27 100644 --- a/examples/tomcat/docker-compose.yml +++ b/examples/tomcat/docker-compose.yml @@ -19,7 +19,6 @@ services: - USE_PROXY_CACHE=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL=/ - REVERSE_PROXY_HOST=http://mytomcat:8080/sample/ diff --git a/examples/tor-hidden-service/docker-compose.yml b/examples/tor-hidden-service/docker-compose.yml index 04d2650..d5c1495 100644 --- a/examples/tor-hidden-service/docker-compose.yml +++ b/examples/tor-hidden-service/docker-compose.yml @@ -29,7 +29,6 @@ services: - USE_ANTIBOT=captcha - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - REMOTE_PHP=myphp - REMOTE_PHP_PATH=/app diff --git a/examples/web-ui/docker-compose.yml b/examples/web-ui/docker-compose.yml index 11ca4be..8f90363 100644 --- a/examples/web-ui/docker-compose.yml +++ b/examples/web-ui/docker-compose.yml @@ -20,7 +20,6 @@ services: - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - admin.website.com_SERVE_FILES=no - admin.website.com_USE_AUTH_BASIC=yes - admin.website.com_AUTH_BASIC_USER=admin # change it to something hard to guess diff --git a/examples/wordpress/docker-compose.yml b/examples/wordpress/docker-compose.yml index 18a1124..b8b463e 100644 --- a/examples/wordpress/docker-compose.yml +++ b/examples/wordpress/docker-compose.yml @@ -22,7 +22,6 @@ services: - MAX_CLIENT_SIZE=50m - USE_CLIENT_CACHE=yes - USE_GZIP=yes - - USE_BROTLI=yes - REMOTE_PHP=mywp - REMOTE_PHP_PATH=/var/www/html