Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

web UI example and CVE-2020-8231 fix again

Browse Source
This commit is contained in:
bunkerity 2020-12-11 11:44:45 +01:00
parent 559b7835d4
commit 7b55acbe8b
No known key found for this signature in database
GPG Key ID: 654FFF51CEF7CC47
6 changed files with 44 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -32,7 +32,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c
chmod 750 /acme-challenge
# Fix CVE-2020-28928 & CVE-2020-8231
RUN apk --no-cache add "musl-utils>1.1.24-r2" "libcurl>7.67.0-r1"
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache

2
Dockerfile-amd64
View File

@ -32,7 +32,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c
chmod 750 /acme-challenge
# Fix CVE-2020-28928 & CVE-2020-8231
RUN apk --no-cache add "musl-utils>1.1.24-r2" "libcurl>7.67.0-r1"
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache

2
Dockerfile-arm32v7
View File

@ -39,7 +39,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c
chmod 750 /acme-challenge
# Fix CVE-2020-28928 & CVE-2020-8231
RUN apk --no-cache add "musl-utils>1.1.24-r2" "libcurl>7.67.0-r1"
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache

2
Dockerfile-arm64v8
View File

@ -39,7 +39,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c
chmod 750 /acme-challenge
# Fix CVE-2020-28928 & CVE-2020-8231
RUN apk --no-cache add "musl-utils>1.1.24-r2" "libcurl>7.67.0-r1"
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache

2
Dockerfile-i386
View File

@ -32,7 +32,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c
chmod 750 /acme-challenge
# Fix CVE-2020-28928 & CVE-2020-8231
RUN apk --no-cache add "musl-utils>1.1.24-r2" "libcurl>7.67.0-r1"
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache

39
examples/web-ui/docker-compose.yml Normal file
View File

@ -0,0 +1,39 @@
version: '3'
services:
mywww:
image: bunkerity/bunkerized-nginx
restart: always
ports:
- 80:8080
- 443:8443
volumes:
- ./letsencrypt:/etc/letsencrypt
- ./web-files:/www:ro
- autoconf:/etc/nginx
environment:
- SERVER_NAME=admin.domain.com # replace with your domain
- MULTISITE=yes
- AUTO_LETS_ENCRYPT=yes
- REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- USE_BROTLI=yes
- admin.domain.com_SERVE_FILES=no
- admin.domain.com_USE_AUTH_BASIC=yes
- admin.domain.com_AUTH_BASIC_USER=admin # change it to something hard to guess
- admin.domain.com_AUTH_BASIC_PASSWORD=admin # change it to something hard to guess
- admin.domain.com_USE_REVERSE_PROXY=yes
- admin.domain.com_REVERSE_PROXY_URL=/admin/ # change it to something hard to guess
- admin.domain.com_REVERSE_PROXY_HOST=http://myui:5000/
labels:
- "bunkerized-nginx.UI"
myui:
image: bunkerity/bunkerized-nginx-ui
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- autoconf:/etc/nginx