From 7b55acbe8b73c89b4a2591979c7ece64bac17e38 Mon Sep 17 00:00:00 2001 From: bunkerity Date: Fri, 11 Dec 2020 11:44:45 +0100 Subject: [PATCH] web UI example and CVE-2020-8231 fix again --- Dockerfile | 2 +- Dockerfile-amd64 | 2 +- Dockerfile-arm32v7 | 2 +- Dockerfile-arm64v8 | 2 +- Dockerfile-i386 | 2 +- examples/web-ui/docker-compose.yml | 39 ++++++++++++++++++++++++++++++ 6 files changed, 44 insertions(+), 5 deletions(-) create mode 100644 examples/web-ui/docker-compose.yml diff --git a/Dockerfile b/Dockerfile index 2b27840..9e7f38b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,7 +32,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c chmod 750 /acme-challenge # Fix CVE-2020-28928 & CVE-2020-8231 -RUN apk --no-cache add "musl-utils>1.1.24-r2" "libcurl>7.67.0-r1" +RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache diff --git a/Dockerfile-amd64 b/Dockerfile-amd64 index 669a180..e3ddead 100644 --- a/Dockerfile-amd64 +++ b/Dockerfile-amd64 @@ -32,7 +32,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c chmod 750 /acme-challenge # Fix CVE-2020-28928 & CVE-2020-8231 -RUN apk --no-cache add "musl-utils>1.1.24-r2" "libcurl>7.67.0-r1" +RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache diff --git a/Dockerfile-arm32v7 b/Dockerfile-arm32v7 index 85d601c..bac8d69 100644 --- a/Dockerfile-arm32v7 +++ b/Dockerfile-arm32v7 @@ -39,7 +39,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c chmod 750 /acme-challenge # Fix CVE-2020-28928 & CVE-2020-8231 -RUN apk --no-cache add "musl-utils>1.1.24-r2" "libcurl>7.67.0-r1" +RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache diff --git a/Dockerfile-arm64v8 b/Dockerfile-arm64v8 index f976bc5..0a58886 100644 --- a/Dockerfile-arm64v8 +++ b/Dockerfile-arm64v8 @@ -39,7 +39,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c chmod 750 /acme-challenge # Fix CVE-2020-28928 & CVE-2020-8231 -RUN apk --no-cache add "musl-utils>1.1.24-r2" "libcurl>7.67.0-r1" +RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache diff --git a/Dockerfile-i386 b/Dockerfile-i386 index 23e9294..4734a9d 100644 --- a/Dockerfile-i386 +++ b/Dockerfile-i386 @@ -32,7 +32,7 @@ RUN apk --no-cache add certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban c chmod 750 /acme-challenge # Fix CVE-2020-28928 & CVE-2020-8231 -RUN apk --no-cache add "musl-utils>1.1.24-r2" "libcurl>7.67.0-r1" +RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache diff --git a/examples/web-ui/docker-compose.yml b/examples/web-ui/docker-compose.yml new file mode 100644 index 0000000..cd9e407 --- /dev/null +++ b/examples/web-ui/docker-compose.yml @@ -0,0 +1,39 @@ +version: '3' + +services: + + mywww: + image: bunkerity/bunkerized-nginx + restart: always + ports: + - 80:8080 + - 443:8443 + volumes: + - ./letsencrypt:/etc/letsencrypt + - ./web-files:/www:ro + - autoconf:/etc/nginx + environment: + - SERVER_NAME=admin.domain.com # replace with your domain + - MULTISITE=yes + - AUTO_LETS_ENCRYPT=yes + - REDIRECT_HTTP_TO_HTTPS=yes + - DISABLE_DEFAULT_SERVER=yes + - USE_CLIENT_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes + - admin.domain.com_SERVE_FILES=no + - admin.domain.com_USE_AUTH_BASIC=yes + - admin.domain.com_AUTH_BASIC_USER=admin # change it to something hard to guess + - admin.domain.com_AUTH_BASIC_PASSWORD=admin # change it to something hard to guess + - admin.domain.com_USE_REVERSE_PROXY=yes + - admin.domain.com_REVERSE_PROXY_URL=/admin/ # change it to something hard to guess + - admin.domain.com_REVERSE_PROXY_HOST=http://myui:5000/ + labels: + - "bunkerized-nginx.UI" + + myui: + image: bunkerity/bunkerized-nginx-ui + restart: always + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - autoconf:/etc/nginx