From 83e7ce9cde8134c767eca25f82c92dc676f6d5db Mon Sep 17 00:00:00 2001 From: bunkerity Date: Thu, 12 Aug 2021 10:19:43 +0200 Subject: [PATCH] examples - polishing before next release --- .gitmodules | 4 +- examples/authelia/README.md | 8 ++ examples/authelia/docker-compose.autoconf.yml | 70 ++++++++++++++++ examples/authelia/docker-compose.swarm.yml | 82 +++++++++++++++++++ examples/autoconf-php/README.md | 4 +- .../autoconf-php/docker-compose-nginx.yml | 44 ---------- ...ker-compose-php.yml => docker-compose.yml} | 31 ++++--- examples/autoconf-reverse-proxy/README.md | 4 +- .../docker-compose-nginx.yml | 45 ---------- ...er-compose-apps.yml => docker-compose.yml} | 31 ++++--- .../basic-website-with-php/docker-compose.yml | 1 - examples/basic-website-with-php/variables.env | 4 +- examples/clamav/bunkerized-nginx-clamav | 1 + examples/clamav/docker-compose.yml | 2 +- examples/kubernetes/README.md | 6 +- examples/swarm-redis/README.md | 8 +- examples/swarm-redis/nginx-autoconf.yml | 16 ++-- examples/swarm-redis/redis.yml | 7 +- examples/swarm-redis/services.yml | 9 +- examples/swarm/README.md | 11 +-- examples/swarm/nginx-autoconf.yml | 74 ----------------- examples/swarm/services.yml | 9 +- examples/web-ui/README.md | 12 --- 23 files changed, 228 insertions(+), 255 deletions(-) create mode 100644 examples/authelia/docker-compose.autoconf.yml create mode 100644 examples/authelia/docker-compose.swarm.yml delete mode 100644 examples/autoconf-php/docker-compose-nginx.yml rename examples/autoconf-php/{docker-compose-php.yml => docker-compose.yml} (87%) delete mode 100644 examples/autoconf-reverse-proxy/docker-compose-nginx.yml rename examples/autoconf-reverse-proxy/{docker-compose-apps.yml => docker-compose.yml} (88%) create mode 160000 examples/clamav/bunkerized-nginx-clamav delete mode 100644 examples/swarm/nginx-autoconf.yml diff --git a/.gitmodules b/.gitmodules index 246eab3..876b5e3 100644 --- a/.gitmodules +++ b/.gitmodules @@ -2,6 +2,6 @@ path = examples/crowdsec/bunkerized-nginx-crowdsec url = https://github.com/bunkerity/bunkerized-nginx-crowdsec -[submodule "bunkerized-nginx-clamav"] +[submodule "examples/clamav/bunkerized-nginx-clamav"] path = examples/clamav/bunkerized-nginx-clamav - url = https://github.com/bunkerity/bunkerized-nginx-clamav + url = https://github.com/bunkerity/bunkerized-nginx-clamav.git diff --git a/examples/authelia/README.md b/examples/authelia/README.md index a2946d4..4f69af3 100644 --- a/examples/authelia/README.md +++ b/examples/authelia/README.md @@ -17,3 +17,11 @@ First of all, you will need to edit the configuration files inside the authelia ## Docker See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/authelia/docker-compose.yml). + +## Docker autoconf + +See [docker-compose.autoconf.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/authelia/docker-compose.autoconf.yml). + +## Docker Swarm + +See [docker-compose.swarm.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/authelia/docker-compose.swarm.yml). diff --git a/examples/authelia/docker-compose.autoconf.yml b/examples/authelia/docker-compose.autoconf.yml new file mode 100644 index 0000000..a79db6e --- /dev/null +++ b/examples/authelia/docker-compose.autoconf.yml @@ -0,0 +1,70 @@ +version: '3.3' + +services: + + authelia: + image: authelia/authelia + networks: + services-net: + aliases: + - authelia + volumes: + - ./authelia:/config + healthcheck: + disable: true + environment: + - TZ=France/Paris + labels: + - "bunkerized-nginx.SERVER_NAME=auth.example.com" + - "bunkerized-nginx.USE_REVERSE_PROXY=yes" + - "bunkerized-nginx.REVERSE_PROXY_URL=/" + - "bunkerized-nginx.REVERSE_PROXY_HOST=http://authelia:9091" + + redis: + image: redis:alpine + networks: + services-net: + aliases: + - redis + volumes: + - ./redis:/data + environment: + - TZ=France/Paris + + myapp1: + image: php:fpm + networks: + services-net: + aliases: + - myapp1 + volumes: + - ./web-files/app1.example.com:/app + labels: + - "bunkerized-nginx.SERVER_NAME=app1.example.com" + - "bunkerized-nginx.USE_AUTHELIA=yes" + - "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com" + - "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091" + - "bunkerized-nginx.REMOTE_PHP=myapp1" + - "bunkerized-nginx.REMOTE_PHP_PATH=/app" + + myapp2: + image: php:apache + networks: + services-net: + aliases: + - myapp2 + volumes: + - ./web-files/app2.example.com:/var/www/html + labels: + - "bunkerized-nginx.SERVER_NAME=app2.example.com" + - "bunkerized-nginx.USE_AUTHELIA=yes" + - "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com" + - "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091" + - "bunkerized-nginx.USE_REVERSE_PROXY=yes" + - "bunkerized-nginx.REVERSE_PROXY_URL=/" + - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2" + +networks: + services-net: + external: + name: services-net diff --git a/examples/authelia/docker-compose.swarm.yml b/examples/authelia/docker-compose.swarm.yml new file mode 100644 index 0000000..2fd9b8a --- /dev/null +++ b/examples/authelia/docker-compose.swarm.yml @@ -0,0 +1,82 @@ +version: '3.3' + +services: + + authelia: + image: authelia/authelia + networks: + services-net: + aliases: + - authelia + volumes: + - /shared/authelia:/config + healthcheck: + disable: true + environment: + - TZ=France/Paris + deploy: + placement: + constraints: + - "node.role==worker" + labels: + - "bunkerized-nginx.SERVER_NAME=auth.example.com" + - "bunkerized-nginx.USE_REVERSE_PROXY=yes" + - "bunkerized-nginx.REVERSE_PROXY_URL=/" + - "bunkerized-nginx.REVERSE_PROXY_HOST=http://authelia:9091" + + redis: + image: redis:alpine + networks: + services-net: + aliases: + - redis + volumes: + - /shared/redis:/data + environment: + - TZ=France/Paris + + myapp1: + image: php:fpm + networks: + services-net: + aliases: + - myapp1 + volumes: + - /shared/www/app1.example.com:/app + deploy: + placement: + constraints: + - "node.role==worker" + labels: + - "bunkerized-nginx.SERVER_NAME=app1.example.com" + - "bunkerized-nginx.USE_AUTHELIA=yes" + - "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com" + - "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091" + - "bunkerized-nginx.REMOTE_PHP=myapp1" + - "bunkerized-nginx.REMOTE_PHP_PATH=/app" + + myapp2: + image: php:apache + networks: + services-net: + aliases: + - myapp2 + volumes: + - /shared/www/app2.example.com:/var/www/html + deploy: + placement: + constraints: + - "node.role==worker" + labels: + - "bunkerized-nginx.SERVER_NAME=app2.example.com" + - "bunkerized-nginx.USE_AUTHELIA=yes" + - "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com" + - "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091" + - "bunkerized-nginx.USE_REVERSE_PROXY=yes" + - "bunkerized-nginx.REVERSE_PROXY_URL=/" + - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2" + +networks: + services-net: + external: + name: services-net diff --git a/examples/autoconf-php/README.md b/examples/autoconf-php/README.md index d38d4cc..bb82afd 100644 --- a/examples/autoconf-php/README.md +++ b/examples/autoconf-php/README.md @@ -8,6 +8,6 @@ Quickly deploy PHP app on Docker containers without restarting bunkerized-nginx. ## Autoconf -First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-php/docker-compose-nginx.yml). +First of all, you need to setup the [Docker autoconf integration](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#docker-autoconf). -Then, you can add and remove PHP apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose-php.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-php/docker-compose-php.yml). +Then, you can add and remove PHP apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-php/docker-compose.yml). diff --git a/examples/autoconf-php/docker-compose-nginx.yml b/examples/autoconf-php/docker-compose-nginx.yml deleted file mode 100644 index aee60c5..0000000 --- a/examples/autoconf-php/docker-compose-nginx.yml +++ /dev/null @@ -1,44 +0,0 @@ -version: '3' - -services: - - mywww: - image: bunkerity/bunkerized-nginx - restart: always - ports: - - 80:8080 - - 443:8443 - # bunkerized-nginx runs as an unprivileged user with UID/GID 101 - # don't forget to edit the permissions of the files and folders accordingly - volumes: - - ./letsencrypt:/etc/letsencrypt - - ./web-files:/www:ro - - autoconf:/etc/nginx - environment: - - SERVER_NAME= # must be left blank if you don't want to setup "static" conf - - MULTISITE=yes - - AUTO_LETS_ENCRYPT=yes - - REDIRECT_HTTP_TO_HTTPS=yes - - DISABLE_DEFAULT_SERVER=yes - - USE_CLIENT_CACHE=yes - - USE_GZIP=yes - labels: - - "bunkerized-nginx.AUTOCONF" - networks: - - myphpnet - - myautoconf: - image: bunkerity/bunkerized-nginx-autoconf - restart: always - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - autoconf:/etc/nginx - depends_on: - - mywww - -volumes: - autoconf: - -networks: - myphpnet: - name: myphpnet diff --git a/examples/autoconf-php/docker-compose-php.yml b/examples/autoconf-php/docker-compose.yml similarity index 87% rename from examples/autoconf-php/docker-compose-php.yml rename to examples/autoconf-php/docker-compose.yml index 2f0426e..653be80 100644 --- a/examples/autoconf-php/docker-compose-php.yml +++ b/examples/autoconf-php/docker-compose.yml @@ -4,47 +4,44 @@ services: myapp1: image: php:fpm - restart: always + networks: + services-net: + aliases: + - myapp1 volumes: - ./web-files/app1.example.com:/app labels: - "bunkerized-nginx.SERVER_NAME=app1.example.com" # replace with your domain - "bunkerized-nginx.REMOTE_PHP=myapp1" - "bunkerized-nginx.REMOTE_PHP_PATH=/app" - networks: - myphpnet: - aliases: - - myapp1 myapp2: image: php:fpm - restart: always + networks: + services-net: + aliases: + - myapp2 volumes: - ./web-files/app2.example.com:/app labels: - "bunkerized-nginx.SERVER_NAME=app2.example.com" # replace with your domain - "bunkerized-nginx.REMOTE_PHP=myapp2" - "bunkerized-nginx.REMOTE_PHP_PATH=/app" - networks: - myphpnet: - aliases: - - myapp2 myapp3: image: php:fpm - restart: always + networks: + services-net: + aliases: + - myapp3 volumes: - ./web-files/app3.example.com:/app labels: - "bunkerized-nginx.SERVER_NAME=app3.example.com" # replace with your domain - "bunkerized-nginx.REMOTE_PHP=myapp3" - "bunkerized-nginx.REMOTE_PHP_PATH=/app" - networks: - myphpnet: - aliases: - - myapp3 networks: - myphpnet: + services-net: external: - name: myphpnet + name: services-net diff --git a/examples/autoconf-reverse-proxy/README.md b/examples/autoconf-reverse-proxy/README.md index 348b56c..7feb8f2 100644 --- a/examples/autoconf-reverse-proxy/README.md +++ b/examples/autoconf-reverse-proxy/README.md @@ -8,6 +8,6 @@ Quickly deploy web app on Docker containers without restarting bunkerized-nginx. ## Autoconf -First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-nginx.yml). +First of all, you need to setup the [Docker autoconf integration](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#docker-autoconf). -Then, you can add and remove web apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose-apps.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-apps.yml). +Then, you can add and remove web apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose.yml). diff --git a/examples/autoconf-reverse-proxy/docker-compose-nginx.yml b/examples/autoconf-reverse-proxy/docker-compose-nginx.yml deleted file mode 100644 index 957e82f..0000000 --- a/examples/autoconf-reverse-proxy/docker-compose-nginx.yml +++ /dev/null @@ -1,45 +0,0 @@ -version: '3' - -services: - - mywww: - image: bunkerity/bunkerized-nginx - restart: always - ports: - - 80:8080 - - 443:8443 - # bunkerized-nginx runs as an unprivileged user with UID/GID 101 - # don't forget to edit the permissions of the files and folders accordingly - volumes: - - ./letsencrypt:/etc/letsencrypt - - autoconf:/etc/nginx - environment: - - SERVER_NAME= # must be left blank if you don't want to setup "static" conf - - MULTISITE=yes - - AUTO_LETS_ENCRYPT=yes - - REDIRECT_HTTP_TO_HTTPS=yes - - DISABLE_DEFAULT_SERVER=yes - - USE_CLIENT_CACHE=yes - - USE_PROXY_CACHE=yes - - USE_GZIP=yes - - USE_REVERSE_PROXY=yes - labels: - - "bunkerized-nginx.AUTOCONF" - networks: - - myappnet - - myautoconf: - image: bunkerity/bunkerized-nginx-autoconf - restart: always - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - autoconf:/etc/nginx - depends_on: - - mywww - -volumes: - autoconf: - -networks: - myappnet: - name: myappnet diff --git a/examples/autoconf-reverse-proxy/docker-compose-apps.yml b/examples/autoconf-reverse-proxy/docker-compose.yml similarity index 88% rename from examples/autoconf-reverse-proxy/docker-compose-apps.yml rename to examples/autoconf-reverse-proxy/docker-compose.yml index 56d93e6..4e003de 100644 --- a/examples/autoconf-reverse-proxy/docker-compose-apps.yml +++ b/examples/autoconf-reverse-proxy/docker-compose.yml @@ -4,47 +4,44 @@ services: myapp1: build: js-app - restart: always + networks: + services-net: + aliases: + - myapp1 environment: - NODE_ENV=production labels: - "bunkerized-nginx.SERVER_NAME=app1.example.com" # replace with your domain - "bunkerized-nginx.REVERSE_PROXY_URL=/" - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp1:3000" - networks: - myappnet: - aliases: - - myapp1 myapp2: build: js-app - restart: always + networks: + services-net: + aliases: + - myapp2 environment: - NODE_ENV=production labels: - "bunkerized-nginx.SERVER_NAME=app2.example.com" # replace with your domain - "bunkerized-nginx.REVERSE_PROXY_URL=/" - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2:3000" - networks: - myappnet: - aliases: - - myapp2 myapp3: build: js-app - restart: always + networks: + services-net: + aliases: + - myapp3 environment: - NODE_ENV=production labels: - "bunkerized-nginx.SERVER_NAME=app3.example.com" # replace with your domain - "bunkerized-nginx.REVERSE_PROXY_URL=/" - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp3:3000" - networks: - myappnet: - aliases: - - myapp3 networks: - myphpnet: + services-net: external: - name: myphpnet + name: services-net diff --git a/examples/basic-website-with-php/docker-compose.yml b/examples/basic-website-with-php/docker-compose.yml index b3b1540..c6e003d 100644 --- a/examples/basic-website-with-php/docker-compose.yml +++ b/examples/basic-website-with-php/docker-compose.yml @@ -4,7 +4,6 @@ services: mywww: image: bunkerity/bunkerized-nginx - restart: always depends_on: - myphp ports: diff --git a/examples/basic-website-with-php/variables.env b/examples/basic-website-with-php/variables.env index 715cae7..7bbf934 100644 --- a/examples/basic-website-with-php/variables.env +++ b/examples/basic-website-with-php/variables.env @@ -6,5 +6,5 @@ REDIRECT_HTTP_TO_HTTPS=yes DISABLE_DEFAULT_SERVER=yes USE_CLIENT_CACHE=yes USE_GZIP=yes -REMOTE_PHP=localhost -REMOTE_PHP_PATH=/opt/bunkerized-nginx/www +LOCAL_PHP=/run/php/php7.3-fpm.sock +LOCAL_PHP_PATH=/opt/bunkerize-nginx/www diff --git a/examples/clamav/bunkerized-nginx-clamav b/examples/clamav/bunkerized-nginx-clamav new file mode 160000 index 0000000..a48ee83 --- /dev/null +++ b/examples/clamav/bunkerized-nginx-clamav @@ -0,0 +1 @@ +Subproject commit a48ee83b95a5f91cd7d7084b34068e6ecf28f23d diff --git a/examples/clamav/docker-compose.yml b/examples/clamav/docker-compose.yml index 0ad75b9..5a92201 100644 --- a/examples/clamav/docker-compose.yml +++ b/examples/clamav/docker-compose.yml @@ -15,7 +15,7 @@ services: volumes: - ./web-files:/www:ro - ./letsencrypt:/etc/letsencrypt - - ./bunkerized-nginx-clamav:/plugins/clamav:ro # you will need to download the plugin see download-plugin.sh + - ./bunkerized-nginx-clamav:/plugins/clamav # you will need to download the plugin see download-plugin.sh environment: - SERVER_NAME=www.example.com # replace with your domain - AUTO_LETS_ENCRYPT=yes diff --git a/examples/kubernetes/README.md b/examples/kubernetes/README.md index c084ffc..0db9ede 100644 --- a/examples/kubernetes/README.md +++ b/examples/kubernetes/README.md @@ -1,15 +1,11 @@ # Kubernetes -Various examples on how to use bunkerized-nginx within a Kubernetes cluster. See the [Kubernetes section of the documentation](#TODO) for more information. +Basic examples on how to use bunkerized-nginx within a Kubernetes cluster. See the [Kubernetes integration section of the documentation](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#kubernetes) for more information. ## Architecture -## Configuration - -We will assume that you have setup the [bunkerized-nginx ingress controller](#TODO) inside your cluster. - ## Kubernetes See [ingress.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/ingress.yml), [php.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/php.yml) and [reverse-proxy.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/kubernetes/reverse-proxy.yml). diff --git a/examples/swarm-redis/README.md b/examples/swarm-redis/README.md index add0b60..57bbfbf 100644 --- a/examples/swarm-redis/README.md +++ b/examples/swarm-redis/README.md @@ -1,6 +1,6 @@ -# Swarm wit hredis +# Swarm with redis -Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster and use redis to distribute the blacklists. See the [Docker Swarm](#TODO) section of the documentation for more information. +Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster and use redis to distribute the blacklists. See the [Docker Swarm integration section of the documentation](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#docker-swarm) for more information. ## Architecture @@ -11,8 +11,8 @@ Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm c This example uses two overlay networks needed by the services : ```shell -$ docker network create -d overlay --attachable net_config -$ docker network create -d overlay --attachable net_services +$ docker network create -d overlay --attachable config-net +$ docker network create -d overlay --attachable services-net ``` First you need to create the redis service : see [redis.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/swarm-redis/redis.yml). diff --git a/examples/swarm-redis/nginx-autoconf.yml b/examples/swarm-redis/nginx-autoconf.yml index c55015d..e2a2371 100644 --- a/examples/swarm-redis/nginx-autoconf.yml +++ b/examples/swarm-redis/nginx-autoconf.yml @@ -18,7 +18,7 @@ services: - SWARM_MODE=yes - API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from nginx networks: - - net_config + - config-net deploy: replicas: 1 placement: @@ -59,8 +59,8 @@ services: - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes networks: - - net_config - - net_services + - config-net + - services-net deploy: mode: global placement: @@ -70,7 +70,9 @@ services: - "bunkerized-nginx.AUTOCONF" networks: - net_config: - external: true - net_services: - external: true + config-net: + external: + name: config-net + services-net: + external: + name: services-net diff --git a/examples/swarm-redis/redis.yml b/examples/swarm-redis/redis.yml index d02f8cd..31e2307 100644 --- a/examples/swarm-redis/redis.yml +++ b/examples/swarm-redis/redis.yml @@ -5,7 +5,7 @@ services: redis: image: redis:alpine networks: - - net_config + - config-net deploy: replicas: 1 placement: @@ -13,5 +13,6 @@ services: - "node.role==worker" networks: - net_config: - external: true + config-net: + external: + name: config-net diff --git a/examples/swarm-redis/services.yml b/examples/swarm-redis/services.yml index f985a35..3d75b59 100644 --- a/examples/swarm-redis/services.yml +++ b/examples/swarm-redis/services.yml @@ -7,7 +7,7 @@ services: volumes: - /shared/www/app1.example.com:/www networks: - - net_services + - services-net deploy: replicas: 1 placement: @@ -24,7 +24,7 @@ services: - PMA_ARBITRARY=1 - PMA_ABSOLUTE_URI=https://app2.example.com networks: - - net_services + - services-net deploy: replicas: 1 placement: @@ -38,5 +38,6 @@ services: - "bunkerized-nginx.REVERSE_PROXY_HOST=http://app2" networks: - net_services: - external: true + services-net: + external: + name: services-net diff --git a/examples/swarm/README.md b/examples/swarm/README.md index 6ea38db..133ea75 100644 --- a/examples/swarm/README.md +++ b/examples/swarm/README.md @@ -1,6 +1,6 @@ # Swarm -Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster. See the [Docker Swarm](#TODO) section of the documentation for more information. +Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster. See the [Docker Swarm integration section of the documentation](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#docker-swarm) for more information. ## Architecture @@ -8,13 +8,6 @@ Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm c ## Swarm -This example uses two overlay networks needed by the services : - -```shell -$ docker network create -d overlay --attachable net_config -$ docker network create -d overlay --attachable net_services -``` - -First you will need to setup bunkerized-nginx and the autoconf with Swarm mode activated : see [nginx-autoconf.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/swarm/nginx-autoconf.yml). +We assume that you've installed bunkerized-nginx and the autoconf on service on your Docker Swarm cluster. Then you can add and delete your web services and autoconf will automatically generate the configuration based on your labels : see [services.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/swarm/services.yml). diff --git a/examples/swarm/nginx-autoconf.yml b/examples/swarm/nginx-autoconf.yml deleted file mode 100644 index 39c65cb..0000000 --- a/examples/swarm/nginx-autoconf.yml +++ /dev/null @@ -1,74 +0,0 @@ -version: '3.8' - -services: - - autoconf: - image: bunkerity/bunkerized-nginx-autoconf - # bunkerized-nginx runs as an unprivileged user with UID/GID 101 - # don't forget to edit the permissions of the files and folders accordingly - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - /shared/confs:/etc/nginx - - /shared/letsencrypt:/etc/letsencrypt - - /shared/acme-challenge:/acme-challenge - - /shared/cache:/cache - - /shared/modsec-confs:/modsec-confs:ro - - /shared/modsec-crs-confs:/modsec-crs-confs:ro - environment: - - SWARM_MODE=yes - - API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from nginx - networks: - - net_config - deploy: - replicas: 1 - placement: - constraints: - - "node.role==manager" - - nginx: - image: bunkerity/bunkerized-nginx - ports: - - published: 80 - target: 8080 - mode: host - protocol: tcp - - published: 443 - target: 8443 - mode: host - protocol: tcp - # bunkerized-nginx runs as an unprivileged user with UID/GID 101 - # don't forget to edit the permissions of the files and folders accordingly - volumes: - - /shared/confs:/etc/nginx:ro - - /shared/letsencrypt:/etc/letsencrypt:ro - - /shared/acme-challenge:/acme-challenge:ro - - /shared/www:/www:ro - - /shared/cache:/cache:ro - - /shared/modsec-confs:/modsec-confs:ro - - /shared/modsec-crs-confs:/modsec-crs-confs:ro - environment: - - SWARM_MODE=yes - - USE_API=yes - - API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from autoconf - - MULTISITE=yes - - SERVER_NAME= - - AUTO_LETS_ENCRYPT=yes - - REDIRECT_HTTP_TO_HTTPS=yes - - DISABLE_DEFAULT_SERVER=yes - - USE_CLIENT_CACHE=yes - networks: - - net_config - - net_services - deploy: - mode: global - placement: - constraints: - - "node.role==worker" - labels: - - "bunkerized-nginx.AUTOCONF" - -networks: - net_config: - external: true - net_services: - external: true diff --git a/examples/swarm/services.yml b/examples/swarm/services.yml index f985a35..3d75b59 100644 --- a/examples/swarm/services.yml +++ b/examples/swarm/services.yml @@ -7,7 +7,7 @@ services: volumes: - /shared/www/app1.example.com:/www networks: - - net_services + - services-net deploy: replicas: 1 placement: @@ -24,7 +24,7 @@ services: - PMA_ARBITRARY=1 - PMA_ABSOLUTE_URI=https://app2.example.com networks: - - net_services + - services-net deploy: replicas: 1 placement: @@ -38,5 +38,6 @@ services: - "bunkerized-nginx.REVERSE_PROXY_HOST=http://app2" networks: - net_services: - external: true + services-net: + external: + name: services-net diff --git a/examples/web-ui/README.md b/examples/web-ui/README.md index 7091d94..3924f8c 100644 --- a/examples/web-ui/README.md +++ b/examples/web-ui/README.md @@ -9,15 +9,3 @@ Use the web UI panel to configure your bunkerized-nginx instances. ## Docker See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/web-ui/docker-compose.yml). - -## Linux - -TODO - -## Autoconf - -TODO - -## Swarm - -TODO