Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

examples - polishing before next release

Browse Source
This commit is contained in:
bunkerity
2021-08-12 10:19:43 +02:00
parent 0ad5159a33
commit 83e7ce9cde
23 changed files with 228 additions and 255 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
examples/swarm/README.md
View File

@@ -1,6 +1,6 @@
# Swarm
Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster. See the [Docker Swarm](#TODO) section of the documentation for more information.
Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm cluster. See the [Docker Swarm integration section of the documentation](https://bunkerized-nginx.readthedocs.io/en/latest/integrations.html#docker-swarm) for more information.
## Architecture
@@ -8,13 +8,6 @@ Basic examples on how to deploy and use bunkerized-nginx within a Docker Swarm c
## Swarm
This example uses two overlay networks needed by the services :
```shell
$ docker network create -d overlay --attachable net_config
$ docker network create -d overlay --attachable net_services
```
First you will need to setup bunkerized-nginx and the autoconf with Swarm mode activated : see [nginx-autoconf.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/swarm/nginx-autoconf.yml).
We assume that you've installed bunkerized-nginx and the autoconf on service on your Docker Swarm cluster.
Then you can add and delete your web services and autoconf will automatically generate the configuration based on your labels : see [services.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/swarm/services.yml).

74
examples/swarm/nginx-autoconf.yml
View File

@@ -1,74 +0,0 @@
version: '3.8'
services:
autoconf:
image: bunkerity/bunkerized-nginx-autoconf
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /shared/confs:/etc/nginx
- /shared/letsencrypt:/etc/letsencrypt
- /shared/acme-challenge:/acme-challenge
- /shared/cache:/cache
- /shared/modsec-confs:/modsec-confs:ro
- /shared/modsec-crs-confs:/modsec-crs-confs:ro
environment:
- SWARM_MODE=yes
- API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from nginx
networks:
- net_config
deploy:
replicas: 1
placement:
constraints:
- "node.role==manager"
nginx:
image: bunkerity/bunkerized-nginx
ports:
- published: 80
target: 8080
mode: host
protocol: tcp
- published: 443
target: 8443
mode: host
protocol: tcp
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
volumes:
- /shared/confs:/etc/nginx:ro
- /shared/letsencrypt:/etc/letsencrypt:ro
- /shared/acme-challenge:/acme-challenge:ro
- /shared/www:/www:ro
- /shared/cache:/cache:ro
- /shared/modsec-confs:/modsec-confs:ro
- /shared/modsec-crs-confs:/modsec-crs-confs:ro
environment:
- SWARM_MODE=yes
- USE_API=yes
- API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from autoconf
- MULTISITE=yes
- SERVER_NAME=
- AUTO_LETS_ENCRYPT=yes
- REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
networks:
- net_config
- net_services
deploy:
mode: global
placement:
constraints:
- "node.role==worker"
labels:
- "bunkerized-nginx.AUTOCONF"
networks:
net_config:
external: true
net_services:
external: true

9
examples/swarm/services.yml
View File

@@ -7,7 +7,7 @@ services:
volumes:
- /shared/www/app1.example.com:/www
networks:
- net_services
- services-net
deploy:
replicas: 1
placement:
@@ -24,7 +24,7 @@ services:
- PMA_ARBITRARY=1
- PMA_ABSOLUTE_URI=https://app2.example.com
networks:
- net_services
- services-net
deploy:
replicas: 1
placement:
@@ -38,5 +38,6 @@ services:
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://app2"
networks:
net_services:
external: true
services-net:
external:
name: services-net