Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

multisite examples and certbot renew fix

Browse Source
This commit is contained in:
bunkerity 2020-11-13 15:10:29 +01:00
parent 1abe1da89e
commit 8cdc155ac0
No known key found for this signature in database
GPG Key ID: 654FFF51CEF7CC47
14 changed files with 272 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
examples/multisite-basic/docker-compose.yml Normal file
View File

@ -0,0 +1,62 @@
version: '3'
services:
mywww:
image: bunkerity/bunkerized-nginx
restart: always
ports:
- 80:8080
- 443:8443
volumes:
- ./web-files:/www
- ./letsencrypt:/etc/letsencrypt
- ./server-confs:/server-confs
environment:
- SERVER_NAME=app1.website.com app2.website.com app3.website.com # replace with your domains
- MULTISITE=yes
- AUTO_LETS_ENCRYPT=yes
- REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes
- app1.website.com_REMOTE_PHP=myapp1
- app1.website.com_REMOTE_PHP_PATH=/app
- app2.website.com_REMOTE_PHP=myapp2
- app2.website.com_REMOTE_PHP_PATH=/app
- app3.website.com_SERVE_FILES=no
networks:
- net1
- net2
- net3
myapp1:
image: php:fpm
restart: always
volumes:
- ./web-files/app1:/app
networks:
- net1
myapp2:
image: php:fpm
restart: always
volumes:
- ./web-files/app2:/app
networks:
- net2
myapp3:
image: node
restart: always
working_dir: /home/node/app
volumes:
- ./js-app:/home/node/app
environment:
- NODE_ENV=production
command: bash -c "npm install express && node index.js"
networks:
- net3
networks:
net1:
net2:
net3:

12
examples/multisite-basic/js-app/index.js Normal file
View File

@ -0,0 +1,12 @@
const express = require('express')
const app = express()
const port = 3000
app.get('/', (req, res) => {
res.send('hello from app3 !')
})
app.listen(port, () => {
console.log(`Example app listening at http://localhost:${port}`)
})

14
examples/multisite-basic/js-app/package.json Normal file
View File

@ -0,0 +1,14 @@
{
"name": "js-app",
"version": "1.0.0",
"description": "demo",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "",
"license": "ISC",
"dependencies": {
"express": "^4.17.1"
}
}

6
examples/multisite-basic/server-confs/app3.website.com/reverse-proxy.conf Normal file
View File

@ -0,0 +1,6 @@
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://myapp3:3000$request_uri;
}

5
examples/multisite-basic/web-files/app1.website.com/index.php Normal file
View File

@ -0,0 +1,5 @@
<?php
echo "hello from app1 !";
?>

5
examples/multisite-basic/web-files/app2.website.com/index.php Normal file
View File

@ -0,0 +1,5 @@
<?php
echo "hello from app2 !";
?>

87
examples/multisite-complex/docker-compose.yml Normal file
View File

@ -0,0 +1,87 @@
version: '3'
services:
mywww:
image: bunkerity/bunkerized-nginx
restart: always
ports:
- 80:8080
- 443:8443
volumes:
- ./web-files:/www
- ./letsencrypt:/etc/letsencrypt
- ./server-confs:/server-confs
- ./modsec-confs:/modsec-confs
- ./modsec-crs-confs:/modsec-crs-conf
environment:
- SERVER_NAME=wp.website.com nc.website.com # replace with your domains
- MULTISITE=yes
- AUTO_LETS_ENCRYPT=yes
- REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes
- wp.website.com_REMOTE_PHP=mywp
- wp.website.com_REMOTE_PHP_PATH=/var/www/html
- nc.website.com_REMOTE_PHP=mync
- nc.website.com_REMOTE_PHP_PATH=/var/www/html
- nc.website.com_LIMIT_REQ_RATE=40r/s
- nc.website.com_LIMIT_REQ_BURST=60
- nc.website.com_ALLOWED_METHODS=GET|POST|HEAD|PROPFIND|DELETE|PUT|MKCOL|MOVE|COPY|PROPPATCH|REPORT
- nc.website.com_X_FRAME_OPTIONS=SAMEORIGIN
networks:
- net1
- net2
mywp:
image: wordpress:fpm-alpine
restart: always
volumes:
- ./web-files/wp.website.com:/var/www/html
environment:
- WORDPRESS_DB_HOST=mywpdb
- WORDPRESS_DB_NAME=wp
- WORDPRESS_DB_USER=user
- WORDPRESS_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
- WORDPRESS_TABLE_PREFIX=prefix_ # best practice : replace with a random prefix
networks:
- net1
mywpdb:
image: mariadb
restart: always
volumes:
- ./wp-db-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=wp
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)
networks:
- net1
mync:
image: nextcloud:stable-fpm
restart: always
volumes:
- ./web-files/nc.website.com:/var/www/html
environment:
- MYSQL_HOST=myncdb
- MYSQL_DATABASE=nc
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
networks:
- net2
myncdb:
image: mariadb
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
- ./nc-db-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
- MYSQL_DATABASE=nc
- MYSQL_USER=user
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
networks:
- net2

1
examples/multisite-complex/modsec-confs/nc.website.com/nextcloud.conf Normal file
View File

@ -0,0 +1 @@
SecRuleRemoveById 921110

15
examples/multisite-complex/modsec-crs-confs/nc.website.com/nextcloud.conf Normal file
View File

@ -0,0 +1,15 @@
SecAction \
"id:900130,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_exclusions_nextcloud=1"
SecAction \
"id:900200,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_methods=GET HEAD POST PROPFIND DELETE PUT MKCOL MOVE COPY PROPPATCH REPORT'"

7
examples/multisite-complex/modsec-crs-confs/wp.website.com/wordpress.conf Normal file
View File

@ -0,0 +1,7 @@
SecAction \
"id:900130,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_exclusions_wordpress=1"

42
examples/multisite-complex/server-confs/nc.website.com/nextcloud.conf Normal file
View File

@ -0,0 +1,42 @@
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass mync:9000;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
include fastcgi.conf;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif|map|mp4)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
}

4
examples/multisite-complex/server-confs/wp.website.com/permalinks.conf Normal file
View File

@ -0,0 +1,4 @@
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}

5
examples/wordpress/web-files/index.php
View File

@ -1,5 +0,0 @@
<?php
echo "Hello World!";
?>

24
scripts/certbot-renew.sh
View File

@ -7,23 +7,23 @@ function replace_in_file() {
sed -i "s/$pattern/$replace/g" "$1" sed -i "s/$pattern/$replace/g" "$1"
} }
# check if HTTP enabled # disable HTTP
# and disable it temporarily if needed servers="$(find /etc/nginx -name server.conf)"
if grep -q "listen" "/etc/nginx/server.conf" ; then for f in $servers ; do
replace_in_file "/etc/nginx/server.conf" "listen" "#listen" replace_in_file "$f" "listen" "#listen"
if [ -f /tmp/nginx.pid ] ; then done
/usr/sbin/nginx -s reload if [ -f /tmp/nginx.pid ] ; then
sleep 10 /usr/sbin/nginx -s reload
fi sleep 10
fi fi
# ask a new certificate if needed # ask a new certificate if needed
certbot renew certbot renew
# enable HTTP again if needed # enable HTTP again
if grep -q "#listen" "/etc/nginx/server.conf" ; then for f in $servers ; do
replace_in_file "/etc/nginx/server.conf" "#listen" "listen" replace_in_file "$f" "#listen" "listen"
fi done
chown -R root:nginx /etc/letsencrypt chown -R root:nginx /etc/letsencrypt
chmod -R 740 /etc/letsencrypt chmod -R 740 /etc/letsencrypt