Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

bunkerweb 1.4.0

Browse Source
This commit is contained in:
bunkerity
2022-06-03 17:24:14 +02:00
parent 3a078326c5
commit a9f886804a
5245 changed files with 1432051 additions and 27894 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
examples/authelia/README.md
View File

@@ -1,27 +0,0 @@
# Authelia
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. See [website](https://www.authelia.com/) and [GitHub repo](https://github.com/authelia/authelia) for more information.
## Preamble
We will assume that you already have some basic knownledges about Authelia. If that's not the case, you should read their [documentation](https://www.authelia.com/) first.
## Architecture
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/authelia/architecture.png?raw=true" />
## Configuration
First of all, you will need to edit the configuration files inside the authelia folder (e.g. : domains, DB backend, email notifier, ...).
## Docker
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/authelia/docker-compose.yml).
## Docker autoconf
See [docker-compose.autoconf.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/authelia/docker-compose.autoconf.yml).
## Docker Swarm
See [docker-compose.swarm.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/authelia/docker-compose.swarm.yml).

BIN
examples/authelia/architecture.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 21 KiB

72
examples/authelia/authelia/configuration.yml
View File

@@ -1,72 +0,0 @@
###############################################################
# Authelia configuration #
###############################################################
host: 0.0.0.0
port: 9091
# log:
# level: debug
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
jwt_secret: a_very_important_secret
default_redirection_url: https://auth.example.com
totp:
issuer: authelia.com
# duo_api:
# hostname: api-123456789.example.com
# integration_key: ABCDEF
# # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
# secret_key: 1234567890abcdefghifjkl
authentication_backend:
file:
path: /config/users_database.yml
access_control:
default_policy: deny
rules:
# Rules applied to everyone
- domain: auth.example.com
policy: bypass
- domain: app1.example.com
policy: one_factor
- domain: app2.example.com
policy: two_factor
session:
name: authelia_session
# This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
secret: unsecure_session_secret
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
domain: example.com # Should match whatever your root protected domain is
redis:
host: redis
port: 6379
# This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
# password: authelia
regulation:
max_retries: 3
find_time: 120
ban_time: 300
storage:
local:
path: /config/db.sqlite3
notifier:
disable_startup_check: false
filesystem:
filename: /config/notification.txt
#notifier:
# smtp:
# username: test
# This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
# password: password
# host: mail.example.com
# port: 25
# sender: admin@example.com

16
examples/authelia/authelia/users_database.yml
View File

@@ -1,16 +0,0 @@
###############################################################
# Users Database #
###############################################################
# This file can be used if you do not have an LDAP set up.
# List of users
users:
authelia:
displayname: "Authelia User"
# Password is Authelia
password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/" # yamllint disable-line rule:line-length
email: authelia@authelia.com
groups:
- admins
- dev

70
examples/authelia/docker-compose.autoconf.yml
View File

@@ -1,70 +0,0 @@
version: '3.3'
services:
authelia:
image: authelia/authelia
networks:
services-net:
aliases:
- authelia
volumes:
- ./authelia:/config
healthcheck:
disable: true
environment:
- TZ=France/Paris
labels:
- "bunkerized-nginx.SERVER_NAME=auth.example.com"
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://authelia:9091"
redis:
image: redis:alpine
networks:
services-net:
aliases:
- redis
volumes:
- ./redis:/data
environment:
- TZ=France/Paris
myapp1:
image: php:fpm
networks:
services-net:
aliases:
- myapp1
volumes:
- ./web-files/app1.example.com:/app
labels:
- "bunkerized-nginx.SERVER_NAME=app1.example.com"
- "bunkerized-nginx.USE_AUTHELIA=yes"
- "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com"
- "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091"
- "bunkerized-nginx.REMOTE_PHP=myapp1"
- "bunkerized-nginx.REMOTE_PHP_PATH=/app"
myapp2:
image: php:apache
networks:
services-net:
aliases:
- myapp2
volumes:
- ./web-files/app2.example.com:/var/www/html
labels:
- "bunkerized-nginx.SERVER_NAME=app2.example.com"
- "bunkerized-nginx.USE_AUTHELIA=yes"
- "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com"
- "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091"
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2"
networks:
services-net:
external:
name: services-net

82
examples/authelia/docker-compose.swarm.yml
View File

@@ -1,82 +0,0 @@
version: '3.3'
services:
authelia:
image: authelia/authelia
networks:
services-net:
aliases:
- authelia
volumes:
- /shared/authelia:/config
healthcheck:
disable: true
environment:
- TZ=France/Paris
deploy:
placement:
constraints:
- "node.role==worker"
labels:
- "bunkerized-nginx.SERVER_NAME=auth.example.com"
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://authelia:9091"
redis:
image: redis:alpine
networks:
services-net:
aliases:
- redis
volumes:
- /shared/redis:/data
environment:
- TZ=France/Paris
myapp1:
image: php:fpm
networks:
services-net:
aliases:
- myapp1
volumes:
- /shared/www/app1.example.com:/app
deploy:
placement:
constraints:
- "node.role==worker"
labels:
- "bunkerized-nginx.SERVER_NAME=app1.example.com"
- "bunkerized-nginx.USE_AUTHELIA=yes"
- "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com"
- "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091"
- "bunkerized-nginx.REMOTE_PHP=myapp1"
- "bunkerized-nginx.REMOTE_PHP_PATH=/app"
myapp2:
image: php:apache
networks:
services-net:
aliases:
- myapp2
volumes:
- /shared/www/app2.example.com:/var/www/html
deploy:
placement:
constraints:
- "node.role==worker"
labels:
- "bunkerized-nginx.SERVER_NAME=app2.example.com"
- "bunkerized-nginx.USE_AUTHELIA=yes"
- "bunkerized-nginx.AUTHELIA_BACKEND=https://auth.example.com"
- "bunkerized-nginx.AUTHELIA_UPSTREAM=http://authelia:9091"
- "bunkerized-nginx.USE_REVERSE_PROXY=yes"
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
- "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2"
networks:
services-net:
external:
name: services-net

71
examples/authelia/docker-compose.yml
View File

@@ -1,71 +0,0 @@
---
version: '3.3'
services:
authelia:
image: authelia/authelia
volumes:
- ./authelia:/config
restart: unless-stopped
healthcheck:
disable: true
environment:
- TZ=France/Paris
redis:
image: redis:alpine
volumes:
- ./redis:/data
restart: unless-stopped
environment:
- TZ=France/Paris
bunkerized-nginx:
image: bunkerity/bunkerized-nginx
restart: always
depends_on:
- authelia
- myapp1
- myapp2
ports:
- 80:8080
- 443:8443
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
volumes:
- ./web-files:/www:ro
- ./letsencrypt:/etc/letsencrypt
environment:
- SERVER_NAME=auth.example.com app1.example.com app2.example.com # replace with your domains
- MULTISITE=yes
- AUTO_LETS_ENCRYPT=yes
- REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- USE_AUTHELIA=yes
- AUTHELIA_BACKEND=https://auth.example.com
- AUTHELIA_UPSTREAM=http://authelia:9091
- auth.example.com_USE_AUTHELIA=no
- auth.example.com_USE_REVERSE_PROXY=yes
- auth.example.com_REVERSE_PROXY_URL=/
- auth.example.com_REVERSE_PROXY_HOST=http://authelia:9091
- app1.example.com_REMOTE_PHP=myapp1
- app1.example.com_REMOTE_PHP_PATH=/app
- app2.example.com_SERVE_FILES=no
- app2.example.com_USE_REVERSE_PROXY=yes
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://myapp2
myapp1:
image: php:fpm
restart: always
volumes:
- ./web-files/app1.example.com:/app
myapp2:
image: php:apache
restart: always
volumes:
- ./web-files/app2.example.com:/var/www/html

10
examples/authelia/web-files/app1.example.com/index.php
View File

@@ -1,10 +0,0 @@
<?php
echo "Welcome to app1 !<br><br>";
echo "REMOTE_USER = " . $_SERVER['REMOTE_USER'] . "<br>";
echo "REMOTE_GROUPS = " . $_SERVER['REMOTE_GROUPS'] . "<br>";
echo "REMOTE_NAME = " . $_SERVER['REMOTE_NAME'] . "<br>";
echo "REMOTE_EMAIL = " . $_SERVER['REMOTE_EMAIL'] . "<br>";
?>

10
examples/authelia/web-files/app2.example.com/index.php
View File

@@ -1,10 +0,0 @@
<?php
echo "Welcome to app2 !<br><br>";
echo "REMOTE_USER = " . $_SERVER['HTTP_REMOTE_USER'] . "<br>";
echo "REMOTE_GROUPS = " . $_SERVER['HTTP_REMOTE_GROUPS'] . "<br>";
echo "REMOTE_NAME = " . $_SERVER['HTTP_REMOTE_NAME'] . "<br>";
echo "REMOTE_EMAIL = " . $_SERVER['HTTP_REMOTE_EMAIL'] . "<br>";
?>