bunkerweb 1.4.0

examples/passbolt/README.md

@@ -1,11 +0,0 @@
-# Passbolt
-
-Passbolt is a free open source password manager for teams. See the official [website](https://www.passbolt.com/) and [repository](https://github.com/passbolt/passbolt_api) for more information.
-
-## Architecture
-
-<img src="https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/passbolt/architecture.png?raw=true" />
-
-## Docker
-
-See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/passbolt/docker-compose.yml).

examples/passbolt/docker-compose.yml

@@ -2,37 +2,37 @@ version: '3'
 
 services:
 
-  mywww:
-    image: bunkerity/bunkerized-nginx
-    restart: always
-    depends_on:
-      - mypassbolt
+  mybunker:
+    image: bunkerity/bunkerweb:1.4.0
     ports:
       - 80:8080
       - 443:8443
-    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # ⚠️ read this if you use local folders for volumes ⚠️
+    # bunkerweb runs as an unprivileged user with UID/GID 101
     # don't forget to edit the permissions of the files and folders accordingly
+    # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
+    # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
+    # more info at https://docs.bunkerweb.io
     volumes:
-      - ./letsencrypt:/etc/letsencrypt
-      - ./modsec-crs-confs:/modsec-crs-confs:ro      # disable some false positive
-      - ./modsec-confs:/modsec-confs:ro              # disable some false positive
+      - bw_data:/data
     environment:
       - SERVER_NAME=www.example.com                  # replace with your domain
       - AUTO_LETS_ENCRYPT=yes
-      - REDIRECT_HTTP_TO_HTTPS=yes
       - DISABLE_DEFAULT_SERVER=yes
       - ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE
       - SERVE_FILES=no
-      - USE_PROXY_CACHE=yes
       - USE_CLIENT_CACHE=yes
       - USE_GZIP=yes
       - USE_REVERSE_PROXY=yes
       - REVERSE_PROXY_URL=/
       - REVERSE_PROXY_HOST=https://mypassbolt
 
+  # you will need to add a user by hand
+  # example : docker-compose exec mypassbolt su -m -c "bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data
+  # more info at https://github.com/passbolt/passbolt_docker
   mypassbolt:
     image: passbolt/passbolt
-    restart: always
+    command: ["/usr/bin/wait-for.sh", "-t", "0", "mydb:3306", "--", "/docker-entrypoint.sh"]
     environment:
       - DATASOURCES_DEFAULT_HOST=mydb
       - DATASOURCES_DEFAULT_PASSWORD=db-user-pwd     # replace with a stronger password (must match MYSQL_PASSWORD)
@@ -42,7 +42,6 @@ services:
 
   mydb:
     image: mariadb
-    restart: always
     volumes:
       - ./db-data:/var/lib/mysql
     environment:
@@ -50,3 +49,6 @@ services:
       - MYSQL_DATABASE=passbolt
       - MYSQL_USER=user
       - MYSQL_PASSWORD=db-user-pwd                   # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD)
+
+volumes:
+  bw_data:

examples/passbolt/modsec-confs/passbolt.conf

@@ -1,2 +0,0 @@
-SecRuleRemoveById 942100
-SecRuleRemoveById 930120

examples/passbolt/modsec-crs-confs/passbolt.conf

@@ -1,7 +0,0 @@
-SecAction \
- "id:900200,\
-  phase:1,\
-  nolog,\
-  pass,\
-  t:none,\
-  setvar:'tx.allowed_methods=GET HEAD POST PUT DELETE'"