bunkerweb 1.4.0
This commit is contained in:
bunkerity
@@ -1,11 +0,0 @@
|
||||
# Syslog
|
||||
|
||||
Send bunkerized-nginx logs to a remote syslog server.
|
||||
|
||||
## Architecture
|
||||
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/syslog/architecture.png?raw=true" />
|
||||
|
||||
## Docker
|
||||
|
||||
See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/syslog/docker-compose.yml).
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 19 KiB |
@@ -2,79 +2,59 @@ version: '3'
|
||||
|
||||
services:
|
||||
|
||||
mywww:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
logging:
|
||||
driver: syslog
|
||||
options:
|
||||
syslog-address: "udp://10.10.10.254:514"
|
||||
depends_on:
|
||||
- mysyslog
|
||||
- myapp1
|
||||
- myapp2
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
||||
# ⚠️ read this if you use local folders for volumes ⚠️
|
||||
# bunkerweb runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
# example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
|
||||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- ./web-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- bw_data:/data
|
||||
environment:
|
||||
- SERVER_NAME=app1.example.com app2.example.com # replace with your domains
|
||||
- MULTISITE=yes
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_CROWDSEC=yes
|
||||
- CROWDSEC_HOST=http://mycrowdsec:8080
|
||||
- CROWDSEC_KEY= # you need to generate it (see bouncer_key.sh)
|
||||
- app1.example.com_REMOTE_PHP=myapp1
|
||||
- app1.example.com_REMOTE_PHP_PATH=/app
|
||||
- app2.example.com_REMOTE_PHP=myapp2
|
||||
- app2.example.com_REMOTE_PHP_PATH=/app
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://myapp
|
||||
networks:
|
||||
net0:
|
||||
net1:
|
||||
net2:
|
||||
- mynet
|
||||
|
||||
mysyslog:
|
||||
image: balabit/syslog-ng
|
||||
restart: always
|
||||
command: --no-caps
|
||||
volumes:
|
||||
- ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf
|
||||
- ./log:/var/log
|
||||
- ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf
|
||||
- ./log:/var/log
|
||||
networks:
|
||||
net0:
|
||||
mynet:
|
||||
ipv4_address: 10.10.10.254
|
||||
|
||||
myapp1:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web-files/app1.example.com:/app
|
||||
myapp:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- net1
|
||||
- mynet
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
|
||||
myapp2:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web-files/app2.example.com:/app
|
||||
networks:
|
||||
- net2
|
||||
|
||||
networks:
|
||||
net0:
|
||||
mynet:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.10.10.0/24
|
||||
net1:
|
||||
net2:
|
||||
|
||||
volumes:
|
||||
nginx_logs:
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
@version: 3.31
|
||||
|
||||
source s_net {
|
||||
udp(
|
||||
ip("0.0.0.0")
|
||||
);
|
||||
};
|
||||
|
||||
template t_imp {
|
||||
template("$MSG\n");
|
||||
template_escape(no);
|
||||
};
|
||||
|
||||
destination d_file {
|
||||
file("/var/log/nginx.log" template(t_imp));
|
||||
};
|
||||
|
||||
log { source(s_net); destination(d_file); };
|
||||
@@ -1,5 +0,0 @@
|
||||
<?php
|
||||
|
||||
echo "hello from app1 !";
|
||||
|
||||
?>
|
||||
@@ -1,5 +0,0 @@
|
||||
<?php
|
||||
|
||||
echo "hello from app2 !";
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user