bunkerweb 1.4.0

integrations/autoconf/docker-compose.yml

@@ -0,0 +1,41 @@
+version: '3'
+
+services:
+
+  mybunker:
+    image: bunkerity/bunkerweb:1.4.0
+    ports:
+      - 80:8080
+      - 443:8443
+    environment:
+      - MULTISITE=yes
+      - SERVER_NAME=
+      - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
+      - AUTOCONF_MODE=yes
+      - AUTO_LETS_ENCRYPT=yes # will be applied to all the services
+    labels:
+      - "bunkerweb.AUTOCONF"
+    networks:
+      - bw-autoconf
+      - bw-services
+
+  myautoconf:
+    image: bunkerity/bunkerweb-autoconf:1.4.0
+    volumes:
+      - ./bw-data:/data
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - bw-autoconf
+
+volumes:
+  bw-data:
+  bw-conf:
+
+networks:
+  bw-autoconf:
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+    name: bw-services

integrations/autoconf/setup.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [ $(id -u) -ne 0 ] ; then
+	echo "❌ Run me as root"
+	exit 1
+fi
+
+if [ -d bw-data ] ; then
+	mkdir bw-data
+fi
+chown -R root:101 bw-data
+chmod -R 770 bw-data

integrations/kubernetes/bunkerweb.yml

@@ -0,0 +1,116 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: bunkerweb
+spec:
+  selector:
+    matchLabels:
+      app: bunkerweb
+  template:
+    metadata:
+      labels:
+        app: bunkerweb
+      # mandatory annotation
+      annotations:
+        bunkerweb.io/AUTOCONF: "yes"
+    spec:
+      containers:
+      - name: bunkerweb
+        image: bunkerity/bunkerweb:1.4.0
+        imagePullPolicy: Always
+        securityContext:
+          runAsUser: 101
+          runAsGroup: 101
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+        ports:
+        - containerPort: 8080
+          hostPort: 80
+        - containerPort: 8443
+          hostPort: 443
+        env:
+        - name: KUBERNETES_MODE
+          value: "yes"
+        # replace with your DNS resolvers
+        # e.g. : kube-dns.kube-system.svc.cluster.local
+        - name: DNS_RESOLVERS
+          value: "coredns.kube-system.svc.cluster.local"
+        - name: USE_API
+          value: "yes"
+        # 10.0.0.0/8 is the cluster internal subnet
+        - name: API_WHITELIST_IP
+          value: "127.0.0.0/8 10.0.0.0/8"
+        - name: SERVER_NAME
+          value: ""
+        - name: MULTISITE
+          value: "yes"
+        livenessProbe:
+          exec:
+            command:
+            - /opt/bunkerweb/helpers/healthcheck.sh
+          initialDelaySeconds: 30
+          periodSeconds: 5
+          timeoutSeconds: 1
+          failureThreshold: 3
+        readinessProbe:
+          exec:
+            command:
+            - /opt/bunkerweb/helpers/healthcheck.sh
+          initialDelaySeconds: 30
+          periodSeconds: 1
+          timeoutSeconds: 1
+          failureThreshold: 3
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: svc-bunkerweb
+spec:
+  clusterIP: None
+  selector:
+    app: bunkerweb
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-bunkerweb
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bunkerweb-controller
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: bunkerweb-controller
+  template:
+    metadata:
+      labels:
+        app: bunkerweb-controller
+    spec:
+      serviceAccountName: sa-bunkerweb
+      volumes:
+      - name: vol-bunkerweb
+        persistentVolumeClaim:
+          claimName: pvc-bunkerweb
+      containers:
+      - name: bunkerweb-controller
+        image: bunkerity/bunkerweb-autoconf:1.4.0
+        imagePullPolicy: Always
+        env:
+        - name: KUBERNETES_MODE
+          value: "yes"
+        volumeMounts:
+        - name: vol-bunkerweb
+          mountPath: /data

integrations/kubernetes/rbac.yml

@@ -0,0 +1,30 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cr-bunkerweb
+rules:
+- apiGroups: [""]
+  resources: ["services", "pods", "configmaps"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingresses"]
+  verbs: ["get", "watch", "list"]
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sa-bunkerweb
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crb-bunkerweb
+subjects:
+- kind: ServiceAccount
+  name: sa-bunkerweb
+  namespace: default
+  apiGroup: ""
+roleRef:
+  kind: ClusterRole
+  name: cr-bunkerweb
+  apiGroup: rbac.authorization.k8s.io

integrations/swarm/stack.yml

@@ -0,0 +1,62 @@
+version: '3.5'
+
+services:
+
+  mybunker:
+    image: bunkerity/bunkerweb:1.4.0
+    ports:
+      - published: 80
+        target: 8080
+        mode: host
+        protocol: tcp
+      - published: 443
+        target: 8443
+        mode: host
+        protocol: tcp
+    environment:
+      - SWARM_MODE=yes
+      - SERVER_NAME=
+      - MULTISITE=yes
+      - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
+      - AUTO_LETS_ENCRYPT=yes # will be applied to all the services
+    networks:
+      - bw-autoconf
+      - bw-services
+    deploy:
+      mode: global
+      # placement:
+        # constraints:
+          # - "node.role==worker"
+      labels:
+        - "bunkerweb.AUTOCONF"
+
+  myautoconf:
+    image: bunkerity/bunkerweb-autoconf:1.4.0
+    environment:
+      - SWARM_MODE=yes
+    volumes:
+      - bw-data:/data
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - bw-autoconf
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+          - "node.role==manager"
+
+networks:
+  bw-autoconf:
+    driver: overlay
+    attachable: true
+    name: bw-autoconf
+    ipam:
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+    driver: overlay
+    attachable: true
+    name: bw-services
+
+volumes:
+  bw-data: