diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 2660bde..4661133 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -181,7 +181,7 @@ jobs: - name: Set variables run: | VER=$(cat VERSION | tr -d '\n') - if [ "$GITHUB_REF" = "refs/heads/main" ] ; then + if [ "$GITHUB_REF" = "refs/heads/master" ] ; then echo "BUILD_MODE=prod" >> $GITHUB_ENV else echo "BUILD_MODE=dev" >> $GITHUB_ENV diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml index fb41b1e..39dcfa3 100644 --- a/.github/workflows/prod.yml +++ b/.github/workflows/prod.yml @@ -70,12 +70,6 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - - name: Login to private repository - uses: docker/login-action@v2 - with: - registry: ${{ secrets.PRIVATE_REGISTRY }} - username: registry - password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} # Build images - name: Build BW for 386 @@ -91,7 +85,7 @@ jobs: context: . file: autoconf/Dockerfile platforms: linux/386 - tags: /bunkerweb-autoconf-tests-386:latest + tags: bunkerweb-autoconf-tests-386:latest cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-386-cache,mode=min - name: Build BW UI for 386 uses: docker/build-push-action@v3 @@ -103,82 +97,57 @@ jobs: cache-to: type=registry,ref=bunkerity/cache:bw-ui-386-cache,mode=min # Build bunkerweb/arm - # build-bw-arm: - # runs-on: [self-hosted, ARM64] - # steps: + build-bw-arm: + runs-on: ubuntu-latest + steps: # Prepare - # - name: Checkout source code - # uses: actions/checkout@v3 - # - name: Setup Buildx - # uses: docker/setup-buildx-action@v2 - # - name: Login to Docker Hub - # uses: docker/login-action@v2 - # with: - # username: ${{ secrets.DOCKER_USERNAME }} - # password: ${{ secrets.DOCKER_TOKEN }} - # - name: Login to private repository - # uses: docker/login-action@v2 - # with: - # registry: ${{ secrets.PRIVATE_REGISTRY }} - # username: registry - # password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + - name: Checkout source code + uses: actions/checkout@v3 + - name: Setup Buildx + id: buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Setup SSH for ARM node + run: | + mkdir -p ~/.ssh + echo "$SSH_KEY" > ~/.ssh/id_rsa_arm + chmod 600 ~/.ssh/id_rsa_arm + echo "$SSH_CONFIG" > ~/.ssh/config + env: + SSH_KEY: ${{ secrets.ARM_SSH_KEY }} + SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }} + - name: Append ARM node to buildx + run: | + docker buildx create --append --name ${{ steps.buildx.outputs.name }} --node arm --platform linux/arm64,linux/arm/v7,linux/arm/v6 ssh://ubuntu@arm # Build images - # - name: Build BW for armv7 - # uses: docker/build-push-action@v3 - # with: - # context: . - # platforms: linux/arm/v7 - # push: true - # tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-armv7:latest - # cache-from: type=registry,ref=bunkerity/cache:bw-armv7-cache - # cache-to: type=registry,ref=bunkerity/cache:bw-armv7-cache,mode=min - # - name: Build BW for armv8 - # uses: docker/build-push-action@v3 - # with: - # context: . - # platforms: linux/arm64/v8 - # push: true - # tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-armv8:latest - # cache-to: type=registry,ref=bunkerity/cache:bw-armv8-cache,mode=min - # - name: Build BW autoconf for armv7 - # uses: docker/build-push-action@v3 - # with: - # context: . - # file: autoconf/Dockerfile - # platforms: linux/arm/v7 - # push: true - # tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-armv7:latest - # cache-from: type=registry,ref=bunkerity/cache:bw-autoconf-armv7-cache - # cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-armv7-cache,mode=min - # - name: Build BW autoconf for armv8 - # uses: docker/build-push-action@v3 - # with: - # context: . - # file: autoconf/Dockerfile - # platforms: linux/arm64/v8 - # push: true - # tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-armv8:latest - # cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache,mode=min - # - name: Build BW UI for armv7 - # uses: docker/build-push-action@v3 - # with: - # context: . - # file: ui/Dockerfile - # platforms: linux/arm/v7 - # push: true - # tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-armv7:latest - # cache-from: type=registry,ref=bunkerity/cache:bw-ui-armv7-cache - # cache-to: type=registry,ref=bunkerity/cache:bw-ui-armv7-cache,mode=min - # - name: Build BW UI for armv8 - # uses: docker/build-push-action@v3 - # with: - # context: . - # file: ui/Dockerfile - # platforms: linux/arm64/v8 - # push: true - # tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-armv8:latest - # cache-to: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache,mode=min + - name: Build BW for ARM + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/arm64,linux/arm/v7 + tags: bunkerweb-tests-arm:latest + cache-to: type=registry,ref=bunkerity/cache:bw-arm-cache,mode=min + - name: Build BW autoconf for ARM + uses: docker/build-push-action@v3 + with: + context: . + file: autoconf/Dockerfile + platforms: linux/arm64,linux/arm/v7 + tags: bunkerweb-autoconf-tests-arm:latest + cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-arm-cache,mode=min + - name: Build BW UI for ARM + uses: docker/build-push-action@v3 + with: + context: . + file: ui/Dockerfile + platforms: linux/arm64,linux/arm/v7 + tags: bunkerweb-ui-tests-arm:latest + cache-to: type=registry,ref=bunkerity/cache:bw-ui-arm-cache,mode=min # Run tests tests: @@ -203,7 +172,7 @@ jobs: - name: Set variables run: | VER=$(cat VERSION | tr -d '\n') - if [ "$GITHUB_REF" = "refs/heads/main" ] ; then + if [ "$GITHUB_REF" = "refs/heads/master" ] ; then echo "BUILD_MODE=prod" >> $GITHUB_ENV else echo "BUILD_MODE=dev" >> $GITHUB_ENV @@ -260,16 +229,19 @@ jobs: # Push to dev registries push-docker: - needs: [tests, build-bw-386] + needs: [tests, build-bw-386, build-bw-arm] runs-on: ubuntu-latest steps: # Prepare - name: Checkout source code uses: actions/checkout@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + - name: Set variables + run: | + VER=$(cat VERSION | tr -d '\n') + echo "VERSION=$VER" >> $GITHUB_ENV - name: Setup Buildx + id: buildx uses: docker/setup-buildx-action@v2 - name: Login to Docker Hub uses: docker/login-action@v2 @@ -282,44 +254,55 @@ jobs: registry: ${{ secrets.PRIVATE_REGISTRY }} username: registry password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} - - name: Set variables + - name: Setup SSH for ARM node run: | - VER=$(cat VERSION | tr -d '\n') - echo "VERSION=$VER" >> $GITHUB_ENV + mkdir -p ~/.ssh + echo "$SSH_KEY" > ~/.ssh/id_rsa_arm + chmod 600 ~/.ssh/id_rsa_arm + echo "$SSH_CONFIG" > ~/.ssh/config + env: + SSH_KEY: ${{ secrets.ARM_SSH_KEY }} + SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }} + - name: Append ARM node to buildx + run: | + docker buildx create --append --name ${{ steps.buildx.outputs.name }} --node arm --platform linux/arm64,linux/arm/v7,linux/arm/v6 ssh://ubuntu@arm # Build and push - name: Build and push BW uses: docker/build-push-action@v3 with: context: . - platforms: linux/amd64,linux/386 + platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7 push: true tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb:latest,bunkerity/bunkerweb:latest,bunkerity/bunkerweb:${{ env.VERSION }} cache-from: | type=registry,ref=bunkerity/cache:bw-amd64-cache type=registry,ref=bunkerity/cache:bw-386-cache + type=registry,ref=bunkerity/cache:bw-arm-cache - name: Build and push BW autoconf uses: docker/build-push-action@v3 with: context: . file: autoconf/Dockerfile - platforms: linux/amd64,linux/386 + platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7 push: true tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:${{ env.VERSION }} cache-from: | type=registry,ref=bunkerity/cache:bw-autoconf-amd64-cache type=registry,ref=bunkerity/cache:bw-autoconf-386-cache + type=registry,ref=bunkerity/cache:bw-autoconf-arm-cache - name: Build and push BW UI uses: docker/build-push-action@v3 with: context: . file: ui/Dockerfile - platforms: linux/amd64,linux/386 + platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7 push: true tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:${{ env.VERSION }} cache-from: | type=registry,ref=bunkerity/cache:bw-ui-amd64-cache type=registry,ref=bunkerity/cache:bw-ui-386-cache + type=registry,ref=bunkerity/cache:bw-ui-arm-cache # Push to PackageCloud push-linux: diff --git a/CHANGELOG.md b/CHANGELOG.md index 986de3f..1f23997 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## v1.4.1 - +## v1.4.1 - 2022/16/06 - Fix sending local IPs to BunkerNet when DISABLE_DEFAULT_SERVER=yes - Fix certbot bug when AUTOCONF_MODE=yes - Fix certbot bug when MULTISITE=no diff --git a/README.md b/README.md index 1bab58d..29f6d85 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@

- + diff --git a/VERSION b/VERSION index e21e727..13175fd 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.4.0 \ No newline at end of file +1.4.1 \ No newline at end of file diff --git a/autoconf/DockerController.py b/autoconf/DockerController.py index ce6a910..8b72b09 100644 --- a/autoconf/DockerController.py +++ b/autoconf/DockerController.py @@ -26,11 +26,6 @@ class DockerController(Controller) : continue value = env.replace(variable + "=", "", 1) instance["env"][variable] = value - server_name = [] - for controller_service in self._get_controller_services() : - if "bunkerweb.SERVER_NAME" in controller_service.labels : - server_name.append(controller_service.labels["bunkerweb.SERVER_NAME"].split(" ")[0]) - instance["env"]["SERVER_NAME"] = " ".join(server_name) return [instance] def _get_controller_services(self) : diff --git a/docs/integrations.md b/docs/integrations.md index 8eb1d5d..9cf3d98 100644 --- a/docs/integrations.md +++ b/docs/integrations.md @@ -12,7 +12,7 @@ Using BunkerWeb as a [Docker](https://www.docker.com/) container is a quick and We provide ready to use prebuilt images for x64 and x86 architectures (armv7 and armv8 are not supported at the moment) on [Docker Hub](https://hub.docker.com/r/bunkerity/bunkerweb) : ```shell -docker pull bunkerity/bunkerweb:1.4.0 +docker pull bunkerity/bunkerweb:1.4.1 ``` Alternatively, you can build the Docker images directly from the [source](https://github.com/bunkerity/bunkerweb) (and take a coffee ☕ because it may be long depending on your hardware) : @@ -39,7 +39,7 @@ docker run \ -e MY_SETTING=value \ -e "MY_OTHER_SETTING=value with spaces" \ ... - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent : @@ -48,7 +48,7 @@ Here is the docker-compose equivalent : ... services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 environment: - MY_SETTING=value ``` @@ -73,7 +73,7 @@ docker run \ ... -v "${PWD}/bw-data:/data" \ ... - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent : @@ -82,7 +82,7 @@ Here is the docker-compose equivalent : ... services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 volumes: - bw-data:/data ... @@ -109,7 +109,7 @@ docker run \ ... -v ./bw-data:/data \ ... - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent : @@ -119,7 +119,7 @@ Here is the docker-compose equivalent : ... services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 volumes: - ./bw-data:/data ``` @@ -141,7 +141,7 @@ docker run \ ... --network mynetwork \ ... - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` You will also need to do the same with your web application(s). Please note that the other containers are accessible using their name as the hostname. @@ -152,7 +152,7 @@ Here is the docker-compose equivalent : ... services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 networks: - bw-net ... @@ -183,9 +183,6 @@ First of all, you will need to create the data volume : docker volume create bw-data ``` -- One for sharing the persistent data, mounted on **/data** -- Another one for sharing the generated Nginx configurations, mounted on **/etc/nginx** - Then, you can create two networks (replace 10.20.30.0/24 with an unused subnet of your choice) : ```shell @@ -210,7 +207,7 @@ docker run \ -e SERVER_NAME= \ -e "API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24" \ -l bunkerweb.AUTOCONF \ - bunkerity/bunkerweb:1.4.0 && \ + bunkerity/bunkerweb:1.4.1 && \ docker network connect bw-services mybunker ``` @@ -224,7 +221,7 @@ docker run \ --network bw-autoconf \ -v bw-data:/data \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ - bunkerity/bunkerweb-autoconf:1.4.0 + bunkerity/bunkerweb-autoconf:1.4.1 ``` Here is the docker-compose equivalent for the BunkerWeb autoconf stack : @@ -235,12 +232,10 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 - volumes: - - bw-data:/data environment: - AUTOCONF_MODE=yes - MULTISITE=yes @@ -253,7 +248,7 @@ services: - bw-services myautoconf: - image: bunkerity/bunkerweb-autoconf:1.4.0 + image: bunkerity/bunkerweb-autoconf:1.4.1 volumes: - bw-data:/data - /var/run/docker.sock:/var/run/docker.sock:ro @@ -355,7 +350,7 @@ docker service create \ -e MULTISITE=yes \ -e "API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24" \ -l bunkerweb.AUTOCONF \ - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` And the autoconf one : @@ -369,7 +364,7 @@ docker service \ --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock,ro \ --mount type=volume,source=bw-data,destination=/data \ -e SWARM_MODE=yes \ - bunkerity/bunkerweb-autoconf:1.4.0 + bunkerity/bunkerweb-autoconf:1.4.1 ``` Here is the docker-compose equivalent (using `docker stack deploy`) : @@ -380,7 +375,7 @@ version: '3.5' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - published: 80 target: 8080 @@ -407,7 +402,7 @@ services: - "bunkerweb.AUTOCONF" myautoconf: - image: bunkerity/bunkerweb-autoconf:1.4.0 + image: bunkerity/bunkerweb-autoconf:1.4.1 environment: - SWARM_MODE=yes volumes: @@ -697,11 +692,11 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt sudo apt install -y nginx=1.20.2-1~bullseye ``` - And finally install BunkerWeb 1.4.0 : + And finally install BunkerWeb 1.4.1 : ```shell curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \ sudo apt update && \ - sudo apt install -y bunkerweb=1.4.0 + sudo apt install -y bunkerweb=1.4.1 ``` To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command : @@ -727,11 +722,11 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt sudo apt install -y nginx=1.20.2-1~jammy ``` - And finally install BunkerWeb 1.4.0 : + And finally install BunkerWeb 1.4.1 : ```shell curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \ sudo apt update && \ - sudo apt install -y bunkerweb=1.4.0 + sudo apt install -y bunkerweb=1.4.1 ``` To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command : @@ -749,7 +744,7 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt ```shell curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \ sudo dnf check-update && \ - sudo dnf install -y bunkerweb-1.4.0 + sudo dnf install -y bunkerweb-1.4.1 ``` To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command : @@ -776,12 +771,12 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt sudo dnf install nginx-1.20.2 ``` - And finally install BunkerWeb 1.4.0 : + And finally install BunkerWeb 1.4.1 : ```shell dnf install -y epel-release && \ curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \ sudo dnf check-update && \ - sudo dnf install -y bunkerweb-1.4.0 + sudo dnf install -y bunkerweb-1.4.1 ``` To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command : diff --git a/docs/migrating.md b/docs/migrating.md index 2357370..fc206ab 100644 --- a/docs/migrating.md +++ b/docs/migrating.md @@ -2,7 +2,7 @@ !!! warning "Read this if you were a bunkerized user" - A lot of things have changed since the last bunkerized release. If you want to an upgrade, which we recommend you to do because BunkerWeb is by far better than bunkerized, please read carefully this section and also the whole documentation. + A lot of things have changed since the last bunkerized release. If you want to do an upgrade, which we recommend you to do because BunkerWeb is by far better than bunkerized, please read carefully this section and also the whole documentation. ## Volumes @@ -12,11 +12,14 @@ When using container-based integrations like [Docker](/1.4/integrations/#docker) We decided to drop the following features : -- Authelia : we will make an official [plugin](/1.4/plugins) for that - Blocking "bad" referrers : we may add it again in the future - ROOT_SITE_SUBFOLDER : we will need to redesign this in the future -## Replaced BLOCK_*, WHITELIST_* and BLACKLIST_* settings +## Changed Authelia support + +Instead of supporting only Authelia, we decided to support generic auth request settings. See the new [authelia example](https://github.com/bunkerity/bunkerweb/tree/master/examples/authelia) and [auth request documentation](https://docs.bunkerweb.io/1.4/security-tuning/#auth-request) for more information. + +## Replaced BLOCK_\*, WHITELIST_\* and BLACKLIST_\* settings The blocking mechanisms has been completely redesigned. We have detected that a lot of false positives came from the default blacklists hardcoded into bunkerized. That's why we decided to give the users the choice of their blacklists (and also whitelists) for IP address, reverse DNS, user-agent, URI and ASN, see the [Blacklisting and whitelisting](/1.4/security-tuning/#blacklisting-and-whitelisting) section of the [security tuning](/1.4/security-tuning). diff --git a/docs/plugins.md b/docs/plugins.md index 13fbabb..b9d59ad 100644 --- a/docs/plugins.md +++ b/docs/plugins.md @@ -43,13 +43,13 @@ The first step is to install the plugin by putting the plugin files inside the c ... -v "${PWD}/bw-data:/data" \ ... - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent : ```yaml mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 volumes: - ./bw-data:/data ... diff --git a/docs/quickstart-guide.md b/docs/quickstart-guide.md index e42ad9f..27404c9 100644 --- a/docs/quickstart-guide.md +++ b/docs/quickstart-guide.md @@ -54,7 +54,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s -e USE_REVERSE_PROXY=yes \ -e REVERSE_PROXY_URL=/ \ -e REVERSE_PROXY_HOST=http://myapp \ - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent : @@ -64,7 +64,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 @@ -331,7 +331,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s -e app1.example.com_REVERSE_PROXY_HOST=http://myapp1 \ -e app2.example.com_REVERSE_PROXY_HOST=http://myapp2 \ -e app3.example.com_REVERSE_PROXY_HOST=http://myapp3 \ - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent : @@ -341,7 +341,7 @@ You will find more settings about reverse proxy in the [settings section](/1.4/s services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 @@ -875,13 +875,13 @@ REAL_IP_HEADER=X-Forwarded-For -e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \ -e REAL_IP_HEADER=X-Forwarded-For \ ... - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent : ```yaml mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ... environment: - USE_REAL_IP=yes @@ -900,13 +900,13 @@ REAL_IP_HEADER=X-Forwarded-For -e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \ -e REAL_IP_HEADER=X-Forwarded-For \ ... - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent : ```yaml mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ... environment: - USE_REAL_IP=yes @@ -925,13 +925,13 @@ REAL_IP_HEADER=X-Forwarded-For -e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \ -e REAL_IP_HEADER=X-Forwarded-For \ ... - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent (using `docker stack deploy`) : ```yaml mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ... environment: - USE_REAL_IP=yes @@ -956,7 +956,7 @@ REAL_IP_HEADER=X-Forwarded-For spec: containers: - name: bunkerweb - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ... env: - name: USE_REAL_IP @@ -1008,13 +1008,13 @@ REAL_IP_HEADER=proxy_protocol -e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \ -e REAL_IP_HEADER=proxy_protocol \ ... - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent : ```yaml mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ... environment: - USE_REAL_IP=yes @@ -1035,13 +1035,13 @@ REAL_IP_HEADER=proxy_protocol -e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \ -e REAL_IP_HEADER=proxy_protocol \ ... - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent : ```yaml mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ... environment: - USE_REAL_IP=yes @@ -1062,13 +1062,13 @@ REAL_IP_HEADER=proxy_protocol -e "REAL_IP_FROM=1.2.3.0/24 100.64.0.0/16" \ -e REAL_IP_HEADER=proxy_protocol \ ... - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent (using `docker stack deploy`) : ```yaml mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ... environment: - USE_REAL_IP=yes @@ -1094,7 +1094,7 @@ REAL_IP_HEADER=proxy_protocol spec: containers: - name: bunkerweb - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ... env: - name: USE_REAL_IP @@ -1169,13 +1169,13 @@ Some integrations offer a more convenient way of applying configurations for exa ... -v "${PWD}/bw-data:/data" \ ... - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent : ```yaml mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 volumes: - ./bw-data:/data ... @@ -1212,13 +1212,13 @@ Some integrations offer a more convenient way of applying configurations for exa ... -v "${PWD}/bw-data:/data" \ ... - bunkerity/bunkerweb:1.4.0 + bunkerity/bunkerweb:1.4.1 ``` Here is the docker-compose equivalent : ```yaml mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 volumes: - ./bw-data:/data ... diff --git a/docs/security-tuning.md b/docs/security-tuning.md index 7cdeb9b..a001ff6 100644 --- a/docs/security-tuning.md +++ b/docs/security-tuning.md @@ -297,6 +297,7 @@ Using both country blacklist and whitelist at the same time makes no sense. If y ## Authentication +### Auth basic You can quickly protect sensitive resources like the admin area for example by requiring HTTP basic authentication. Here is the list of related settings : | Setting | Default | Description | @@ -306,3 +307,14 @@ You can quickly protect sensitive resources like the admin area for example by r | `AUTH_BASIC_USER` | `changeme` | The username required. | | `AUTH_BASIC_PASSWORD` | `changeme` | The password required. | | `AUTH_BASIC_TEXT` | `Restricted area` | Text to display in the auth prompt. | + +### Auth request +You can deploy complex authentification (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/master/examples). + +**Auth request settings are related to reverse proxy rules.** + +| Setting | Default | Context |Multiple| Description | +|---------------------------------------|----------------------------------|---------|--------|--------------------------------------------------------------------------------------------------------------------| +|`REVERSE_PROXY_AUTH_REQUEST` | |multisite|yes |Enable authentication using an external provider (value of auth_request directive). | +|`REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL`| |multisite|yes |Redirect clients to signin URL when using REVERSE_PROXY_AUTH_REQUEST (used when auth_request call returned 401). | +|`REVERSE_PROXY_AUTH_REQUEST_SET` | |multisite|yes |List of variables to set from the authentication provider, separated with ; (values of auth_request_set directives).| \ No newline at end of file diff --git a/docs/settings.md b/docs/settings.md index 2e4db05..61476b6 100644 --- a/docs/settings.md +++ b/docs/settings.md @@ -249,26 +249,33 @@ When settings are considered as "multiple", it means that you can have multiple ### Reverse proxy -| Setting | Default | Context |Multiple| Description | -|--------------------------------|----------------------------------|---------|--------|-----------------------------------------------------------------------------------| -|`USE_REVERSE_PROXY` |`no` |multisite|no |Activate reverse proxy mode. | -|`REVERSE_PROXY_INTERCEPT_ERRORS`|`yes` |multisite|no |Intercept and rewrite errors. | -|`REVERSE_PROXY_HOST` | |multisite|yes |Full URL of the proxied resource (proxy_pass). | -|`REVERSE_PROXY_URL` | |multisite|yes |Location URL that will be proxied. | -|`REVERSE_PROXY_WS` |`no` |multisite|yes |Enable websocket on the proxied resource. | -|`REVERSE_PROXY_HEADERS` | |multisite|yes |List of HTTP headers to send to proxied resource. | -|`REVERSE_PROXY_BUFFERING` |`yes` |multisite|yes |Enable or disable buffering of responses from proxied resource. | -|`REVERSE_PROXY_KEEPALIVE` |`no` |multisite|yes |Enable or disable keepalive connections with the proxied resource. | -|`USE_PROXY_CACHE` |`no` |multisite|no |Enable or disable caching of the proxied resources. | -|`PROXY_CACHE_PATH_LEVELS` |`1:2` |global |no |Hierarchy levels of the cache. | -|`PROXY_CACHE_PATH_ZONE_SIZE` |`10m` |global |no |Maximum size of cached metadata when caching proxied resources. | -|`PROXY_CACHE_PATH_PARAMS` |`max_size=100m` |global |no |Additional parameters to add to the proxy_cache directive. | -|`PROXY_CACHE_METHODS` |`GET HEAD` |multisite|no |HTTP methods that should trigger a cache operation. | -|`PROXY_CACHE_MIN_USES` |`2` |multisite|no |The minimimum number of requests before a response is cached. | -|`PROXY_CACHE_KEY` |`$scheme$host$request_uri` |multisite|no |The key used to uniquely identify a cached response. | -|`PROXY_CACHE_VALID` |`200=24h 301=1h 302=24h` |multisite|no |Define the caching time dependending on the HTTP status code (list of status=time).| -|`PROXY_NO_CACHE` |`$http_pragma $http_authorization`|multisite|no |Conditions to disable caching of responses. | -|`PROXY_CACHE_BYPASS` |`0` |multisite|no |Conditions to bypass caching of responses. | +| Setting | Default | Context |Multiple| Description | +|---------------------------------------|----------------------------------|---------|--------|--------------------------------------------------------------------------------------------------------------------| +|`USE_REVERSE_PROXY` |`no` |multisite|no |Activate reverse proxy mode. | +|`REVERSE_PROXY_INTERCEPT_ERRORS` |`yes` |multisite|no |Intercept and rewrite errors. | +|`REVERSE_PROXY_HOST` | |multisite|yes |Full URL of the proxied resource (proxy_pass). | +|`REVERSE_PROXY_URL` | |multisite|yes |Location URL that will be proxied. | +|`REVERSE_PROXY_WS` |`no` |multisite|yes |Enable websocket on the proxied resource. | +|`REVERSE_PROXY_HEADERS` | |multisite|yes |List of HTTP headers to send to proxied resource separated with ; (values for proxy_set_header directive). | +|`REVERSE_PROXY_HEADERS_CLIENT` | |multisite|yes |List of HTTP headers to send to client separated with ; (values for add_header directive). | +|`REVERSE_PROXY_BUFFERING` |`yes` |multisite|yes |Enable or disable buffering of responses from proxied resource. | +|`REVERSE_PROXY_KEEPALIVE` |`no` |multisite|yes |Enable or disable keepalive connections with the proxied resource. | +|`REVERSE_PROXY_AUTH_REQUEST` | |multisite|yes |Enable authentication using an external provider (value of auth_request directive). | +|`REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL`| |multisite|yes |Redirect clients to signin URL when using REVERSE_PROXY_AUTH_REQUEST (used when auth_request call returned 401). | +|`REVERSE_PROXY_AUTH_REQUEST_SET` | |multisite|yes |List of variables to set from the authentication provider, separated with ; (values of auth_request_set directives).| +|`USE_PROXY_CACHE` |`no` |multisite|no |Enable or disable caching of the proxied resources. | +|`PROXY_CACHE_PATH_LEVELS` |`1:2` |global |no |Hierarchy levels of the cache. | +|`PROXY_CACHE_PATH_ZONE_SIZE` |`10m` |global |no |Maximum size of cached metadata when caching proxied resources. | +|`PROXY_CACHE_PATH_PARAMS` |`max_size=100m` |global |no |Additional parameters to add to the proxy_cache directive. | +|`PROXY_CACHE_METHODS` |`GET HEAD` |multisite|no |HTTP methods that should trigger a cache operation. | +|`PROXY_CACHE_MIN_USES` |`2` |multisite|no |The minimimum number of requests before a response is cached. | +|`PROXY_CACHE_KEY` |`$scheme$host$request_uri` |multisite|no |The key used to uniquely identify a cached response. | +|`PROXY_CACHE_VALID` |`200=24h 301=1h 302=24h` |multisite|no |Define the caching time dependending on the HTTP status code (list of status=time). | +|`PROXY_NO_CACHE` |`$http_pragma $http_authorization`|multisite|no |Conditions to disable caching of responses. | +|`PROXY_CACHE_BYPASS` |`0` |multisite|no |Conditions to bypass caching of responses. | +|`REVERSE_PROXY_CONNECT_TIMEOUT` |`60s` |multisite|yes |Timeout when connecting to the proxied resource. | +|`REVERSE_PROXY_READ_TIMEOUT` |`60s` |multisite|yes |Timeout when reading from the proxied resource. | +|`REVERSE_PROXY_SEND_TIMEOUT` |`60s` |multisite|yes |Timeout when sending to the proxied resource. | ### Self-signed certificate diff --git a/docs/web-ui.md b/docs/web-ui.md index ff7af10..b7daa21 100644 --- a/docs/web-ui.md +++ b/docs/web-ui.md @@ -78,7 +78,7 @@ Because the web UI is a web application, the recommended installation procedure -e "bwadm.example.com_REVERSE_PROXY_HEADER=X-Script-Name /changeme" \ -e bwadm.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no \ -l bunkerweb.UI \ - bunkerity/bunkerweb:1.4.0 && \ + bunkerity/bunkerweb:1.4.1 && \ docker network connect bw-ui mybunker ``` @@ -117,7 +117,7 @@ Because the web UI is a web application, the recommended installation procedure -e ADMIN_USERNAME=admin \ -e ADMIN_PASSWORD=changeme \ -e ABSOLUTE_URI=http(s)://bwadm.example.com/changeme/ - bunkerity/bunkerweb-ui:1.4.0 && \ + bunkerity/bunkerweb-ui:1.4.1 && \ docker network connect bw-docker myui ``` @@ -133,7 +133,7 @@ Because the web UI is a web application, the recommended installation procedure services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 networks: - bw-services - bw-ui @@ -156,7 +156,7 @@ Because the web UI is a web application, the recommended installation procedure - "bunkerweb.UI" myui: - image: bunkerity/bunkerweb-ui:1.4.0 + image: bunkerity/bunkerweb-ui:1.4.1 depends_on: - mydocker networks: diff --git a/examples/authelia/docker-compose.yml b/examples/authelia/docker-compose.yml index f2f60b8..79c56a5 100644 --- a/examples/authelia/docker-compose.yml +++ b/examples/authelia/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.4' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/authentik/README.md b/examples/authentik/README.md index dca69de..de6c131 100644 --- a/examples/authentik/README.md +++ b/examples/authentik/README.md @@ -1 +1,3 @@ -We assume that you are already familiar with [Authentik](). +We assume that you are already familiar with [Authentik](https://goauthentik.io/). + +This example has been tested with a Proxy in Forward auth (domain level) mode (see [here](https://goauthentik.io/docs/providers/proxy/forward_auth) for more information). diff --git a/examples/authentik/docker-compose.yml b/examples/authentik/docker-compose.yml index 2443b0c..ea4a5f3 100644 --- a/examples/authentik/docker-compose.yml +++ b/examples/authentik/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.4' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/behind-reverse-proxy/docker-compose.yml b/examples/behind-reverse-proxy/docker-compose.yml index 864ae81..65e96a3 100644 --- a/examples/behind-reverse-proxy/docker-compose.yml +++ b/examples/behind-reverse-proxy/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 # ⚠️ read this if you use local folders for volumes ⚠️ # bunkerweb runs as an unprivileged user with UID/GID 101 # don't forget to edit the permissions of the files and folders accordingly diff --git a/examples/bigbluebutton/docker-compose.yml b/examples/bigbluebutton/docker-compose.yml index 295bf03..e12ed6e 100644 --- a/examples/bigbluebutton/docker-compose.yml +++ b/examples/bigbluebutton/docker-compose.yml @@ -27,7 +27,7 @@ services: ... mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/drupal/docker-compose.yml b/examples/drupal/docker-compose.yml index b66cdce..aa649fc 100644 --- a/examples/drupal/docker-compose.yml +++ b/examples/drupal/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/ghost/docker-compose.yml b/examples/ghost/docker-compose.yml index 4e2ba00..18631a5 100644 --- a/examples/ghost/docker-compose.yml +++ b/examples/ghost/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 @@ -31,7 +31,7 @@ services: volumes: - ./ghost-data:/var/lib/ghost/content environment: - - url=http://www.example.com # replace with your domain + - url=https://www.example.com # replace with your domain volumes: - bw_data: \ No newline at end of file + bw_data: diff --git a/examples/gogs/docker-compose.yml b/examples/gogs/docker-compose.yml index f6f2115..9f7ade4 100644 --- a/examples/gogs/docker-compose.yml +++ b/examples/gogs/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/hardened/docker-compose.yml b/examples/hardened/docker-compose.yml index add8307..80595fd 100644 --- a/examples/hardened/docker-compose.yml +++ b/examples/hardened/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 # dropping all capabilities cap_drop: - ALL diff --git a/examples/joomla/docker-compose.yml b/examples/joomla/docker-compose.yml index bb69a0f..b41d416 100644 --- a/examples/joomla/docker-compose.yml +++ b/examples/joomla/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/load-balancer/docker-compose.yml b/examples/load-balancer/docker-compose.yml index 42a3c35..347d173 100644 --- a/examples/load-balancer/docker-compose.yml +++ b/examples/load-balancer/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/magento/docker-compose.yml b/examples/magento/docker-compose.yml index d2898c9..5125361 100644 --- a/examples/magento/docker-compose.yml +++ b/examples/magento/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/mongo-express/docker-compose.yml b/examples/mongo-express/docker-compose.yml index 804bc3f..0cbd46c 100644 --- a/examples/mongo-express/docker-compose.yml +++ b/examples/mongo-express/docker-compose.yml @@ -24,7 +24,7 @@ services: - mongo mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/moodle/docker-compose.yml b/examples/moodle/docker-compose.yml index 184b723..7ff7d9f 100644 --- a/examples/moodle/docker-compose.yml +++ b/examples/moodle/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/nextcloud/docker-compose.yml b/examples/nextcloud/docker-compose.yml index a8b5019..e7cddeb 100644 --- a/examples/nextcloud/docker-compose.yml +++ b/examples/nextcloud/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/passbolt/docker-compose.yml b/examples/passbolt/docker-compose.yml index e0d6105..e27b58c 100644 --- a/examples/passbolt/docker-compose.yml +++ b/examples/passbolt/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/php-multisite/docker-compose.yml b/examples/php-multisite/docker-compose.yml index 159aa5a..8bb73a2 100644 --- a/examples/php-multisite/docker-compose.yml +++ b/examples/php-multisite/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/php-singlesite/docker-compose.yml b/examples/php-singlesite/docker-compose.yml index a1b33c4..f2a78ec 100644 --- a/examples/php-singlesite/docker-compose.yml +++ b/examples/php-singlesite/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/prestashop/docker-compose.yml b/examples/prestashop/docker-compose.yml index 5d315d7..6dbc54b 100644 --- a/examples/prestashop/docker-compose.yml +++ b/examples/prestashop/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/proxy-protocol/docker-compose.yml b/examples/proxy-protocol/docker-compose.yml index 79d86c2..882d541 100644 --- a/examples/proxy-protocol/docker-compose.yml +++ b/examples/proxy-protocol/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 # ⚠️ read this if you use local folders for volumes ⚠️ # bunkerweb runs as an unprivileged user with UID/GID 101 # don't forget to edit the permissions of the files and folders accordingly diff --git a/examples/redmine/docker-compose.yml b/examples/redmine/docker-compose.yml index 97f3070..6f7ded4 100644 --- a/examples/redmine/docker-compose.yml +++ b/examples/redmine/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/reverse-proxy-multisite/docker-compose.yml b/examples/reverse-proxy-multisite/docker-compose.yml index d042b56..c7dac39 100644 --- a/examples/reverse-proxy-multisite/docker-compose.yml +++ b/examples/reverse-proxy-multisite/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/reverse-proxy-singlesite/docker-compose.yml b/examples/reverse-proxy-singlesite/docker-compose.yml index bdf5d50..2224282 100644 --- a/examples/reverse-proxy-singlesite/docker-compose.yml +++ b/examples/reverse-proxy-singlesite/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/reverse-proxy-websocket/docker-compose.yml b/examples/reverse-proxy-websocket/docker-compose.yml index 4720966..d2ac822 100644 --- a/examples/reverse-proxy-websocket/docker-compose.yml +++ b/examples/reverse-proxy-websocket/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/syslog/docker-compose.yml b/examples/syslog/docker-compose.yml index 05e09bd..43b6106 100644 --- a/examples/syslog/docker-compose.yml +++ b/examples/syslog/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 logging: driver: syslog options: diff --git a/examples/tomcat/docker-compose.yml b/examples/tomcat/docker-compose.yml index 61faf1a..c6f3cfb 100644 --- a/examples/tomcat/docker-compose.yml +++ b/examples/tomcat/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/examples/tor-hidden-service/docker-compose.yml b/examples/tor-hidden-service/docker-compose.yml index a7d8940..5e83408 100644 --- a/examples/tor-hidden-service/docker-compose.yml +++ b/examples/tor-hidden-service/docker-compose.yml @@ -11,7 +11,7 @@ services: - SERVICE1_TOR_SERVICE_VERSION=3 mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 # ⚠️ read this if you use local folders for volumes ⚠️ # bunkerweb runs as an unprivileged user with UID/GID 101 # don't forget to edit the permissions of the files and folders accordingly diff --git a/examples/web-ui/docker-compose.yml b/examples/web-ui/docker-compose.yml index eb2d9ef..43714a3 100644 --- a/examples/web-ui/docker-compose.yml +++ b/examples/web-ui/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 @@ -42,7 +42,7 @@ services: - net_svc myui: - image: bunkerity/bunkerweb-ui:1.4.0 + image: bunkerity/bunkerweb-ui:1.4.1 depends_on: - myuiproxy volumes: diff --git a/examples/wordpress/docker-compose.yml b/examples/wordpress/docker-compose.yml index 114e977..28737d8 100644 --- a/examples/wordpress/docker-compose.yml +++ b/examples/wordpress/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 diff --git a/integrations/autoconf/docker-compose.yml b/integrations/autoconf/docker-compose.yml index 20cf45c..f57dab1 100644 --- a/integrations/autoconf/docker-compose.yml +++ b/integrations/autoconf/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - 80:8080 - 443:8443 @@ -20,7 +20,7 @@ services: - bw-services myautoconf: - image: bunkerity/bunkerweb-autoconf:1.4.0 + image: bunkerity/bunkerweb-autoconf:1.4.1 volumes: - ./bw-data:/data - /var/run/docker.sock:/var/run/docker.sock:ro @@ -29,7 +29,6 @@ services: volumes: bw-data: - bw-conf: networks: bw-autoconf: diff --git a/integrations/kubernetes/bunkerweb.yml b/integrations/kubernetes/bunkerweb.yml index d904462..cb12fc2 100644 --- a/integrations/kubernetes/bunkerweb.yml +++ b/integrations/kubernetes/bunkerweb.yml @@ -16,7 +16,7 @@ spec: spec: containers: - name: bunkerweb - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -106,7 +106,7 @@ spec: claimName: pvc-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.4.0 + image: bunkerity/bunkerweb-autoconf:1.4.1 imagePullPolicy: Always env: - name: KUBERNETES_MODE diff --git a/integrations/swarm/stack.yml b/integrations/swarm/stack.yml index dfba665..5d96f79 100644 --- a/integrations/swarm/stack.yml +++ b/integrations/swarm/stack.yml @@ -3,7 +3,7 @@ version: '3.5' services: mybunker: - image: bunkerity/bunkerweb:1.4.0 + image: bunkerity/bunkerweb:1.4.1 ports: - published: 80 target: 8080 @@ -31,7 +31,7 @@ services: - "bunkerweb.AUTOCONF" myautoconf: - image: bunkerity/bunkerweb-autoconf:1.4.0 + image: bunkerity/bunkerweb-autoconf:1.4.1 environment: - SWARM_MODE=yes volumes: