From c5c5fb17b529941c11558a232bb70b426606e62c Mon Sep 17 00:00:00 2001 From: bunkerity Date: Thu, 18 Mar 2021 18:08:42 +0100 Subject: [PATCH] v1.2.3 - swarm support --- README.md | 24 ++++++++++++++++-------- VERSION | 2 +- autoconf/Config.py | 1 + 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index fdb62e8..3d21e80 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,16 @@ -# bunkerized-nginx +

+ +

- - - +

+ + + + + + + +

nginx Docker image secure by default. @@ -27,7 +35,6 @@ Fooling automated tools/scanners : # Table of contents -- [bunkerized-nginx](#bunkerized-nginx) - [Table of contents](#table-of-contents) - [Live demo](#live-demo) - [Quickstart guide](#quickstart-guide) @@ -90,7 +97,7 @@ You can find a live demo at https://demo-nginx.bunkerity.com. docker run -p 80:8080 -v /path/to/web/files:/www:ro bunkerity/bunkerized-nginx ``` -Web files are stored in the /www directory, the container will serve files from there. +Web files are stored in the /www directory, the container will serve files from there. Please note that *bunkerized-nginx* doesn't run as root but with an unprivileged user with UID/GID 101 therefore you should set the rights of */path/to/web/files* accordingly. ## In combination with PHP @@ -123,8 +130,9 @@ docker run -p 80:8080 \ bunkerity/bunkerized-nginx ``` -Certificates are stored in the /etc/letsencrypt directory, you should save it on your local drive. -If you don't want your webserver to listen on HTTP add the environment variable `LISTEN_HTTP` with a *no* value. But Let's Encrypt needs the port 80 to be opened so redirecting the port is mandatory. +Certificates are stored in the /etc/letsencrypt directory, you should save it on your local drive. Please note that *bunkerized-nginx* doesn't run as root but with an unprivileged user with UID/GID 101 therefore you should set the rights of */where/to/save/certificates* accordingly. + +If you don't want your webserver to listen on HTTP add the environment variable `LISTEN_HTTP` with a *no* value (e.g. HTTPS only). But Let's Encrypt needs the port 80 to be opened so redirecting the port is mandatory. Here you have three environment variables : - `SERVER_NAME` : define the FQDN of your webserver, this is mandatory for Let's Encrypt (www.yourdomain.com should point to your IP address) diff --git a/VERSION b/VERSION index 23aa839..0495c4a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.2 +1.2.3 diff --git a/autoconf/Config.py b/autoconf/Config.py index b0b070c..1cfe300 100644 --- a/autoconf/Config.py +++ b/autoconf/Config.py @@ -83,6 +83,7 @@ class Config : if proc.returncode == 0 and vars_defaults["MULTISITE"] == "yes" and self.__swarm : proc = subprocess.run(["/bin/su", "-s", "/opt/entrypoint/multisite-config.sh", "nginx"], env=vars_defaults, capture_output=True) return proc.returncode == 0 + return proc.returncode == 0 except Exception as e : traceback.print_exc() utils.log("[!] Error while generating site config : " + str(e))