check permissions for missing volumes and add comment about permissions on examples

entrypoint/permissions-swarm.sh

@@ -12,14 +12,36 @@ if [ ! -r "/www" ] || [ ! -x "/www" ] ; then
 	exit 2
 fi
 
+# /modsec-confs
+if [ ! -r "/modsec-confs" ] || [ ! -x "/modsec-confs" ] ; then
+	echo "[!] ERROR - wrong permissions on /modsec-confs"
+	exit 3
+fi
+# /modsec-crs-confs
+if [ ! -r "/modsec-crs-confs" ] || [ ! -x "/modsec-crs-confs" ] ; then
+	echo "[!] ERROR - wrong permissions on /modsec-crs-confs"
+	exit 4
+fi
+# /server-confs
+if [ ! -r "/server-confs" ] || [ ! -x "/server-confs" ] ; then
+	echo "[!] ERROR - wrong permissions on /server-confs"
+	exit 5
+fi
+# /http-confs
+if [ ! -r "/http-confs" ] || [ ! -x "/http-confs" ] ; then
+	echo "[!] ERROR - wrong permissions on /http-confs"
+	exit 6
+fi
+
 # /etc/nginx
 if [ ! -r "/etc/nginx" ] || [ ! -x "/etc/nginx" ] ; then
 	echo "[!] ERROR - wrong permissions on /etc/nginx"
-	exit 3
+	exit 7
 fi
 
 # /acme-challenge
 if [ ! -r "/acme-challenge" ] || [ ! -x "/acme-challenge" ] ; then
 	echo "[!] ERROR - wrong permissions on /acme-challenge"
-	exit 4
+	exit 8
 fi
+

entrypoint/permissions.sh

@@ -2,7 +2,7 @@
 
 # /etc/letsencrypt
 if [ ! -w "/etc/letsencrypt" ] || [ ! -r "/etc/letsencrypt" ] || [ ! -x "/etc/letsencrypt" ] ; then
-	echo "[!] WARNING - wrong permissions on /etc/letsencrypt"
+	echo "[!] ERROR - wrong permissions on /etc/letsencrypt"
 	exit 1
 fi
 
@@ -12,18 +12,36 @@ if [ -f "/usr/sbin/nginx" ] ; then
 		echo "[!] ERROR - wrong permissions on /www"
 		exit 2
 	fi
-
+	# /modsec-confs
+	if [ ! -r "/modsec-confs" ] || [ ! -x "/modsec-confs" ] ; then
+		echo "[!] ERROR - wrong permissions on /modsec-confs"
+		exit 3
+	fi
+	# /modsec-crs-confs
+	if [ ! -r "/modsec-crs-confs" ] || [ ! -x "/modsec-crs-confs" ] ; then
+		echo "[!] ERROR - wrong permissions on /modsec-crs-confs"
+		exit 4
+	fi
+	# /server-confs
+	if [ ! -r "/server-confs" ] || [ ! -x "/server-confs" ] ; then
+		echo "[!] ERROR - wrong permissions on /server-confs"
+		exit 5
+	fi
+	# /http-confs
+	if [ ! -r "/http-confs" ] || [ ! -x "/http-confs" ] ; then
+		echo "[!] ERROR - wrong permissions on /http-confs"
+		exit 6
+	fi
 fi
 
 # /acme-challenge
 if [ ! -w "/acme-challenge" ] || [ ! -r "/acme-challenge" ] || [ ! -x "/acme-challenge" ] ; then
 	echo "[!] ERROR - wrong permissions on /acme-challenge"
-	exit 3
+	exit 7
 fi
 
 # /etc/nginx
 if [ ! -w "/etc/nginx" ] || [ ! -r "/etc/nginx" ] || [ ! -x "/etc/nginx" ] ; then
 	echo "[!] ERROR - wrong permissions on /etc/nginx"
-	exit 4
+	exit 8
 fi
-

examples/autoconf-php/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./letsencrypt:/etc/letsencrypt
       - ./web-files:/www:ro

examples/autoconf-reverse-proxy/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./letsencrypt:/etc/letsencrypt
       - autoconf:/etc/nginx

examples/basic-website-with-php/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./web-files:/www:ro
       - ./letsencrypt:/etc/letsencrypt

examples/behind-traefik/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:80
       - 443:443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./traefik/traefik.toml:/traefik.toml

examples/certbot-wildcard/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./web-files:/www:ro
       - ./letsencrypt:/letsencrypt:ro

examples/crowdsec/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./web-files:/www:ro
       - ./letsencrypt:/etc/letsencrypt

examples/ghost/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./letsencrypt:/etc/letsencrypt
     environment:

examples/joomla/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./joomla-files:/www:ro
       - ./letsencrypt:/etc/letsencrypt

examples/load-balancer/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./letsencrypt:/etc/letsencrypt
       - ./http-confs:/http-confs:ro

examples/moodle/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./letsencrypt:/etc/letsencrypt
     environment:

examples/multisite-basic/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./web-files:/www:ro
       - ./letsencrypt:/etc/letsencrypt

examples/multisite-custom-server-confs/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./web-files:/www:ro
       - ./letsencrypt:/etc/letsencrypt

examples/multisite-custom-subfolders/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./apps:/www:ro
       - ./letsencrypt:/etc/letsencrypt

examples/nextcloud/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./nc-files:/www:ro
       - ./letsencrypt:/etc/letsencrypt

examples/passbolt/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./letsencrypt:/etc/letsencrypt
       - ./modsec-crs-confs:/modsec-crs-confs:ro      # disable some false positive

examples/redmine/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./letsencrypt:/etc/letsencrypt
     environment:

examples/reverse-proxy-multisite/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./letsencrypt:/etc/letsencrypt
     environment:

examples/reverse-proxy-singlesite/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./letsencrypt:/etc/letsencrypt
       - ./server-confs:/server-confs:ro                      # redirect /app1 and /app2 to /app1/ and /app2/

examples/reverse-proxy-websocket/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./letsencrypt:/etc/letsencrypt
     environment:

examples/swarm/stack.yml

@@ -4,6 +4,8 @@ services:
 
   autoconf:
     image: bunkerity/bunkerized-nginx-autoconf
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - /shared/confs:/etc/nginx
@@ -31,6 +33,8 @@ services:
         target: 8443
         mode: host
         protocol: tcp
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - /shared/confs:/etc/nginx
       - /shared/letsencrypt:/etc/letsencrypt:ro

examples/tomcat/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./letsencrypt:/etc/letsencrypt
     environment:

examples/tor-hidden-service/docker-compose.yml

@@ -14,6 +14,8 @@ services:
   mywww:
     image: bunkerity/bunkerized-nginx
     restart: always
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./web-files:/www:ro
     environment:

examples/web-ui/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./letsencrypt:/etc/letsencrypt
       - ./web-files:/www:ro

examples/wordpress/docker-compose.yml

@@ -8,6 +8,8 @@ services:
     ports:
       - 80:8080
       - 443:8443
+    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+    # don't forget to edit the permissions of the files and folders accordingly
     volumes:
       - ./wp-files:/www:ro
       - ./letsencrypt:/etc/letsencrypt