From ed451877ae3b4e83946993d21f673f6a1132c2a3 Mon Sep 17 00:00:00 2001 From: bunkerity Date: Sun, 15 Nov 2020 14:55:48 +0100 Subject: [PATCH] examples update and multiple REVERSE_PROXY_* on single site --- .../site/reverse-proxy-headers.conf | 5 +-- confs/site/reverse-proxy.conf | 4 -- entrypoint/defaults.sh | 1 + entrypoint/site-config.sh | 18 ++++++-- .../basic-website-with-php/docker-compose.yml | 4 +- examples/behind-traefik/docker-compose.yml | 31 ++++++++++++- examples/load-balancer/docker-compose.yml | 9 +++- examples/moodle/docker-compose.yml | 8 +++- .../moodle/server-confs/reverse-proxy.conf | 6 --- examples/multisite-basic/docker-compose.yml | 9 +++- .../docker-compose.yml | 10 +++-- .../nc.website.com/nextcloud.conf | 0 .../nc.website.com/nextcloud.conf | 0 .../wp.website.com/wordpress.conf | 0 .../nc.website.com/nextcloud.conf | 0 .../wp.website.com/permalinks.conf | 0 examples/nextcloud/docker-compose.yml | 11 +++-- examples/passbolt/docker-compose.yml | 22 ++++++---- .../passbolt/server-confs/reverse-proxy.conf | 7 --- .../docker-compose.yml | 12 +++++- .../js-app/index.js | 0 .../js-app/package.json | 0 .../docker-compose.yml | 43 +++++++++++++++++++ .../reverse-proxy-singlesite/js-app/index.js | 12 ++++++ .../js-app/package.json | 14 ++++++ .../server-confs/reverse-proxy.conf | 12 ------ examples/tomcat/docker-compose.yml | 9 +++- .../tor-hidden-service/docker-compose.yml | 4 +- examples/wordpress/docker-compose.yml | 18 ++++---- 29 files changed, 195 insertions(+), 74 deletions(-) rename examples/load-balancer/server-confs/reverse-proxy.conf => confs/site/reverse-proxy-headers.conf (68%) delete mode 100644 examples/moodle/server-confs/reverse-proxy.conf rename examples/{multisite-complex => multisite-custom-server-confs}/docker-compose.yml (92%) rename examples/{multisite-complex => multisite-custom-server-confs}/modsec-confs/nc.website.com/nextcloud.conf (100%) rename examples/{multisite-complex => multisite-custom-server-confs}/modsec-crs-confs/nc.website.com/nextcloud.conf (100%) rename examples/{multisite-complex => multisite-custom-server-confs}/modsec-crs-confs/wp.website.com/wordpress.conf (100%) rename examples/{multisite-complex => multisite-custom-server-confs}/server-confs/nc.website.com/nextcloud.conf (100%) rename examples/{multisite-complex => multisite-custom-server-confs}/server-confs/wp.website.com/permalinks.conf (100%) delete mode 100644 examples/passbolt/server-confs/reverse-proxy.conf rename examples/{reverse-proxy => reverse-proxy-multisite}/docker-compose.yml (68%) rename examples/{reverse-proxy => reverse-proxy-multisite}/js-app/index.js (100%) rename examples/{reverse-proxy => reverse-proxy-multisite}/js-app/package.json (100%) create mode 100644 examples/reverse-proxy-singlesite/docker-compose.yml create mode 100644 examples/reverse-proxy-singlesite/js-app/index.js create mode 100644 examples/reverse-proxy-singlesite/js-app/package.json delete mode 100644 examples/reverse-proxy/server-confs/reverse-proxy.conf diff --git a/examples/load-balancer/server-confs/reverse-proxy.conf b/confs/site/reverse-proxy-headers.conf similarity index 68% rename from examples/load-balancer/server-confs/reverse-proxy.conf rename to confs/site/reverse-proxy-headers.conf index 93ac5e2..9fbfe7a 100644 --- a/examples/load-balancer/server-confs/reverse-proxy.conf +++ b/confs/site/reverse-proxy-headers.conf @@ -1,6 +1,3 @@ proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - -location / { - proxy_pass http://app; -} +proxy_set_header X-Real-IP $remote_addr; diff --git a/confs/site/reverse-proxy.conf b/confs/site/reverse-proxy.conf index 50a5eae..0bc8aff 100644 --- a/confs/site/reverse-proxy.conf +++ b/confs/site/reverse-proxy.conf @@ -1,7 +1,3 @@ -proxy_set_header Host $host; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Real-IP $remote_addr; - location %REVERSE_PROXY_URL% { proxy_pass %REVERSE_PROXY_LOCATION%; } diff --git a/entrypoint/defaults.sh b/entrypoint/defaults.sh index def59de..37c4e25 100644 --- a/entrypoint/defaults.sh +++ b/entrypoint/defaults.sh @@ -1,5 +1,6 @@ #!/bin/bash +MULTISITE="${MULTISITE-yes}" HTTP_PORT="${HTTP_PORT-8080}" HTTPS_PORT="${HTTPS_PORT-8443}" MAX_CLIENT_SIZE="${MAX_CLIENT_SIZE-10m}" diff --git a/entrypoint/site-config.sh b/entrypoint/site-config.sh index 0349d20..7269260 100644 --- a/entrypoint/site-config.sh +++ b/entrypoint/site-config.sh @@ -44,10 +44,20 @@ replace_in_file "{NGINX_PREFIX}server.conf" "%SERVER_TOKENS%" "$SERVER_TOKENS" # reverse proxy if [ "$USE_REVERSE_PROXY" = "yes" ] ; then - replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" "include ${NGINX_PREFIX}reverse-proxy.conf" - replace_in_file "${NGINX_PREFIX}reverse-proxy.conf" "%REVERSE_PROXY_URL%" "$REVERSE_PROXY_URL" - replace_in_file "${NGINX_PREFIX}reverse-proxy.conf" "%REVERSE_PROXY_HOST%" "$REVERSE_PROXY_HOST" - + i=1 + for var in $(env) ; do + check=$(echo "$var" | grep "^REVERSE_PROXY_URL") + if [ "$check" != "" ] ; then + name=$(echo "$var" | cut -d '=' -f 1) + value=$(echo "$var" | sed "s/${name}//") + host=$(echo "$name" | sed "s/URL/HOST//") + cp "${NGINX_PREFIX}reverse-proxy.conf" "${NGINX_PREFIX}reverse-proxy-${i}.conf" + replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_URL%" "$value" + replace_in_file "${NGINX_PREFIX}reverse-proxy.${i}conf" "%REVERSE_PROXY_HOST%" "${!host}" + i=$(($i + 1)) + fi + done + replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" "include ${NGINX_PREFIX}reverse-proxy-*.conf" else replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" "" fi diff --git a/examples/basic-website-with-php/docker-compose.yml b/examples/basic-website-with-php/docker-compose.yml index d3d6431..73eaaab 100644 --- a/examples/basic-website-with-php/docker-compose.yml +++ b/examples/basic-website-with-php/docker-compose.yml @@ -9,7 +9,7 @@ services: - 80:8080 - 443:8443 volumes: - - ./web-files:/www + - ./web-files:/www:ro - ./letsencrypt:/etc/letsencrypt environment: - SERVER_NAME=www.website.com # replace with your domain @@ -17,6 +17,8 @@ services: - REDIRECT_HTTP_TO_HTTPS=yes - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes - REMOTE_PHP=myphp - REMOTE_PHP_PATH=/app diff --git a/examples/behind-traefik/docker-compose.yml b/examples/behind-traefik/docker-compose.yml index aecb85b..042e4a8 100644 --- a/examples/behind-traefik/docker-compose.yml +++ b/examples/behind-traefik/docker-compose.yml @@ -12,43 +12,70 @@ services: - /var/run/docker.sock:/var/run/docker.sock - ./traefik/traefik.toml:/traefik.toml - ./traefik/acme.json:/acme.json + networks: + - netwww1 + - netwww2 mywww1: image: bunkerity/bunkerized-nginx restart: always volumes: - - ./web1:/www + - ./web1:/www:ro environment: + - SERVER_NAME=app1.website.com - PROXY_REAL_IP=yes + - USE_CLIENT_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes - REMOTE_PHP=myphp1 - REMOTE_PHP_PATH=/app labels: - 'traefik.enable=true' - 'traefik.port=8080' - 'traefik.frontend.rule=Host:app1.website.com' # replace with your domain + networks: + - netwww1 + - netphp1 mywww2: image: bunkerity/bunkerized-nginx restart: always volumes: - - ./web2:/www + - ./web2:/www:ro environment: + - SERVER_NAME=app2.website.com - PROXY_REAL_IP=yes + - USE_CLIENT_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes - REMOTE_PHP=myphp2 - REMOTE_PHP_PATH=/app labels: - 'traefik.enable=true' - 'traefik.port=8080' - 'traefik.frontend.rule=Host:app2.website.com' # replace with your domain + networks: + - netwww2 + - netphp2 myphp1: image: php:fpm restart: always volumes: - ./web1:/app + networks: + - netphp1 myphp2: image: php:fpm restart: always volumes: - ./web2:/app + networks: + - netphp2 + + networks: + netwww1: + netwww2: + netphp1: + netphp2: diff --git a/examples/load-balancer/docker-compose.yml b/examples/load-balancer/docker-compose.yml index 8b1e279..4b2dca9 100644 --- a/examples/load-balancer/docker-compose.yml +++ b/examples/load-balancer/docker-compose.yml @@ -10,14 +10,19 @@ services: - 443:8443 volumes: - ./letsencrypt:/etc/letsencrypt - - ./http-confs:/http-confs - - ./server-confs:/server-confs + - ./http-confs:/http-confs:ro environment: - SERVER_NAME=www.website.com # replace with your domain - SERVE_FILES=no - DISABLE_DEFAULT_SERVER=yes - REDIRECT_HTTP_TO_HTTPS=yes - AUTO_LETS_ENCRYPT=yes + - USE_PROXY_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes + - USE_REVERSE_PROXY=yes + - REVERSE_PROXY_URL=/ + - REVERSE_PROXY_HOST=http://app app1: build: js-app diff --git a/examples/moodle/docker-compose.yml b/examples/moodle/docker-compose.yml index 03e4d3b..3398aa5 100644 --- a/examples/moodle/docker-compose.yml +++ b/examples/moodle/docker-compose.yml @@ -10,13 +10,19 @@ services: - 443:8443 volumes: - ./letsencrypt:/etc/letsencrypt - - ./server-confs:/server-confs # custom confs to reverse proxy to moodle environment: - SERVER_NAME=www.website.com # replace with your domain - AUTO_LETS_ENCRYPT=yes - REDIRECT_HTTP_TO_HTTPS=yes - DISABLE_DEFAULT_SERVER=yes - MAX_CLIENT_SIZE=50m + - SERVE_FILES=no + - USE_PROXY_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes + - USE_REVERSE_PROXY=yes + - REVERSE_PROXY_URL=/ + - REVERSE_PROXY_HOST=https://mymoodle:8443 mymoodle: image: bitnami/moodle diff --git a/examples/moodle/server-confs/reverse-proxy.conf b/examples/moodle/server-confs/reverse-proxy.conf deleted file mode 100644 index 5cac16a..0000000 --- a/examples/moodle/server-confs/reverse-proxy.conf +++ /dev/null @@ -1,6 +0,0 @@ -proxy_set_header Host $host; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - -location / { - proxy_pass https://mymoodle:8443; -} diff --git a/examples/multisite-basic/docker-compose.yml b/examples/multisite-basic/docker-compose.yml index 549c4b0..6296c0d 100644 --- a/examples/multisite-basic/docker-compose.yml +++ b/examples/multisite-basic/docker-compose.yml @@ -9,9 +9,8 @@ services: - 80:8080 - 443:8443 volumes: - - ./web-files:/www + - ./web-files:/www:ro - ./letsencrypt:/etc/letsencrypt - - ./server-confs:/server-confs environment: - SERVER_NAME=app1.website.com app2.website.com app3.website.com # replace with your domains - MULTISITE=yes @@ -19,12 +18,18 @@ services: - REDIRECT_HTTP_TO_HTTPS=yes - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes - app1.website.com_REMOTE_PHP=myapp1 - app1.website.com_REMOTE_PHP_PATH=/app - app2.website.com_REMOTE_PHP=myapp2 - app2.website.com_REMOTE_PHP_PATH=/app - app3.website.com_SERVE_FILES=no - app3.website.com_USE_CLIENT_CACHE=no + - app3.website.com_USE_PROXY_CACHE=yes + - app3.website.com_USE_REVERSE_PROXY=yes + - app3.website.com_REVERSE_PROXY_URL=/ + - app3.website.com_REVERSE_PROXY_HOST=http://myapp3:3000 networks: - net1 - net2 diff --git a/examples/multisite-complex/docker-compose.yml b/examples/multisite-custom-server-confs/docker-compose.yml similarity index 92% rename from examples/multisite-complex/docker-compose.yml rename to examples/multisite-custom-server-confs/docker-compose.yml index 3619e36..027bbff 100644 --- a/examples/multisite-complex/docker-compose.yml +++ b/examples/multisite-custom-server-confs/docker-compose.yml @@ -9,11 +9,11 @@ services: - 80:8080 - 443:8443 volumes: - - ./web-files:/www + - ./web-files:/www:ro - ./letsencrypt:/etc/letsencrypt - - ./server-confs:/server-confs - - ./modsec-confs:/modsec-confs - - ./modsec-crs-confs:/modsec-crs-conf + - ./server-confs:/server-confs:ro + - ./modsec-confs:/modsec-confs:ro + - ./modsec-crs-confs:/modsec-crs-conf:ro environment: - SERVER_NAME=wp.website.com nc.website.com # replace with your domains - MULTISITE=yes @@ -21,6 +21,8 @@ services: - REDIRECT_HTTP_TO_HTTPS=yes - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes - wp.website.com_REMOTE_PHP=mywp - wp.website.com_REMOTE_PHP_PATH=/var/www/html - nc.website.com_REMOTE_PHP=mync diff --git a/examples/multisite-complex/modsec-confs/nc.website.com/nextcloud.conf b/examples/multisite-custom-server-confs/modsec-confs/nc.website.com/nextcloud.conf similarity index 100% rename from examples/multisite-complex/modsec-confs/nc.website.com/nextcloud.conf rename to examples/multisite-custom-server-confs/modsec-confs/nc.website.com/nextcloud.conf diff --git a/examples/multisite-complex/modsec-crs-confs/nc.website.com/nextcloud.conf b/examples/multisite-custom-server-confs/modsec-crs-confs/nc.website.com/nextcloud.conf similarity index 100% rename from examples/multisite-complex/modsec-crs-confs/nc.website.com/nextcloud.conf rename to examples/multisite-custom-server-confs/modsec-crs-confs/nc.website.com/nextcloud.conf diff --git a/examples/multisite-complex/modsec-crs-confs/wp.website.com/wordpress.conf b/examples/multisite-custom-server-confs/modsec-crs-confs/wp.website.com/wordpress.conf similarity index 100% rename from examples/multisite-complex/modsec-crs-confs/wp.website.com/wordpress.conf rename to examples/multisite-custom-server-confs/modsec-crs-confs/wp.website.com/wordpress.conf diff --git a/examples/multisite-complex/server-confs/nc.website.com/nextcloud.conf b/examples/multisite-custom-server-confs/server-confs/nc.website.com/nextcloud.conf similarity index 100% rename from examples/multisite-complex/server-confs/nc.website.com/nextcloud.conf rename to examples/multisite-custom-server-confs/server-confs/nc.website.com/nextcloud.conf diff --git a/examples/multisite-complex/server-confs/wp.website.com/permalinks.conf b/examples/multisite-custom-server-confs/server-confs/wp.website.com/permalinks.conf similarity index 100% rename from examples/multisite-complex/server-confs/wp.website.com/permalinks.conf rename to examples/multisite-custom-server-confs/server-confs/wp.website.com/permalinks.conf diff --git a/examples/nextcloud/docker-compose.yml b/examples/nextcloud/docker-compose.yml index 318bb8c..e10a0a6 100644 --- a/examples/nextcloud/docker-compose.yml +++ b/examples/nextcloud/docker-compose.yml @@ -9,11 +9,11 @@ services: - 80:8080 - 443:8443 volumes: - - ./nc-files:/www + - ./nc-files:/www:ro - ./letsencrypt:/etc/letsencrypt - - ./server-confs:/server-confs # custom nginx confs at server context to make Nextcloud working - - ./modsec-crs-confs:/modsec-crs-confs # custom Core Rule Set confs to add Nextcloud exclusions - - ./modsec-confs:/modsec-confs # disable some false positive + - ./server-confs:/server-confs:ro # custom nginx confs at server context to make Nextcloud working + - ./modsec-crs-confs:/modsec-crs-confs:ro # custom Core Rule Set confs to add Nextcloud exclusions + - ./modsec-confs:/modsec-confs:ro # disable some false positive environment: - SERVER_NAME=www.website.com # replace with your domain - AUTO_LETS_ENCRYPT=yes @@ -27,6 +27,9 @@ services: - LIMIT_REQ_BURST=60 - ALLOWED_METHODS=GET|POST|HEAD|PROPFIND|DELETE|PUT|MKCOL|MOVE|COPY|PROPPATCH|REPORT - X_FRAME_OPTIONS=SAMEORIGIN + - USE_CLIENT_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes mync: image: nextcloud:stable-fpm diff --git a/examples/passbolt/docker-compose.yml b/examples/passbolt/docker-compose.yml index b09d4ae..0e3281a 100644 --- a/examples/passbolt/docker-compose.yml +++ b/examples/passbolt/docker-compose.yml @@ -10,25 +10,31 @@ services: - 443:8443 volumes: - ./letsencrypt:/etc/letsencrypt - - ./server-confs:/server-confs # custom confs to reverse proxy to passbolt - - ./modsec-crs-confs:/modsec-crs-confs # disable some false positive - - ./modsec-confs:/modsec-confs # disable some false positive + - ./modsec-crs-confs:/modsec-crs-confs:ro # disable some false positive + - ./modsec-confs:/modsec-confs:ro # disable some false positive environment: - - SERVER_NAME=www.website.com # replace with your domain + - SERVER_NAME=www.website.com # replace with your domain - AUTO_LETS_ENCRYPT=yes - REDIRECT_HTTP_TO_HTTPS=yes - DISABLE_DEFAULT_SERVER=yes - ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE + - SERVE_FILES=no + - USE_PROXY_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes + - USE_REVERSE_PROXY=yes + - REVERSE_PROXY_URL=/ + - REVERSE_PROXY_HOST=https://mypassbolt mypassbolt: image: passbolt/passbolt restart: always environment: - DATASOURCES_DEFAULT_HOST=mydb - - DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) + - DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) - DATASOURCES_DEFAULT_USERNAME=user - DATASOURCES_DEFAULT_DATABASE=passbolt - - APP_FULL_BASE_URL=https://www.website.com # replace with your URL + - APP_FULL_BASE_URL=https://www.website.com # replace with your URL mydb: image: mariadb @@ -36,7 +42,7 @@ services: volumes: - ./db-data:/var/lib/mysql environment: - - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password + - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password - MYSQL_DATABASE=passbolt - MYSQL_USER=user - - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD) + - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD) diff --git a/examples/passbolt/server-confs/reverse-proxy.conf b/examples/passbolt/server-confs/reverse-proxy.conf deleted file mode 100644 index 50a1b13..0000000 --- a/examples/passbolt/server-confs/reverse-proxy.conf +++ /dev/null @@ -1,7 +0,0 @@ -proxy_set_header Host $host; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - -location / { - proxy_pass https://mypassbolt; -} - diff --git a/examples/reverse-proxy/docker-compose.yml b/examples/reverse-proxy-multisite/docker-compose.yml similarity index 68% rename from examples/reverse-proxy/docker-compose.yml rename to examples/reverse-proxy-multisite/docker-compose.yml index e43529d..fe5a2d8 100644 --- a/examples/reverse-proxy/docker-compose.yml +++ b/examples/reverse-proxy-multisite/docker-compose.yml @@ -10,13 +10,21 @@ services: - 443:8443 volumes: - ./letsencrypt:/etc/letsencrypt - - ./server-confs:/server-confs environment: - - SERVER_NAME=app1.website.com app2.website.com # replace with your domains + - USE_MULTISITE=yes + - SERVER_NAME=app1.website.com app2.website.com # replace with your domain - SERVE_FILES=no - DISABLE_DEFAULT_SERVER=yes - REDIRECT_HTTP_TO_HTTPS=yes - AUTO_LETS_ENCRYPT=yes + - USE_PROXY_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes + - USE_REVERSE_PROXY=yes + - app1.website.com_REVERSE_PROXY_URL=/ + - app1.website.com_REVERSE_PROXY_HOST=http://app1:3000 + - app2.website.com_REVERSE_PROXY_URL=/ + - app2.website.com_REVERSE_PROXY_HOST=http://app2 app1: image: node diff --git a/examples/reverse-proxy/js-app/index.js b/examples/reverse-proxy-multisite/js-app/index.js similarity index 100% rename from examples/reverse-proxy/js-app/index.js rename to examples/reverse-proxy-multisite/js-app/index.js diff --git a/examples/reverse-proxy/js-app/package.json b/examples/reverse-proxy-multisite/js-app/package.json similarity index 100% rename from examples/reverse-proxy/js-app/package.json rename to examples/reverse-proxy-multisite/js-app/package.json diff --git a/examples/reverse-proxy-singlesite/docker-compose.yml b/examples/reverse-proxy-singlesite/docker-compose.yml new file mode 100644 index 0000000..a99b7dd --- /dev/null +++ b/examples/reverse-proxy-singlesite/docker-compose.yml @@ -0,0 +1,43 @@ +version: '3' + +services: + + myreverse: + image: bunkerity/bunkerized-nginx + restart: always + ports: + - 80:8080 + - 443:8443 + volumes: + - ./letsencrypt:/etc/letsencrypt + environment: + - SERVER_NAME=www.website.com # replace with your domain + - SERVE_FILES=no + - DISABLE_DEFAULT_SERVER=yes + - REDIRECT_HTTP_TO_HTTPS=yes + - AUTO_LETS_ENCRYPT=yes + - USE_PROXY_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes + - USE_REVERSE_PROXY=yes + - REVERSE_PROXY_URL_1=/app1 + - REVERSE_PROXY_HOST_1=http://app1:3000 + - REVERSE_PROXY_URL_2=/app2 + - REVERSE_PROXY_HOST_2=http://app2 + + app1: + image: node + restart: always + working_dir: /home/node/app + volumes: + - ./js-app:/home/node/app + environment: + - NODE_ENV=production + command: bash -c "npm install express && node index.js" + + app2: + image: phpmyadmin:apache + restart: always + environment: + - PMA_ARBITRARY=1 + - PMA_ABSOLUTE_URI=https://www.website.com/app2 # replace with your absolute URI diff --git a/examples/reverse-proxy-singlesite/js-app/index.js b/examples/reverse-proxy-singlesite/js-app/index.js new file mode 100644 index 0000000..35fb70b --- /dev/null +++ b/examples/reverse-proxy-singlesite/js-app/index.js @@ -0,0 +1,12 @@ +const express = require('express') +const app = express() +const port = 3000 + +app.get('/', (req, res) => { + res.send('Hello World!') +}) + +app.listen(port, () => { + console.log(`Example app listening at http://localhost:${port}`) +}) + diff --git a/examples/reverse-proxy-singlesite/js-app/package.json b/examples/reverse-proxy-singlesite/js-app/package.json new file mode 100644 index 0000000..8f2840d --- /dev/null +++ b/examples/reverse-proxy-singlesite/js-app/package.json @@ -0,0 +1,14 @@ +{ + "name": "js-app", + "version": "1.0.0", + "description": "demo", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "dependencies": { + "express": "^4.17.1" + } +} diff --git a/examples/reverse-proxy/server-confs/reverse-proxy.conf b/examples/reverse-proxy/server-confs/reverse-proxy.conf deleted file mode 100644 index 1aa4fa2..0000000 --- a/examples/reverse-proxy/server-confs/reverse-proxy.conf +++ /dev/null @@ -1,12 +0,0 @@ -proxy_set_header Host $host; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - -location / { - if ($host = app1.website.com) { - proxy_pass http://app1:3000; - } - - if ($host = app2.website.com) { - proxy_pass http://app2; - } -} diff --git a/examples/tomcat/docker-compose.yml b/examples/tomcat/docker-compose.yml index ea9d186..c3997c9 100644 --- a/examples/tomcat/docker-compose.yml +++ b/examples/tomcat/docker-compose.yml @@ -10,13 +10,18 @@ services: - 443:8443 volumes: - ./letsencrypt:/etc/letsencrypt - - ./server-confs:/server-confs environment: - - SERVER_NAME=app1.website.com # replace with your domain + - SERVER_NAME=www.website.com # replace with your domain - SERVE_FILES=no - DISABLE_DEFAULT_SERVER=yes - REDIRECT_HTTP_TO_HTTPS=yes - AUTO_LETS_ENCRYPT=yes + - USE_PROXY_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes + - USE_REVERSE_PROXY=yes + - REVERSE_PROXY_URL=/ + - REVERSE_PROXY_HOST=http://mytomcat:8080/sample mytomcat: image: tomcat diff --git a/examples/tor-hidden-service/docker-compose.yml b/examples/tor-hidden-service/docker-compose.yml index 5764788..fa8d66b 100644 --- a/examples/tor-hidden-service/docker-compose.yml +++ b/examples/tor-hidden-service/docker-compose.yml @@ -15,7 +15,7 @@ services: image: bunkerity/bunkerized-nginx restart: always volumes: - - ./web-files:/www + - ./web-files:/www:ro environment: - BLOCK_TOR_EXIT_NODE=no - BLOCK_ABUSERS=no @@ -28,6 +28,8 @@ services: - USE_BLACKLIST_REVERSE=no - USE_FAIL2BAN=no - USE_CLIENT_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes - REMOTE_PHP=myphp - REMOTE_PHP_PATH=/app diff --git a/examples/wordpress/docker-compose.yml b/examples/wordpress/docker-compose.yml index f158ae2..1f230d9 100644 --- a/examples/wordpress/docker-compose.yml +++ b/examples/wordpress/docker-compose.yml @@ -9,17 +9,19 @@ services: - 80:8080 - 443:8443 volumes: - - ./wp-files:/www + - ./wp-files:/www:ro - ./letsencrypt:/etc/letsencrypt - - ./server-confs:/server-confs # custom confs at server context for permalinks - - ./modsec-crs-confs:/modsec-crs-confs # custom Core Rule Set confs to add Wordpress exclusions + - ./server-confs:/server-confs:ro # custom confs at server context for permalinks + - ./modsec-crs-confs:/modsec-crs-confs:ro # custom Core Rule Set confs to add Wordpress exclusions environment: - - SERVER_NAME=www.website.com # replace with your domain + - SERVER_NAME=www.website.com # replace with your domain - AUTO_LETS_ENCRYPT=yes - REDIRECT_HTTP_TO_HTTPS=yes - DISABLE_DEFAULT_SERVER=yes - MAX_CLIENT_SIZE=50m - USE_CLIENT_CACHE=yes + - USE_GZIP=yes + - USE_BROTLI=yes - REMOTE_PHP=mywp - REMOTE_PHP_PATH=/var/www/html @@ -32,8 +34,8 @@ services: - WORDPRESS_DB_HOST=mydb - WORDPRESS_DB_NAME=wp - WORDPRESS_DB_USER=user - - WORDPRESS_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) - - WORDPRESS_TABLE_PREFIX=prefix_ # best practice : replace with a random prefix + - WORDPRESS_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) + - WORDPRESS_TABLE_PREFIX=prefix_ # best practice : replace with a random prefix mydb: image: mariadb @@ -41,7 +43,7 @@ services: volumes: - ./db-data:/var/lib/mysql environment: - - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password + - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password - MYSQL_DATABASE=wp - MYSQL_USER=user - - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD) + - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)