examples update and multiple REVERSE_PROXY_* on single site
This commit is contained in:
bunkerity
@@ -9,7 +9,7 @@ services:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./web-files:/www
|
||||
- ./web-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
environment:
|
||||
- SERVER_NAME=www.website.com # replace with your domain
|
||||
@@ -17,6 +17,8 @@ services:
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
- REMOTE_PHP=myphp
|
||||
- REMOTE_PHP_PATH=/app
|
||||
|
||||
|
||||
@@ -12,43 +12,70 @@ services:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./traefik/traefik.toml:/traefik.toml
|
||||
- ./traefik/acme.json:/acme.json
|
||||
networks:
|
||||
- netwww1
|
||||
- netwww2
|
||||
|
||||
mywww1:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web1:/www
|
||||
- ./web1:/www:ro
|
||||
environment:
|
||||
- SERVER_NAME=app1.website.com
|
||||
- PROXY_REAL_IP=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
- REMOTE_PHP=myphp1
|
||||
- REMOTE_PHP_PATH=/app
|
||||
labels:
|
||||
- 'traefik.enable=true'
|
||||
- 'traefik.port=8080'
|
||||
- 'traefik.frontend.rule=Host:app1.website.com' # replace with your domain
|
||||
networks:
|
||||
- netwww1
|
||||
- netphp1
|
||||
|
||||
mywww2:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web2:/www
|
||||
- ./web2:/www:ro
|
||||
environment:
|
||||
- SERVER_NAME=app2.website.com
|
||||
- PROXY_REAL_IP=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
- REMOTE_PHP=myphp2
|
||||
- REMOTE_PHP_PATH=/app
|
||||
labels:
|
||||
- 'traefik.enable=true'
|
||||
- 'traefik.port=8080'
|
||||
- 'traefik.frontend.rule=Host:app2.website.com' # replace with your domain
|
||||
networks:
|
||||
- netwww2
|
||||
- netphp2
|
||||
|
||||
myphp1:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web1:/app
|
||||
networks:
|
||||
- netphp1
|
||||
|
||||
myphp2:
|
||||
image: php:fpm
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web2:/app
|
||||
networks:
|
||||
- netphp2
|
||||
|
||||
networks:
|
||||
netwww1:
|
||||
netwww2:
|
||||
netphp1:
|
||||
netphp2:
|
||||
|
||||
@@ -10,14 +10,19 @@ services:
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./http-confs:/http-confs
|
||||
- ./server-confs:/server-confs
|
||||
- ./http-confs:/http-confs:ro
|
||||
environment:
|
||||
- SERVER_NAME=www.website.com # replace with your domain
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- USE_PROXY_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://app
|
||||
|
||||
app1:
|
||||
build: js-app
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location / {
|
||||
proxy_pass http://app;
|
||||
}
|
||||
@@ -10,13 +10,19 @@ services:
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./server-confs:/server-confs # custom confs to reverse proxy to moodle
|
||||
environment:
|
||||
- SERVER_NAME=www.website.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- MAX_CLIENT_SIZE=50m
|
||||
- SERVE_FILES=no
|
||||
- USE_PROXY_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=https://mymoodle:8443
|
||||
|
||||
mymoodle:
|
||||
image: bitnami/moodle
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location / {
|
||||
proxy_pass https://mymoodle:8443;
|
||||
}
|
||||
@@ -9,9 +9,8 @@ services:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./web-files:/www
|
||||
- ./web-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./server-confs:/server-confs
|
||||
environment:
|
||||
- SERVER_NAME=app1.website.com app2.website.com app3.website.com # replace with your domains
|
||||
- MULTISITE=yes
|
||||
@@ -19,12 +18,18 @@ services:
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
- app1.website.com_REMOTE_PHP=myapp1
|
||||
- app1.website.com_REMOTE_PHP_PATH=/app
|
||||
- app2.website.com_REMOTE_PHP=myapp2
|
||||
- app2.website.com_REMOTE_PHP_PATH=/app
|
||||
- app3.website.com_SERVE_FILES=no
|
||||
- app3.website.com_USE_CLIENT_CACHE=no
|
||||
- app3.website.com_USE_PROXY_CACHE=yes
|
||||
- app3.website.com_USE_REVERSE_PROXY=yes
|
||||
- app3.website.com_REVERSE_PROXY_URL=/
|
||||
- app3.website.com_REVERSE_PROXY_HOST=http://myapp3:3000
|
||||
networks:
|
||||
- net1
|
||||
- net2
|
||||
|
||||
@@ -9,11 +9,11 @@ services:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./web-files:/www
|
||||
- ./web-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./server-confs:/server-confs
|
||||
- ./modsec-confs:/modsec-confs
|
||||
- ./modsec-crs-confs:/modsec-crs-conf
|
||||
- ./server-confs:/server-confs:ro
|
||||
- ./modsec-confs:/modsec-confs:ro
|
||||
- ./modsec-crs-confs:/modsec-crs-conf:ro
|
||||
environment:
|
||||
- SERVER_NAME=wp.website.com nc.website.com # replace with your domains
|
||||
- MULTISITE=yes
|
||||
@@ -21,6 +21,8 @@ services:
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
- wp.website.com_REMOTE_PHP=mywp
|
||||
- wp.website.com_REMOTE_PHP_PATH=/var/www/html
|
||||
- nc.website.com_REMOTE_PHP=mync
|
||||
@@ -9,11 +9,11 @@ services:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./nc-files:/www
|
||||
- ./nc-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./server-confs:/server-confs # custom nginx confs at server context to make Nextcloud working
|
||||
- ./modsec-crs-confs:/modsec-crs-confs # custom Core Rule Set confs to add Nextcloud exclusions
|
||||
- ./modsec-confs:/modsec-confs # disable some false positive
|
||||
- ./server-confs:/server-confs:ro # custom nginx confs at server context to make Nextcloud working
|
||||
- ./modsec-crs-confs:/modsec-crs-confs:ro # custom Core Rule Set confs to add Nextcloud exclusions
|
||||
- ./modsec-confs:/modsec-confs:ro # disable some false positive
|
||||
environment:
|
||||
- SERVER_NAME=www.website.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
@@ -27,6 +27,9 @@ services:
|
||||
- LIMIT_REQ_BURST=60
|
||||
- ALLOWED_METHODS=GET|POST|HEAD|PROPFIND|DELETE|PUT|MKCOL|MOVE|COPY|PROPPATCH|REPORT
|
||||
- X_FRAME_OPTIONS=SAMEORIGIN
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
|
||||
mync:
|
||||
image: nextcloud:stable-fpm
|
||||
|
||||
@@ -10,25 +10,31 @@ services:
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./server-confs:/server-confs # custom confs to reverse proxy to passbolt
|
||||
- ./modsec-crs-confs:/modsec-crs-confs # disable some false positive
|
||||
- ./modsec-confs:/modsec-confs # disable some false positive
|
||||
- ./modsec-crs-confs:/modsec-crs-confs:ro # disable some false positive
|
||||
- ./modsec-confs:/modsec-confs:ro # disable some false positive
|
||||
environment:
|
||||
- SERVER_NAME=www.website.com # replace with your domain
|
||||
- SERVER_NAME=www.website.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE
|
||||
- SERVE_FILES=no
|
||||
- USE_PROXY_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=https://mypassbolt
|
||||
|
||||
mypassbolt:
|
||||
image: passbolt/passbolt
|
||||
restart: always
|
||||
environment:
|
||||
- DATASOURCES_DEFAULT_HOST=mydb
|
||||
- DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- DATASOURCES_DEFAULT_USERNAME=user
|
||||
- DATASOURCES_DEFAULT_DATABASE=passbolt
|
||||
- APP_FULL_BASE_URL=https://www.website.com # replace with your URL
|
||||
- APP_FULL_BASE_URL=https://www.website.com # replace with your URL
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
@@ -36,7 +42,7 @@ services:
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=passbolt
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD)
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD)
|
||||
|
||||
@@ -1,7 +0,0 @@
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location / {
|
||||
proxy_pass https://mypassbolt;
|
||||
}
|
||||
|
||||
@@ -10,13 +10,21 @@ services:
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./server-confs:/server-confs
|
||||
environment:
|
||||
- SERVER_NAME=app1.website.com app2.website.com # replace with your domains
|
||||
- USE_MULTISITE=yes
|
||||
- SERVER_NAME=app1.website.com app2.website.com # replace with your domain
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- USE_PROXY_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- app1.website.com_REVERSE_PROXY_URL=/
|
||||
- app1.website.com_REVERSE_PROXY_HOST=http://app1:3000
|
||||
- app2.website.com_REVERSE_PROXY_URL=/
|
||||
- app2.website.com_REVERSE_PROXY_HOST=http://app2
|
||||
|
||||
app1:
|
||||
image: node
|
||||
43
examples/reverse-proxy-singlesite/docker-compose.yml
Normal file
43
examples/reverse-proxy-singlesite/docker-compose.yml
Normal file
@@ -0,0 +1,43 @@
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
myreverse:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
environment:
|
||||
- SERVER_NAME=www.website.com # replace with your domain
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- USE_PROXY_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL_1=/app1
|
||||
- REVERSE_PROXY_HOST_1=http://app1:3000
|
||||
- REVERSE_PROXY_URL_2=/app2
|
||||
- REVERSE_PROXY_HOST_2=http://app2
|
||||
|
||||
app1:
|
||||
image: node
|
||||
restart: always
|
||||
working_dir: /home/node/app
|
||||
volumes:
|
||||
- ./js-app:/home/node/app
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
command: bash -c "npm install express && node index.js"
|
||||
|
||||
app2:
|
||||
image: phpmyadmin:apache
|
||||
restart: always
|
||||
environment:
|
||||
- PMA_ARBITRARY=1
|
||||
- PMA_ABSOLUTE_URI=https://www.website.com/app2 # replace with your absolute URI
|
||||
12
examples/reverse-proxy-singlesite/js-app/index.js
Normal file
12
examples/reverse-proxy-singlesite/js-app/index.js
Normal file
@@ -0,0 +1,12 @@
|
||||
const express = require('express')
|
||||
const app = express()
|
||||
const port = 3000
|
||||
|
||||
app.get('/', (req, res) => {
|
||||
res.send('Hello World!')
|
||||
})
|
||||
|
||||
app.listen(port, () => {
|
||||
console.log(`Example app listening at http://localhost:${port}`)
|
||||
})
|
||||
|
||||
14
examples/reverse-proxy-singlesite/js-app/package.json
Normal file
14
examples/reverse-proxy-singlesite/js-app/package.json
Normal file
@@ -0,0 +1,14 @@
|
||||
{
|
||||
"name": "js-app",
|
||||
"version": "1.0.0",
|
||||
"description": "demo",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
"test": "echo \"Error: no test specified\" && exit 1"
|
||||
},
|
||||
"author": "",
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"express": "^4.17.1"
|
||||
}
|
||||
}
|
||||
@@ -1,12 +0,0 @@
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location / {
|
||||
if ($host = app1.website.com) {
|
||||
proxy_pass http://app1:3000;
|
||||
}
|
||||
|
||||
if ($host = app2.website.com) {
|
||||
proxy_pass http://app2;
|
||||
}
|
||||
}
|
||||
@@ -10,13 +10,18 @@ services:
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./server-confs:/server-confs
|
||||
environment:
|
||||
- SERVER_NAME=app1.website.com # replace with your domain
|
||||
- SERVER_NAME=www.website.com # replace with your domain
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- USE_PROXY_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://mytomcat:8080/sample
|
||||
|
||||
mytomcat:
|
||||
image: tomcat
|
||||
|
||||
@@ -15,7 +15,7 @@ services:
|
||||
image: bunkerity/bunkerized-nginx
|
||||
restart: always
|
||||
volumes:
|
||||
- ./web-files:/www
|
||||
- ./web-files:/www:ro
|
||||
environment:
|
||||
- BLOCK_TOR_EXIT_NODE=no
|
||||
- BLOCK_ABUSERS=no
|
||||
@@ -28,6 +28,8 @@ services:
|
||||
- USE_BLACKLIST_REVERSE=no
|
||||
- USE_FAIL2BAN=no
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
- REMOTE_PHP=myphp
|
||||
- REMOTE_PHP_PATH=/app
|
||||
|
||||
|
||||
@@ -9,17 +9,19 @@ services:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
volumes:
|
||||
- ./wp-files:/www
|
||||
- ./wp-files:/www:ro
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
- ./server-confs:/server-confs # custom confs at server context for permalinks
|
||||
- ./modsec-crs-confs:/modsec-crs-confs # custom Core Rule Set confs to add Wordpress exclusions
|
||||
- ./server-confs:/server-confs:ro # custom confs at server context for permalinks
|
||||
- ./modsec-crs-confs:/modsec-crs-confs:ro # custom Core Rule Set confs to add Wordpress exclusions
|
||||
environment:
|
||||
- SERVER_NAME=www.website.com # replace with your domain
|
||||
- SERVER_NAME=www.website.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- MAX_CLIENT_SIZE=50m
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_BROTLI=yes
|
||||
- REMOTE_PHP=mywp
|
||||
- REMOTE_PHP_PATH=/var/www/html
|
||||
|
||||
@@ -32,8 +34,8 @@ services:
|
||||
- WORDPRESS_DB_HOST=mydb
|
||||
- WORDPRESS_DB_NAME=wp
|
||||
- WORDPRESS_DB_USER=user
|
||||
- WORDPRESS_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- WORDPRESS_TABLE_PREFIX=prefix_ # best practice : replace with a random prefix
|
||||
- WORDPRESS_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- WORDPRESS_TABLE_PREFIX=prefix_ # best practice : replace with a random prefix
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
@@ -41,7 +43,7 @@ services:
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=wp
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)
|
||||
|
||||
Reference in New Issue
Block a user