diff --git a/examples/authelia/.README.md.swp b/examples/authelia/.README.md.swp
new file mode 100644
index 000000000..bd48a1fde
Binary files /dev/null and b/examples/authelia/.README.md.swp differ
diff --git a/examples/autoconf-php/README.md b/examples/autoconf-php/README.md
index 8ca213b1b..d38d4cc56 100644
--- a/examples/autoconf-php/README.md
+++ b/examples/autoconf-php/README.md
@@ -6,7 +6,7 @@ Quickly deploy PHP app on Docker containers without restarting bunkerized-nginx.
-## Docker
+## Autoconf
First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-php/docker-compose-nginx.yml).
diff --git a/examples/autoconf-reverse-proxy/README.md b/examples/autoconf-reverse-proxy/README.md
new file mode 100644
index 000000000..348b56c82
--- /dev/null
+++ b/examples/autoconf-reverse-proxy/README.md
@@ -0,0 +1,13 @@
+# Autoconf reverse proxy
+
+Quickly deploy web app on Docker containers without restarting bunkerized-nginx.
+
+## Architecture
+
+
+
+## Autoconf
+
+First of all, you need to run bunkerized-nginx and bunkerized-nginx-autoconf : see [docker-compose-nginx.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-nginx.yml).
+
+Then, you can add and remove web apps with special `bunkerized-nginx.*` labels so the configurations are automatically generated : see [docker-compose-apps.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/autoconf-reverse-proxy/docker-compose-apps.yml).
diff --git a/examples/autoconf-reverse-proxy/architecture.png b/examples/autoconf-reverse-proxy/architecture.png
new file mode 100644
index 000000000..f25a83be1
Binary files /dev/null and b/examples/autoconf-reverse-proxy/architecture.png differ
diff --git a/examples/autoconf-reverse-proxy/docker-compose-apps.yml b/examples/autoconf-reverse-proxy/docker-compose-apps.yml
new file mode 100644
index 000000000..56d93e687
--- /dev/null
+++ b/examples/autoconf-reverse-proxy/docker-compose-apps.yml
@@ -0,0 +1,50 @@
+version: '3'
+
+services:
+
+ myapp1:
+ build: js-app
+ restart: always
+ environment:
+ - NODE_ENV=production
+ labels:
+ - "bunkerized-nginx.SERVER_NAME=app1.example.com" # replace with your domain
+ - "bunkerized-nginx.REVERSE_PROXY_URL=/"
+ - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp1:3000"
+ networks:
+ myappnet:
+ aliases:
+ - myapp1
+
+ myapp2:
+ build: js-app
+ restart: always
+ environment:
+ - NODE_ENV=production
+ labels:
+ - "bunkerized-nginx.SERVER_NAME=app2.example.com" # replace with your domain
+ - "bunkerized-nginx.REVERSE_PROXY_URL=/"
+ - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2:3000"
+ networks:
+ myappnet:
+ aliases:
+ - myapp2
+
+ myapp3:
+ build: js-app
+ restart: always
+ environment:
+ - NODE_ENV=production
+ labels:
+ - "bunkerized-nginx.SERVER_NAME=app3.example.com" # replace with your domain
+ - "bunkerized-nginx.REVERSE_PROXY_URL=/"
+ - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp3:3000"
+ networks:
+ myappnet:
+ aliases:
+ - myapp3
+
+networks:
+ myphpnet:
+ external:
+ name: myphpnet
diff --git a/examples/autoconf-reverse-proxy/docker-compose-nginx.yml b/examples/autoconf-reverse-proxy/docker-compose-nginx.yml
new file mode 100644
index 000000000..957e82f8d
--- /dev/null
+++ b/examples/autoconf-reverse-proxy/docker-compose-nginx.yml
@@ -0,0 +1,45 @@
+version: '3'
+
+services:
+
+ mywww:
+ image: bunkerity/bunkerized-nginx
+ restart: always
+ ports:
+ - 80:8080
+ - 443:8443
+ # bunkerized-nginx runs as an unprivileged user with UID/GID 101
+ # don't forget to edit the permissions of the files and folders accordingly
+ volumes:
+ - ./letsencrypt:/etc/letsencrypt
+ - autoconf:/etc/nginx
+ environment:
+ - SERVER_NAME= # must be left blank if you don't want to setup "static" conf
+ - MULTISITE=yes
+ - AUTO_LETS_ENCRYPT=yes
+ - REDIRECT_HTTP_TO_HTTPS=yes
+ - DISABLE_DEFAULT_SERVER=yes
+ - USE_CLIENT_CACHE=yes
+ - USE_PROXY_CACHE=yes
+ - USE_GZIP=yes
+ - USE_REVERSE_PROXY=yes
+ labels:
+ - "bunkerized-nginx.AUTOCONF"
+ networks:
+ - myappnet
+
+ myautoconf:
+ image: bunkerity/bunkerized-nginx-autoconf
+ restart: always
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ - autoconf:/etc/nginx
+ depends_on:
+ - mywww
+
+volumes:
+ autoconf:
+
+networks:
+ myappnet:
+ name: myappnet
diff --git a/examples/basic-website-with-php/README.md b/examples/basic-website-with-php/README.md
index 9014aeb5a..20c433a3a 100644
--- a/examples/basic-website-with-php/README.md
+++ b/examples/basic-website-with-php/README.md
@@ -2,28 +2,16 @@
This is a basic example for a typical PHP website/app.
+## Architecture
+
+
+
## Docker
-```shell
-$ mkdir letsencrypt
-$ chown root:101 letsencrypt
-$ chmod 770 letsencrypt
-$ chmod 755 web-files
-$ chmod -R 744 web-files/*
-$ docker-compose up
-```
+See [docker-compose.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/basic-website-with-php/docker-compose.yml).
## Linux
-You will need to configure your php-fpm service to listen on localhost with the following directive :
-```conf
-listen = 127.0.0.1:9000
-```
+Please note that you need to install and configure a php-fpm instance on your server.
-```shell
-$ cp variables.env /opt/bunkerized-nginx/variables.env
-$ cp web-files/* /opt/bunkerized-nginx/www
-$ chown -R www-data:www-data /opt/bunkerized-nginx/www/*
-$ chmod -R 774 /opt/bunkerized-nginx/www/*
-$ bunkerized-nginx
-```
+See [variables.env](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/basic-website-with-php/variables.env).
diff --git a/examples/basic-website-with-php/architecture.png b/examples/basic-website-with-php/architecture.png
new file mode 100644
index 000000000..899064a8b
Binary files /dev/null and b/examples/basic-website-with-php/architecture.png differ
diff --git a/examples/behind-traefik/docker-compose.yml b/examples/behind-traefik/docker-compose.yml
deleted file mode 100644
index 54b831799..000000000
--- a/examples/behind-traefik/docker-compose.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-version: '3'
-
-services:
-
- mytraefik:
- image: traefik:v1.7.26
- restart: always
- ports:
- - 80:80
- - 443:443
- # bunkerized-nginx runs as an unprivileged user with UID/GID 101
- # don't forget to edit the permissions of the files and folders accordingly
- volumes:
- - /var/run/docker.sock:/var/run/docker.sock
- - ./traefik/traefik.toml:/traefik.toml
- - ./traefik/acme.json:/acme.json
-
- mywww1:
- image: bunkerity/bunkerized-nginx
- restart: always
- volumes:
- - ./web1:/www:ro
- environment:
- - SERVER_NAME=app1.example.com
- - PROXY_REAL_IP=yes
- - USE_CLIENT_CACHE=yes
- - USE_GZIP=yes
- - REMOTE_PHP=myphp1
- - REMOTE_PHP_PATH=/app
- labels:
- - 'traefik.enable=true'
- - 'traefik.port=8080'
- - 'traefik.frontend.rule=Host:app1.example.com' # replace with your domain
-
- mywww2:
- image: bunkerity/bunkerized-nginx
- restart: always
- volumes:
- - ./web2:/www:ro
- environment:
- - SERVER_NAME=app2.example.com
- - PROXY_REAL_IP=yes
- - USE_CLIENT_CACHE=yes
- - USE_GZIP=yes
- - REMOTE_PHP=myphp2
- - REMOTE_PHP_PATH=/app
- labels:
- - 'traefik.enable=true'
- - 'traefik.port=8080'
- - 'traefik.frontend.rule=Host:app2.example.com' # replace with your domain
-
- myphp1:
- image: php:fpm
- restart: always
- volumes:
- - ./web1:/app
-
- myphp2:
- image: php:fpm
- restart: always
- volumes:
- - ./web2:/app
diff --git a/examples/behind-traefik/traefik/acme.json b/examples/behind-traefik/traefik/acme.json
deleted file mode 100644
index e69de29bb..000000000
diff --git a/examples/behind-traefik/traefik/traefik.toml b/examples/behind-traefik/traefik/traefik.toml
deleted file mode 100644
index 9b535ff0b..000000000
--- a/examples/behind-traefik/traefik/traefik.toml
+++ /dev/null
@@ -1,29 +0,0 @@
-debug = false
-
-logLevel = "ERROR"
-defaultEntryPoints = ["https","http"]
-
-[entryPoints]
- [entryPoints.http]
- address = ":80"
- [entryPoints.http.redirect]
- entryPoint = "https"
- [entryPoints.https]
- address = ":443"
- [entryPoints.https.tls]
-
-[retry]
-
-[docker]
-endpoint = "unix:///var/run/docker.sock"
-domain = "example.com"
-watch = true
-exposedByDefault = false
-
-[acme]
-email = "contact@example.com"
-storage = "acme.json"
-entryPoint = "https"
-onHostRule = true
-[acme.httpChallenge]
-entryPoint = "http"
diff --git a/examples/behind-traefik/web1/index.php b/examples/behind-traefik/web1/index.php
deleted file mode 100644
index 1918c1e08..000000000
--- a/examples/behind-traefik/web1/index.php
+++ /dev/null
@@ -1,5 +0,0 @@
-
diff --git a/examples/behind-traefik/web2/index.php b/examples/behind-traefik/web2/index.php
deleted file mode 100644
index bc4932de5..000000000
--- a/examples/behind-traefik/web2/index.php
+++ /dev/null
@@ -1,5 +0,0 @@
-
diff --git a/examples/traefik-alternative/README.md b/examples/traefik-alternative/README.md
new file mode 100644
index 000000000..cf21c6068
--- /dev/null
+++ b/examples/traefik-alternative/README.md
@@ -0,0 +1,13 @@
+# Traefik alternative
+
+Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. See [documentation](https://doc.traefik.io/traefik/) and [GitHub repo](https://github.com/traefik/traefik) for more information.
+
+You can easily switch from Traefik to bunkerized-nginx if you are more concerned about security.
+
+## Architecture
+
+
+
+## Autoconf
+
+See [docker-compose-bunkerized.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/traefik-alternative/docker-compose-bunkerized.yml) which is the equivalent of [docker-compose-traefik.yml](https://github.com/bunkerity/bunkerized-nginx/blob/master/examples/traefik-alternative/docker-compose-traefik.yml).
diff --git a/examples/traefik-alternative/architecture.png b/examples/traefik-alternative/architecture.png
new file mode 100644
index 000000000..9a3aadd09
Binary files /dev/null and b/examples/traefik-alternative/architecture.png differ
diff --git a/examples/autoconf-reverse-proxy/docker-compose.yml b/examples/traefik-alternative/docker-compose-bunkerized.yml
similarity index 52%
rename from examples/autoconf-reverse-proxy/docker-compose.yml
rename to examples/traefik-alternative/docker-compose-bunkerized.yml
index eac3e28af..e8c61f849 100644
--- a/examples/autoconf-reverse-proxy/docker-compose.yml
+++ b/examples/traefik-alternative/docker-compose-bunkerized.yml
@@ -22,7 +22,6 @@ services:
- USE_CLIENT_CACHE=yes
- USE_PROXY_CACHE=yes
- USE_GZIP=yes
- - USE_REVERSE_PROXY=yes
labels:
- "bunkerized-nginx.AUTOCONF"
@@ -34,39 +33,15 @@ services:
- autoconf:/etc/nginx
depends_on:
- mywww
- - myapp1
- - myapp2
- - myapp3
+ - whoami
- myapp1:
- build: js-app
- restart: always
- environment:
- - NODE_ENV=production
+ whoami:
+ image: "traefik/whoami"
labels:
- - "bunkerized-nginx.SERVER_NAME=app1.example.com" # replace with your domain
+ - "bunkerized-nginx.SERVER_NAME=www.example.com"
+ - "bunkerized-nginx.USE_REVERSE_PROXY=yes"
- "bunkerized-nginx.REVERSE_PROXY_URL=/"
- - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp1:3000"
-
- myapp2:
- build: js-app
- restart: always
- environment:
- - NODE_ENV=production
- labels:
- - "bunkerized-nginx.SERVER_NAME=app2.example.com" # replace with your domain
- - "bunkerized-nginx.REVERSE_PROXY_URL=/"
- - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp2:3000"
-
- myapp3:
- build: js-app
- restart: always
- environment:
- - NODE_ENV=production
- labels:
- - "bunkerized-nginx.SERVER_NAME=app3.example.com" # replace with your domain
- - "bunkerized-nginx.REVERSE_PROXY_URL=/"
- - "bunkerized-nginx.REVERSE_PROXY_HOST=http://myapp3:3000"
+ - "bunkerized-nginx.REVERSE_PROXY_HOST=http://whoami"
volumes:
autoconf:
diff --git a/examples/traefik-alternative/docker-compose-traefik.yml b/examples/traefik-alternative/docker-compose-traefik.yml
new file mode 100644
index 000000000..7641ae2e8
--- /dev/null
+++ b/examples/traefik-alternative/docker-compose-traefik.yml
@@ -0,0 +1,35 @@
+version: "3.3"
+
+services:
+
+ traefik:
+ image: "traefik:v2.4"
+ container_name: "traefik"
+ command:
+ #- "--log.level=DEBUG"
+ - "--api.insecure=true"
+ - "--providers.docker=true"
+ - "--providers.docker.exposedbydefault=false"
+ - "--entrypoints.web.address=:80"
+ - "--entrypoints.websecure.address=:443"
+ - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+ - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+ #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+ - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
+ - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+ ports:
+ - "80:80"
+ - "443:443"
+ - "8080:8080"
+ volumes:
+ - "./letsencrypt:/letsencrypt"
+ - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+ whoami:
+ image: "traefik/whoami"
+ container_name: "simple-service"
+ labels:
+ - "traefik.enable=true"
+ - "traefik.http.routers.whoami.rule=Host(`www.example.com`)"
+ - "traefik.http.routers.whoami.entrypoints=websecure"
+ - "traefik.http.routers.whoami.tls.certresolver=myresolver"