From 8f258486ef0f5003f1ae1b2cff028c7974dd3642 Mon Sep 17 00:00:00 2001 From: florian Date: Sat, 2 Jul 2022 20:47:57 +0200 Subject: [PATCH] fix multiple CVE with curl/libcurl and add autoconf/docker CUSTOM_CONF configs examples --- Dockerfile | 2 + examples/autoconf-configs/docker-compose.yml | 68 ++++++++++++++++++++ examples/docker-configs/docker-compose.yml | 65 +++++++++++++++++++ tests/autoconf.sh | 3 + tests/docker.sh | 3 + 5 files changed, 141 insertions(+) create mode 100644 examples/autoconf-configs/docker-compose.yml create mode 100644 examples/docker-configs/docker-compose.yml diff --git a/Dockerfile b/Dockerfile index 6bf0ca294..e288cf7af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -74,6 +74,8 @@ RUN apk add --no-cache bash python3 libgcc libstdc++ openssl git && \ # Fix CVE-2022-27405 and CVE-2022-27406 RUN apk add "freetype>=2.10.4-r3" +# Fix multiple CVE for curl/libcurl +RUN apk add "curl>=7.79.1-r2" "libcurl>=7.79.1-r2" VOLUME /data diff --git a/examples/autoconf-configs/docker-compose.yml b/examples/autoconf-configs/docker-compose.yml new file mode 100644 index 000000000..c3b2164d1 --- /dev/null +++ b/examples/autoconf-configs/docker-compose.yml @@ -0,0 +1,68 @@ +version: '3' + +services: + + myapp1: + image: tutum/hello-world + networks: + bw-services: + aliases: + - myapp1 + labels: + - "bunkerweb.SERVER_NAME=app1.example.com" # replace with your domain + - "bunkerweb.USE_REVERSE_PROXY=yes" + - "bunkerweb.REVERSE_PROXY_URL=/" + - "bunkerweb.REVERSE_PROXY_HOST=http://myapp1" + - | + CUSTOM_CONF_SERVER_HTTP_example= + location /hello { + default_type 'text/plain'; + content_by_lua_block { + ngx.say('hello app1') + } + } + + myapp2: + image: tutum/hello-world + networks: + bw-services: + aliases: + - myapp2 + labels: + - "bunkerweb.SERVER_NAME=app2.example.com" # replace with your domain + - "bunkerweb.USE_REVERSE_PROXY=yes" + - "bunkerweb.REVERSE_PROXY_URL=/" + - "bunkerweb.REVERSE_PROXY_HOST=http://myapp2" + - | + CUSTOM_CONF_SERVER_HTTP_example= + location /hello { + default_type 'text/plain'; + content_by_lua_block { + ngx.say('hello app2') + } + } + + myapp3: + image: tutum/hello-world + networks: + bw-services: + aliases: + - myapp3 + labels: + - "bunkerweb.SERVER_NAME=app3.example.com" # replace with your domain + - "bunkerweb.USE_REVERSE_PROXY=yes" + - "bunkerweb.REVERSE_PROXY_URL=/" + - "bunkerweb.REVERSE_PROXY_HOST=http://myapp3" + - | + CUSTOM_CONF_SERVER_HTTP_example= + location /hello { + default_type 'text/plain'; + content_by_lua_block { + ngx.say('hello app3') + } + } + +networks: + bw-services: + external: + name: bw-services diff --git a/examples/docker-configs/docker-compose.yml b/examples/docker-configs/docker-compose.yml new file mode 100644 index 000000000..cb0e88eaf --- /dev/null +++ b/examples/docker-configs/docker-compose.yml @@ -0,0 +1,65 @@ +version: "3" + +services: + + mybunker: + image: bunkerity/bunkerweb:1.4.2 + ports: + - 80:8080 + - 443:8443 + # ⚠️ read this if you use local folders for volumes ⚠️ + # bunkerweb runs as an unprivileged user with UID/GID 101 + # don't forget to edit the permissions of the files and folders accordingly + # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder + # or for an existing one : chown -R root:101 folder && chmod -R 770 folder + # more info at https://docs.bunkerweb.io + volumes: + - bw_data:/data + environment: + - MULTISITE=yes + - SERVER_NAME=app1.example.com app2.example.com # replace with your domains + - SERVE_FILES=no + - DISABLE_DEFAULT_SERVER=yes + - AUTO_LETS_ENCRYPT=yes + - USE_CLIENT_CACHE=yes + - USE_GZIP=yes + - USE_REVERSE_PROXY=yes + - app1.example.com_REVERSE_PROXY_URL=/ + - app1.example.com_REVERSE_PROXY_HOST=http://app1 + - app2.example.com_REVERSE_PROXY_URL=/ + - app2.example.com_REVERSE_PROXY_HOST=http://app2 + # global config applied at server context + - | + CUSTOM_CONF_SERVER_HTTP_hello-world= + location /hello { + default_type 'text/plain'; + content_by_lua_block { + ngx.say('world') + } + } + # site configs applied at server context + - | + app1.example.com_CUSTOM_CONF_SERVER_HTTP_dummy= + location /app1 { + default_type 'text/plain'; + content_by_lua_block { + ngx.say('hello app1') + } + } + - | + app2.example.com_CUSTOM_CONF_SERVER_HTTP_dummy= + location /app2 { + default_type 'text/plain'; + content_by_lua_block { + ngx.say('hello app2') + } + } + + myapp1: + image: tutum/hello-world + + myapp2: + image: tutum/hello-world + + volumes: + bw-data: diff --git a/tests/autoconf.sh b/tests/autoconf.sh index 578aafcb4..8bfb6ac0c 100755 --- a/tests/autoconf.sh +++ b/tests/autoconf.sh @@ -102,6 +102,9 @@ single_autoconf_test "autoconf-reverse-proxy" "60" "https://$TEST_DOMAIN1_1 hell # php single_autoconf_test "autoconf-php" "60" "https://$TEST_DOMAIN1_1 app1" "https://$TEST_DOMAIN1_2 app2" "https://$TEST_DOMAIN1_3 app3" +# configs +single_docker_test "autoconf-configs" "60" "https://$TEST_DOMAIN1/hello app1" "https://$TEST_DOMAIN2/hello app2" "https://$TEST_DOMAIN3/hello app3" + # cleanup current_dir="$(pwd)" cd "/tmp/autoconf" diff --git a/tests/docker.sh b/tests/docker.sh index be809b493..02ea2ae30 100755 --- a/tests/docker.sh +++ b/tests/docker.sh @@ -58,6 +58,9 @@ single_docker_test "authelia" "60" "https://$TEST_DOMAIN1_1 authelia" "https://$ # drupal single_docker_test "drupal" "60" "https://$TEST_DOMAIN1 drupal" +# docker configs +single_docker_test "docker-configs" "30" "https://$TEST_DOMAIN1_1/hello world" "https://$TEST_DOMAIN1_2/hello world" "https://$TEST_DOMAIN1/app1 app1" "https://$TEST_DOMAIN1/app2 app2" + # ghost single_docker_test "ghost" "30" "https://$TEST_DOMAIN1 ghost"