feat: update Drupal examples to include MODSECURITY CRS plugin URL and specify TCP/UDP protocols in Docker Compose

examples/drupal/autoconf.yml

@@ -18,8 +18,8 @@ services:
       - bunkerweb.REVERSE_PROXY_HOST=http://mydrupal
       - bunkerweb.LIMIT_REQ_URL_1=/core/install.php
       - bunkerweb.LIMIT_REQ_RATE_1=5r/s
-      - |
-        CUSTOM_CONF_MODSEC_CRS_drupal=SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_drupal=1"
+      # This is a CRS plugin specific to Drupal
+      - bunkerweb.MODSECURITY_CRS_PLUGIN_URLS=https://github.com/coreruleset/drupal-rule-exclusions-plugin/archive/refs/tags/v1.0.0.tar.gz
 
   mydb:
     image: mariadb:11

examples/drupal/bw-data/configs/modsec-crs/drupal.conf

@@ -1,7 +0,0 @@
-SecAction \
- "id:900130,\
-  phase:1,\
-  nolog,\
-  pass,\
-  t:none,\
-  setvar:tx.crs_exclusions_drupal=1"

examples/drupal/docker-compose.yml

@@ -3,8 +3,9 @@ services:
     image: bunkerity/bunkerweb:1.6.0-beta
     container_name: bunkerweb
     ports:
-      - "80:8080"
-      - "443:8443"
+      - "80:8080/tcp"
+      - "443:8443/tcp"
+      - "443:8443/udp" # for QUIC
     environment:
       API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
     restart: "unless-stopped"
@@ -31,7 +32,7 @@ services:
       USE_REVERSE_PROXY: "yes"
       REVERSE_PROXY_URL: "/"
       REVERSE_PROXY_HOST: "http://mydrupal"
-      CUSTOM_CONF_MODSEC_CRS_drupal: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_drupal=1"'
+      MODSECURITY_CRS_PLUGIN_URLS: "https://github.com/coreruleset/drupal-rule-exclusions-plugin/archive/refs/tags/v1.0.0.tar.gz" # This is a CRS plugin specific to Drupal
       # Once the installation is done, you can remove these lines
       LIMIT_REQ_URL_1: "/core/install.php"
       LIMIT_REQ_RATE_1: "5r/s"

examples/drupal/kubernetes.yml

@@ -6,6 +6,8 @@ metadata:
     bunkerweb.io/AUTO_LETS_ENCRYPT: "yes"
     bunkerweb.io/LIMIT_REQ_URL_1: "/core/install.php"
     bunkerweb.io/LIMIT_REQ_RATE_1: "5r/s"
+    # This is a CRS plugin specific to Drupal
+    bunkerweb.io/www.example.com_MODSECURITY_CRS_PLUGIN_URLS: "https://github.com/coreruleset/drupal-rule-exclusions-plugin/archive/refs/tags/v1.0.0.tar.gz"
 spec:
   rules:
     - host: www.example.com

examples/drupal/setup-linux.sh

@@ -22,5 +22,3 @@ chown -R $user:nginx /var/www/html
 find /var/www/html -type f -exec chmod 0640 {} \;
 find /var/www/html -type d -exec chmod 0750 {} \;
 cd "$current_dir" || exit 1
-cp -r ./bw-data/configs/* /etc/bunkerweb/configs
-chown -R nginx:nginx /etc/bunkerweb/configs

examples/drupal/setup-swarm.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-
-# docker-compose doesn't support assigning labels to configs
-# so we need to create the configs with the CLI
-# bunkerweb.CONFIG_TYPE accepted values are http, stream, server-http, server-stream, default-server-http, modsec and modsec-crs
-# bunkerweb.CONFIG_SITE lets you choose on which web service the config should be applied (MULTISITE mode) and if it's not set, the config will be applied for all services
-# more info at https://docs.bunkerweb.io
-
-# remove configs if existing
-docker config rm cfg_drupal_modsec_crs
-
-# create configs
-docker config create -l bunkerweb.CONFIG_TYPE=modsec-crs -l bunkerweb.CONFIG_SITE=www.example.com cfg_drupal_modsec_crs ./bw-data/configs/modsec-crs/drupal.conf

examples/drupal/swarm.yml

@@ -20,6 +20,8 @@ services:
         - bunkerweb.REVERSE_PROXY_HOST=http://mydrupal
         - bunkerweb.LIMIT_REQ_URL_1=/core/install.php
         - bunkerweb.LIMIT_REQ_RATE_1=5r/s
+        # This is a CRS plugin specific to Drupal
+        - bunkerweb.MODSECURITY_CRS_PLUGIN_URLS=https://github.com/coreruleset/drupal-rule-exclusions-plugin/archive/refs/tags/v1.0.0.tar.gz
 
   mydb:
     image: mariadb:11

examples/drupal/variables.env

@@ -12,3 +12,5 @@ LIMIT_REQ_URL_1=/core/install.php
 LIMIT_REQ_RATE_1=5r/s
 LOCAL_PHP=/run/php/php-fpm.sock
 LOCAL_PHP_PATH=/var/www/html
+# This is a CRS plugin specific to Drupal
+MODSECURITY_CRS_PLUGIN_URLS=https://github.com/coreruleset/drupal-rule-exclusions-plugin/archive/refs/tags/v1.0.0.tar.gz