From d3014b42f7c244827bb11fff683be92ec591a8d0 Mon Sep 17 00:00:00 2001 From: bunkerity Date: Thu, 21 Jul 2022 11:39:35 +0200 Subject: [PATCH] examples - refactoring in progress --- examples/cors/autoconf.yml | 61 +++++++++++++++++ examples/docker-configs/tests.json | 29 ++++++++ examples/ghost/autoconf.yml | 24 +++++++ examples/ghost/kubernetes.yml | 54 +++++++++++++++ examples/ghost/swarm.yml | 29 ++++++++ examples/ghost/tests.json | 18 +++++ examples/gogs/autoconf.yml | 23 +++++++ examples/gogs/docker-compose.yml | 1 - examples/gogs/kubernetes.yml | 69 +++++++++++++++++++ examples/gogs/setup.sh | 9 --- examples/gogs/swarm.yml | 35 ++++++++++ examples/gogs/tests.json | 18 +++++ examples/hardened/tests.json | 14 ++++ examples/joomla/autoconf.yml | 45 +++++++++++++ examples/joomla/docker-compose.yml | 1 - examples/joomla/kubernetes.yml | 104 +++++++++++++++++++++++++++++ examples/joomla/setup-linux.sh | 14 ++++ examples/joomla/swarm.yml | 49 ++++++++++++++ examples/joomla/tests.json | 18 +++++ examples/joomla/variables.env | 15 +++++ 20 files changed, 619 insertions(+), 11 deletions(-) create mode 100644 examples/cors/autoconf.yml create mode 100644 examples/docker-configs/tests.json create mode 100644 examples/ghost/autoconf.yml create mode 100644 examples/ghost/kubernetes.yml create mode 100644 examples/ghost/swarm.yml create mode 100644 examples/ghost/tests.json create mode 100644 examples/gogs/autoconf.yml create mode 100644 examples/gogs/kubernetes.yml delete mode 100755 examples/gogs/setup.sh create mode 100644 examples/gogs/swarm.yml create mode 100644 examples/gogs/tests.json create mode 100644 examples/hardened/tests.json create mode 100644 examples/joomla/autoconf.yml create mode 100644 examples/joomla/kubernetes.yml create mode 100755 examples/joomla/setup-linux.sh create mode 100644 examples/joomla/swarm.yml create mode 100644 examples/joomla/tests.json create mode 100644 examples/joomla/variables.env diff --git a/examples/cors/autoconf.yml b/examples/cors/autoconf.yml new file mode 100644 index 000000000..b0354851f --- /dev/null +++ b/examples/cors/autoconf.yml @@ -0,0 +1,61 @@ +version: '3' + +services: + + myapp1: + image: php:fpm + networks: + bw-services: + aliases: + - myapp1 + # ⚠️ UID and GID of mywww (101:101) and php:fpm (33:33) are not the same ⚠️ + # but both needs access to the files and folders of web-files + # don't forget to edit the permissions of the files and folders accordingly + # example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \; + volumes: + - ./bw-data/www/app1.example.com:/app # folder containing PHP app1 (don't forget to rename it) + labels: + - bunkerweb.SERVER_NAME=app1.example.com + - bunkerweb.USE_CORS=yes + - bunkerweb.CORS_ALLOW_ORIGIN=https://app2.example.com + - bunkerweb.REMOTE_PHP=myapp1 + - bunkerweb.REMOTE_PHP_PATH=/app + + myapp2: + image: php:fpm + networks: + bw-services: + aliases: + - myapp2 + # ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (33:33) are not the same ⚠️ + # but both needs access to the files and folders of web-files + # don't forget to edit the permissions of the files and folders accordingly + # example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \; + volumes: + - ./bw-data/www/app2.example.com:/app # folder containing PHP app2 (don't forget to rename it) + labels: + - bunkerweb.SERVER_NAME=app2.example.com + - bunkerweb.REMOTE_PHP=myapp2 + - bunkerweb.REMOTE_PHP_PATH=/app + + myapp3: + image: php:fpm + networks: + bw-services: + aliases: + - myapp3 + # ⚠️ UID and GID of bunkerweb (101:101) and php:fpm (33:33) are not the same ⚠️ + # but both needs access to the files and folders of web-files + # don't forget to edit the permissions of the files and folders accordingly + # example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \; + volumes: + - ./bw-data/www/app3.example.com:/app # folder containing PHP app3 (don't forget to rename it) + labels: + - bunkerweb.SERVER_NAME=app2.example.com + - bunkerweb.REMOTE_PHP=myapp2 + - bunkerweb.REMOTE_PHP_PATH=/app + +networks: + bw-services: + external: + name: bw-services \ No newline at end of file diff --git a/examples/docker-configs/tests.json b/examples/docker-configs/tests.json new file mode 100644 index 000000000..482648fe4 --- /dev/null +++ b/examples/docker-configs/tests.json @@ -0,0 +1,29 @@ +{ + "name": "docker-configs", + "kinds": [ + "docker" + ], + "timeout": 60, + "tests": [ + { + "type": "string", + "url": "http://app1.example.com/hello", + "string": "hello" + }, + { + "type": "string", + "url": "http://app2.example.com/hello", + "string": "hello" + }, + { + "type": "string", + "url": "http://app1.example.com/app1", + "string": "app1" + }, + { + "type": "string", + "url": "http://app2.example.com/app2", + "string": "app2" + } + ] +} \ No newline at end of file diff --git a/examples/ghost/autoconf.yml b/examples/ghost/autoconf.yml new file mode 100644 index 000000000..c64a2a524 --- /dev/null +++ b/examples/ghost/autoconf.yml @@ -0,0 +1,24 @@ +version: '3' + +services: + + myghost: + image: ghost:alpine + volumes: + - ./ghost_data:/var/lib/ghost/content + networks: + bw-services: + aliases: + - myghost + environment: + - url=https://www.example.com # replace with your domain + labels: + - bunkerweb.SERVER_NAME=www.example.com # replace with your domain + - bunkerweb.USE_REVERSE_PROXY=yes + - bunkerweb.REVERSE_PROXY_URL=/ + - bunkerweb.REVERSE_PROXY_HOST=http://myghost:2368 + +networks: + bw-services: + external: + name: bw-services diff --git a/examples/ghost/kubernetes.yml b/examples/ghost/kubernetes.yml new file mode 100644 index 000000000..b07a5535e --- /dev/null +++ b/examples/ghost/kubernetes.yml @@ -0,0 +1,54 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress + annotations: + bunkerweb.io/AUTO_LETS_ENCRYPT: "yes" + bunkerweb.io/USE_GZIP: "yes" +spec: + rules: + - host: www.example.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: svc-ghost + port: + number: 2368 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ghost + labels: + app: ghost +spec: + replicas: 1 + selector: + matchLabels: + app: ghost + template: + metadata: + labels: + app: ghost + spec: + containers: + - name: ghost + image: ghost:alpine + env: + - name: URL + value: "https://www.example.com" +--- +apiVersion: v1 +kind: Service +metadata: + name: svc-ghost +spec: + selector: + app: ghost + ports: + - protocol: TCP + port: 2368 + targetPort: 2368 \ No newline at end of file diff --git a/examples/ghost/swarm.yml b/examples/ghost/swarm.yml new file mode 100644 index 000000000..517a6e949 --- /dev/null +++ b/examples/ghost/swarm.yml @@ -0,0 +1,29 @@ +version: '3' + +services: + + myghost: + image: ghost:alpine + volumes: + - ghost_data:/var/lib/ghost/content + networks: + - bw-services + environment: + - url=https://www.example.com # replace with your domain + deploy: + placement: + constraints: + - "node.role==worker" + labels: + - bunkerweb.SERVER_NAME=www.example.com # replace with your domain + - bunkerweb.USE_REVERSE_PROXY=yes + - bunkerweb.REVERSE_PROXY_URL=/ + - bunkerweb.REVERSE_PROXY_HOST=http://myghost:2368 + +networks: + bw-services: + external: + name: bw-services + +volumes: + ghost_data: \ No newline at end of file diff --git a/examples/ghost/tests.json b/examples/ghost/tests.json new file mode 100644 index 000000000..80c1fcf8f --- /dev/null +++ b/examples/ghost/tests.json @@ -0,0 +1,18 @@ +{ + "name": "ghost", + "kinds": [ + "docker", + "autoconf", + "swarm", + "kubernetes", + "linux" + ], + "timeout": 60, + "tests": [ + { + "type": "string", + "url": "https://www.example.com", + "string": "ghost" + } + ] +} \ No newline at end of file diff --git a/examples/gogs/autoconf.yml b/examples/gogs/autoconf.yml new file mode 100644 index 000000000..93132d7e3 --- /dev/null +++ b/examples/gogs/autoconf.yml @@ -0,0 +1,23 @@ +version: '3' + +services: + + mygogs: + image: gogs/gogs + volumes: + - ./gogs-data:/data + networks: + bw-services: + aliases: + - mygogs + labels: + - bunkerweb.SERVER_NAME=www.example.com + - bunkerweb.USE_REVERSE_PROXY=yes + - bunkerweb.REVERSE_PROXY_HOST=http://mygogs:3000 + - bunkerweb.REVERSE_PROXY_HEADERS_1=Authorization $http_authorization + - bunkerweb.MAX_CLIENT_SIZE=1G + +networks: + bw-services: + external: + name: bw-services \ No newline at end of file diff --git a/examples/gogs/docker-compose.yml b/examples/gogs/docker-compose.yml index 77230e110..e063648ad 100644 --- a/examples/gogs/docker-compose.yml +++ b/examples/gogs/docker-compose.yml @@ -25,7 +25,6 @@ services: - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL=/ - REVERSE_PROXY_HOST=http://mygogs:3000 - - WHITELIST_USER_AGENT=^git - REVERSE_PROXY_HEADERS_1=Authorization $http_authorization - MAX_CLIENT_SIZE=1G diff --git a/examples/gogs/kubernetes.yml b/examples/gogs/kubernetes.yml new file mode 100644 index 000000000..d37757f25 --- /dev/null +++ b/examples/gogs/kubernetes.yml @@ -0,0 +1,69 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress + annotations: + bunkerweb.io/AUTO_LETS_ENCRYPT: "yes" + bunkerweb.io/www.example.com_MAX_CLIENT_SIZE: "1G" +spec: + rules: + - host: www.example.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: svc-gogs + port: + number: 3000 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gogs + labels: + app: gogs +spec: + replicas: 1 + selector: + matchLabels: + app: gogs + template: + metadata: + labels: + app: gogs + spec: + containers: + - name: gogs + image: gogs/gogs + volumeMounts: + - name: config + mountPath: /data/gogs/conf/app.ini + subPath: app.ini + volumes: + - name: config + configMap: + name: cfg-gogs +--- +apiVersion: v1 +kind: Service +metadata: + name: svc-gogs +spec: + selector: + app: gogs + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cfg-gogs +data: + app.ini: | + [server] + EXTERNAL_URL = https://www.example.com/ + DOMAIN = www.example.com \ No newline at end of file diff --git a/examples/gogs/setup.sh b/examples/gogs/setup.sh deleted file mode 100755 index 556099fb8..000000000 --- a/examples/gogs/setup.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -if [ $(id -u) -ne 0 ] ; then - echo "❌ Run me as root" - exit 1 -fi - -chown -R root:101 bw-data -chmod -R 770 bw-data \ No newline at end of file diff --git a/examples/gogs/swarm.yml b/examples/gogs/swarm.yml new file mode 100644 index 000000000..c952d1beb --- /dev/null +++ b/examples/gogs/swarm.yml @@ -0,0 +1,35 @@ +version: '3' + +services: + + mygogs: + image: gogs/gogs + volumes: + - gogs_data:/data/gogs/data + networks: + - bw-services + configs: + - source: config_gogs_app + target: /data/gogs/conf/app.ini + uid: "0" + gid: "0" + mode: 0444 + deploy: + placement: + constraints: + - "node.role==worker" + labels: + - bunkerweb.SERVER_NAME=www.example.com + - bunkerweb.USE_REVERSE_PROXY=yes + - bunkerweb.REVERSE_PROXY_HOST=http://mygogs:3000 + - bunkerweb.REVERSE_PROXY_HEADERS_1=Authorization $http_authorization + - bunkerweb.MAX_CLIENT_SIZE=1G + +networks: + bw-services: + external: + name: bw-services + +configs: + config_gogs_app: + file: ./gogs-data/gogs/conf/app.ini \ No newline at end of file diff --git a/examples/gogs/tests.json b/examples/gogs/tests.json new file mode 100644 index 000000000..f95652794 --- /dev/null +++ b/examples/gogs/tests.json @@ -0,0 +1,18 @@ +{ + "name": "gogs", + "kinds": [ + "docker", + "autoconf", + "swarm", + "kubernetes", + "linux" + ], + "timeout": 60, + "tests": [ + { + "type": "string", + "url": "https://www.example.com", + "string": "hello" + } + ] +} \ No newline at end of file diff --git a/examples/hardened/tests.json b/examples/hardened/tests.json new file mode 100644 index 000000000..76370634e --- /dev/null +++ b/examples/hardened/tests.json @@ -0,0 +1,14 @@ +{ + "name": "hardened", + "kinds": [ + "docker" + ], + "timeout": 60, + "tests": [ + { + "type": "string", + "url": "https://www.example.com", + "string": "gogs" + } + ] +} \ No newline at end of file diff --git a/examples/joomla/autoconf.yml b/examples/joomla/autoconf.yml new file mode 100644 index 000000000..8ac37f7c5 --- /dev/null +++ b/examples/joomla/autoconf.yml @@ -0,0 +1,45 @@ +version: '3' + +services: + + myjoomla: + image: joomla:4-apache + networks: + bw-services: + aliases: + - myjoomla + volumes: + - ./joomla-files:/var/www/html + environment: + - JOOMLA_DB_HOST=mydb + - JOOMLA_DB_NAME=joomla_db + - JOOMLA_DB_USER=user + - JOOMLA_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) + labels: + - bunkerweb.SERVER_NAME=www.example.com + - bunkerweb.USE_REVERSE_PROXY=yes + - bunkerweb.REVERSE_PROXY_URL=/ + - bunkerweb.REVERSE_PROXY_HOST=http://myjoomla + - bunkerweb.LIMIT_REQ_URL_1=/administrator/ + - bunkerweb.LIMIT_REQ_RATE_1=8r/s + - bunkerweb.LIMIT_REQ_URL_2=/installation/index.php + - bunkerweb.LIMIT_REQ_RATE_2=8r/s + + mydb: + image: mariadb + volumes: + - ./db-data:/var/lib/mysql + networks: + bw-services: + aliases: + - mydb + environment: + - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password + - MYSQL_DATABASE=joomla_db + - MYSQL_USER=user + - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD) + +networks: + bw-services: + external: + name: bw-services \ No newline at end of file diff --git a/examples/joomla/docker-compose.yml b/examples/joomla/docker-compose.yml index efa80b0ed..5ca58ec95 100644 --- a/examples/joomla/docker-compose.yml +++ b/examples/joomla/docker-compose.yml @@ -27,7 +27,6 @@ services: - REVERSE_PROXY_HOST=http://myjoomla - LIMIT_REQ_URL_1=/administrator/ - LIMIT_REQ_RATE_1=8r/s - # Remove the following lines after finishing the installation of PrestaShop - LIMIT_REQ_URL_2=/installation/index.php - LIMIT_REQ_RATE_2=8r/s diff --git a/examples/joomla/kubernetes.yml b/examples/joomla/kubernetes.yml new file mode 100644 index 000000000..6c9e9ddc8 --- /dev/null +++ b/examples/joomla/kubernetes.yml @@ -0,0 +1,104 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress + annotations: + bunkerweb.io/AUTO_LETS_ENCRYPT: "yes" + bunkerweb.io/www.example.com_LIMIT_REQ_URL_1: "/administrator/" + bunkerweb.io/www.example.com_LIMIT_REQ_RATE_1: "8r/s" + bunkerweb.io/www.example.com_LIMIT_REQ_URL_2: "/installation/index.php" + bunkerweb.io/www.example.com_LIMIT_REQ_RATE_2: "8r/s" +spec: + rules: + - host: www.example.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: svc-joomla + port: + number: 80 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: joomla + labels: + app: joomla +spec: + replicas: 1 + selector: + matchLabels: + app: joomla + template: + metadata: + labels: + app: joomla + spec: + containers: + - name: joomla + image: joomla:4-apache + env: + - name: JOOMLA_DB_HOST + value: "svc-db" + - name: JOOMLA_DB_NAME + value: "joomla_db" + - name: JOOMLA_DB_USER + value: "user" + - name: JOOMLA_DB_PASSWORD + value: "db-user-pwd" +--- +apiVersion: v1 +kind: Service +metadata: + name: svc-joomla +spec: + selector: + app: svc-joomla + ports: + - protocol: TCP + port: 80 + targetPort: 80 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: db + labels: + app: db +spec: + replicas: 1 + selector: + matchLabels: + app: db + template: + metadata: + labels: + app: db + spec: + containers: + - name: db + image: mariadb + env: + - name: MYSQL_ROOT_PASSWORD + value: "db-root-password" + - name: MYSQL_DATABASE + value: "joomla_db" + - name: MYSQL_USER + value: "user" + - name: MYSQL_PASSWORD + value: "db-user-pwd" +--- +apiVersion: v1 +kind: Service +metadata: + name: svc-db +spec: + selector: + app: db + ports: + - protocol: TCP + port: 3306 + targetPort: 3306 \ No newline at end of file diff --git a/examples/joomla/setup-linux.sh b/examples/joomla/setup-linux.sh new file mode 100755 index 000000000..c0767a7fc --- /dev/null +++ b/examples/joomla/setup-linux.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +if [ $(id -u) -ne 0 ] ; then + echo "❌ Run me as root" + exit 1 +fi + +curl https://downloads.joomla.org/fr/cms/joomla4/4-1-5/Joomla_4-1-5-Stable-Full_Package.zip?format=zip -Lo /tmp/joomla.zip +unzip /tmp/joomla.zip -d /opt/bunkerweb/www +chown -R www-data:nginx /opt/bunkerweb/www +find /opt/bunkerweb/www -type d -exec chmod 750 /opt/bunkerweb/www {} \; +find /opt/bunkerweb/www -type f -exec chmod 640 /opt/bunkerweb/www {} \; +systemctl start php-fpm +cp variables.env /opt/bunkerweb/variables.env \ No newline at end of file diff --git a/examples/joomla/swarm.yml b/examples/joomla/swarm.yml new file mode 100644 index 000000000..a15361feb --- /dev/null +++ b/examples/joomla/swarm.yml @@ -0,0 +1,49 @@ +version: '3' + +services: + + myjoomla: + image: joomla:4-apache + networks: + - bw-services + volumes: + - ./joomla-files:/var/www/html + environment: + - JOOMLA_DB_HOST=mydb + - JOOMLA_DB_NAME=joomla_db + - JOOMLA_DB_USER=user + - JOOMLA_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) + deploy: + placement: + constraints: + - "node.role==worker" + labels: + - bunkerweb.SERVER_NAME=www.example.com + - bunkerweb.USE_REVERSE_PROXY=yes + - bunkerweb.REVERSE_PROXY_URL=/ + - bunkerweb.REVERSE_PROXY_HOST=http://myjoomla + - bunkerweb.LIMIT_REQ_URL_1=/administrator/ + - bunkerweb.LIMIT_REQ_RATE_1=8r/s + - bunkerweb.LIMIT_REQ_URL_2=/installation/index.php + - bunkerweb.LIMIT_REQ_RATE_2=8r/s + + mydb: + image: mariadb + volumes: + - ./db-data:/var/lib/mysql + networks: + - bw-services + environment: + - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password + - MYSQL_DATABASE=joomla_db + - MYSQL_USER=user + - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD) + deploy: + placement: + constraints: + - "node.role==worker" + +networks: + bw-services: + external: + name: bw-services \ No newline at end of file diff --git a/examples/joomla/tests.json b/examples/joomla/tests.json new file mode 100644 index 000000000..972e1fd68 --- /dev/null +++ b/examples/joomla/tests.json @@ -0,0 +1,18 @@ +{ + "name": "joomla", + "kinds": [ + "docker", + "autoconf", + "swarm", + "kubernetes", + "linux" + ], + "timeout": 60, + "tests": [ + { + "type": "string", + "url": "https://www.example.com", + "string": "joomla" + } + ] +} \ No newline at end of file diff --git a/examples/joomla/variables.env b/examples/joomla/variables.env new file mode 100644 index 000000000..2f60d6884 --- /dev/null +++ b/examples/joomla/variables.env @@ -0,0 +1,15 @@ +HTTP_PORT=80 +HTTPS_PORT=443 +DNS_RESOLVERS=8.8.8.8 8.8.4.4 +# Replace with your domain +SERVER_NAME=www.example.com +DISABLE_DEFAULT_SERVER=yes +AUTO_LETS_ENCRYPT=yes +USE_CLIENT_CACHE=yes +USE_GZIP=yes +LIMIT_REQ_URL_1=/administrator/ +LIMIT_REQ_RATE_1=8r/s +LIMIT_REQ_URL_2=/installation/index.php +LIMIT_REQ_RATE_2=8r/s +LOCAL_PHP=/run/php/php-fpm.sock +LOCAL_PHP_PATH=/opt/bunkerweb/www \ No newline at end of file