From e33bad4b9a150db8a9b298f7eee9dc9eaec06266 Mon Sep 17 00:00:00 2001 From: TheophileDiot Date: Tue, 29 Nov 2022 15:16:39 +0100 Subject: [PATCH] Fix comments + updated passbolt to support the 1.5 --- examples/drupal/swarm.yml | 16 +--- examples/joomla/autoconf.yml | 2 +- examples/joomla/swarm.yml | 16 +--- examples/magento/autoconf.yml | 2 +- examples/magento/swarm.yml | 16 +--- examples/mattermost/autoconf.yml | 2 +- examples/moodle/autoconf.yml | 2 +- examples/moodle/swarm.yml | 21 +---- examples/nextcloud/autoconf.yml | 2 +- examples/nextcloud/swarm.yml | 2 +- examples/passbolt/autoconf.yml | 47 ++++++----- examples/passbolt/docker-compose.yml | 112 ++++++++++++++++++++------- examples/passbolt/swarm.yml | 41 ++++------ 13 files changed, 136 insertions(+), 145 deletions(-) diff --git a/examples/drupal/swarm.yml b/examples/drupal/swarm.yml index 49607ac32..c0312c21c 100644 --- a/examples/drupal/swarm.yml +++ b/examples/drupal/swarm.yml @@ -23,21 +23,7 @@ services: - bunkerweb.LIMIT_REQ_URL_1=/core/install.php - bunkerweb.LIMIT_REQ_RATE_1=5r/s - mydb: - image: mariadb - networks: - - bw-services - volumes: - - db-data:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password - - MYSQL_DATABASE=drupaldb - - MYSQL_USER=user - - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password - deploy: - placement: - constraints: - - "node.role==worker" + # For the database, you can refer to the swarm example including a database networks: bw-services: diff --git a/examples/joomla/autoconf.yml b/examples/joomla/autoconf.yml index 22165c922..45a0de4ae 100644 --- a/examples/joomla/autoconf.yml +++ b/examples/joomla/autoconf.yml @@ -24,7 +24,7 @@ services: - bunkerweb.LIMIT_REQ_URL_2=/installation/index.php - bunkerweb.LIMIT_REQ_RATE_2=8r/s - # For the database, you can refer to the example of the autoconf including a database + # For the database, you can refer to the autoconf integration example including a database networks: bw-services: diff --git a/examples/joomla/swarm.yml b/examples/joomla/swarm.yml index 65ac4b33c..f4c874cf0 100644 --- a/examples/joomla/swarm.yml +++ b/examples/joomla/swarm.yml @@ -26,21 +26,7 @@ services: - bunkerweb.LIMIT_REQ_URL_2=/installation/index.php - bunkerweb.LIMIT_REQ_RATE_2=8r/s - mydb: - image: mariadb - volumes: - - db_data:/var/lib/mysql - networks: - - bw-services - environment: - - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password - - MYSQL_DATABASE=joomla_db - - MYSQL_USER=user - - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD) - deploy: - placement: - constraints: - - "node.role==worker" + # For the database, you can refer to the swarm integration example including a database networks: bw-services: diff --git a/examples/magento/autoconf.yml b/examples/magento/autoconf.yml index 7fcc96aed..1698a0aac 100644 --- a/examples/magento/autoconf.yml +++ b/examples/magento/autoconf.yml @@ -43,7 +43,7 @@ services: volumes: - ./elasticsearch-data:/bitnami/elasticsearch/data - # For the database, you can refer to the example of the autoconf including a database + # For the database, you can refer to the autoconf integration example including a database networks: bw-services: diff --git a/examples/magento/swarm.yml b/examples/magento/swarm.yml index ab7cb0016..71f8e5e93 100644 --- a/examples/magento/swarm.yml +++ b/examples/magento/swarm.yml @@ -40,21 +40,7 @@ services: constraints: - "node.role==worker" - mydb: - image: mariadb:10.2 - networks: - - bw-services - volumes: - - db_data:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password - - MYSQL_DATABASE=magentodb - - MYSQL_USER=user - - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MAGENTO_DATABASE_PASSWORD) - deploy: - placement: - constraints: - - "node.role==worker" + # For the database, you can refer to the swarm integration example including a database networks: bw-services: diff --git a/examples/mattermost/autoconf.yml b/examples/mattermost/autoconf.yml index 39e0b088e..3048104f4 100644 --- a/examples/mattermost/autoconf.yml +++ b/examples/mattermost/autoconf.yml @@ -63,7 +63,7 @@ services: - bunkerweb.LIMIT_REQ_URL_3=^/static/ - bunkerweb.LIMIT_REQ_RATE_3=10r/s - # For the postgres database, you can refer to the example of the autoconf including a postgres database + # For the postgres database, you can refer to the autoconf integration example including a postgres database networks: bw-services: diff --git a/examples/moodle/autoconf.yml b/examples/moodle/autoconf.yml index d6a814a3d..f93e5ad61 100644 --- a/examples/moodle/autoconf.yml +++ b/examples/moodle/autoconf.yml @@ -27,7 +27,7 @@ services: - bunkerweb.REVERSE_PROXY_URL=/ - bunkerweb.REVERSE_PROXY_HOST=https://mymoodle:8443 - # For the database, you can refer to the example of the autoconf including a database + # For the database, you can refer to the autoconf integration example including a database # In this example, you will need to add the following lines to the mydb service: # - MARIADB_CHARACTER_SET=utf8mb4 # - MARIADB_COLLATE=utf8mb4_unicode_ci diff --git a/examples/moodle/swarm.yml b/examples/moodle/swarm.yml index 2df3ebc0c..03c26fa62 100644 --- a/examples/moodle/swarm.yml +++ b/examples/moodle/swarm.yml @@ -29,23 +29,10 @@ services: - bunkerweb.REVERSE_PROXY_URL=/ - bunkerweb.REVERSE_PROXY_HOST=https://mymoodle:8443 - mydb: - image: mariadb:10.5 - volumes: - - db_data:/var/lib/mysql - networks: - - bw-services - environment: - - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password - - MYSQL_DATABASE=moodle - - MYSQL_USER=user - - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MOODLE_DATABASE_PASSWORD) - - MARIADB_CHARACTER_SET=utf8mb4 - - MARIADB_COLLATE=utf8mb4_unicode_ci - deploy: - placement: - constraints: - - "node.role==worker" + # For the database, you can refer to the swarm integration example including a database + # In this example, you will need to add the following lines to the mydb service: + # - MARIADB_CHARACTER_SET=utf8mb4 + # - MARIADB_COLLATE=utf8mb4_unicode_ci networks: bw-services: diff --git a/examples/nextcloud/autoconf.yml b/examples/nextcloud/autoconf.yml index e4b78bda1..869a8205d 100644 --- a/examples/nextcloud/autoconf.yml +++ b/examples/nextcloud/autoconf.yml @@ -56,7 +56,7 @@ services: bunkerweb.CUSTOM_CONF_MODSEC_nextcloud= SecRule REQUEST_FILENAME "@rx ^/remote.php/dav/files/" "id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog" - # For the database, you can refer to the example of the autoconf including a database + # For the database, you can refer to the autoconf integration example including a database networks: bw-services: diff --git a/examples/nextcloud/swarm.yml b/examples/nextcloud/swarm.yml index a825d7e82..9505d1148 100644 --- a/examples/nextcloud/swarm.yml +++ b/examples/nextcloud/swarm.yml @@ -37,7 +37,7 @@ services: - bunkerweb.LIMIT_REQ_URL_3=/core/preview - bunkerweb.LIMIT_REQ_RATE_3=5r/s - # For the database, you can refer to the example of the autoconf in swarm mode including a database + # For the database, you can refer to the swarm integration example including a database networks: bw-services: diff --git a/examples/passbolt/autoconf.yml b/examples/passbolt/autoconf.yml index 42bbec6c6..29ed5671a 100644 --- a/examples/passbolt/autoconf.yml +++ b/examples/passbolt/autoconf.yml @@ -2,10 +2,24 @@ version: "3" services: # you will need to add a user by hand - # example : docker-compose exec mypassbolt su -m -c "bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data + # example : docker-compose exec mypassbolt su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user -u -f -l -r admin" -s /bin/sh www-data # more info at https://github.com/passbolt/passbolt_docker mypassbolt: - image: passbolt/passbolt + image: passbolt/passbolt:3.8.1-1-ce + networks: + bw-services: + aliases: + - mypassbolt + environment: + - APP_FULL_BASE_URL=https://www.example.com # replace with your URL + - PASSBOLT_SSL_FORCE=false + - DATASOURCES_DEFAULT_HOST=mydb + - DATASOURCES_DEFAULT_DATABASE=${PASSBOLT_DATABASE:-passboltdb} + - DATASOURCES_DEFAULT_USERNAME=${PASSBOLT_USER:-user} + - DATASOURCES_DEFAULT_PASSWORD=${PASSBOLT_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD) + volumes: + - gpg_volume:/etc/passbolt/gpg + - jwt_volume:/etc/passbolt/jwt command: [ "/usr/bin/wait-for.sh", @@ -15,36 +29,19 @@ services: "--", "/docker-entrypoint.sh", ] - networks: - bw-services: - aliases: - - mypassbolt - environment: - - DATASOURCES_DEFAULT_HOST=mydb - - DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) - - DATASOURCES_DEFAULT_USERNAME=user - - DATASOURCES_DEFAULT_DATABASE=passbolt - - APP_FULL_BASE_URL=https://www.example.com # replace with your URL labels: - bunkerweb.SERVER_NAME=www.example.com - bunkerweb.ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE + - bunkerweb.COOKIE_FLAGS=* SameSite=Lax - bunkerweb.USE_REVERSE_PROXY=yes - bunkerweb.REVERSE_PROXY_URL=/ - bunkerweb.REVERSE_PROXY_HOST=https://mypassbolt - mydb: - image: mariadb - volumes: - - ./db-data:/var/lib/mysql - networks: - bw-services: - aliases: - - mydb - environment: - - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password - - MYSQL_DATABASE=passbolt - - MYSQL_USER=user - - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD) + # For the database, you can refer to the autoconf integration example including a database + +volumes: + gpg_volume: + jwt_volume: networks: bw-services: diff --git a/examples/passbolt/docker-compose.yml b/examples/passbolt/docker-compose.yml index 6c4fa1b59..e2e721be0 100644 --- a/examples/passbolt/docker-compose.yml +++ b/examples/passbolt/docker-compose.yml @@ -1,8 +1,12 @@ version: "3" +x-bunkerweb-env: + &bunkerweb-env + DATABASE_URI: "mariadb+pymysql://${PASSBOLT_USER:-user}:${PASSBOLT_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}" + services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 ports: - 80:8080 - 443:8443 @@ -13,24 +17,68 @@ services: # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder # more info at https://docs.bunkerweb.io volumes: - - bw_data:/data + - bw-data:/data environment: - - SERVER_NAME=www.example.com # replace with your domain - - AUTO_LETS_ENCRYPT=yes - - DISABLE_DEFAULT_SERVER=yes - - ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE - - SERVE_FILES=no - - USE_CLIENT_CACHE=yes - - USE_GZIP=yes - - USE_REVERSE_PROXY=yes - - REVERSE_PROXY_URL=/ - - REVERSE_PROXY_HOST=https://mypassbolt + <<: *bunkerweb-env + SERVER_NAME: "www.example.com" # replace with your domain + API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24" + AUTO_LETS_ENCRYPT: "yes" + COOKIE_FLAGS: "* SameSite=Lax" + DISABLE_DEFAULT_SERVER: "yes" + ALLOWED_METHODS: "GET|POST|HEAD|PUT|DELETE" + SERVE_FILES: "no" + USE_CLIENT_CACHE: "yes" + USE_GZIP: "yes" + USE_REVERSE_PROXY: "yes" + REVERSE_PROXY_URL: "/" + REVERSE_PROXY_HOST: "https://mypassbolt" + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container + networks: + - bw-universe + - bw-services + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + depends_on: + - mybunker + environment: + <<: *bunkerweb-env + DOCKER_HOST: "tcp://docker-proxy:2375" + volumes: + - bw-data:/data + networks: + - bw-universe + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker # you will need to add a user by hand - # example : docker-compose exec mypassbolt su -m -c "bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data + # example : docker-compose exec mypassbolt su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user -u -f -l -r admin" -s /bin/sh www-data # more info at https://github.com/passbolt/passbolt_docker mypassbolt: - image: passbolt/passbolt + image: passbolt/passbolt:3.8.1-1-ce + #Alternatively you can use rootless: + # image: passbolt/passbolt:3.8.1-1-ce-non-root + depends_on: + - mydb + environment: + - APP_FULL_BASE_URL=https://www.example.com # replace with your URL + - PASSBOLT_SSL_FORCE=false + - DATASOURCES_DEFAULT_HOST=mydb + - DATASOURCES_DEFAULT_DATABASE=${PASSBOLT_DATABASE:-passboltdb} + - DATASOURCES_DEFAULT_USERNAME=${PASSBOLT_USER:-user} + - DATASOURCES_DEFAULT_PASSWORD=${PASSBOLT_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD) + volumes: + - gpg_volume:/etc/passbolt/gpg + - jwt_volume:/etc/passbolt/jwt command: [ "/usr/bin/wait-for.sh", @@ -38,24 +86,34 @@ services: "0", "mydb:3306", "--", - "/docker-entrypoint.sh", + "/docker-entrypoint.sh" ] - environment: - - DATASOURCES_DEFAULT_HOST=mydb - - DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) - - DATASOURCES_DEFAULT_USERNAME=user - - DATASOURCES_DEFAULT_DATABASE=passbolt - - APP_FULL_BASE_URL=https://www.example.com # replace with your URL + networks: + - bw-services mydb: image: mariadb volumes: - - ./db-data:/var/lib/mysql + - db-data:/var/lib/mysql environment: - - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password - - MYSQL_DATABASE=passbolt - - MYSQL_USER=user - - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD) + MARIADB_RANDOM_ROOT_PASSWORD: "yes" + entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${PASSBOLT_USER:-user}\"; CREATE USER \"${PASSBOLT_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${PASSBOLT_DATABASE:-passboltdb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${PASSBOLT_DATABASE:-passboltdb}.* TO \"${PASSBOLT_USER:-user}\"@\"%\" IDENTIFIED BY \"${PASSBOLT_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${PASSBOLT_USER:-user}\"@\"%\" IDENTIFIED BY \"${PASSBOLT_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci" + networks: + - bw-universe + - bw-services volumes: - bw_data: + gpg_volume: + jwt_volume: + db-data: + bw-data: + + +networks: + bw-universe: + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + bw-services: + net-docker: diff --git a/examples/passbolt/swarm.yml b/examples/passbolt/swarm.yml index 4e128f591..480e5c1da 100644 --- a/examples/passbolt/swarm.yml +++ b/examples/passbolt/swarm.yml @@ -2,10 +2,22 @@ version: "3" services: # you will need to add a user by hand - # example : docker-compose exec mypassbolt su -m -c "bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data + # example : docker-compose exec mypassbolt su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user -u -f -l -r admin" -s /bin/sh www-data # more info at https://github.com/passbolt/passbolt_docker mypassbolt: - image: passbolt/passbolt + image: passbolt/passbolt:3.8.1-1-ce + networks: + - bw-services + environment: + - APP_FULL_BASE_URL=https://www.example.com # replace with your URL + - PASSBOLT_SSL_FORCE=false + - DATASOURCES_DEFAULT_HOST=mydb + - DATASOURCES_DEFAULT_DATABASE=${PASSBOLT_DATABASE:-passboltdb} + - DATASOURCES_DEFAULT_USERNAME=${PASSBOLT_USER:-user} + - DATASOURCES_DEFAULT_PASSWORD=${PASSBOLT_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD) + volumes: + - gpg_volume:/etc/passbolt/gpg + - jwt_volume:/etc/passbolt/jwt command: [ "/usr/bin/wait-for.sh", @@ -15,14 +27,6 @@ services: "--", "/docker-entrypoint.sh", ] - networks: - - bw-services - environment: - - DATASOURCES_DEFAULT_HOST=mydb - - DATASOURCES_DEFAULT_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) - - DATASOURCES_DEFAULT_USERNAME=user - - DATASOURCES_DEFAULT_DATABASE=passbolt - - APP_FULL_BASE_URL=https://www.example.com # replace with your URL deploy: placement: constraints: @@ -30,25 +34,12 @@ services: labels: - bunkerweb.SERVER_NAME=www.example.com - bunkerweb.ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE + - bunkerweb.COOKIE_FLAGS=* SameSite=Lax - bunkerweb.USE_REVERSE_PROXY=yes - bunkerweb.REVERSE_PROXY_URL=/ - bunkerweb.REVERSE_PROXY_HOST=https://mypassbolt - mydb: - image: mariadb - volumes: - - db_data:/var/lib/mysql - networks: - - bw-services - environment: - - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password - - MYSQL_DATABASE=passbolt - - MYSQL_USER=user - - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD) - deploy: - placement: - constraints: - - "node.role==worker" + # For the database, you can refer to the swarm integration example including a database networks: bw-services: