examples dhi

add dhi traefik

Author: Tob1as

examples/README.md

@@ -1 +1,7 @@
 # PHP - Examples
+
+All examples for WSC!
+
+* apache
+* fpm-nginx-dhi
+* ...

examples/fpm-nginx-dhi/.env.example

@@ -1,5 +1,6 @@
 # General
 DOMAIN=example.com
+TIMEZONE=Europe/Berlin
 # Database (MySQL/MariaDB)
 MYSQL_ROOT_PASSWORD=my-secret-pw
 MYSQL_DATABASE=woltlab_suite

examples/fpm-nginx-dhi/README.md

@@ -9,15 +9,16 @@ This example docker-compose setup for [WSC (WoltLab Suite Core)](https://www.wol
 * [NGINX Image](https://dhi.io/catalog/nginx) from DHI
 * [MySQL Image](https://dhi.io/catalog/mysql) from DHI
 * optional Exporter Images from DHI: [MySQL/MariaDB](https://dhi.io/catalog/mysqld-exporter) and [NGINX](https://dhi.io/catalog/nginx-exporter)
+* [Traefik Image](https://dhi.io/catalog/traefik) from DHI
 
 
 Notes:
-* In this setup [Traefik](https://traefik.io/traefik) is use as Proxy, a example can find here [https://github.com/Tob1as/docker-kubernetes-collection](https://github.com/Tob1as/docker-kubernetes-collection/blob/master/examples_docker-compose/traefik_v3.yml).  
+* In this setup [Traefik](https://traefik.io/traefik) is use as Proxy.  
 If you don't want to use it, make adjustments in the NGINX configuration file in "config" folder.  
 * **Important: To pull Images from DHI you must login with your docker account.** 
 * (Sourcecode from DH-Images can found here [https://github.com/docker-hardened-images](https://github.com/docker-hardened-images/catalog/tree/main/image).)
 * DHI images (mostly) have no shell and no entrypoint.
-* Images build for AMD64 (x86_64) and ARM64.
+* Images build for AMD64 (x86_64) and ARM64 with Linux.
 
 ## Steps
 1. Important: Login to dhi.io (`docker login dhi.io`) and optional to docker.io (`docker login`) on your server, if not already done.
@@ -29,21 +30,39 @@ If you don't want to use it, make adjustments in the NGINX configuration file in
 4. create some subfolder:
     * `mkdir ./html && chown 65532:65532 ./html`
     * `mkdir ./data-db && chown 65532:65532 ./data-db`
-5. Start the container setup with:  
+5. Configure Traefik, set your domains in `./config/traefik/dynamic/traefik-dashboard.yml` and `./config/traefik/dynamic/wsc.yml` or remove `Host(*) &&`. Also in `traefik-dashboard.yml`change basicAuth user and password. Additionally, create SSL certificates contains domain name(s) and set the path within the container in `./config/traefik/dynamic/ssl.yml` or use [Let's Encrypt](https://doc.traefik.io/traefik/reference/install-configuration/tls/certificate-resolvers/acme/).  
+   * example command for replace domain in dynamic configs:
+     ```sh
+     find ./config/traefik/dynamic -type f -exec sed -i 's/example.com/mydomain.com/g' {} +
+     ```
+   * example for self sign cert:  
+     create folder:
+     ```sh
+     mkdir ./ssl-certs
+     ```
+     create cert (change domain name):
+     ```sh
+     openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -subj "/C=DE/ST=none/L=Town/O=Linux Community/CN=example.com" -keyout ./ssl-certs/ssl.key -out ./ssl-certs/ssl.crt -addext "subjectAltName=DNS:example.com,DNS:*.example.com" -addext "basicConstraints=CA:FALSE" -addext "keyUsage=digitalSignature,keyEncipherment" -addext "extendedKeyUsage=serverAuth"
+     ```  
+     Check:  
+     ```sh
+     openssl x509  -text -noout -in ./ssl-certs/ssl.crt
+     ```
+6. Start the container setup with:  
    `docker compose up -d`
-6. Create MySQL Databse and User:
+7. Create MySQL Databse and User:
    ```sh
    # create database
    docker exec -it wsc-mysql bash -c 'mysql -uroot -e "CREATE DATABASE ${MYSQL_DATABASE};"'
    # create user and set permissions
    docker exec -it wsc-mysql bash -c 'mysql -uroot -e "CREATE USER \"${MYSQL_USER}\"@\"%\" IDENTIFIED BY \"${MYSQL_PASSWORD}\"; GRANT ALL PRIVILEGES ON ${MYSQL_DATABASE}.* TO \"${MYSQL_USER}\"@\"%\";"'
    ```
-7. [Download WSC](https://www.woltlab.com/en/woltlab-suite-download/) and unzip archive and copy all files from "upload" folder in "html" folder on your server.
-8. Call your domain and file test.php, example: `http://example.com/test.php`
-9. Now follows the installation setup of the WSC.  
+8. [Download WSC](https://www.woltlab.com/en/woltlab-suite-download/) and unzip archive and copy all files from "upload" folder in "html" folder on your server.
+9. Call your domain and file test.php, example: `http://example.com/test.php`
+10. Now follows the installation setup of the WSC.  
    Manual/Help: https://manual.woltlab.com/en/installation/  
    (Notice: Database Host is `wsc-db`!)
-10. Installation complete.
+11. Installation complete.
 
 If necessary, make further configurations for nginx or php in the files in the "config" folder.  
 

examples/fpm-nginx-dhi/config/traefik/dynamic/disable-traefik-default-cert.yml

@@ -0,0 +1,21 @@
+# https://github.com/traefik/traefik/issues/9945#issuecomment-1590229681
+# https://doc.traefik.io/traefik/reference/routing-configuration/http/tls/tls-certificates/#strict-sni-checking
+# https://www.ssllabs.com/ssltest/
+tls:
+  options:
+    default:
+      sniStrict: true            # <-----  Strict SNI Checking
+    #  minVersion: VersionTLS12
+    #  cipherSuites:
+    #    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
+    #    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305  # TLS 1.2
+    #    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   # TLS 1.2
+    #    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305    # TLS 1.2
+    #    - TLS_AES_256_GCM_SHA384                  # TLS 1.3
+    #    - TLS_CHACHA20_POLY1305_SHA256            # TLS 1.3
+    #    - TLS_FALLBACK_SCSV                       # TLS FALLBACK
+    #  curvePreferences:
+    #    - secp521r1
+    #    - secp384r1
+    #modern:
+    #  minVersion: VersionTLS13

examples/fpm-nginx-dhi/config/traefik/dynamic/geoblock.yml.txt

@@ -0,0 +1,275 @@
+# https://plugins.traefik.io/plugins/62947302108ecc83915d7781/geoblock
+
+http:
+  middlewares:
+    geoblock:
+      plugin:
+        geoblock:
+          # Enable this plugin?
+          enabled: true
+          # Path to ip2location database file
+          databaseFilePath: /plugins-storage/sources/gop-***/src/github.com/nscuro/traefik-plugin-geoblock/IP2LOCATION-LITE-DB1.IPV6.BIN
+          # Whitelist of countries to allow (ISO 3166-1 alpha-2)
+          #allowedCountries: [ "AT", "BE", "BG", "CH", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO" ,"SE", "SI", "SK" ]
+          allowedCountries:
+          - AD # Andorra
+          #- AE # United Arab Emirates
+          #- AF # Afghanistan
+          #- AG # Antigua and Barbuda
+          #- AI # Anguilla
+          #- AL # Albania
+          #- AM # Armenia
+          #- AO # Angola
+          #- AQ # Antarctica
+          #- AR # Argentina
+          #- AS # American Samoa
+          - AT # Austria
+          #- AU # Australia
+          #- AW # Aruba
+          #- AX # Åland Islands
+          #- AZ # Azerbaijan
+          #- BA # Bosnia and Herzegovina
+          #- BB # Barbados
+          #- BD # Bangladesh
+          - BE # Belgium
+          #- BF # Burkina Faso
+          - BG # Bulgaria
+          #- BH # Bahrain
+          #- BI # Burundi
+          #- BJ # Benin
+          #- BL # Saint Barthélemy
+          #- BM # Bermuda
+          #- BN # Brunei
+          #- BO # Bolivia
+          #- BQ # Bonaire, Sint Eustatius, and Saba
+          #- BR # Brazil
+          #- BS # The Bahamas
+          #- BT # Bhutan
+          #- BV # Bouvet Island
+          #- BW # Botswana
+          #- BY # Belarus
+          #- BZ # Belize
+          #- CA # Canada
+          #- CC # Cocos (Keeling) Islands
+          #- CD # Democratic Republic of the Congo
+          #- CF # Central African Republic
+          #- CG # Republic of the Congo
+          - CH # Switzerland
+          #- CI # Ivory Coast
+          #- CK # Cook Islands
+          #- CL # Chile
+          #- CM # Cameroon
+          #- CN # China
+          #- CO # Colombia
+          #- CR # Costa Rica
+          #- CU # Cuba
+          #- CV # Cape Verde
+          #- CW # Curaçao
+          #- CX # Christmas Island
+          #- CY # Cyprus
+          - CZ # Czech Republic
+          - DE # Germany
+          #- DJ # Djibouti
+          - DK # Denmark
+          #- DM # Dominica
+          #- DO # Dominican Republic
+          #- DZ # Algeria
+          #- EC # Ecuador
+          - EE # Estonia
+          #- EG # Egypt
+          #- EH # Western Sahara
+          #- ER # Eritrea
+          - ES # Spain
+          #- ET # Ethiopia
+          - FI # Finland
+          #- FJ # Fiji
+          #- FK # Falkland Islands
+          #- FM # Federated States of Micronesia
+          #- FO # Faroe Islands
+          - FR # France
+          #- GA # Gabon
+          - GB # United Kingdom
+          #- GD # Grenada
+          #- GE # Georgia
+          #- GF # French Guiana
+          #- GG # Guernsey
+          #- GH # Ghana
+          #- GI # Gibraltar
+          #- GL # Greenland
+          #- GM # The Gambia
+          #- GN # Guinea
+          #- GP # Guadeloupe
+          #- GQ # Equatorial Guinea
+          - GR # Greece
+          #- GS # South Georgia and the South Sandwich Islands
+          #- GT # Guatemala
+          #- GU # Guam
+          #- GW # Guinea-Bissau
+          #- GY # Guyana
+          #- HK # Hong Kong
+          #- HM # Heard Island and McDonald Islands
+          #- HN # Honduras
+          - HR # Croatia
+          #- HT # Haiti
+          - HU # Hungary
+          #- ID # Indonesia
+          - IE # Ireland
+          #- IL # Israel
+          #- IM # Isle of Man
+          #- IN # India
+          #- IO # British Indian Ocean Territory
+          #- IQ # Iraq
+          #- IR # Iran
+          - IS # Iceland
+          - IT # Italy
+          #- JE # Jersey
+          #- JM # Jamaica
+          #- JO # Jordan
+          #- JP # Japan
+          #- KE # Kenya
+          #- KG # Kyrgyzstan
+          #- KH # Cambodia
+          #- KI # Kiribati
+          #- KM # Comoros
+          #- KN # Saint Kitts and Nevis
+          #- KP # North Korea
+          #- KR # South Korea
+          #- KW # Kuwait
+          #- KY # Cayman Islands
+          #- KZ # Kazakhstan
+          #- LA # Laos
+          #- LB # Lebanon
+          #- LC # Saint Lucia
+          - LI # Liechtenstein
+          #- LK # Sri Lanka
+          #- LR # Liberia
+          #- LS # Lesotho
+          - LT # Lithuania
+          - LU # Luxembourg
+          - LV # Latvia
+          #- LY # Libya
+          #- MA # Morocco
+          - MC # Monaco
+          #- MD # Moldova
+          #- ME # Montenegro
+          #- MF # Saint Martin
+          #- MG # Madagascar
+          #- MH # Marshall Islands
+          #- MK # North Macedonia
+          #- ML # Mali
+          #- MM # Myanmar
+          #- MN # Mongolia
+          #- MO # Macau
+          #- MP # Northern Mariana Islands
+          #- MQ # Martinique
+          #- MR # Mauritania
+          #- MS # Montserrat
+          - MT # Malta
+          #- MU # Mauritius
+          #- MV # Maldives
+          #- MW # Malawi
+          #- MX # Mexico
+          #- MY # Malaysia
+          #- MZ # Mozambique
+          #- NA # Namibia
+          #- NC # New Caledonia
+          #- NE # Niger
+          #- NF # Norfolk Island
+          #- NG # Nigeria
+          #- NI # Nicaragua
+          - NL # Netherlands
+          - NO # Norway
+          #- NP # Nepal
+          #- NR # Nauru
+          #- NU # Niue
+          #- NZ # New Zealand
+          #- OM # Oman
+          #- PA # Panama
+          #- PE # Peru
+          #- PF # French Polynesia
+          #- PG # Papua New Guinea
+          #- PH # Philippines
+          #- PK # Pakistan
+          - PL # Poland
+          #- PM # Saint Pierre and Miquelon
+          #- PN # Pitcairn Islands
+          #- PR # Puerto Rico
+          #- PS # State of Palestine
+          - PT # Portugal
+          #- PW # Palau
+          #- PY # Paraguay
+          #- QA # Qatar
+          #- RE # Réunion
+          - RO # Romania
+          #- RS # Serbia
+          #- RU # Russia
+          #- RW # Rwanda
+          #- SA # Saudi Arabia
+          #- SB # Solomon Islands
+          #- SC # Seychelles
+          #- SD # Sudan
+          - SE # Sweden
+          #- SG # Singapore
+          #- SH # Saint Helena
+          - SI # Slovenia
+          #- SJ # Svalbard and Jan Mayen
+          - SK # Slovakia
+          #- SL # Sierra Leone
+          #- SM # San Marino
+          #- SN # Senegal
+          #- SO # Somalia
+          #- SR # Suriname
+          #- SS # South Sudan
+          #- ST # São Tomé and Príncipe
+          #- SV # El Salvador
+          #- SX # Sint Maarten
+          #- SY # Syria
+          #- SZ # Eswatini
+          #- TC # Turks and Caicos Islands
+          #- TD # Chad
+          #- TF # French Southern and Antarctic Lands
+          #- TG # Togo
+          #- TH # Thailand
+          #- TJ # Tajikistan
+          #- TK # Tokelau
+          #- TL # Timor-Leste
+          #- TM # Turkmenistan
+          #- TN # Tunisia
+          #- TO # Tonga
+          - TR # Turkey
+          #- TT # Trinidad and Tobago
+          #- TV # Tuvalu
+          #- TW # Taiwan
+          #- TZ # Tanzania
+          - UA # Ukraine
+          #- UG # Uganda
+          #- UM # United States Minor Outlying Islands
+          - US # United States    # need for Let's Encrypt  ?
+          #- UY # Uruguay
+          #- UZ # Uzbekistan
+          #- VA # Vatican City
+          #- VC # Saint Vincent and the Grenadines
+          #- VE # Venezuela
+          #- VG # British Virgin Islands
+          #- VI # United States Virgin Islands
+          #- VN # Vietnam
+          #- VU # Vanuatu
+          #- WF # Wallis and Futuna
+          #- WS # Samoa
+          #- YE # Yemen
+          #- YT # Mayotte
+          #- ZA # South Africa
+          #- ZM # Zambia
+          #- ZW # Zimbabwe
+          # Blocklist of countries to block (ISO 3166-1 alpha-2)
+          #blockedCountries: [ "RU", "CN", "KP" ]
+          # Default allow indicates that if an IP is in neither block list nor allow lists, it should be allowed.
+          defaultAllow: false
+          # Allow requests from private / internal networks?
+          allowPrivate: true
+          # HTTP status code to return for disallowed requests (default: 403)
+          disallowedStatusCode: 403
+          # Add CIDR to be whitelisted, even if in a non-allowed country
+          #allowedIPBlocks: ["66.249.64.0/19"]
+          # Add CIDR to be blacklisted, even if in an allowed country or IP block
+          #blockedIPBlocks: ["66.249.64.5/32"]

examples/fpm-nginx-dhi/config/traefik/dynamic/redirect-to-https.yml

@@ -0,0 +1,6 @@
+http:
+  middlewares:
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+        permanent: true