Benzine/Docker-Swarm-Loadbalancer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Docker-Swarm-Loadbalancer/bouncer/Readme.md

65 lines
11 KiB
Markdown
Raw Normal View History

Add BOUNCER_MAXIMUM_NGINX_CONFIG_CREATION_NOTICES
2024-01-04 13:06:46 +00:00
# Automatic Swarm Nginx Load Balancer
Upstreaming changes from downstream project
2022-08-09 00:28:22 +00:00
## Environment variables
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
Upstreaming changes from downstream project
2022-08-09 00:28:22 +00:00
This container has its own environment variables, AS WELL AS scanning for some environment variables associated with your services.
These should not be confused.
Add BOUNCER_MAXIMUM_NGINX_CONFIG_CREATION_NOTICES
2024-01-04 13:06:46 +00:00
### Load Balancer Configuration
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
Upstreaming changes from downstream project
2022-08-09 00:28:22 +00:00
#### Main configuration
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
Bigly refactor.
2024-01-25 13:01:25 +00:00
| Key | Default | Options | Behaviour |
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
| --------------------------------------------- | ----------------------------------------------- | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --- |
Bigly refactor.
2024-01-25 13:01:25 +00:00
| DOCKER_HOST | false | | Define a http endpoint representing your docker socket. If this is null, it connects to /var/lib/docker.sock |
| GLOBAL_CERT | false | Contents of an ssl certificate | If you want to provide a single cert for all endpoints, perhaps with a catch-all that may be later overriden, you can provide the whole contents of a certificates file here. |
| GLOBAL_CERT_KEY | false | Contents of an ssl certificates private key | The private key related to GLOBAL CERT. These must be provided in tandem. |
| BOUNCER_FORCED_UPDATE_INTERVAL_SECONDS | false | positive numbers | To force the bouncer to update on a schedule even if no changes are detected, measured in seconds |
| BOUNCER_MAXIMUM_NGINX_CONFIG_CREATION_NOTICES | 15 | positive numbers | To limit the number lines of output regarding which domains have been configured. Any more domains than this count, and none will be output, instead replaced by "More than 15 Nginx configs generated.. Too many to show them all!" |
| LOG_NAME | bouncer | | The name of the log file to write to |
| LOG_FILE | /var/log/bouncer/bouncer.log | | The path to the log file to write to |
| LOG_LEVEL | debug | info, debug, critical etc | The level of logging to write to the log file. See Monolog docs. |
Useful version output
2024-01-25 13:57:59 +00:00
| LOG_LEVEL_NAME_LENGTH | 4 | positive numbers | The length of the level name to be written to the log file. See Monolog docs. |
Bigly refactor.
2024-01-25 13:01:25 +00:00
| LOG_LINE_FORMAT | [%datetime%] %level_name%: %channel%: %message% | | The format of the log line. See Monolog docs. |
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
| LOG_COLOUR | true | true, false | Whether to colourise the log output sent to stdout. | |
Upstreaming changes from downstream project
2022-08-09 00:28:22 +00:00
Add BOUNCER_MAXIMUM_NGINX_CONFIG_CREATION_NOTICES
2024-01-04 13:06:46 +00:00
#### For using with Lets Encrypt:tm:
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
Upstreaming changes from downstream project
2022-08-09 00:28:22 +00:00
| Key | Default | Options | Behaviour |
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
| ------------------------- | --------- | ------------------------- | ------------------------------------------------------------------------------------ |
| BOUNCER_LETSENCRYPT_MODE | 'staging' | 'staging' or 'production' | Determine if this is going to connect to a production or staging Lets Encrypt server |
Upstreaming changes from downstream project
2022-08-09 00:28:22 +00:00
| BOUNCER_LETSENCRYPT_EMAIL | | 'bob@example.com' | Email address to associate with lets encrypt |
Add BOUNCER_MAXIMUM_NGINX_CONFIG_CREATION_NOTICES
2024-01-04 13:06:46 +00:00
#### For using S3-compatable storage for generated cert synchronisation with Lets Encrypt
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
Upstreaming changes from downstream project
2022-08-09 00:28:22 +00:00
| Key | Default | Options | Behaviour |
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
| ---------------------------------- | ------- | --------------- | ------------------------------------------------------------------------------------- | --- |
Upstreaming changes from downstream project
2022-08-09 00:28:22 +00:00
| BOUNCER_S3_BUCKET | false | | enable S3 behaviour to store lets-encrypt generated certs |
| BOUNCER_S3_ENDPOINT | false | | define s3 endpoint to override default AWS s3 implementation, for example, with minio |
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
| BOUNCER_S3_KEY_ID | false | | S3 API Key ID | |
| BOUNCER_s3_KEY_SECRET | false | | S3 API Key Secret |
Upstreaming changes from downstream project
2022-08-09 00:28:22 +00:00
| BOUNCER_S3_REGION | false | | S3 API Region |
| BOUNCER_S3_USE_PATH_STYLE_ENDPOINT | false | `true or false` | Needed for minio |
| BOUNCER_S3_PREFIX | false | | Prefix file path in s3 bucket |
### Served Instance Configuration
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
Upstreaming changes from downstream project
2022-08-09 00:28:22 +00:00
These environment variables need to be applied to the CONSUMING SERVICE and not the loadbalancer container itself.
Feature: BOUNCER_HOST_OVERRIDE
2024-01-25 10:41:42 +00:00
| Key | Example | Behaviour |
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
| ------------------------------ | ----------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
Feature: BOUNCER_HOST_OVERRIDE
2024-01-25 10:41:42 +00:00
| BOUNCER_DOMAIN | "a.example.com" | The domain that should be directed to this container |
BOUNCER_NAME => BOUNCER_LABEL
2024-01-25 15:03:36 +00:00
| BOUNCER_LABEL | "MyService" | The label that should be directed to this container |
Feature: BOUNCER_HOST_OVERRIDE
2024-01-25 10:41:42 +00:00
| BOUNCER_AUTH | "username:password" e.g "root:toor" | Add a HTTP BASIC auth requirement to this hostname. |
| BOUNCER_HOST_OVERRIDE | "localhost:80" | Override the host header that is sent to the service. Useful for services that are not aware of their own hostname, or annoying things like [mitmproxy](https://github.com/mitmproxy/mitmproxy/issues/3234) |
| BOUNCER_LETSENCRYPT | Values are "yes" or "true", anything else is false | To enable, or disable Lets Encrypt service for this hostname |
| BOUNCER_TARGET_PORT | 9000 | Explicitly define the port you want to hit the service on, in case of ambiguity |
| BOUNCER_ALLOW_NON_SSL | Defaults to enabled. Values are "yes" or "true", anything else is false | Should HTTP only traffic be allowed to hit this service? If disabled, http traffic is forwarded towards https |
| BOUNCER_ALLOW_WEBSOCKETS | Defaults to enabled. Values are "yes" or "true", anything else is false | Enable websocket behaviour |
| BOUNCER_ALLOW_LARGE_PAYLOADS | Defaults to disabled. | Allows overriding the default nginx payload size. Related to BOUNCER_MAX_PAYLOADS_MEGABYTES |
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
| BOUNCER_MAX_PAYLOADS_MEGABYTES | numbers | Size of max payload to allow, in megabytes. Requires BOUNCER_ALLOW_LARGE_PAYLOADS to be enabled |
Upstreaming changes from downstream project
2022-08-09 00:28:22 +00:00
## Security considerations
Trunk linter (#17) * linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
2024-02-07 15:21:14 +00:00
merge in changes from upstream
2023-01-09 14:57:00 +00:00
If you're putting this behind access control to the docker socket, it will need access to the /swarm /services and /containers endpoints of the docker api.
Reference in a new issue Copy permalink