Securing Docker Container using BunkerWeb Multi Site

Mengamankan Docker Container menggunakan BunkerWeb Multi Site


Integrasi dengan Docker multi site

  • Buat file docker-compose.yml
  • Domain yang digunakan: app1.marikita.online , app2.marikita.online , app3.marikita.online yang sudah di pointing ke server docker
  • Menggunakan image bunkerweb versi 1.5.0
  • Network: bw-services (digunakan untuk menghubungkan BunkerWeb dan aplikasi web service)
  • Network: bw-universe (digunakan untuk menghubungkan BunkerWeb dan scheduler)
  • Network: bw-docker (digunakan untuk menghubungkan BunkerWeb dan docker proxy)
  • Service bunkerweb harus expose port 80 dan 443
  • Server_name: app1.marikita.online dengan reverse_proxy_host: http://myapp1
  • Server_name: app2.marikita.online dengan reverse_proxy_host: http://myapp2
  • Server_name: app3.marikita.online dengan reverse_proxy_host: http://myapp3
  • Service aplikasi bernama: myapp1 , myapp2 , myapp3 dengan image: sysopsid/web-test
version: "3.5"

services:
  bunkerweb:
    image: bunkerity/bunkerweb:1.5.0
    restart: always
    ports:
      - 80:8080
      - 443:8443
    labels:
      - "bunkerweb.INSTANCE"
    environment:
# Web Service config myapp1, myapp2, myapp3
      - SERVER_NAME=app1.marikita.online app2.marikita.online app3.marikita.online
      - MULTISITE=yes
      - USE_REVERSE_PROXY=yes
      - REVERSE_PROXY_URL=/
      - app1.marikita.online_REVERSE_PROXY_HOST=http://myapp1
      - app2.marikita.online_REVERSE_PROXY_HOST=http://myapp2
      - app3.marikita.online_REVERSE_PROXY_HOST=http://myapp3
      - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
      - LIMIT_REQ_RATE=150r/s
    networks:
      - bw-universe
      - bw-services

  bw-scheduler:
    image: bunkerity/bunkerweb-scheduler:1.5.0
    restart: always
    depends_on:
      - bunkerweb
      - bw-docker
    volumes:
      - bw-data:/data
    environment:
      - DOCKER_HOST=tcp://bw-docker:2375
    networks:
      - bw-universe
      - bw-docker

  bw-docker:
    image: tecnativa/docker-socket-proxy
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - CONTAINERS=1
    networks:
      - bw-docker

# Define container web service
  myapp1:
    container_name: myapp1
    restart: always
    image: sysopsid/web-test
    networks:
      - bw-services

  myapp2:
    container_name: myapp2
    restart: always
    image: sysopsid/web-test
    networks:
      - bw-services

  myapp3:
    container_name: myapp3
    restart: always
    image: sysopsid/web-test
    networks:
      - bw-services

volumes:
  bw-data:

networks:
  bw-universe:
    name: bw-universe
    ipam:
      driver: default
      config:
        - subnet: 10.20.30.0/24
  bw-services:
    name: bw-services
  bw-docker:
    name: bw-docker
  • Jalankan docker compose
docker-compose -f docker-compose.yml up -d
---<output>---
[+] Running 10/10
 ✔ Network bw-services                 Created                    0.1s 
 ✔ Network bw-docker                   Created                    0.1s 
 ✔ Network bw-universe                 Created                    0.1s 
 ✔ Volume "bunkerity_bw-data"          Created                    0.0s 
 ✔ Container myapp3                    Started                    1.1s 
 ✔ Container bunkerity-bunkerweb-1     Started                    1.5s 
 ✔ Container bunkerity-bw-docker-1     Started                    1.1s 
 ✔ Container myapp1                    Started                    1.3s 
 ✔ Container myapp2                    Started                    1.1s 
 ✔ Container bunkerity-bw-scheduler-1  Started                    1.9s 
  • Cek status docker compose, pastikan semua container sudah Up
docker-compose ps
---<output>---
NAME                       IMAGE                                 COMMAND                  SERVICE             CREATED             STATUS                   PORTS
bunkerity-bunkerweb-1      bunkerity/bunkerweb:1.5.0             "/usr/share/bunkerwe…"   bunkerweb           3 minutes ago       Up 3 minutes (healthy)   80/tcp, 0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp
bunkerity-bw-docker-1      tecnativa/docker-socket-proxy         "/docker-entrypoint.…"   bw-docker           3 minutes ago       Up 3 minutes             2375/tcp
bunkerity-bw-scheduler-1   bunkerity/bunkerweb-scheduler:1.5.0   "/usr/share/bunkerwe…"   bw-scheduler        3 minutes ago       Up 3 minutes (healthy)   
myapp1                     sysopsid/web-test                     "docker-php-entrypoi…"   myapp1              3 minutes ago       Up 3 minutes             80/tcp
myapp2                     sysopsid/web-test                     "docker-php-entrypoi…"   myapp2              3 minutes ago       Up 3 minutes             80/tcp
myapp3                     sysopsid/web-test                     "docker-php-entrypoi…"   myapp3              3 minutes ago       Up 3 minutes             80/tcp
  • Akses domain: app1.marikita.online , app2.marikita.online , app3.marikita.online untuk cek aplikasi web service

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.