From 06848c26c4351e52c0d261a36340ae98c838b38a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Wed, 7 Aug 2024 16:41:00 +0100 Subject: [PATCH] Update UI iso-prod files to incorporate the syslog container to be able to see the logs in the web UI --- misc/dev/docker-compose.autoconf.ui.misc.yml | 33 ++++- misc/dev/docker-compose.autoconf.ui.yml | 33 ++++- misc/dev/docker-compose.autoconf.wizard.yml | 33 ++++- misc/dev/docker-compose.ui.1.5.yml | 136 +++++++++++++++++++ misc/dev/docker-compose.ui.misc.yml | 28 +++- misc/dev/docker-compose.ui.yml | 28 +++- misc/dev/docker-compose.wizard.yml | 28 +++- misc/dev/syslog-ng.conf | 31 +++++ 8 files changed, 338 insertions(+), 12 deletions(-) create mode 100644 misc/dev/docker-compose.ui.1.5.yml create mode 100644 misc/dev/syslog-ng.conf diff --git a/misc/dev/docker-compose.autoconf.ui.misc.yml b/misc/dev/docker-compose.autoconf.ui.misc.yml index 37b516fdee..3c4382e450 100644 --- a/misc/dev/docker-compose.autoconf.ui.misc.yml +++ b/misc/dev/docker-compose.autoconf.ui.misc.yml @@ -25,6 +25,11 @@ services: bw-services: aliases: - bunkerweb + logging: + driver: syslog + options: + tag: "bunkerweb" + syslog-address: "udp://10.20.30.254:514" bw-autoconf: build: @@ -46,6 +51,11 @@ services: bw-docker: aliases: - bw-autoconf + logging: + driver: syslog + options: + tag: "bw-autoconf" + syslog-address: "udp://10.20.30.254:514" bw-scheduler: build: @@ -81,15 +91,19 @@ services: bw-db: aliases: - bw-scheduler + logging: + driver: syslog + options: + tag: "bw-scheduler" + syslog-address: "udp://10.20.30.254:514" bw-ui: build: context: ../.. dockerfile: ./src/ui/Dockerfile volumes: + - bw-logs:/var/log/syslog:ro - ../../src/ui/src:/usr/share/bunkerweb/ui/src:ro - - ../../src/ui/static:/usr/share/bunkerweb/ui/static:ro - - ../../src/ui/templates:/usr/share/bunkerweb/ui/templates:ro - ../../src/ui/gunicorn.conf.py:/usr/share/bunkerweb/ui/gunicorn.conf.py:ro - ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro - ../../src/ui/models.py:/usr/share/bunkerweb/ui/models.py:ro @@ -117,6 +131,11 @@ services: - "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504" - "bunkerweb.GENERATE_SELF_SIGNED_SSL=yes" - bunkerweb.CUSTOM_CONF_MODSEC_CRS_ip-host=SecRuleRemoveById 920350 + logging: + driver: syslog + options: + tag: "bw-ui" + syslog-address: "udp://10.20.30.254:514" bw-db: image: mariadb:11 @@ -146,6 +165,15 @@ services: aliases: - bw-docker + bw-syslog: + image: balabit/syslog-ng:4.7.1 + volumes: + - bw-logs:/var/log + - ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf + networks: + bw-universe: + ipv4_address: 10.20.30.254 + app1: image: nginxdemos/nginx-hello restart: "unless-stopped" @@ -162,6 +190,7 @@ services: volumes: bw-data: bw-db: + bw-logs: networks: bw-universe: diff --git a/misc/dev/docker-compose.autoconf.ui.yml b/misc/dev/docker-compose.autoconf.ui.yml index 1f01869c6d..26c87ff353 100644 --- a/misc/dev/docker-compose.autoconf.ui.yml +++ b/misc/dev/docker-compose.autoconf.ui.yml @@ -25,6 +25,11 @@ services: bw-services: aliases: - bunkerweb + logging: + driver: syslog + options: + tag: "bunkerweb" + syslog-address: "udp://10.20.30.254:514" bw-autoconf: build: @@ -46,6 +51,11 @@ services: bw-docker: aliases: - bw-autoconf + logging: + driver: syslog + options: + tag: "bw-autoconf" + syslog-address: "udp://10.20.30.254:514" bw-scheduler: build: @@ -78,15 +88,19 @@ services: bw-db: aliases: - bw-scheduler + logging: + driver: syslog + options: + tag: "bw-scheduler" + syslog-address: "udp://10.20.30.254:514" bw-ui: build: context: ../.. dockerfile: ./src/ui/Dockerfile volumes: + - bw-logs:/var/log/syslog:ro - ../../src/ui/src:/usr/share/bunkerweb/ui/src:ro - - ../../src/ui/static:/usr/share/bunkerweb/ui/static:ro - - ../../src/ui/templates:/usr/share/bunkerweb/ui/templates:ro - ../../src/ui/gunicorn.conf.py:/usr/share/bunkerweb/ui/gunicorn.conf.py:ro - ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro - ../../src/ui/models.py:/usr/share/bunkerweb/ui/models.py:ro @@ -113,6 +127,11 @@ services: - "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000" - "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504" - "bunkerweb.GENERATE_SELF_SIGNED_SSL=yes" + logging: + driver: syslog + options: + tag: "bw-ui" + syslog-address: "udp://10.20.30.254:514" bw-db: image: mariadb:11 @@ -142,6 +161,15 @@ services: aliases: - bw-docker + bw-syslog: + image: balabit/syslog-ng:4.7.1 + volumes: + - bw-logs:/var/log + - ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf + networks: + bw-universe: + ipv4_address: 10.20.30.254 + app1: image: nginxdemos/nginx-hello restart: "unless-stopped" @@ -158,6 +186,7 @@ services: volumes: bw-data: bw-db: + bw-logs: networks: bw-universe: diff --git a/misc/dev/docker-compose.autoconf.wizard.yml b/misc/dev/docker-compose.autoconf.wizard.yml index ff4258e9f7..dde57c3fa8 100644 --- a/misc/dev/docker-compose.autoconf.wizard.yml +++ b/misc/dev/docker-compose.autoconf.wizard.yml @@ -25,6 +25,11 @@ services: bw-services: aliases: - bunkerweb + logging: + driver: syslog + options: + tag: "bunkerweb" + syslog-address: "udp://10.20.30.254:514" bw-autoconf: build: @@ -46,6 +51,11 @@ services: bw-docker: aliases: - bw-autoconf + logging: + driver: syslog + options: + tag: "bw-autoconf" + syslog-address: "udp://10.20.30.254:514" bw-scheduler: build: @@ -78,15 +88,19 @@ services: bw-db: aliases: - bw-scheduler + logging: + driver: syslog + options: + tag: "bw-scheduler" + syslog-address: "udp://10.20.30.254:514" bw-ui: build: context: ../.. dockerfile: ./src/ui/Dockerfile volumes: + - bw-logs:/var/log/syslog:ro - ../../src/ui/src:/usr/share/bunkerweb/ui/src:ro - - ../../src/ui/static:/usr/share/bunkerweb/ui/static:ro - - ../../src/ui/templates:/usr/share/bunkerweb/ui/templates:ro - ../../src/ui/gunicorn.conf.py:/usr/share/bunkerweb/ui/gunicorn.conf.py:ro - ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro - ../../src/ui/models.py:/usr/share/bunkerweb/ui/models.py:ro @@ -103,6 +117,11 @@ services: bw-db: aliases: - bw-ui + logging: + driver: syslog + options: + tag: "bw-ui" + syslog-address: "udp://10.20.30.254:514" bw-db: image: mariadb:11 @@ -132,6 +151,15 @@ services: aliases: - bw-docker + bw-syslog: + image: balabit/syslog-ng:4.7.1 + volumes: + - bw-logs:/var/log + - ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf + networks: + bw-universe: + ipv4_address: 10.20.30.254 + app1: image: nginxdemos/nginx-hello restart: "unless-stopped" @@ -148,6 +176,7 @@ services: volumes: bw-data: bw-db: + bw-logs: networks: bw-universe: diff --git a/misc/dev/docker-compose.ui.1.5.yml b/misc/dev/docker-compose.ui.1.5.yml new file mode 100644 index 0000000000..054cdc5822 --- /dev/null +++ b/misc/dev/docker-compose.ui.1.5.yml @@ -0,0 +1,136 @@ +x-env: &env + DATABASE_URI: "mariadb+pymysql://bunkerweb:secret@bw-db:3306/db" + DOCKER_HOST: "tcp://bw-docker:2375" + LOG_LEVEL: "debug" + +services: + bunkerweb: + image: bunkerity/bunkerweb:1.5.9 + ports: + - 80:8080/tcp + - 443:8443/tcp + - 443:8443/udp + labels: + - "bunkerweb.INSTANCE=yes" + environment: + - SERVER_NAME=www.example.com app1.example.com + - MULTISITE=yes + - API_WHITELIST_IP=127.0.0.0/24 10.20.30.0/24 + - USE_BUNKERNET=no + - USE_BLACKLIST=no + - USE_WHITELIST=no + - SEND_ANONYMOUS_REPORT=no + - LOG_LEVEL=info + - SERVE_FILES=no + - DISABLE_DEFAULT_SERVER=yes + - USE_CLIENT_CACHE=yes + - USE_GZIP=yes + - EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/heads/dev.zip + - CUSTOM_CONF_MODSEC_CRS_reqbody-suppress=SecRuleRemoveById 200002 + - www.example.com_USE_UI=yes + - www.example.com_USE_REVERSE_PROXY=yes + - www.example.com_REVERSE_PROXY_URL=/admin + - www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000 + - www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504 + - www.example.com_GENERATE_SELF_SIGNED_SSL=yes + - www.example.com_CUSTOM_CONF_MODSEC_CRS_ip-host=SecRuleRemoveById 920350 + - app1.example.com_USE_REVERSE_PROXY=yes + - app1.example.com_REVERSE_PROXY_URL=/ + - app1.example.com_REVERSE_PROXY_HOST=http://app1:8080 + restart: "unless-stopped" + networks: + bw-universe: + aliases: + - bunkerweb + bw-services: + aliases: + - bunkerweb + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.9 + depends_on: + - bunkerweb + - bw-docker + volumes: + - bw-data:/data + - ./configs/server-http/hello.conf:/data/configs/server-http/hello.conf:ro + environment: + <<: *env + restart: "unless-stopped" + networks: + bw-universe: + aliases: + - bw-scheduler + bw-docker: + aliases: + - bw-scheduler + + bw-docker: + image: tecnativa/docker-socket-proxy:nightly + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + - LOG_LEVEL=warning + restart: "unless-stopped" + networks: + bw-docker: + aliases: + - bw-docker + + bw-ui: + image: bunkerity/bunkerweb-ui:1.5.9 + depends_on: + - bw-docker + environment: + <<: *env + ADMIN_USERNAME: "admin" + ADMIN_PASSWORD: "P@ssw0rd" + DEBUG: "1" + restart: "unless-stopped" + networks: + bw-universe: + aliases: + - bw-ui + bw-docker: + aliases: + - bw-ui + + bw-db: + image: mariadb:11 + environment: + - MYSQL_RANDOM_ROOT_PASSWORD=yes + - MYSQL_DATABASE=db + - MYSQL_USER=bunkerweb + - MYSQL_PASSWORD=secret + volumes: + - bw-db:/var/lib/mysql + restart: "unless-stopped" + networks: + bw-docker: + aliases: + - bw-db + + app1: + image: nginxdemos/nginx-hello + restart: "unless-stopped" + networks: + bw-services: + aliases: + - app1 + +volumes: + bw-data: + bw-db: + +networks: + bw-universe: + name: bw-universe + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + bw-services: + name: bw-services + bw-docker: + name: bw-docker diff --git a/misc/dev/docker-compose.ui.misc.yml b/misc/dev/docker-compose.ui.misc.yml index f5bd6cdcb2..e9f8a0ac74 100644 --- a/misc/dev/docker-compose.ui.misc.yml +++ b/misc/dev/docker-compose.ui.misc.yml @@ -21,6 +21,11 @@ services: bw-services: aliases: - bunkerweb + logging: + driver: syslog + options: + tag: "bunkerweb" + syslog-address: "udp://10.20.30.254:514" bw-scheduler: build: @@ -66,15 +71,19 @@ services: bw-db: aliases: - bw-scheduler + logging: + driver: syslog + options: + tag: "bw-scheduler" + syslog-address: "udp://10.20.30.254:514" bw-ui: build: context: ../.. dockerfile: ./src/ui/Dockerfile volumes: + - bw-logs:/var/log/syslog:ro - ../../src/ui/src:/usr/share/bunkerweb/ui/src:ro - - ../../src/ui/static:/usr/share/bunkerweb/ui/static:ro - - ../../src/ui/templates:/usr/share/bunkerweb/ui/templates:ro - ../../src/ui/gunicorn.conf.py:/usr/share/bunkerweb/ui/gunicorn.conf.py:ro - ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro - ../../src/ui/models.py:/usr/share/bunkerweb/ui/models.py:ro @@ -93,6 +102,11 @@ services: bw-db: aliases: - bw-ui + logging: + driver: syslog + options: + tag: "bw-ui" + syslog-address: "udp://10.20.30.254:514" bw-db: image: mariadb:11 @@ -109,6 +123,15 @@ services: aliases: - bw-db + bw-syslog: + image: balabit/syslog-ng:4.7.1 + volumes: + - bw-logs:/var/log + - ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf + networks: + bw-universe: + ipv4_address: 10.20.30.254 + app1: image: nginxdemos/nginx-hello restart: "unless-stopped" @@ -120,6 +143,7 @@ services: volumes: bw-data: bw-db: + bw-logs: networks: bw-universe: diff --git a/misc/dev/docker-compose.ui.yml b/misc/dev/docker-compose.ui.yml index 61fed4e6ea..90788ed765 100644 --- a/misc/dev/docker-compose.ui.yml +++ b/misc/dev/docker-compose.ui.yml @@ -21,6 +21,11 @@ services: bw-services: aliases: - bunkerweb + logging: + driver: syslog + options: + tag: "bunkerweb" + syslog-address: "udp://10.20.30.254:514" bw-scheduler: build: @@ -63,15 +68,19 @@ services: bw-db: aliases: - bw-scheduler + logging: + driver: syslog + options: + tag: "bw-scheduler" + syslog-address: "udp://10.20.30.254:514" bw-ui: build: context: ../.. dockerfile: ./src/ui/Dockerfile volumes: + - bw-logs:/var/log/syslog:ro - ../../src/ui/src:/usr/share/bunkerweb/ui/src:ro - - ../../src/ui/static:/usr/share/bunkerweb/ui/static:ro - - ../../src/ui/templates:/usr/share/bunkerweb/ui/templates:ro - ../../src/ui/gunicorn.conf.py:/usr/share/bunkerweb/ui/gunicorn.conf.py:ro - ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro - ../../src/ui/models.py:/usr/share/bunkerweb/ui/models.py:ro @@ -90,6 +99,11 @@ services: bw-db: aliases: - bw-ui + logging: + driver: syslog + options: + tag: "bw-ui" + syslog-address: "udp://10.20.30.254:514" bw-db: image: mariadb:11 @@ -106,6 +120,15 @@ services: aliases: - bw-db + bw-syslog: + image: balabit/syslog-ng:4.7.1 + volumes: + - bw-logs:/var/log + - ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf + networks: + bw-universe: + ipv4_address: 10.20.30.254 + app1: image: nginxdemos/nginx-hello restart: "unless-stopped" @@ -117,6 +140,7 @@ services: volumes: bw-data: bw-db: + bw-logs: networks: bw-universe: diff --git a/misc/dev/docker-compose.wizard.yml b/misc/dev/docker-compose.wizard.yml index 5ceabad8d6..12f55a52cf 100644 --- a/misc/dev/docker-compose.wizard.yml +++ b/misc/dev/docker-compose.wizard.yml @@ -21,6 +21,11 @@ services: bw-services: aliases: - bunkerweb + logging: + driver: syslog + options: + tag: "bunkerweb" + syslog-address: "udp://10.20.30.254:514" bw-scheduler: build: @@ -57,15 +62,19 @@ services: bw-db: aliases: - bw-scheduler + logging: + driver: syslog + options: + tag: "bw-scheduler" + syslog-address: "udp://10.20.30.254:514" bw-ui: build: context: ../.. dockerfile: ./src/ui/Dockerfile volumes: + - bw-logs:/var/log/syslog:ro - ../../src/ui/src:/usr/share/bunkerweb/ui/src:ro - - ../../src/ui/static:/usr/share/bunkerweb/ui/static:ro - - ../../src/ui/templates:/usr/share/bunkerweb/ui/templates:ro - ../../src/ui/gunicorn.conf.py:/usr/share/bunkerweb/ui/gunicorn.conf.py:ro - ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro - ../../src/ui/models.py:/usr/share/bunkerweb/ui/models.py:ro @@ -82,6 +91,11 @@ services: bw-db: aliases: - bw-ui + logging: + driver: syslog + options: + tag: "bw-ui" + syslog-address: "udp://10.20.30.254:514" bw-db: image: mariadb:11 @@ -98,6 +112,15 @@ services: aliases: - bw-db + bw-syslog: + image: balabit/syslog-ng:4.7.1 + volumes: + - bw-logs:/var/log + - ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf + networks: + bw-universe: + ipv4_address: 10.20.30.254 + app1: image: nginxdemos/nginx-hello restart: "unless-stopped" @@ -109,6 +132,7 @@ services: volumes: bw-data: bw-db: + bw-logs: networks: bw-universe: diff --git a/misc/dev/syslog-ng.conf b/misc/dev/syslog-ng.conf new file mode 100644 index 0000000000..b5704150ea --- /dev/null +++ b/misc/dev/syslog-ng.conf @@ -0,0 +1,31 @@ +@version: 4.7 + +# Source configuration to receive logs from Docker containers +source s_net { + udp( + ip("0.0.0.0") + ); +}; + +# Template to format log messages +template t_imp { + template("$MSG\n"); + template_escape(no); +}; + +# Destination configuration to write logs to dynamically named files +destination d_dyna_file { + file( + "/var/log/${PROGRAM}.log" + template_escape(no) + owner("root") + group("101") + perm(0640) + ); +}; + +# Log path to direct logs to dynamically named files +log { + source(s_net); + destination(d_dyna_file); +};