bunkerity / bunkerweb

🛡️ Open-source and next-generation Web Application Firewall (WAF)
https://www.bunkerweb.io
GNU Affero General Public License v3.0
6.47k stars 363 forks source link

[DOC] unable to migrate anything from 1.4.x to 1.5.0 based on existing documentation #558

Closed chrismade closed 4 months ago

chrismade commented 1 year ago

Description I'm operating a few bunkerweb instances on 1.4.x - however, due to the recent (breaking) changes, I was unable to migrate anything from 1.4.x to 1.5.0 based on existing documentation: https://docs.bunkerweb.io/1.5.0/migrating/ lists the breaking changes (not static variables.env any more, now separate containers etc) but is not providing any tangible instructions to migrate the docker compose files in https://docs.bunkerweb.io/1.5.0/integrations/ are very appreciated but it looks like these are still incomplete

Proposal (optional) the copy/paste-like docker-compose.yml examples on https://docs.bunkerweb.io/1.5.0/integrations/ should be extended - at least - to deliver a static file (e.g. /siteid.txt ) so we can use curl -v -H 'Host: www.example.com' http://172.19.0.1:8080/siteid.txt to check the most basic use-case to deliver one simple static file and check if the various containers are communicating correctly with each other I would have expected in the first basic docker setup that the bunkerweb container also needs access to volume "bwdata" to read config from the sqlite DB - because in the "autoconf" examples this container needs to communicate with the database and in the basic docker setup it does not (?) Also for static delivery we used to have a separate "www" mount for /var/www/html which is not provided in the "integrations" examples

long story short - breaking changes are sometimes necessary - but user's pain is much lower with some documentation to explain some basic use-cases in the new setup - that actually work

fl0ppy-d1sk commented 1 year ago

Hello @chrismade,

The initial goal of the Integrations section of the documentation is to have an overview (and some technical details) of the different integrations.

Full working examples for all integrations covering common use-cases are listed in the Quickstart guide. Is this what you are looking for ?

Btw you also have the following :

Will be more than happy if you have any suggestions to improve it.

cc @syrk4web

chrismade commented 1 year ago

I usually start with something which might be just too simple and trivial for someone who is already on expert level - when I setup a new bunkerweb instance I start with the very simple Multisite config for two websites being delivered out of bunkerweb - e.g. such a simple config

    - name: MULTISITE
      value: "yes"
    - name: SERVER_NAME
      value: sorry.5.77.222.199.nip.io www.5.77.222.199.nip.io
    - name: www.5.77.222.199.nip.io_SERVER_NAME
      value: www.5.77.222.199.nip.io
    - name: www.5.77.222.199.nip.io_AUTO_LETS_ENCRYPT
      value: "yes"
    - name: www.5.77.222.199.nip.io_EMAIL_LETS_ENCRYPT
      value: privacy@something.com
    - name: www.5.77.222.199.nip.io_USE_LETS_ENCRYPT_STAGING
      value: "yes"
    - name: sorry.5.77.222.199.nip.io_SERVER_NAME
      value: sorry.5.77.222.199.nip.io
    - name: sorry.5.77.222.199.nip.io_AUTO_LETS_ENCRYPT
      value: "yes"
    - name: sorry.5.77.222.199.nip.io_EMAIL_LETS_ENCRYPT
      value: privacy@something.com
    - name: sorry.5.77.222.199.nip.io_USE_LETS_ENCRYPT_STAGING
      value: "yes"

for which I need to create the minimal setup in the filesystem:

bwdata/www
bwdata/www/www.5.77.222.199.nip.io
bwdata/www/www.5.77.222.199.nip.io/siteid.txt
bwdata/www/sorry.5.77.222.199.nip.io
bwdata/www/sorry.5.77.222.199.nip.io/siteid.txt

such a simple setup allows me to test everything (static delivery, letsencrypt handling, basic connectivity) - so far I was unable to get this working in 1.5.0 based on the documentation which has a lot of elaborated setups - but this very basic one is either missing or I was unable to find it.

If everything works as expected in this simple setup then I usually go for the more sophisticated ones (e.g. nextcloud, keycloak etc)