bunkerweb/examples/mcp-stack/docker-compose.yml

x-bw-env: &bw-env
  # We use an anchor to avoid repeating the same settings for both services
  API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24" # Make sure to set the correct IP range so the scheduler can send the configuration to the instance (internal BunkerWeb API)
  # Optional: set an API token and mirror it in both containers (internal BunkerWeb API)
  # WARNING: Leave empty only for local development. Always set a token in production.
  API_TOKEN: ""
  DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db" # Remember to set a stronger password for the database

services:
  bunkerweb:
    # This is the name that will be used to identify the instance in the Scheduler
    image: bunkerity/bunkerweb:1.6.11-rc1
    ports:
      - "80:8080/tcp"
      - "443:8443/tcp"
      - "443:8443/udp" # For QUIC / HTTP3 support
    environment:
      <<: *bw-env # We use the anchor to avoid repeating the same settings for all services
    restart: "unless-stopped"
    networks:
      - bw-universe
      - bw-services

  bw-scheduler:
    image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
    environment:
      <<: *bw-env
      BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name
      SERVER_NAME: "api.example.com"
      MULTISITE: "yes"
      USE_REDIS: "yes"
      REDIS_HOST: "redis"
      DISABLE_DEFAULT_SERVER: "yes"
      AUTO_LETS_ENCRYPT: "yes"
      api.example.com_USE_TEMPLATE: "api"
      api.example.com_USE_REVERSE_PROXY: "yes"
      api.example.com_REVERSE_PROXY_URL: "/"
      api.example.com_REVERSE_PROXY_HOST: "http://bw-api:8888"
    volumes:
      - bw-storage:/data # This is used to persist the cache and other data like the backups
    restart: "unless-stopped"
    networks:
      - bw-universe
      - bw-db

  bw-api:
    image: bunkerity/bunkerweb-api:1.6.11-rc1
    environment:
      <<: *bw-env
      # API_USERNAME: "admin"
      # API_PASSWORD: "Str0ng&P@ss!"
      API_TOKEN: "my-bearer-token-for-mcp" # optional
      API_WHITELIST_IPS: "127.0.0.0/8 10.20.30.0/24" # bw-api uses API_WHITELIST_IPS (plural), not the anchor's API_WHITELIST_IP
      FORWARDED_ALLOW_IPS: "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" # Be careful with this setting; only use it if you are sure that the reverse proxy is the only way to access the API
      API_ROOT_PATH: "/"
    networks:
      - bw-universe
      - bw-db
      - bw-mcp

  bw-mcp:
    image: bunkerity/bunkerweb-mcp:v0.1.0
    ports:
      - "127.0.0.1:8080:8080" # Bind to localhost only — do not expose to the network without authentication
    environment:
      BUNKERWEB_BASE_URL: "http://bw-api:8888"
      BUNKERWEB_API_TOKEN: "my-bearer-token-for-mcp"
      BUNKERWEB_REQUEST_TIMEOUT_SECONDS: 30
      BUNKERWEB_MAX_RETRIES: 3
      # BUNKERWEB_RETRY_BACKOFF_INITIAL: "0.5"
      # BUNKERWEB_RETRY_BACKOFF_MAX: "5.0"
      BUNKERWEB_WEBSOCKET_TOKEN: "" # Token for WebSocket transport — leave empty to disable WebSocket auth
      BUNKERWEB_LOG_LEVEL: INFO
      MCP_ENABLE_DNS_REBINDING_PROTECTION: "False" # WARNING: Enable in production and set MCP_ALLOWED_HOSTS
      # MCP_ALLOWED_HOSTS: "localhost,127.0.0.1"
      # MCP_ALLOWED_ORIGINS: ""
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s
    networks:
      - bw-mcp

  bw-db:
    image: mariadb:11
    # We set the max allowed packet size to avoid issues with large queries
    command: --max-allowed-packet=67108864
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
      MYSQL_DATABASE: "db"
      MYSQL_USER: "bunkerweb"
      MYSQL_PASSWORD: "changeme" # Remember to set a stronger password for the database
    volumes:
      - bw-data:/var/lib/mysql
    restart: "unless-stopped"
    networks:
      - bw-db

  redis: # Redis service for the persistence of reports/bans/stats
    image: redis:8-alpine
    command: >
      redis-server
      --maxmemory 256mb
      --maxmemory-policy volatile-lru
      --save 60 1000
      --appendonly yes
    volumes:
      - redis-data:/data
    restart: "unless-stopped"
    networks:
      - bw-universe

volumes:
  bw-data:
  bw-storage:
  redis-data:

networks:
  bw-universe:
    name: bw-universe
    ipam:
      driver: default
      config:
        - subnet: 10.20.30.0/24 # Make sure to set the correct IP range so the scheduler can send the configuration to the instance
  bw-services:
    name: bw-services
  bw-db:
    name: bw-db
  bw-mcp:
    name: bw-mcp
Reapply "add erxperimental bw-mcp examples" This reverts commit 5e740ce30e805625286b4950fe1df4e55b0341f6. 2026-03-18 08:03:55 +00:00			`x-bw-env: &bw-env`
			`# We use an anchor to avoid repeating the same settings for both services`
			`API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24" # Make sure to set the correct IP range so the scheduler can send the configuration to the instance (internal BunkerWeb API)`
			`# Optional: set an API token and mirror it in both containers (internal BunkerWeb API)`
fix(docs): update port binding to localhost for bw-mcp service in multiple language docs and examples 2026-03-18 08:28:31 +00:00			`# WARNING: Leave empty only for local development. Always set a token in production.`
Reapply "add erxperimental bw-mcp examples" This reverts commit 5e740ce30e805625286b4950fe1df4e55b0341f6. 2026-03-18 08:03:55 +00:00			`API_TOKEN: ""`
			`DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db" # Remember to set a stronger password for the database`

			`services:`
			`bunkerweb:`
			`# This is the name that will be used to identify the instance in the Scheduler`
Road to 1.6.11~rc1 🚀 2026-05-22 21:21:55 +00:00			`image: bunkerity/bunkerweb:1.6.11-rc1`
Reapply "add erxperimental bw-mcp examples" This reverts commit 5e740ce30e805625286b4950fe1df4e55b0341f6. 2026-03-18 08:03:55 +00:00			`ports:`
			`- "80:8080/tcp"`
			`- "443:8443/tcp"`
			`- "443:8443/udp" # For QUIC / HTTP3 support`
			`environment:`
			`<<: *bw-env # We use the anchor to avoid repeating the same settings for all services`
			`restart: "unless-stopped"`
			`networks:`
			`- bw-universe`
			`- bw-services`

			`bw-scheduler:`
Road to 1.6.11~rc1 🚀 2026-05-22 21:21:55 +00:00			`image: bunkerity/bunkerweb-scheduler:1.6.11-rc1`
Reapply "add erxperimental bw-mcp examples" This reverts commit 5e740ce30e805625286b4950fe1df4e55b0341f6. 2026-03-18 08:03:55 +00:00			`environment:`
			`<<: *bw-env`
			`BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name`
			`SERVER_NAME: "api.example.com"`
			`MULTISITE: "yes"`
			`USE_REDIS: "yes"`
			`REDIS_HOST: "redis"`
			`DISABLE_DEFAULT_SERVER: "yes"`
			`AUTO_LETS_ENCRYPT: "yes"`
			`api.example.com_USE_TEMPLATE: "api"`
			`api.example.com_USE_REVERSE_PROXY: "yes"`
			`api.example.com_REVERSE_PROXY_URL: "/"`
			`api.example.com_REVERSE_PROXY_HOST: "http://bw-api:8888"`
			`volumes:`
			`- bw-storage:/data # This is used to persist the cache and other data like the backups`
			`restart: "unless-stopped"`
			`networks:`
			`- bw-universe`
			`- bw-db`

			`bw-api:`
Road to 1.6.11~rc1 🚀 2026-05-22 21:21:55 +00:00			`image: bunkerity/bunkerweb-api:1.6.11-rc1`
Reapply "add erxperimental bw-mcp examples" This reverts commit 5e740ce30e805625286b4950fe1df4e55b0341f6. 2026-03-18 08:03:55 +00:00			`environment:`
			`<<: *bw-env`
			`# API_USERNAME: "admin"`
			`# API_PASSWORD: "Str0ng&P@ss!"`
			`API_TOKEN: "my-bearer-token-for-mcp" # optional`
fix(docs): update port binding to localhost for bw-mcp service in multiple language docs and examples 2026-03-18 08:28:31 +00:00			`API_WHITELIST_IPS: "127.0.0.0/8 10.20.30.0/24" # bw-api uses API_WHITELIST_IPS (plural), not the anchor's API_WHITELIST_IP`
Reapply "add erxperimental bw-mcp examples" This reverts commit 5e740ce30e805625286b4950fe1df4e55b0341f6. 2026-03-18 08:03:55 +00:00			`FORWARDED_ALLOW_IPS: "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" # Be careful with this setting; only use it if you are sure that the reverse proxy is the only way to access the API`
			`API_ROOT_PATH: "/"`
			`networks:`
			`- bw-universe`
			`- bw-db`
			`- bw-mcp`

			`bw-mcp:`
			`image: bunkerity/bunkerweb-mcp:v0.1.0`
			`ports:`
fix(docs): update port binding to localhost for bw-mcp service in multiple language docs and examples 2026-03-18 08:28:31 +00:00			`- "127.0.0.1:8080:8080" # Bind to localhost only — do not expose to the network without authentication`
Reapply "add erxperimental bw-mcp examples" This reverts commit 5e740ce30e805625286b4950fe1df4e55b0341f6. 2026-03-18 08:03:55 +00:00			`environment:`
			`BUNKERWEB_BASE_URL: "http://bw-api:8888"`
			`BUNKERWEB_API_TOKEN: "my-bearer-token-for-mcp"`
			`BUNKERWEB_REQUEST_TIMEOUT_SECONDS: 30`
			`BUNKERWEB_MAX_RETRIES: 3`
			`# BUNKERWEB_RETRY_BACKOFF_INITIAL: "0.5"`
			`# BUNKERWEB_RETRY_BACKOFF_MAX: "5.0"`
fix(docs): update port binding to localhost for bw-mcp service in multiple language docs and examples 2026-03-18 08:28:31 +00:00			`BUNKERWEB_WEBSOCKET_TOKEN: "" # Token for WebSocket transport — leave empty to disable WebSocket auth`
Reapply "add erxperimental bw-mcp examples" This reverts commit 5e740ce30e805625286b4950fe1df4e55b0341f6. 2026-03-18 08:03:55 +00:00			`BUNKERWEB_LOG_LEVEL: INFO`
fix(docs): update port binding to localhost for bw-mcp service in multiple language docs and examples 2026-03-18 08:28:31 +00:00			`MCP_ENABLE_DNS_REBINDING_PROTECTION: "False" # WARNING: Enable in production and set MCP_ALLOWED_HOSTS`
			`# MCP_ALLOWED_HOSTS: "localhost,127.0.0.1"`
Reapply "add erxperimental bw-mcp examples" This reverts commit 5e740ce30e805625286b4950fe1df4e55b0341f6. 2026-03-18 08:03:55 +00:00			`# MCP_ALLOWED_ORIGINS: ""`
			`restart: unless-stopped`
			`healthcheck:`
			`test: ["CMD", "curl", "-f", "http://localhost:8080/health"]`
			`interval: 30s`
			`timeout: 10s`
			`retries: 3`
			`start_period: 10s`
			`networks:`
			`- bw-mcp`

			`bw-db:`
			`image: mariadb:11`
			`# We set the max allowed packet size to avoid issues with large queries`
			`command: --max-allowed-packet=67108864`
			`environment:`
			`MYSQL_RANDOM_ROOT_PASSWORD: "yes"`
			`MYSQL_DATABASE: "db"`
			`MYSQL_USER: "bunkerweb"`
			`MYSQL_PASSWORD: "changeme" # Remember to set a stronger password for the database`
			`volumes:`
			`- bw-data:/var/lib/mysql`
			`restart: "unless-stopped"`
			`networks:`
			`- bw-db`

			`redis: # Redis service for the persistence of reports/bans/stats`
			`image: redis:8-alpine`
			`command: >`
			`redis-server`
			`--maxmemory 256mb`
Road to 1.6.10~rc7 🚀 2026-05-13 11:27:43 +00:00			`--maxmemory-policy volatile-lru`
Reapply "add erxperimental bw-mcp examples" This reverts commit 5e740ce30e805625286b4950fe1df4e55b0341f6. 2026-03-18 08:03:55 +00:00			`--save 60 1000`
			`--appendonly yes`
			`volumes:`
			`- redis-data:/data`
			`restart: "unless-stopped"`
			`networks:`
			`- bw-universe`

			`volumes:`
			`bw-data:`
			`bw-storage:`
			`redis-data:`

			`networks:`
			`bw-universe:`
			`name: bw-universe`
			`ipam:`
			`driver: default`
			`config:`
			`- subnet: 10.20.30.0/24 # Make sure to set the correct IP range so the scheduler can send the configuration to the instance`
			`bw-services:`
			`name: bw-services`
			`bw-db:`
			`name: bw-db`
			`bw-mcp:`
fix(docs): update port binding to localhost for bw-mcp service in multiple language docs and examples 2026-03-18 08:28:31 +00:00			`name: bw-mcp`