services:
  bunkerweb:
    image: bunkerity/bunkerweb:1.6.11-rc1
    container_name: bunkerweb
    ports:
      - "80:8080/tcp"
      - "443:8443/tcp"
      - "443:8443/udp" # for QUIC
    environment:
      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
    restart: "unless-stopped"
    networks:
      - bw-universe
      - bw-services

  bw-scheduler:
    image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
    container_name: bw-scheduler
    depends_on:
      - bunkerweb
    volumes:
      - bw-storage:/data
    environment:
      BUNKERWEB_INSTANCES: "bunkerweb"
      SERVER_NAME: "www.example.com" # replace with your domain
      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
      SERVE_FILES: "no"
      DISABLE_DEFAULT_SERVER: "yes"
      AUTO_LETS_ENCRYPT: "yes"
      USE_CLIENT_CACHE: "yes"
      USE_GZIP: "yes"
      USE_REVERSE_PROXY: "yes"
      REVERSE_PROXY_URL: "/"
      REVERSE_PROXY_HOST: "http://mygogs:3000"
      REVERSE_PROXY_HEADERS_1: "Authorization $$http_authorization"
      MAX_CLIENT_SIZE: "1G"
      CUSTOM_CONF_MODSEC_CRS_gogs: |
        SecAction "id:900220,phase:1,nolog,pass,t:none,setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
    restart: "unless-stopped"
    networks:
      - bw-universe

  mygogs:
    image: gogs/gogs:0.13
    volumes:
      - ./gogs-data:/data
    networks:
      - bw-services

volumes:
  bw-storage:


networks:
  bw-universe:
    name: bw-universe
    ipam:
      driver: default
      config:
        - subnet: 10.20.30.0/24
  bw-services:
    name: bw-services