x-bw-env: &bw-env # We use an anchor to avoid repeating the same settings for both services API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24" # Make sure to set the correct IP range so the scheduler can send the configuration to the instance (internal BunkerWeb API) # Optional: set an API token and mirror it in both containers (internal BunkerWeb API) # WARNING: Leave empty only for local development. Always set a token in production. API_TOKEN: "" DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db" # Remember to set a stronger password for the database services: bunkerweb: # This is the name that will be used to identify the instance in the Scheduler image: bunkerity/bunkerweb:1.6.11-rc1 ports: - "80:8080/tcp" - "443:8443/tcp" - "443:8443/udp" # For QUIC / HTTP3 support environment: <<: *bw-env # We use the anchor to avoid repeating the same settings for all services restart: "unless-stopped" networks: - bw-universe - bw-services bw-scheduler: image: bunkerity/bunkerweb-scheduler:1.6.11-rc1 environment: <<: *bw-env BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name SERVER_NAME: "api.example.com" MULTISITE: "yes" USE_REDIS: "yes" REDIS_HOST: "redis" DISABLE_DEFAULT_SERVER: "yes" AUTO_LETS_ENCRYPT: "yes" api.example.com_USE_TEMPLATE: "api" api.example.com_USE_REVERSE_PROXY: "yes" api.example.com_REVERSE_PROXY_URL: "/" api.example.com_REVERSE_PROXY_HOST: "http://bw-api:8888" volumes: - bw-storage:/data # This is used to persist the cache and other data like the backups restart: "unless-stopped" networks: - bw-universe - bw-db bw-api: image: bunkerity/bunkerweb-api:1.6.11-rc1 environment: <<: *bw-env # API_USERNAME: "admin" # API_PASSWORD: "Str0ng&P@ss!" API_TOKEN: "my-bearer-token-for-mcp" # optional API_WHITELIST_IPS: "127.0.0.0/8 10.20.30.0/24" # bw-api uses API_WHITELIST_IPS (plural), not the anchor's API_WHITELIST_IP FORWARDED_ALLOW_IPS: "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" # Be careful with this setting; only use it if you are sure that the reverse proxy is the only way to access the API API_ROOT_PATH: "/" networks: - bw-universe - bw-db - bw-mcp bw-mcp: image: bunkerity/bunkerweb-mcp:v0.1.0 ports: - "127.0.0.1:8080:8080" # Bind to localhost only — do not expose to the network without authentication environment: BUNKERWEB_BASE_URL: "http://bw-api:8888" BUNKERWEB_API_TOKEN: "my-bearer-token-for-mcp" BUNKERWEB_REQUEST_TIMEOUT_SECONDS: 30 BUNKERWEB_MAX_RETRIES: 3 # BUNKERWEB_RETRY_BACKOFF_INITIAL: "0.5" # BUNKERWEB_RETRY_BACKOFF_MAX: "5.0" BUNKERWEB_WEBSOCKET_TOKEN: "" # Token for WebSocket transport — leave empty to disable WebSocket auth BUNKERWEB_LOG_LEVEL: INFO MCP_ENABLE_DNS_REBINDING_PROTECTION: "False" # WARNING: Enable in production and set MCP_ALLOWED_HOSTS # MCP_ALLOWED_HOSTS: "localhost,127.0.0.1" # MCP_ALLOWED_ORIGINS: "" restart: unless-stopped healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 3 start_period: 10s networks: - bw-mcp bw-db: image: mariadb:11 # We set the max allowed packet size to avoid issues with large queries command: --max-allowed-packet=67108864 environment: MYSQL_RANDOM_ROOT_PASSWORD: "yes" MYSQL_DATABASE: "db" MYSQL_USER: "bunkerweb" MYSQL_PASSWORD: "changeme" # Remember to set a stronger password for the database volumes: - bw-data:/var/lib/mysql restart: "unless-stopped" networks: - bw-db redis: # Redis service for the persistence of reports/bans/stats image: redis:8-alpine command: > redis-server --maxmemory 256mb --maxmemory-policy volatile-lru --save 60 1000 --appendonly yes volumes: - redis-data:/data restart: "unless-stopped" networks: - bw-universe volumes: bw-data: bw-storage: redis-data: networks: bw-universe: name: bw-universe ipam: driver: default config: - subnet: 10.20.30.0/24 # Make sure to set the correct IP range so the scheduler can send the configuration to the instance bw-services: name: bw-services bw-db: name: bw-db bw-mcp: name: bw-mcp