version: "3.5"

services:
  bw:
    image: bunkerity/bunkerweb:1.5.2
    pull_policy: never
    labels:
      - "bunkerweb.INSTANCE"
    volumes:
      - ./index.html:/var/www/html/index.html
    environment:
      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24 192.168.0.3"
      HTTP_PORT: "80"
      USE_BUNKERNET: "no"
      USE_BLACKLIST: "no"
      LOG_LEVEL: "info"

      # ? MODECURITY settings
      USE_MODSECURITY: "yes"
      USE_MODSECURITY_CRS: "yes"
      MODSECURITY_SEC_AUDIT_ENGINE: "RelevantOnly"
      MODSECURITY_SEC_RULE_ENGINE: "On"
      MODSECURITY_SEC_AUDIT_LOG_PARTS: "ABCFHZ"
    networks:
      bw-universe:
      bw-services:
        ipv4_address: 192.168.0.2

  bw-scheduler:
    image: bunkerity/bunkerweb-scheduler:1.5.2
    pull_policy: never
    depends_on:
      - bw
      - bw-docker
    environment:
      DOCKER_HOST: "tcp://bw-docker:2375"
      LOG_LEVEL: "info"
    networks:
      - bw-universe
      - bw-docker

  bw-docker:
    image: tecnativa/docker-socket-proxy:nightly
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      CONTAINERS: "1"
    networks:
      - bw-docker

networks:
  bw-universe:
    name: bw-universe
    ipam:
      driver: default
      config:
        - subnet: 10.20.30.0/24
  bw-services:
    name: bw-services
    ipam:
      driver: default
      config:
        - subnet: 192.168.0.0/24
  bw-docker: