x-env: &env
  DATABASE_URI: "mariadb+pymysql://bunkerweb:secret@bw-db:3306/db"
  DOCKER_HOST: "tcp://bw-docker:2375"
  AUTOCONF_MODE: "yes"
  LOG_LEVEL: "info"
  CUSTOM_LOG_LEVEL: "debug"
  LOG_TYPES: "stderr syslog"
  LOG_SYSLOG_ADDRESS: "udp://bw-syslog:514"

services:
  bunkerweb:
    build:
      context: ../..
      dockerfile: ./src/bw/Dockerfile
      args:
        SKIP_MINIFY: "yes"
    ports:
      - 80:8080/tcp
      - 443:8443/tcp
      - 443:8443/udp
    environment:
      API_WHITELIST_IP: "127.0.0.0/24 10.20.30.0/24"
    restart: "unless-stopped"
    networks:
      bw-universe:
        aliases:
          - bunkerweb
      bw-services:
        aliases:
          - bunkerweb

  bw-autoconf:
    build:
      context: ../..
      dockerfile: ./src/autoconf/Dockerfile
    depends_on:
      - bunkerweb
      - bw-docker
    environment:
      <<: *env
    restart: "unless-stopped"
    networks:
      bw-universe:
        aliases:
          - bw-autoconf
      bw-db:
        aliases:
          - bw-autoconf
      bw-docker:
        aliases:
          - bw-autoconf

  bw-scheduler:
    build:
      context: ../..
      dockerfile: ./src/scheduler/Dockerfile
    depends_on:
      - bunkerweb
    volumes:
      - bw-storage:/data
    environment:
      <<: *env
      BUNKERWEB_INSTANCES: ""
      SERVER_NAME: ""
      MULTISITE: "yes"
      API_WHITELIST_IP: "127.0.0.0/24 10.20.30.0/24"
      ACCESS_LOG_1: "syslog:server=bw-syslog:514,tag=bunkerweb_access"
      ERROR_LOG_1: "syslog:server=bw-syslog:514,tag=bunkerweb"
      USE_BUNKERNET: "no"
      USE_BLACKLIST: "no"
      USE_WHITELIST: "no"
      SEND_ANONYMOUS_REPORT: "no"
      LOG_LEVEL: "info"
      SERVE_FILES: "no"
      DISABLE_DEFAULT_SERVER: "yes"
      USE_CLIENT_CACHE: "yes"
      USE_GZIP: "yes"
      SESSIONS_CHECK_IP: "no"
    restart: "unless-stopped"
    networks:
      bw-universe:
        aliases:
          - bw-scheduler
      bw-db:
        aliases:
          - bw-scheduler

  bw-ui:
    build:
      context: ../..
      dockerfile: ./src/ui/Dockerfile
      args:
        SKIP_MINIFY: "yes"
    ports:
      - 7000:7000
    volumes:
      - bw-logs:/var/log/bunkerweb
      - ../../src/ui/app:/usr/share/bunkerweb/ui/app:ro
      - ../../src/ui/utils:/usr/share/bunkerweb/ui/utils:ro
      - ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro
    environment:
      <<: *env
      ADMIN_USERNAME: "admin"
      ADMIN_PASSWORD: "P@ssw0rd"
      CHECK_PRIVATE_IP: "no"
      FLASK_SECRET: "secret"
      DEBUG: "1"
      MAX_WORKERS: "1"
      MAX_THREADS: "4"
    restart: "unless-stopped"
    networks:
      bw-universe:
        aliases:
          - bw-ui
      bw-db:
        aliases:
          - bw-ui
    labels:
      - "bunkerweb.SERVER_NAME=www.example.com"
      - "bunkerweb.USE_TEMPLATE=ui"
      - "bunkerweb.GENERATE_SELF_SIGNED_SSL=yes"
      - "bunkerweb.USE_REVERSE_PROXY=yes"
      - "bunkerweb.REVERSE_PROXY_URL=/admin"
      - "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"

  bw-api:
    build:
      context: ../..
      dockerfile: ./src/api/Dockerfile
    ports:
      - 8888:8888
    volumes:
      - ../../src/api/app:/usr/share/bunkerweb/api/app:ro
      - ../../src/api/utils:/usr/share/bunkerweb/api/utils:ro
    environment:
      <<: *env
      API_USERNAME: "admin"
      API_PASSWORD: "P@ssw0rd"
      FORWARDED_ALLOW_IPS: "*"
      DEBUG: "1"
      MAX_WORKERS: "1"
      MAX_THREADS: "4"
    restart: "unless-stopped"
    networks:
      bw-universe:
        aliases:
          - bw-api
      bw-db:
        aliases:
          - bw-api
    labels:
      - "bunkerweb.SERVER_NAME=api.example.com"
      - "bunkerweb.USE_TEMPLATE=api"
      - "bunkerweb.GENERATE_SELF_SIGNED_SSL=yes"
      - "bunkerweb.USE_REVERSE_PROXY=yes"
      - "bunkerweb.REVERSE_PROXY_URL=/"
      - "bunkerweb.REVERSE_PROXY_HOST=http://bw-api:8888"

  bw-db:
    image: mariadb:11
    command: --max-allowed-packet=67108864
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
      MYSQL_DATABASE: "db"
      MYSQL_USER: "bunkerweb"
      MYSQL_PASSWORD: "secret"
    volumes:
      - bw-data:/var/lib/mysql
    restart: "unless-stopped"
    networks:
      bw-db:
        aliases:
          - bw-db

  bw-docker:
    image: tecnativa/docker-socket-proxy:nightly
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      CONTAINERS: "1"
      LOG_LEVEL: "warning"
    restart: "unless-stopped"
    networks:
      bw-docker:
        aliases:
          - bw-docker

  bw-syslog:
    image: balabit/syslog-ng:4.10.2
    cap_add:
      - NET_BIND_SERVICE # Bind to low ports
      - NET_BROADCAST # Send broadcasts
      - NET_RAW # Use raw sockets
      - DAC_READ_SEARCH # Read files bypassing permissions
      - DAC_OVERRIDE # Override file permissions
      - CHOWN # Change ownership
      - SYSLOG # Write to system logs
    volumes:
      - bw-logs:/var/log/bunkerweb
      - ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf
    networks:
      bw-universe:
        aliases:
          - bw-syslog

  app1:
    image: bunkerity/bunkerweb-hello:v1.0
    restart: "unless-stopped"
    networks:
      bw-services:
        aliases:
          - app1
    labels:
      - "bunkerweb.SERVER_NAME=app1.example.com"
      - "bunkerweb.USE_REVERSE_PROXY=yes"
      - "bunkerweb.REVERSE_PROXY_URL=/"
      - "bunkerweb.REVERSE_PROXY_HOST=http://app1:8080"

volumes:
  bw-data:
  bw-storage:
  bw-logs:

networks:
  bw-universe:
    name: bw-universe
    ipam:
      driver: default
      config:
        - subnet: 10.20.30.0/24
  bw-services:
    name: bw-services
  bw-db:
    name: bw-db
  bw-docker:
    name: bw-docker