x-env: &env DATABASE_URI: "mariadb+pymysql://bunkerweb:secret@bw-db:3306/db" LOG_LEVEL: "info" CUSTOM_LOG_LEVEL: "debug" LOG_TYPES: "stderr syslog" LOG_SYSLOG_ADDRESS: "udp://bw-syslog:514" services: bunkerweb: build: context: ../.. dockerfile: ./src/bw/Dockerfile args: SKIP_MINIFY: "yes" ports: - 80:8080/tcp - 443:8443/tcp - 443:8443/udp environment: API_WHITELIST_IP: "127.0.0.0/24 10.20.30.0/24" restart: "unless-stopped" networks: bw-universe: aliases: - bunkerweb bw-services: aliases: - bunkerweb bw-scheduler: build: context: ../.. dockerfile: ./src/scheduler/Dockerfile depends_on: - bunkerweb volumes: - bw-storage:/data environment: <<: *env BUNKERWEB_INSTANCES: "bunkerweb" SERVER_NAME: "www.example.com api.example.com app1.example.com" MULTISITE: "yes" API_WHITELIST_IP: "127.0.0.0/24 10.20.30.0/24" ACCESS_LOG_1: "syslog:server=bw-syslog:514,tag=bunkerweb_access" ERROR_LOG_1: "syslog:server=bw-syslog:514,tag=bunkerweb" USE_BUNKERNET: "no" USE_BLACKLIST: "no" USE_WHITELIST: "no" SEND_ANONYMOUS_REPORT: "no" SERVE_FILES: "no" DISABLE_DEFAULT_SERVER: "yes" USE_CLIENT_CACHE: "yes" USE_GZIP: "yes" SESSIONS_CHECK_IP: "no" www.example.com_USE_TEMPLATE: "ui" www.example.com_GENERATE_SELF_SIGNED_SSL: "yes" www.example.com_USE_REVERSE_PROXY: "yes" www.example.com_REVERSE_PROXY_URL: "/admin" www.example.com_REVERSE_PROXY_HOST: "http://bw-ui:7000" api.example.com_USE_TEMPLATE: "api" api.example.com_GENERATE_SELF_SIGNED_SSL: "yes" api.example.com_USE_REVERSE_PROXY: "yes" api.example.com_REVERSE_PROXY_URL: "/" api.example.com_REVERSE_PROXY_HOST: "http://bw-api:8888" app1.example.com_USE_REVERSE_PROXY: "yes" app1.example.com_REVERSE_PROXY_URL: "/" app1.example.com_REVERSE_PROXY_HOST: "http://app1:8080" restart: "unless-stopped" networks: bw-universe: aliases: - bw-scheduler bw-db: aliases: - bw-scheduler bw-ui: build: context: ../.. dockerfile: ./src/ui/Dockerfile args: SKIP_MINIFY: "yes" ports: - 7000:7000 volumes: - bw-logs:/var/log/bunkerweb - ../../src/ui/app:/usr/share/bunkerweb/ui/app:ro - ../../src/ui/utils:/usr/share/bunkerweb/ui/utils:ro - ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro environment: <<: *env ADMIN_USERNAME: "admin" ADMIN_PASSWORD: "P@ssw0rd" CHECK_PRIVATE_IP: "no" FLASK_SECRET: "secret" DEBUG: "1" MAX_WORKERS: "1" MAX_THREADS: "4" restart: "unless-stopped" networks: bw-universe: aliases: - bw-ui bw-db: aliases: - bw-ui bw-api: build: context: ../.. dockerfile: ./src/api/Dockerfile ports: - 8888:8888 volumes: - ../../src/api/app:/usr/share/bunkerweb/api/app:ro - ../../src/api/utils:/usr/share/bunkerweb/api/utils:ro environment: <<: *env API_USERNAME: "admin" API_PASSWORD: "P@ssw0rd" FORWARDED_ALLOW_IPS: "*" DEBUG: "1" MAX_WORKERS: "1" MAX_THREADS: "4" restart: "unless-stopped" networks: bw-universe: aliases: - bw-api bw-db: aliases: - bw-api bw-db: image: mariadb:11 command: --max-allowed-packet=67108864 environment: MYSQL_RANDOM_ROOT_PASSWORD: "yes" MYSQL_DATABASE: "db" MYSQL_USER: "bunkerweb" MYSQL_PASSWORD: "secret" volumes: - bw-data:/var/lib/mysql restart: "unless-stopped" networks: bw-db: aliases: - bw-db bw-syslog: image: balabit/syslog-ng:4.10.2 cap_add: - NET_BIND_SERVICE # Bind to low ports - NET_BROADCAST # Send broadcasts - NET_RAW # Use raw sockets - DAC_READ_SEARCH # Read files bypassing permissions - DAC_OVERRIDE # Override file permissions - CHOWN # Change ownership - SYSLOG # Write to system logs volumes: - bw-logs:/var/log/bunkerweb - ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf networks: bw-universe: aliases: - bw-syslog app1: image: bunkerity/bunkerweb-hello:v1.0 restart: "unless-stopped" networks: bw-services: aliases: - app1 volumes: bw-data: bw-storage: bw-logs: networks: bw-universe: name: bw-universe ipam: driver: default config: - subnet: 10.20.30.0/24 bw-services: name: bw-services bw-db: name: bw-db