version: '3'

services:

  mybunker:
    image: bunkerity/bunkerweb:1.4.2
    ports:
      - 80:8080
      - 443:8443
    # ⚠️ read this if you use local folders for volumes ⚠️
    # bunkerweb runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
    # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
    volumes:
      - bw_data:/data
    environment:
      - SERVER_NAME=www.example.com # replace with your domain
      - AUTO_LETS_ENCRYPT=yes
      - DISABLE_DEFAULT_SERVER=yes
      - MAX_CLIENT_SIZE=50m
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - USE_REVERSE_PROXY=yes
      - REVERSE_PROXY_URL=/
      - REVERSE_PROXY_HOST=http://mywp
      - |
        CUSTOM_CONF_MODSEC_CRS_wordpress=
        SecAction \
         "id:900130,\
          phase:1,\
          nolog,\
          pass,\
          t:none,\
          setvar:tx.crs_exclusions_wordpress=1"

  mywp:
    image: wordpress:5-apache
    volumes:
      - ./wp-data:/var/www/html
    environment:
      - WORDPRESS_DB_HOST=mydb
      - WORDPRESS_DB_NAME=wp
      - WORDPRESS_DB_USER=user
      - WORDPRESS_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
      - WORDPRESS_TABLE_PREFIX=prefix_    # best practice : replace with a random prefix

  mydb:
    image: mariadb
    volumes:
      - ./db-data:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
      - MYSQL_DATABASE=wp
      - MYSQL_USER=user
      - MYSQL_PASSWORD=db-user-pwd      # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)

volumes:
  bw_data: