version: "3"

services:
  mybunker:
    image: bunkerity/bunkerweb:1.5.8
    ports:
      - 80:8080 # required to resolve let's encrypt challenges
      - 10000:10000 # app1 without SSL/TLS
      - 10001:10001 # app1 with SSL/TLS
      - 20000:20000 # app2 without SSL/TLS
      - 20001:20001 # app2 with SSL/TLS
    environment:
      - MULTISITE=yes
      - SERVER_NAME=app1.example.com app2.example.com # replace with your domains
      - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
      - SERVE_FILES=no
      - DISABLE_DEFAULT_SERVER=yes
      - AUTO_LETS_ENCRYPT=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - USE_REVERSE_PROXY=yes
      - SERVER_TYPE=stream
      - app1.example.com_REVERSE_PROXY_HOST=app1:9000
      - app1.example.com_LISTEN_STREAM_PORT=10000
      - app1.example.com_LISTEN_STREAM_PORT_SSL=10001
      - app2.example.com_REVERSE_PROXY_HOST=app2:9000
      - app2.example.com_LISTEN_STREAM_PORT=20000
      - app2.example.com_LISTEN_STREAM_PORT_SSL=20001
    labels:
      - "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
    networks:
      - bw-universe
      - bw-services

  bw-scheduler:
    image: bunkerity/bunkerweb-scheduler:1.5.8
    depends_on:
      - mybunker
    environment:
      - DOCKER_HOST=tcp://bw-docker-proxy:2375
    volumes:
      - bw-data:/data
    networks:
      - bw-universe
      - bw-docker

  bw-docker-proxy:
    image: tecnativa/docker-socket-proxy:nightly
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - CONTAINERS=1
      - LOG_LEVEL=warning
    networks:
      - bw-docker

  app1:
    image: istio/tcp-echo-server:1.2
    command: ["9000", "app1"]
    networks:
      - bw-services

  app2:
    image: istio/tcp-echo-server:1.2
    command: ["9000", "app2"]
    networks:
      - bw-services

volumes:
  bw-data:

networks:
  bw-services:
  bw-universe:
    ipam:
      driver: default
      config:
        - subnet: 10.20.30.0/24
  bw-docker: