mirror of
https://github.com/bunkerity/bunkerweb
synced 2026-05-24 09:28:37 +00:00
75 lines
1.9 KiB
YAML
75 lines
1.9 KiB
YAML
services:
|
|
bunkerweb:
|
|
image: bunkerity/bunkerweb:1.6.11-rc1
|
|
container_name: bunkerweb
|
|
# dropping all capabilities
|
|
cap_drop:
|
|
- ALL
|
|
# disable setuid/setgid
|
|
security_opt:
|
|
- no-new-privileges
|
|
# read-only file system
|
|
read_only: true
|
|
# folders that need write access
|
|
tmpfs:
|
|
- /tmp:mode=0770,uid=0,gid=101
|
|
- /var/tmp/bunkerweb:mode=0770,uid=0,gid=101
|
|
- /var/run/bunkerweb:mode=0770,uid=0,gid=101
|
|
- /var/cache/bunkerweb:mode=0770,uid=0,gid=101
|
|
- /var/lib/bunkerweb:mode=0770,uid=0,gid=101
|
|
- /var/www/html:mode=0770,uid=0,gid=101
|
|
- /etc/bunkerweb:mode=0770,uid=0,gid=101
|
|
- /etc/bunkerweb/configs:mode=0770,uid=0,gid=101
|
|
- /etc/nginx:mode=0770,uid=0,gid=101
|
|
ports:
|
|
- "80:8080/tcp"
|
|
- "443:8443/tcp"
|
|
- "443:8443/udp" # for QUIC
|
|
environment:
|
|
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
|
|
restart: "unless-stopped"
|
|
networks:
|
|
- bw-universe
|
|
- bw-services
|
|
|
|
bw-scheduler:
|
|
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
|
|
container_name: bw-scheduler
|
|
depends_on:
|
|
- bunkerweb
|
|
volumes:
|
|
- bw-storage:/data
|
|
environment:
|
|
BUNKERWEB_INSTANCES: "bunkerweb"
|
|
SERVER_NAME: "www.example.com" # replace with your domain
|
|
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
|
|
AUTO_LETS_ENCRYPT: "yes"
|
|
DISABLE_DEFAULT_SERVER: "yes"
|
|
USE_CLIENT_CACHE: "yes"
|
|
USE_GZIP: "yes"
|
|
USE_REVERSE_PROXY: "yes"
|
|
REVERSE_PROXY_URL: "/"
|
|
REVERSE_PROXY_HOST: "http://myapp:8080"
|
|
REMOTE_PHP_PATH: "/app"
|
|
restart: "unless-stopped"
|
|
networks:
|
|
- bw-universe
|
|
|
|
myapp:
|
|
image: nginxdemos/nginx-hello
|
|
networks:
|
|
- bw-services
|
|
|
|
volumes:
|
|
bw-storage:
|
|
|
|
|
|
networks:
|
|
bw-universe:
|
|
name: bw-universe
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: 10.20.30.0/24
|
|
bw-services:
|
|
name: bw-services
|