bunkerweb/examples/syslog/docker-compose.yml

services:
  bunkerweb:
    image: bunkerity/bunkerweb:1.6.5-rc3
    container_name: bunkerweb
    depends_on:
      - mysyslog
    ports:
      - "80:8080/tcp"
      - "443:8443/tcp"
      - "443:8443/udp" # for QUIC
    environment:
      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
    restart: "unless-stopped"
    networks:
      - syslog-net
      - bw-universe
      - bw-services
    logging:
      driver: syslog
      options:
        syslog-address: "udp://10.10.10.254:514"

  bw-scheduler:
    image: bunkerity/bunkerweb-scheduler:1.6.5-rc3
    depends_on:
      - bunkerweb
      - mysyslog
    volumes:
      - bw-storage:/data
    environment:
      BUNKERWEB_INSTANCES: "bunkerweb"
      SERVER_NAME: "www.example.com" # replace with your domain
      API_WHITELIST_IP: "127.0.0.0/8 10.10.10.0/24"
      AUTO_LETS_ENCRYPT: "yes"
      DISABLE_DEFAULT_SERVER: "yes"
      USE_CLIENT_CACHE: "yes"
      USE_GZIP: "yes"
      USE_REVERSE_PROXY: "yes"
      REVERSE_PROXY_URL: "/"
      REVERSE_PROXY_HOST: "http://myapp:8080"
    restart: "unless-stopped"
    networks:
      - syslog-net
      - bw-universe
    logging:
      driver: syslog
      options:
        syslog-address: "udp://10.10.10.254:514"

  mysyslog:
    image: balabit/syslog-ng:4.8.0 # For x86_64 architecture
    # image: lscr.io/linuxserver/syslog-ng:4.8.1-r1-ls147 # For aarch64 architecture
    command: --no-caps
    cap_add:
      - NET_BIND_SERVICE # Bind to low ports
      - NET_BROADCAST # Send broadcasts
      - NET_RAW # Use raw sockets
      - DAC_READ_SEARCH # Read files bypassing permissions
      - DAC_OVERRIDE # Override file permissions
      - CHOWN # Change ownership
      - SYSLOG # Write to system logs
    volumes:
      - ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf
      - ./log:/var/log
    networks:
      syslog-net:
        ipv4_address: 10.10.10.254

  myapp:
    image: nginxdemos/nginx-hello
    networks:
      - bw-services

volumes:
  bw-storage:


networks:
  bw-universe:
    name: bw-universe
    ipam:
      driver: default
      config:
        - subnet: 10.20.30.0/24
  syslog-net:
    name: syslog-net
    ipam:
      driver: default
      config:
        - subnet: 10.10.10.0/24
  bw-services:
    name: bw-services