---
version: '3.3'

services:

  authelia:
    image: authelia/authelia
    volumes:
      - ./authelia:/config
    restart: unless-stopped
    healthcheck:
      disable: true
    environment:
      - TZ=France/Paris

  redis:
    image: redis:alpine
    volumes:
      - ./redis:/data
    restart: unless-stopped
    environment:
      - TZ=France/Paris

  bunkerized-nginx:
    image: bunkerity/bunkerized-nginx
    restart: always
    depends_on:
      - authelia
      - myapp1
      - myapp2
    ports:
      - 80:8080
      - 443:8443
    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    volumes:
      - ./web-files:/www:ro
      - ./letsencrypt:/etc/letsencrypt
    environment:
      - SERVER_NAME=auth.example.com app1.example.com app2.example.com # replace with your domains
      - MULTISITE=yes
      - AUTO_LETS_ENCRYPT=yes
      - REDIRECT_HTTP_TO_HTTPS=yes
      - DISABLE_DEFAULT_SERVER=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - USE_AUTHELIA=yes
      - AUTHELIA_BACKEND=https://auth.example.com
      - AUTHELIA_UPSTREAM=http://authelia:9091
      - auth.example.com_USE_AUTHELIA=no
      - auth.example.com_USE_REVERSE_PROXY=yes
      - auth.example.com_REVERSE_PROXY_URL=/
      - auth.example.com_REVERSE_PROXY_HOST=http://authelia:9091
      - app1.example.com_REMOTE_PHP=myapp1
      - app1.example.com_REMOTE_PHP_PATH=/app
      - app2.example.com_SERVE_FILES=no
      - app2.example.com_USE_REVERSE_PROXY=yes
      - app2.example.com_REVERSE_PROXY_URL=/
      - app2.example.com_REVERSE_PROXY_HOST=http://myapp2

  myapp1:
    image: php:fpm
    restart: always
    volumes:
      - ./web-files/app1.example.com:/app

  myapp2:
    image: php:apache
    restart: always
    volumes:
      - ./web-files/app2.example.com:/var/www/html