version: '3'

services:

  mywww:
    image: bunkerity/bunkerized-nginx
    restart: always
    ports:
      - 80:8080
      - 443:8443
    volumes:
      - ./web-files:/www:ro
      - ./letsencrypt:/etc/letsencrypt
      - nginx_logs:/var/log
    environment:
      - SERVER_NAME=app1.website.com app2.website.com # replace with your domains
      - MULTISITE=yes
      - AUTO_LETS_ENCRYPT=yes
      - REDIRECT_HTTP_TO_HTTPS=yes
      - DISABLE_DEFAULT_SERVER=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - USE_BROTLI=yes
      - USE_CROWDSEC=yes
      - CROWDSEC_HOST=http://mycrowdsec:8080
      - CROWDSEC_KEY=                                 # you need to generate it (see bouncer_key.sh)
      - app1.website.com_REMOTE_PHP=myapp1
      - app1.website.com_REMOTE_PHP_PATH=/app
      - app2.website.com_REMOTE_PHP=myapp2
      - app2.website.com_REMOTE_PHP_PATH=/app
    networks:
      - net0
      - net1
      - net2

  mycrowdsec:
    image: crowdsecurity/crowdsec:v1.0.2
    restart: always
    volumes:
      - ./acquis.yaml:/etc/crowdsec/acquis.yaml
      - nginx_logs:/var/log:ro
    environment:
      - COLLECTIONS=crowdsecurity/nginx
      - REGISTER_TO_ONLINE_API=true
    networks:
      - net0

  myapp1:
    image: php:fpm
    restart: always
    volumes:
      - ./web-files/app1.website.com:/app
    networks:
      - net1

  myapp2:
    image: php:fpm
    restart: always
    volumes:
      - ./web-files/app2.website.com:/app
    networks:
      - net2

networks:
  net0:
  net1:
  net2:

volumes:
  nginx_logs: