version: '3' services: mywww: image: debug restart: always # mandatory for crowdsec : # you need to redirect Docker logs to the syslog server logging: driver: syslog options: syslog-address: "udp://10.10.10.254:514" depends_on: - mysyslog - myapp1 - myapp2 ports: - 80:8080 - 443:8443 # bunkerized-nginx runs as an unprivileged user with UID/GID 101 # don't forget to edit the permissions of the files and folders accordingly volumes: - ./web-files:/www:ro - ./letsencrypt:/etc/letsencrypt environment: - SERVER_NAME=app1.website.com app2.website.com # replace with your domains - MULTISITE=yes - AUTO_LETS_ENCRYPT=yes - REDIRECT_HTTP_TO_HTTPS=yes - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - USE_CROWDSEC=yes - CROWDSEC_HOST=http://mycrowdsec:8080 - CROWDSEC_KEY= # you need to generate it (see bouncer_key.sh) - app1.website.com_REMOTE_PHP=myapp1 - app1.website.com_REMOTE_PHP_PATH=/app - app2.website.com_REMOTE_PHP=myapp2 - app2.website.com_REMOTE_PHP_PATH=/app networks: net0: net1: net2: mycrowdsec: image: crowdsecurity/crowdsec:v1.0.13 restart: always volumes: - ./acquis.yaml:/etc/crowdsec/acquis.yaml - nginx_logs:/var/log:ro environment: - COLLECTIONS=crowdsecurity/nginx - REGISTER_TO_ONLINE_API=true networks: - net0 mysyslog: image: balabit/syslog-ng restart: always volumes: - ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf - nginx_logs:/var/log networks: net0: ipv4_address: 10.10.10.254 myapp1: image: php:fpm restart: always volumes: - ./web-files/app1.website.com:/app networks: - net1 myapp2: image: php:fpm restart: always volumes: - ./web-files/app2.website.com:/app networks: - net2 networks: net0: ipam: driver: default config: - subnet: 10.10.10.0/24 net1: net2: volumes: nginx_logs: