version: '3'

services:

  mywww:
    image: bunkerity/bunkerized-nginx
    restart: always
    depends_on:
      - myui
    ports:
      - 80:8080
      - 443:8443
    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    volumes:
      - ./letsencrypt:/etc/letsencrypt
      - autoconf:/etc/nginx
    environment:
      - SERVER_NAME=admin.example.com                                # replace with your domain
      - MULTISITE=yes
      - AUTO_LETS_ENCRYPT=yes
      - REDIRECT_HTTP_TO_HTTPS=yes
      - DISABLE_DEFAULT_SERVER=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - USE_API=yes
      - API_URI=/ChangeMeToSomethingHardToGuess                      # change it to something hard to guess + must match API_URI for myui service
      - admin.example.com_SERVE_FILES=no
      - admin.example.com_USE_REVERSE_PROXY=yes
      - admin.example.com_REVERSE_PROXY_URL=/admin/                  # change it to something hard to guess
      - admin.example.com_REVERSE_PROXY_HOST=http://myui:5000/
      - admin.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /admin # must match REVERSE_PROXY_URL
      - admin.example.com_USE_MODSECURITY=no
    labels:
      - "bunkerized-nginx.UI"

  myui:
    image: bunkerity/bunkerized-nginx-ui
    restart: always
    depends_on:
      - myuiproxy
    volumes:
      - autoconf:/etc/nginx
    environment:
      - ABSOLUTE_URI=https://admin.example.com/admin/ # change it to your full URI
      - DOCKER_HOST=tcp://myuiproxy:2375
      - API_URI=/ChangeMeToSomethingHardToGuess
      - ADMIN_USERNAME=admin                          # change it to something hard to guess
      - ADMIN_PASSWORD=changeme                       # change it to a good password

  myuiproxy:
    image: tecnativa/docker-socket-proxy
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - CONTAINERS=1
      - SWARM=1
      - SERVICES=1

volumes:
  autoconf: