version: '3.8'

services:

  autoconf:
    image: bunkerity/bunkerized-nginx-autoconf
    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /shared/confs:/etc/nginx
      - /shared/letsencrypt:/etc/letsencrypt
      - /shared/acme-challenge:/acme-challenge
    environment:
      - SWARM_MODE=yes
      - API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from nginx
    networks:
      - net_config
    deploy:
      replicas: 1
      placement:
        constraints:
          - "node.role==manager"

  nginx:
    image: bunkerity/bunkerized-nginx
    ports:
      - published: 80
        target: 8080
        mode: host
        protocol: tcp
      - published: 443
        target: 8443
        mode: host
        protocol: tcp
    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    volumes:
      - /shared/confs:/etc/nginx
      - /shared/letsencrypt:/etc/letsencrypt:ro
      - /shared/acme-challenge:/acme-challenge:ro
      - /shared/www:/www:ro
    environment:
      - SWARM_MODE=yes
      - USE_API=yes
      - API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from autoconf
      - MULTISITE=yes
      - SERVER_NAME=
      - AUTO_LETS_ENCRYPT=yes
      - REDIRECT_HTTP_TO_HTTPS=yes
      - DISABLE_DEFAULT_SERVER=yes
      - USE_CLIENT_CACHE=yes
    networks:
      - net_config
      - net_services
    deploy:
      mode: global
      placement:
        constraints:
          - "node.role==worker"
      labels:
        - "bunkerized-nginx.AUTOCONF"

 app1:
    image: php:fpm-alpine
    volumes:
      - /shared/www/app1.website.com:/www
    networks:
      - net_services
    deploy:
      replicas: 1
      placement:
        constraints:
          - "node.role==worker"
      labels:
        - "bunkerized-nginx.SERVER_NAME=app1.website.com"
        - "bunkerized-nginx.REMOTE_PHP=php"
        - "bunkerized-nginx.REMOTE_PHP_PATH=/www"

  app2:
    image: phpmyadmin:apache
    environment:
      - PMA_ARBITRARY=1
      - PMA_ABSOLUTE_URI=https://app2.website.com
    networks:
      - net_services
    deploy:
      replicas: 1
      placement:
        constraints:
          - "node.role==worker"
      labels:
        - "bunkerized-nginx.SERVER_NAME=app2.website.com"
        - "bunkerized-nginx.USE_PROXY_CACHE=yes"
        - "bunkerized-nginx.USE_REVERSE_PROXY=yes"
        - "bunkerized-nginx.REVERSE_PROXY_URL=/"
        - "bunkerized-nginx.REVERSE_PROXY_HOST=http://app2"

networks:
  net_config:
    driver: overlay
  net_services:
    driver: overlay