version: '3'

services:

  mywww:
    image: bunkerity/bunkerized-nginx
    restart: always
    depends_on:
      - mypassbolt
    ports:
      - 80:8080
      - 443:8443
    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    volumes:
      - ./letsencrypt:/etc/letsencrypt
      - ./modsec-crs-confs:/modsec-crs-confs:ro      # disable some false positive
      - ./modsec-confs:/modsec-confs:ro              # disable some false positive
    environment:
      - SERVER_NAME=www.website.com                  # replace with your domain
      - AUTO_LETS_ENCRYPT=yes
      - REDIRECT_HTTP_TO_HTTPS=yes
      - DISABLE_DEFAULT_SERVER=yes
      - ALLOWED_METHODS=GET|POST|HEAD|PUT|DELETE
      - SERVE_FILES=no
      - USE_PROXY_CACHE=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - USE_REVERSE_PROXY=yes
      - REVERSE_PROXY_URL=/
      - REVERSE_PROXY_HOST=https://mypassbolt

  mypassbolt:
    image: passbolt/passbolt
    restart: always
    environment:
      - DATASOURCES_DEFAULT_HOST=mydb
      - DATASOURCES_DEFAULT_PASSWORD=db-user-pwd     # replace with a stronger password (must match MYSQL_PASSWORD)
      - DATASOURCES_DEFAULT_USERNAME=user
      - DATASOURCES_DEFAULT_DATABASE=passbolt
      - APP_FULL_BASE_URL=https://www.website.com    # replace with your URL

  mydb:
    image: mariadb
    restart: always
    volumes:
      - ./db-data:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=db-root-pwd              # replace with a stronger password
      - MYSQL_DATABASE=passbolt
      - MYSQL_USER=user
      - MYSQL_PASSWORD=db-user-pwd                   # replace with a stronger password (must match DATASOURCES_DEFAULT_PASSWORD)