43 lines
969 B
YAML
43 lines
969 B
YAML
version: '3'
|
|
|
|
services:
|
|
|
|
mywww:
|
|
image: bunkerity/bunkerized-nginx
|
|
# dropping all capabilities
|
|
cap_drop:
|
|
- ALL
|
|
# root fs as RO
|
|
read_only: true
|
|
# mandatory directories as RW
|
|
tmpfs:
|
|
- /tmp:mode=770,uid=0,gid=101
|
|
restart: always
|
|
ports:
|
|
- 80:8080
|
|
- 443:8443
|
|
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
|
# don't forget to edit the permissions of the files and folders accordingly
|
|
volumes:
|
|
- nginx_conf:/etc/nginx
|
|
- ./web-files:/www:ro
|
|
- ./letsencrypt:/etc/letsencrypt
|
|
environment:
|
|
- SERVER_NAME=www.website.com # replace with your domain
|
|
- AUTO_LETS_ENCRYPT=yes
|
|
- REDIRECT_HTTP_TO_HTTPS=yes
|
|
- DISABLE_DEFAULT_SERVER=yes
|
|
- USE_CLIENT_CACHE=yes
|
|
- USE_GZIP=yes
|
|
- REMOTE_PHP=myphp
|
|
- REMOTE_PHP_PATH=/app
|
|
|
|
myphp:
|
|
image: php:fpm
|
|
restart: always
|
|
volumes:
|
|
- ./web-files:/app
|
|
|
|
volumes:
|
|
nginx_conf:
|