bunkerized-nginx/examples/wordpress/docker-compose.yml

version: "3"

services:
  mybunker:
    image: bunkerity/bunkerweb:1.5.4
    ports:
      - 80:8080
      - 443:8443
    environment:
      SERVER_NAME: "www.example.com" # replace with your domain
      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
      AUTO_LETS_ENCRYPT: "yes"
      DISABLE_DEFAULT_SERVER: "yes"
      MAX_CLIENT_SIZE: "50m"
      USE_CLIENT_CACHE: "yes"
      USE_GZIP: "yes"
      USE_REVERSE_PROXY: "yes"
      REVERSE_PROXY_URL: "/"
      REVERSE_PROXY_HOST: "http://mywp"
      CUSTOM_CONF_MODSEC_CRS_wordpress: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_wordpress=1"'
    labels:
      - "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
    networks:
      - bw-universe
      - bw-services

  bw-scheduler:
    image: bunkerity/bunkerweb-scheduler:1.5.4
    depends_on:
      - mybunker
    environment:
      DOCKER_HOST: "tcp://bw-docker-proxy:2375"
    volumes:
      - bw-data:/data
    networks:
      - bw-universe
      - bw-docker

  bw-docker-proxy:
    image: tecnativa/docker-socket-proxy:nightly
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - CONTAINERS=1
      - LOG_LEVEL=warning
    networks:
      - bw-docker

  mywp:
    image: wordpress:6.1.1-apache
    volumes:
      - wp-data:/var/www/html
    environment:
      - WORDPRESS_DB_HOST=mydb
      - WORDPRESS_DB_NAME=wp
      - WORDPRESS_DB_USER=user
      - WORDPRESS_DB_PASSWORD=db-user-pwd # set a stronger password in a .env file (must match MYSQL_PASSWORD)
      - WORDPRESS_TABLE_PREFIX=prefix_ # best practice : replace with a random prefix
    networks:
      - bw-services

  mydb:
    image: mariadb
    volumes:
      - db-data:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
      - MYSQL_DATABASE=wp
      - MYSQL_USER=user
      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD)
    networks:
      - bw-services

volumes:
  bw-data:
  wp-data:
  db-data:

networks:
  bw-universe:
    ipam:
      driver: default
      config:
        - subnet: 10.20.30.0/24
  bw-services:
  bw-docker: