bunkerized-nginx/examples/mongo-express/docker-compose.yml

version: "3"

services:
  mybunker:
    image: bunkerity/bunkerweb:1.5.3
    ports:
      - 80:8080
      - 443:8443
    environment:
      - SERVER_NAME=www.example.com # replace with your domain
      - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
      - SERVE_FILES=no
      - DISABLE_DEFAULT_SERVER=yes
      - AUTO_LETS_ENCRYPT=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - USE_REVERSE_PROXY=yes
      - REVERSE_PROXY_URL=/
      - REVERSE_PROXY_HOST=http://mongo-ui:8081
      - |
        CUSTOM_CONF_MODSEC_mongo-express=
        SecRule REQUEST_FILENAME "@rx ^/db" "id:1,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"        
    labels:
      - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
    networks:
      - bw-universe
      - bw-services

  bw-scheduler:
    image: bunkerity/bunkerweb-scheduler:1.5.3
    depends_on:
      - mybunker
    environment:
      - DOCKER_HOST=tcp://bw-docker-proxy:2375
    volumes:
      - bw-data:/data
    networks:
      - bw-universe
      - bw-docker

  bw-docker-proxy:
    image: tecnativa/docker-socket-proxy:nightly
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - CONTAINERS=1
      - LOG_LEVEL=warning
    networks:
      - bw-docker

  mongo:
    image: mongo:5.0.14
    volumes:
      - db-data:/data/db
    environment:
      - MONGO_INITDB_ROOT_USERNAME=root # replace with a less obvious username
      - MONGO_INITDB_ROOT_PASSWORD=toor # replace with a better password
      - MONGO_INITDB_DATABASE=mongo # replace with the database name of your choice
    networks:
      - bw-services

  mongo-ui:
    image: mongo-express:0.54.0
    environment:
      - ME_CONFIG_MONGODB_SERVER=mongo
      - ME_CONFIG_MONGODB_ADMINUSERNAME=root # replace with a less obvious username
      - ME_CONFIG_MONGODB_ADMINPASSWORD=toor # replace with a better password
      - ME_CONFIG_BASICAUTH_USERNAME=changeme # replace with a better username
      - ME_CONFIG_BASICAUTH_PASSWORD=changeme # replace with a better password
    restart: unless-stopped
    depends_on:
      - mongo
    networks:
      - bw-services

volumes:
  bw-data:
  db-data:

networks:
  bw-universe:
    ipam:
      driver: default
      config:
        - subnet: 10.20.30.0/24
  bw-services:
  bw-docker: