version: '3.9'
networks:
  web_network_1:
    driver: overlay
    ipam:
      config:
        - subnet: 172.17.0.0/24
services:
  web:
    image: git.send.nrw/sendnrw/security_in_depth_web_web:latest
    volumes:
        - /docker/mnt/stack0/web1/server/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
        - /docker/mnt/stack0/web1/server/etc/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf
        - /docker/mnt/stack0/web1/src:/usr/share/nginx/html
    deploy:
      replicas: 3
      update_config:
        parallelism: 1
        delay: 10s
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.web1.rule=Host(`web1.localdomain`)"
        - "traefik.http.services.web1.loadbalancer.server.port=80"
        - "traefik.http.routers.web1.entrypoints=websecure"
        - "traefik.http.routers.web1.tls=true"
      placement: 
        constraints: 
          - node.role != manager
    networks:
      - web_network_1
    ports:
      - "8080:80"
  php83:
    image: git.send.nrw/sendnrw/security_in_depth_web_php83:latest
    volumes:
        - /docker/mnt/stack0/web1/server/etc/php83/php-fpm.conf:/etc/php83/php-fpm.conf
        - /docker/mnt/stack0/web1/server/etc/php83/php.ini:/etc/php83/php.ini
        - /docker/mnt/stack0/web1/server/etc/php83/php-fpm.d/www.conf:/etc/php83/php-fpm.d/www.conf
        - /docker/mnt/stack0/web1/src:/usr/share/nginx/html
    deploy:
      replicas: 1
      update_config:
        parallelism: 1
        delay: 10s
      restart_policy:
        condition: on-failure
      placement: 
        constraints: 
          - node.role != manager
    networks:
      web_network_1:
        ipv4_address: 172.17.0.83
  php84:
    image: git.send.nrw/sendnrw/security_in_depth_web_php84:latest
    volumes:
        - /docker/mnt/stack0/web1/server/etc/php84/php-fpm.conf:/etc/php84/php-fpm.conf
        - /docker/mnt/stack0/web1/server/etc/php84/php.ini:/etc/php84/php.ini
        - /docker/mnt/stack0/web1/server/etc/php84/php-fpm.d/www.conf:/etc/php84/php-fpm.d/www.conf
        - /docker/mnt/stack0/web1/src:/usr/share/nginx/html
    deploy:
      replicas: 1
      update_config:
        parallelism: 1
        delay: 10s
      restart_policy:
        condition: on-failure
      placement: 
        constraints: 
          - node.role != manager
    networks:
      web_network_1:
        ipv4_address: 172.17.0.84
  redis:
    image: git.send.nrw/sendnrw/security_in_depth_web_redis:latest
    volumes:
        - /docker/mnt/stack0/web1/server/etc/redis/redis.conf:/etc/redis.conf
    deploy:
      replicas: 1
      update_config:
        parallelism: 1
        delay: 10s
      restart_policy:
        condition: on-failure
      placement: 
        constraints: 
          - node.role != manager
    networks:
      web_network_1:
        ipv4_address: 172.17.0.100
    ports:
      - "6379:6379"