version: "3.8"

# Setting up 3 default networks to act as dummy:
# - backend : internal only network
# - dmz : dmz network with connections allowed from internal and external
# - egress : dummy egress zone with fake upstream proxy
networks:
  egress:
   attachable: true
  dmz:
    attachable: true
  backend:
    internal: true

services:
  # Creating a fake upstream proxy
  upstream:
    image: gitea.ocram85.com/ocram85/swarmproxy:latest
    deploy:
      replicas: 1
    environment:
      - LOGLEVEL=Info
    networks:
      egress:
        aliases:
          - upstream

  # Creating our swarmproxy instance to use the external upstream proxy
  swarmproxy:
    # Do not use the `latest` tag in production!
    image: gitea.ocram85.com/ocram85/swarmproxy:latest
    depends_on:
      - upstream
    deploy:
      replicas: 1
    environment:
      - LOGLEVEL=Info
      - UPSTREAM_PROXY=upstream:8888
    networks:
      dmz:
        aliases:
          - swarmproxy
          - proxy
      egress:

  # container workload example which tries to communicate through our swarmproxy instance
  # http request / response:
  # [curl container] <---|req/res|---> [swarmproxy] <---|req/res|---> [upstream] <---|req/res|---> [target]
  curl:
    image: curlimages/curl:8.1.2
    command: ["-I", "-x", "proxy:8888", "https://google.com"]
    depends_on:
      - upstream
      - swarmproxy
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 10s
        max_attempts: 5
        window: 120s
    networks:
      - backend
      - dmz