| 
									
										
										
										
											2024-04-30 08:41:32 +00:00
										 |  |  | services:
 | 
					
						
							|  |  |  |   crowdsec:
 | 
					
						
							|  |  |  |     container_name: crowdsec
 | 
					
						
							| 
									
										
										
										
											2024-05-07 19:19:13 +00:00
										 |  |  |     image: crowdsecurity/crowdsec:v1.6.1-2
 | 
					
						
							| 
									
										
										
										
											2024-04-30 08:41:32 +00:00
										 |  |  |     restart: unless-stopped
 | 
					
						
							|  |  |  |     volumes:
 | 
					
						
							|  |  |  |       - /etc/localtime:/etc/localtime:ro
 | 
					
						
							|  |  |  |       - /var/run/docker.sock:/var/run/docker.sock:ro
 | 
					
						
							|  |  |  |       - ${APP_DATA_DIR}/data/crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
 | 
					
						
							| 
									
										
										
										
											2024-05-02 08:55:33 +00:00
										 |  |  |       - ${APP_DATA_DIR}/data/crowdsec:/etc/crowdsec
 | 
					
						
							| 
									
										
										
										
											2024-04-30 08:41:32 +00:00
										 |  |  |       - ${APP_DATA_DIR}/data/crowdsec/db:/var/lib/crowdsec/data
 | 
					
						
							|  |  |  |       - /var/log/auth.log:/var/log/auth.log:ro
 | 
					
						
							|  |  |  |       - /var/log/traefik:/var/log/traefik:ro
 | 
					
						
							|  |  |  |       # other containers will output their log files too
 | 
					
						
							|  |  |  |       # sudo mkdir /var/log/crowdsec
 | 
					
						
							|  |  |  |       - /var/log/crowdsec:/var/log/crowdsec:ro
 | 
					
						
							|  |  |  |     environment:
 | 
					
						
							| 
									
										
										
										
											2024-04-30 13:14:28 +00:00
										 |  |  |       - COLLECTIONS=
 | 
					
						
							|  |  |  |         crowdsecurity/linux
 | 
					
						
							|  |  |  |         crowdsecurity/traefik
 | 
					
						
							|  |  |  |         crowdsecurity/http-cve
 | 
					
						
							|  |  |  |         crowdsecurity/whitelist-good-actors
 | 
					
						
							|  |  |  |         crowdsecurity/sshd
 | 
					
						
							| 
									
										
										
										
											2024-04-30 12:21:45 +00:00
										 |  |  |       - GID=${GID-1000}
 | 
					
						
							| 
									
										
										
										
											2024-04-30 08:41:32 +00:00
										 |  |  |     networks:
 | 
					
						
							|  |  |  |       - tipi_main_network
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   crowdsec-bouncer-traefik:
 | 
					
						
							|  |  |  |     container_name: crowdsec-bouncer-traefik
 | 
					
						
							|  |  |  |     image: fbonalair/traefik-crowdsec-bouncer:latest
 | 
					
						
							|  |  |  |     restart: unless-stopped
 | 
					
						
							|  |  |  |     depends_on:
 | 
					
						
							|  |  |  |       - crowdsec
 | 
					
						
							|  |  |  |     environment:
 | 
					
						
							|  |  |  |       # the CROWDSEC_BOUNCER_API_KEY needs to be created of the crowdsec container with:
 | 
					
						
							| 
									
										
										
										
											2024-05-01 14:32:42 +00:00
										 |  |  |       # To create the CROWDSEC_BOUNCER_API_KEY, execute the following command in the crowdsec container:
 | 
					
						
							|  |  |  |       # docker compose exec -t crowdsec cscli bouncers add crowdsec-bouncer-traefik
 | 
					
						
							| 
									
										
										
										
											2024-04-30 08:41:32 +00:00
										 |  |  |       - CROWDSEC_BOUNCER_API_KEY=${CROWDSEC_BOUNCER_API_KEY}
 | 
					
						
							|  |  |  |       - CROWDSEC_AGENT_HOST=crowdsec:8080
 | 
					
						
							|  |  |  |     networks:
 | 
					
						
							|  |  |  |       - tipi_main_network
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   crowdsec-dashboard:
 | 
					
						
							|  |  |  |     container_name: crowdsec-dashboard
 | 
					
						
							|  |  |  |     #we're using a custom Dockerfile so that metabase pops with pre-configured dashboards
 | 
					
						
							|  |  |  |     #build: ./crowdsec_config/dashboard
 | 
					
						
							|  |  |  |     image: metabase/metabase
 | 
					
						
							|  |  |  |     restart: unless-stopped
 | 
					
						
							|  |  |  |     ports:
 | 
					
						
							|  |  |  |       - ${APP_PORT}:3000
 | 
					
						
							|  |  |  |     environment:
 | 
					
						
							|  |  |  |       - MB_DB_FILE=/data/metabase.db
 | 
					
						
							| 
									
										
										
										
											2024-04-30 12:21:45 +00:00
										 |  |  |       - MGID=${GID-1000}
 | 
					
						
							| 
									
										
										
										
											2024-04-30 08:41:32 +00:00
										 |  |  |     depends_on:
 | 
					
						
							|  |  |  |       - crowdsec
 | 
					
						
							|  |  |  |     volumes:
 | 
					
						
							|  |  |  |       - ${APP_DATA_DIR}/data/crowdsec-dashboard/data:/data
 | 
					
						
							|  |  |  |       - ${APP_DATA_DIR}/data/crowdsec/db:/metabase-data
 | 
					
						
							| 
									
										
										
										
											2024-05-07 19:19:13 +00:00
										 |  |  |     networks:
 | 
					
						
							|  |  |  |       - tipi_main_network
 | 
					
						
							| 
									
										
										
										
											2024-04-30 08:41:32 +00:00
										 |  |  |     labels:
 | 
					
						
							|  |  |  |       # Main
 | 
					
						
							|  |  |  |       traefik.enable: true
 | 
					
						
							|  |  |  |       traefik.http.middlewares.crowdsec-web-redirect.redirectscheme.scheme: https
 | 
					
						
							|  |  |  |       traefik.http.services.crowdsec.loadbalancer.server.port: 3000
 | 
					
						
							|  |  |  |       # Web
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec-insecure.rule: Host(`${APP_DOMAIN}`)
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec-insecure.entrypoints: web
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec-insecure.service: crowdsec
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec-insecure.middlewares: crowdsec-web-redirect
 | 
					
						
							|  |  |  |       # Websecure
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec.rule: Host(`${APP_DOMAIN}`)
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec.entrypoints: websecure
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec.service: crowdsec
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec.tls.certresolver: myresolver
 | 
					
						
							|  |  |  |       # Local domain
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec-local-insecure.rule: Host(`crowdsec.${LOCAL_DOMAIN}`)
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec-local-insecure.entrypoints: web
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec-local-insecure.service: crowdsec
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec-local-insecure.middlewares: crowdsec-web-redirect
 | 
					
						
							|  |  |  |       # Local domain secure
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec-local.rule: Host(`crowdsec.${LOCAL_DOMAIN}`)
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec-local.entrypoints: websecure
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec-local.service: crowdsec
 | 
					
						
							|  |  |  |       traefik.http.routers.crowdsec-local.tls: true
 |