app-store/apps/crowdsec/docker-compose.yml
2024-05-02 10:17:39 +02:00

88 lines
3.4 KiB
YAML

version: "3.8"
services:
crowdsec:
container_name: crowdsec
image: crowdsecurity/crowdsec:latest
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${APP_DATA_DIR}/data/crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
- ${APP_DATA_DIR}/data/crowdsec/db:/var/lib/crowdsec/data
- /var/log/auth.log:/var/log/auth.log:ro
- /var/log/traefik:/var/log/traefik:ro
# other containers will output their log files too
# sudo mkdir /var/log/crowdsec
- /var/log/crowdsec:/var/log/crowdsec:ro
environment:
- COLLECTIONS=
crowdsecurity/linux
crowdsecurity/traefik
crowdsecurity/http-cve
crowdsecurity/whitelist-good-actors
crowdsecurity/sshd
- GID=${GID-1000}
networks:
- tipi_main_network
crowdsec-bouncer-traefik:
container_name: crowdsec-bouncer-traefik
image: fbonalair/traefik-crowdsec-bouncer:latest
restart: unless-stopped
depends_on:
- crowdsec
environment:
# the CROWDSEC_BOUNCER_API_KEY needs to be created of the crowdsec container with:
# To create the CROWDSEC_BOUNCER_API_KEY, execute the following command in the crowdsec container:
# docker compose exec -t crowdsec cscli bouncers add crowdsec-bouncer-traefik
- CROWDSEC_BOUNCER_API_KEY=${CROWDSEC_BOUNCER_API_KEY}
- CROWDSEC_AGENT_HOST=crowdsec:8080
networks:
- tipi_main_network
crowdsec-dashboard:
container_name: crowdsec-dashboard
#we're using a custom Dockerfile so that metabase pops with pre-configured dashboards
#build: ./crowdsec_config/dashboard
image: metabase/metabase
restart: unless-stopped
ports:
- ${APP_PORT}:3000
environment:
- MB_DB_FILE=/data/metabase.db
- MGID=${GID-1000}
depends_on:
- crowdsec
volumes:
- ${APP_DATA_DIR}/data/crowdsec-dashboard/data:/data
- ${APP_DATA_DIR}/data/crowdsec/db:/metabase-data
labels:
# Main
traefik.enable: true
traefik.http.middlewares.crowdsec-web-redirect.redirectscheme.scheme: https
traefik.http.services.crowdsec.loadbalancer.server.port: 3000
# Web
traefik.http.routers.crowdsec-insecure.rule: Host(`${APP_DOMAIN}`)
traefik.http.routers.crowdsec-insecure.entrypoints: web
traefik.http.routers.crowdsec-insecure.service: crowdsec
traefik.http.routers.crowdsec-insecure.middlewares: crowdsec-web-redirect
# Websecure
traefik.http.routers.crowdsec.rule: Host(`${APP_DOMAIN}`)
traefik.http.routers.crowdsec.entrypoints: websecure
traefik.http.routers.crowdsec.service: crowdsec
traefik.http.routers.crowdsec.tls.certresolver: myresolver
# Local domain
traefik.http.routers.crowdsec-local-insecure.rule: Host(`crowdsec.${LOCAL_DOMAIN}`)
traefik.http.routers.crowdsec-local-insecure.entrypoints: web
traefik.http.routers.crowdsec-local-insecure.service: crowdsec
traefik.http.routers.crowdsec-local-insecure.middlewares: crowdsec-web-redirect
# Local domain secure
traefik.http.routers.crowdsec-local.rule: Host(`crowdsec.${LOCAL_DOMAIN}`)
traefik.http.routers.crowdsec-local.entrypoints: websecure
traefik.http.routers.crowdsec-local.service: crowdsec
traefik.http.routers.crowdsec-local.tls: true
networks:
backend_network: