Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
bunkerweb/examples/crowdsec/docker-compose.yml

95 lines
2.1 KiB
YAML
Raw Blame History

version: '3'
services:
mywww:
image: bunkerity/bunkerized-nginx
restart: always
# mandatory for crowdsec :
# you need to redirect Docker logs to the syslog server
logging:
driver: syslog
options:
syslog-address: "udp://10.10.10.254:514"
depends_on:
- mysyslog
- myapp1
- myapp2
ports:
- 80:8080
- 443:8443
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
volumes:
- ./web-files:/www:ro
- ./letsencrypt:/etc/letsencrypt
environment:
- SERVER_NAME=app1.example.com app2.example.com # replace with your domains
- MULTISITE=yes
- AUTO_LETS_ENCRYPT=yes
- REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- USE_CROWDSEC=yes
- CROWDSEC_HOST=http://mycrowdsec:8080
- CROWDSEC_KEY= # you need to generate it (see bouncer_key.sh)
- app1.example.com_REMOTE_PHP=myapp1
- app1.example.com_REMOTE_PHP_PATH=/app
- app2.example.com_REMOTE_PHP=myapp2
- app2.example.com_REMOTE_PHP_PATH=/app
networks:
net0:
net1:
net2:
mycrowdsec:
image: crowdsecurity/crowdsec:v1.0.13
restart: always
volumes:
- ./acquis.yaml:/etc/crowdsec/acquis.yaml
- nginx_logs:/var/log:ro
environment:
- COLLECTIONS=crowdsecurity/nginx
- REGISTER_TO_ONLINE_API=true
networks:
- net0
mysyslog:
image: balabit/syslog-ng
restart: always
volumes:
- ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf
- nginx_logs:/var/log
networks:
net0:
ipv4_address: 10.10.10.254
myapp1:
image: php:fpm
restart: always
volumes:
- ./web-files/app1.example.com:/app
networks:
- net1
myapp2:
image: php:fpm
restart: always
volumes:
- ./web-files/app2.example.com:/app
networks:
- net2
networks:
net0:
ipam:
driver: default
config:
- subnet: 10.10.10.0/24
net1:
net2:
volumes:
nginx_logs:
Reference in New Issue View Git Blame Copy Permalink