example-docker-compose/container-socket/docker-compose.yml at main · crowdsecurity/example-docker-compose · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
version: '3'

services:
  app:
    image: traefik/whoami
    restart: always
    networks:
      crowdsec:

  reverse-proxy:
    image: nginx:alpine
    restart: always
    ports:
      - 8000:80
    depends_on:
      - 'app'
    volumes:
      - ./reverse-proxy/nginx.conf:/etc/nginx/nginx.conf
    networks:
      crowdsec:

  crowdsec:
    image: crowdsecurity/crowdsec
    restart: always
    networks:
      crowdsec:
    ports:
      - "127.0.0.1:8080:8080"
    environment:
      ## DOCKER_HOST: tcp://socket-proxy:2375
      COLLECTIONS: "crowdsecurity/nginx"
    depends_on:
      - 'reverse-proxy'
    volumes:
      ## Bad pratice to mount docker socket into a container
      - /var/run/docker.sock:/var/run/docker.sock:ro
      ######################################################
      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
      - crowdsec-db:/var/lib/crowdsec/data/
      - crowdsec-config:/etc/crowdsec/

# #Uncomment to use socket proxy
  # socket-proxy:
  #   networks:
  #     crowdsec:
  #   restart: always
  #   image: lscr.io/linuxserver/socket-proxy:latest
  #   container_name: socket-proxy
  #   environment:
  #     - ALLOW_START=0 #optional
  #     - ALLOW_STOP=0 #optional
  #     - ALLOW_RESTARTS=0 #optional
  #     - AUTH=0 #optional
  #     - BUILD=0 #optional
  #     - COMMIT=0 #optional
  #     - CONFIGS=0 #optional
  #     - CONTAINERS=1 #optional
  #     - DISABLE_IPV6=0 #optional
  #     - DISTRIBUTION=0 #optional
  #     - EVENTS=1 #optional
  #     - EXEC=0 #optional
  #     - IMAGES=0 #optional
  #     - INFO=1 #optional
  #     - LOG_LEVEL=info #optional
  #     - NETWORKS=0 #optional
  #     - NODES=0 #optional
  #     - PING=1 #optional
  #     - PLUGINS=0 #optional
  #     - POST=0 #optional
  #     - SECRETS=0 #optional
  #     - SERVICES=0 #optional
  #     - SESSION=0 #optional
  #     - SWARM=0 #optional
  #     - SYSTEM=0 #optional
  #     - TASKS=0 #optional
  #     - VERSION=1 #optional
  #     - VOLUMES=0 #optional
  #   volumes:
  #     - '/var/run/docker.sock:/var/run/docker.sock:ro'
  #   read_only: true
  #   tmpfs:
  #     - /run
# #

volumes:
  crowdsec-db:
  crowdsec-config:

networks:
  crowdsec:
    driver: bridge