christian/docker_compose_company_stack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
master
docker_compose_company_stack/traefik-crowdsec-stack/docker-compose.yml
root f4efbc7a63 Initial commit
2023-08-09 14:01:28 +02:00

105 lines
3.8 KiB
YAML
Raw Permalink Blame History

version: "3.9"
services:
crowdsec:
container_name: ${SERVICES_CROWDSEC_CONTAINER_NAME:-crowdsec}
env_file: ./config/crowdsec.env
hostname: ${SERVICES_CROWDSEC_HOSTNAME:-crowdsec}
healthcheck:
test: [ "CMD", "cscli", "version" ]
interval: 20s
timeout: 2s
retries: 5
start_period: 10s
image: ${SERVICES_CROWDSEC_IMAGE:-crowdsecurity/crowdsec}:${SERVICES_CROWDSEC_IMAGE_VERSION:-latest}
networks:
crowdsec:
ipv4_address: ${SERVICES_CROWDSEC_NETWORKS_CROWDSEC_IPV4:-172.31.254.254}
restart: unless-stopped
security_opt:
- no-new-privileges=true
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /var/log/auth.log:/var/log/auth.log:ro
- /var/log/traefik:/var/log/traefik:ro
- ./crowdsec/config:/etc/crowdsec
- ./crowdsec/data:/var/lib/crowdsec/data
traefik:
container_name: ${SERVICES_TRAEFIK_CONTAINER_NAME:-traefik}
depends_on:
crowdsec:
condition: service_healthy
env_file: ./config/traefik.env
hostname: ${SERVICES_TRAEFIK_HOSTNAME:-traefik}
healthcheck:
test: [ "CMD", "traefik", "healthcheck", "--ping" ]
interval: 10s
timeout: 1s
retries: 3
start_period: 10s
image: ${SERVICES_TRAEFIK_IMAGE:-traefik}:${SERVICES_TRAEFIK_IMAGE_VERSION:-2.10}
labels:
traefik.docker.network: proxy
traefik.enable: "true"
traefik.http.routers.traefik.entrypoints: websecure
traefik.http.routers.traefik.middlewares: default@file
traefik.http.routers.traefik.rule: Host(${SERVICES_TRAEFIK_LABELS_TRAEFIK_HOST})
traefik.http.routers.traefik.service: api@internal
traefik.http.routers.traefik.tls: "true"
traefik.http.routers.traefik.tls.certresolver: http_resolver
traefik.http.services.traefik.loadbalancer.sticky.cookie.httpOnly: "true"
traefik.http.services.traefik.loadbalancer.sticky.cookie.secure: "true"
traefik.http.routers.pingweb.rule: PathPrefix(`/ping`)
traefik.http.routers.pingweb.service: ping@internal
traefik.http.routers.pingweb.entrypoints: websecure
networks:
crowdsec:
ipv4_address: ${SERVICES_TRAEFIK_NETWORKS_CROWDSEC_IPV4:-172.31.254.253}
proxy:
ipv4_address: ${SERVICES_TRAEFIK_NETWORKS_PROXY_IPV4:-172.30.255.254}
ports:
- "80:80"
- "443:443"
restart: unless-stopped
security_opt:
- no-new-privileges:true
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /var/log/traefik/:/var/log/traefik/
- ./traefik/traefik.yml:/traefik.yml:ro
- ./traefik/acme_letsencrypt.json:/acme_letsencrypt.json
- ./traefik/tls_letsencrypt.json:/tls_letsencrypt.json
- ./traefik/dynamic_conf.yml:/dynamic_conf.yml
traefik_crowdsec_bouncer:
container_name: ${SERVICES_TRAEFIK_CROWDSEC_BOUNCER_CONTAINER_NAME:-traefik_crowdsec_bouncer}
depends_on:
crowdsec:
condition: service_healthy
env_file: ./config/traefik-crowdsec-bouncer.env
hostname: ${SERVICES_TRAEFIK_CROWDSEC_BOUNCER_HOSTNAME:-traefik-crowdsec-bouncer}
image: ${SERVICES_TRAEFIK_CROWDSEC_BOUNCER_IMAGE:-fbonalair/traefik-crowdsec-bouncer}:${SERVICES_TRAEFIK_CROWDSEC_BOUNCER_IMAGE_VERSION:-latest}
networks:
crowdsec:
ipv4_address: ${SERVICES_TRAEFIK_CROWDSEC_BOUNCER_NETWORKS_CROWDSEC_IPV4:-172.31.254.252}
restart: unless-stopped
networks:
proxy:
name: ${NETWORKS_PROXY_NAME:-proxy}
driver: bridge
ipam:
config:
- subnet: ${NETWORKS_PROXY_SUBNET_IPV4:-172.30.0.0/16}
attachable: true
crowdsec:
name: ${NETWORKS_CROWDSEC_NAME:-crowdsec}
driver: bridge
ipam:
config:
- subnet: ${NETWORKS_CROWDSEC_SUBNET_IPV4:-172.31.0.0/16}
attachable: true
Reference in New Issue View Git Blame Copy Permalink