Blame view

docker-compose-hetzner.yml 6.61 KB
35f613b81   George Vlahavas   Add Hetzner deplo...
1
2
3
4
5
6
7
8
9
  version: '3.7'
  
  services:
   
    #CEPTD     
    suricata:
      image: registry.curex-project.eu:443/curex-local/kea_suricata:latest
      container_name: kea_suricata
      restart: unless-stopped
4d49dbcd4   George Vlahavas   Use host networki...
10
      network_mode: "host"
35f613b81   George Vlahavas   Add Hetzner deplo...
11
12
13
14
15
16
17
18
      cap_add:
        - NET_ADMIN
        - SYS_NICE
        - NET_RAW
      command: ONLINE
      volumes:
        - data_volume:/var/log/suricata
        - pcap_volume:/var/pcap
35f613b81   George Vlahavas   Add Hetzner deplo...
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
        
    elasticsearch:
      image: registry.curex-project.eu:443/curex-local/kea_elasticsearch:latest
      container_name: kea_elasticsearch
      restart: unless-stopped
      environment:
        - cluster.name=keacluster
        - node.name=keacluster-node-01
        - discovery.type=single-node
        - bootstrap.memory_lock=true
        - "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
        - xpack.ml.enabled=false
        - xpack.security.enabled=false
        - xpack.ilm.enabled=false
        - path.logs=/data/elk/log
        - path.data=/data/elk/data
        - http.host=0.0.0.0
        - http.cors.enabled=true
        - http.cors.allow-origin="*"
        - indices.query.bool.max_clause_count=2000
      ulimits:
        memlock:
          soft: -1
          hard: -1
      volumes:
        - data_volume:/data
de6d35b8e   George Vlahavas   Export elasticsea...
45
46
47
48
      networks:
        - "proxy-network"
      expose:
        - 9200
35f613b81   George Vlahavas   Add Hetzner deplo...
49
50
51
52
53
54
55
    
    logstash:
      image: registry.curex-project.eu:443/curex-local/kea_logstash:latest
      container_name: kea_logstash
      restart: unless-stopped
      volumes:
        - data_volume:/data
de6d35b8e   George Vlahavas   Export elasticsea...
56
57
      networks:
        - "proxy-network"
35f613b81   George Vlahavas   Add Hetzner deplo...
58
59
60
61
62
63
64
65
66
    
    kibana:
      image: registry.curex-project.eu:443/curex-local/kea_kibana:latest
      container_name: kea_kibana
      restart: unless-stopped
      expose:
        - 5601
      networks:
        - "proxy-network"
02efe4464   George Vlahavas   Use separate KIBA...
67
68
69
70
71
      environment:
        - "VIRTUAL_HOST=kea-kibana.vlahavas.com"
        - "VIRTUAL_PORT=5601"
        - "LETSENCRYPT_HOST=kea-kibana.vlahavas.com"
        - "LETSENCRYPT_EMAIL=gvlahavas@csd.auth.gr"
35f613b81   George Vlahavas   Add Hetzner deplo...
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
  
    #Controller      
    webserver:
      image: registry.curex-project.eu:443/curex-local/kea_webserver:latest
      container_name: kea_webserver
      restart: unless-stopped
      depends_on:
        - api
      tty: true
      expose:
        - 80
      volumes:
        - api_volume:/var/www
      networks:
        - "proxy-network"
      environment:
        - "VIRTUAL_HOST=kea.curex-project.eu"
        - "VIRTUAL_PORT=80"
        - "LETSENCRYPT_HOST=kea.curex-project.eu"
        - "LETSENCRYPT_EMAIL=gvlahavas@csd.auth.gr"
    
    api:
      image: registry.curex-project.eu:443/curex-local/kea_api:latest
      container_name: kea_api
      restart: unless-stopped
      tty: true
      working_dir: /var/www
      volumes:
        - api_volume:/var/www
      environment:
        - "APP_NAME=${APP_NAME}"
        - "APP_ENV=${APP_ENV}"
        - "APP_DEBUG=${APP_DEBUG}"
        - "APP_URL=${APP_URL}"
02efe4464   George Vlahavas   Use separate KIBA...
106
107
        - "KIBANA_URL=${KIBANA_URL}"
        - "GRAFANA_URL=${GRAFANA_URL}"
35f613b81   George Vlahavas   Add Hetzner deplo...
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
        - "KIBANA_PORT=${KIBANA_PORT}"
        - "GRAFANA_PORT=${GRAFANA_PORT}"
        - "LOG_CHANNEL=${LOG_CHANNEL}"
        - "DB_CONNECTION=${DB_CONNECTION}"
        - "DB_HOST=${DB_HOST}"
        - "DB_PORT=${DB_PORT}"
        - "DB_DATABASE=${DB_DATABASE}"
        - "DB_USERNAME=${DB_USERNAME}"
        - "DB_PASSWORD=${DB_PASSWORD}"
        - "BROADCAST_DRIVER=${BROADCAST_DRIVER}"
        - "CACHE_DRIVER=${CACHE_DRIVER}"
        - "QUEUE_CONNECTION=${QUEUE_CONNECTION}"
        - "SESSION_DRIVER=${SESSION_DRIVER}"
        - "SESSION_LIFETIME=${SESSION_LIFETIME}"
        - "ELASTICSEARCH_HOST=${ELASTICSEARCH_HOST}"
        - "ELASTICSEARCH_PORT=${ELASTICSEARCH_PORT}"
        - "ELASTICSEARCH_SCHEME=${ELASTICSEARCH_SCHEME}"
        - "MQTT_HOST=${MQTT_HOST}"
        - "MQTT_PORT=${MQTT_PORT}"
        - "MQTT_DEBUG=${MQTT_DEBUG}"
        - "MQTT_QOS=${MQTT_QOS}"
        - "MQTT_RETAIN=${MQTT_RETAIN}"
        - "MLTD_HOST=${MLTD_HOST}"
        - "MLTD_PORT=${MLTD_PORT}"
        - "OD_HOST=${OD_HOST}"
        - "OD_PORT=${OD_PORT}"
1e11ab058   George Vlahavas   Add keycloak vari...
134
135
136
137
138
139
        - "KEYCLOAK_REALM_PUBLIC_KEY=${KEYCLOAK_REALM_PUBLIC_KEY}"
        - "KEYCLOAK_LOAD_USER_FROM_DATABASE=${KEYCLOAK_LOAD_USER_FROM_DATABASE}"
        - "KEYCLOAK_USER_PROVIDER_CREDENTIAL=${KEYCLOAK_USER_PROVIDER_CREDENTIAL}"
        - "KEYCLOAK_TOKEN_PRINCIPAL_ATTRIBUTE=${KEYCLOAK_TOKEN_PRINCIPAL_ATTRIBUTE}"
        - "KEYCLOAK_APPEND_DECODED_TOKEN=${KEYCLOAK_APPEND_DECODED_TOKEN}"
        - "KEYCLOAK_ALLOWED_RESOURCES=${KEYCLOAK_ALLOWED_RESOURCES}"
8d9f344bd   George Vlahavas   Add keycloak vari...
140
141
142
        - "KEYCLOAK_REALM=${KEYCLOAK_REALM}"
        - "KEYCLOAK_URL=${KEYCLOAK_URL}"
        - "KEYCLOAK_CLIENT_ID=${KEYCLOAK_CLIENT_ID}"
1e11ab058   George Vlahavas   Add keycloak vari...
143
        - "AUTH_ENABLED=${AUTH_ENABLED}"
cfa530021   George Vlahavas   Add kibana and gr...
144
145
146
        - "OD_GRAFANA_PARAMS=${OD_GRAFANA_PARAMS}"
        - "MLTD_GRAFANA_PARAMS=${MLTD_GRAFANA_PARAMS}"
        - "CEPTD_KIBANA_PARAMS=${CEPTD_KIBANA_PARAMS}"
d31b00ee2   George Vlahavas   Use environment v...
147
148
        - "RSYSLOG_SERVER=${RSYSLOG_SERVER}"
        - "RSYSLOG_PORT=${RSYSLOG_PORT}"
35f613b81   George Vlahavas   Add Hetzner deplo...
149
150
151
152
153
154
155
156
157
      networks:
        - "proxy-network"
  
    #OD
    od:
      image: registry.curex-project.eu:443/curex-local/kea_od:latest
      container_name: kea_od
      depends_on:
        - timescaledb
d31b00ee2   George Vlahavas   Use environment v...
158
159
160
      environment:
        - "RSYSLOG_SERVER=${RSYSLOG_SERVER}"
        - "RSYSLOG_PORT=${RSYSLOG_PORT}"
35f613b81   George Vlahavas   Add Hetzner deplo...
161
162
163
164
165
166
167
168
169
170
171
172
173
      restart: unless-stopped
      expose:
        - 9091
      networks:
        - "proxy-network"
    
    #MLTD
    mltd:
      image: registry.curex-project.eu:443/curex-local/kea_mltd:latest
      container_name: kea_mltd
      depends_on:
        - timescaledb
        - mosquitto
d31b00ee2   George Vlahavas   Use environment v...
174
175
176
      environment:
        - "RSYSLOG_SERVER=${RSYSLOG_SERVER}"
        - "RSYSLOG_PORT=${RSYSLOG_PORT}"
35f613b81   George Vlahavas   Add Hetzner deplo...
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
      restart: unless-stopped
      expose:
        - 5000
      networks:
        - "proxy-network"
    
    #MQTT   
    mosquitto:
      image: registry.curex-project.eu:443/curex-local/kea_mqtt:latest
      container_name: kea_mqtt
      expose:
        - 1883
        - 9001
      volumes:
        - mqtt_data_volume:/mosquitto/data
        - mqtt_log_volume:/mosquitto/log
      networks:
        - "proxy-network"
    
    #Persistence
    timescaledb:
f21c0308a   George Vlahavas   Fix indentation
198
      image: registry.curex-project.eu:443/curex-local/kea_timescaledb:latest
35f613b81   George Vlahavas   Add Hetzner deplo...
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
      container_name: kea_timescaledb
      volumes:
        - timescaledb_volume:/var/lib/postgresql/data
      environment:
        - POSTGRES_USER=postgres
        - POSTGRES_PASSWORD=postgres
        - POSTGRES_DB=kea
      expose:
        - 5432
      networks:
        - "proxy-network"
    
    #Visualization
    grafana:
      image: registry.curex-project.eu:443/curex-local/kea_grafana:latest
      container_name: kea_grafana
      expose:
        - 3000
      environment:
        - GF_SECURITY_ALLOW_EMBEDDING=true
        - GF_SECURITY_COOKIE_SAMESITE=none
        - GF_AUTH_ANONYMOUS_ENABLED=true
        - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
02efe4464   George Vlahavas   Use separate KIBA...
222
223
224
225
        - "VIRTUAL_HOST=kea-grafana.vlahavas.com"
        - "VIRTUAL_PORT=3000"
        - "LETSENCRYPT_HOST=kea-grafana.vlahavas.com"
        - "LETSENCRYPT_EMAIL=gvlahavas@csd.auth.gr"
35f613b81   George Vlahavas   Add Hetzner deplo...
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
      networks:
        - "proxy-network"
  
  networks:
    proxy-network:
      external:
        name: proxy-network
  
  
  volumes:
    api_volume:
    data_volume:
    pcap_volume:
    mqtt_data_volume:
    mqtt_log_volume:
    timescaledb_volume: