Blame view

docker-compose-hetzner.yml 5.13 KB
35f613b81   George Vlahavas   Add Hetzner deplo...
1
2
3
4
5
6
7
8
9
  version: '3.7'
  
  services:
   
    #CEPTD     
    suricata:
      image: registry.curex-project.eu:443/curex-local/kea_suricata:latest
      container_name: kea_suricata
      restart: unless-stopped
35f613b81   George Vlahavas   Add Hetzner deplo...
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
      cap_add:
        - NET_ADMIN
        - SYS_NICE
        - NET_RAW
      command: ONLINE
      volumes:
        - data_volume:/var/log/suricata
        - pcap_volume:/var/pcap
      networks:
        - "proxy-network"
        
    elasticsearch:
      image: registry.curex-project.eu:443/curex-local/kea_elasticsearch:latest
      container_name: kea_elasticsearch
      restart: unless-stopped
      environment:
        - cluster.name=keacluster
        - node.name=keacluster-node-01
        - discovery.type=single-node
        - bootstrap.memory_lock=true
        - "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
        - xpack.ml.enabled=false
        - xpack.security.enabled=false
        - xpack.ilm.enabled=false
        - path.logs=/data/elk/log
        - path.data=/data/elk/data
        - http.host=0.0.0.0
        - http.cors.enabled=true
        - http.cors.allow-origin="*"
        - indices.query.bool.max_clause_count=2000
      ulimits:
        memlock:
          soft: -1
          hard: -1
      volumes:
        - data_volume:/data
      networks:
        - "proxy-network"
    
    logstash:
      image: registry.curex-project.eu:443/curex-local/kea_logstash:latest
      container_name: kea_logstash
      restart: unless-stopped
      volumes:
        - data_volume:/data
      networks:
        - "proxy-network"
    
    kibana:
      image: registry.curex-project.eu:443/curex-local/kea_kibana:latest
      container_name: kea_kibana
      restart: unless-stopped
      expose:
        - 5601
      networks:
        - "proxy-network"
  
    #Controller      
    webserver:
      image: registry.curex-project.eu:443/curex-local/kea_webserver:latest
      container_name: kea_webserver
      restart: unless-stopped
      depends_on:
        - api
      tty: true
      expose:
        - 80
      volumes:
        - api_volume:/var/www
      networks:
        - "proxy-network"
      environment:
        - "VIRTUAL_HOST=kea.curex-project.eu"
        - "VIRTUAL_PORT=80"
        - "LETSENCRYPT_HOST=kea.curex-project.eu"
        - "LETSENCRYPT_EMAIL=gvlahavas@csd.auth.gr"
    
    api:
      image: registry.curex-project.eu:443/curex-local/kea_api:latest
      container_name: kea_api
      restart: unless-stopped
      tty: true
      working_dir: /var/www
      volumes:
        - api_volume:/var/www
      environment:
        - "APP_NAME=${APP_NAME}"
        - "APP_ENV=${APP_ENV}"
        - "APP_DEBUG=${APP_DEBUG}"
        - "APP_URL=${APP_URL}"
        - "KIBANA_PORT=${KIBANA_PORT}"
        - "GRAFANA_PORT=${GRAFANA_PORT}"
        - "LOG_CHANNEL=${LOG_CHANNEL}"
        - "DB_CONNECTION=${DB_CONNECTION}"
        - "DB_HOST=${DB_HOST}"
        - "DB_PORT=${DB_PORT}"
        - "DB_DATABASE=${DB_DATABASE}"
        - "DB_USERNAME=${DB_USERNAME}"
        - "DB_PASSWORD=${DB_PASSWORD}"
        - "BROADCAST_DRIVER=${BROADCAST_DRIVER}"
        - "CACHE_DRIVER=${CACHE_DRIVER}"
        - "QUEUE_CONNECTION=${QUEUE_CONNECTION}"
        - "SESSION_DRIVER=${SESSION_DRIVER}"
        - "SESSION_LIFETIME=${SESSION_LIFETIME}"
        - "ELASTICSEARCH_HOST=${ELASTICSEARCH_HOST}"
        - "ELASTICSEARCH_PORT=${ELASTICSEARCH_PORT}"
        - "ELASTICSEARCH_SCHEME=${ELASTICSEARCH_SCHEME}"
        - "MQTT_HOST=${MQTT_HOST}"
        - "MQTT_PORT=${MQTT_PORT}"
        - "MQTT_DEBUG=${MQTT_DEBUG}"
        - "MQTT_QOS=${MQTT_QOS}"
        - "MQTT_RETAIN=${MQTT_RETAIN}"
        - "MLTD_HOST=${MLTD_HOST}"
        - "MLTD_PORT=${MLTD_PORT}"
        - "OD_HOST=${OD_HOST}"
        - "OD_PORT=${OD_PORT}"
      networks:
        - "proxy-network"
  
    #OD
    od:
      image: registry.curex-project.eu:443/curex-local/kea_od:latest
      container_name: kea_od
      depends_on:
        - timescaledb
      restart: unless-stopped
      expose:
        - 9091
      networks:
        - "proxy-network"
    
    #MLTD
    mltd:
      image: registry.curex-project.eu:443/curex-local/kea_mltd:latest
      container_name: kea_mltd
      depends_on:
        - timescaledb
        - mosquitto
      restart: unless-stopped
      expose:
        - 5000
      networks:
        - "proxy-network"
    
    #MQTT   
    mosquitto:
      image: registry.curex-project.eu:443/curex-local/kea_mqtt:latest
      container_name: kea_mqtt
      expose:
        - 1883
        - 9001
      volumes:
        - mqtt_data_volume:/mosquitto/data
        - mqtt_log_volume:/mosquitto/log
      networks:
        - "proxy-network"
    
    #Persistence
    timescaledb:
f21c0308a   George Vlahavas   Fix indentation
169
      image: registry.curex-project.eu:443/curex-local/kea_timescaledb:latest
35f613b81   George Vlahavas   Add Hetzner deplo...
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
      container_name: kea_timescaledb
      volumes:
        - timescaledb_volume:/var/lib/postgresql/data
      environment:
        - POSTGRES_USER=postgres
        - POSTGRES_PASSWORD=postgres
        - POSTGRES_DB=kea
      expose:
        - 5432
      networks:
        - "proxy-network"
    
    #Visualization
    grafana:
      image: registry.curex-project.eu:443/curex-local/kea_grafana:latest
      container_name: kea_grafana
      expose:
        - 3000
      environment:
        - GF_SECURITY_ALLOW_EMBEDDING=true
        - GF_SECURITY_COOKIE_SAMESITE=none
        - GF_AUTH_ANONYMOUS_ENABLED=true
        - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
      networks:
        - "proxy-network"
  
  networks:
    proxy-network:
      external:
        name: proxy-network
  
  
  volumes:
    api_volume:
    data_volume:
    pcap_volume:
    mqtt_data_volume:
    mqtt_log_volume:
    timescaledb_volume: