docker-compose-hetzner.yml 6.61 KB
   1
   2
   3
   4
   5
   6
   7
   8
   9
  10
  11
  12
  13
  14
  15
  16
  17
  18
  19
  20
  21
  22
  23
  24
  25
  26
  27
  28
  29
  30
  31
  32
  33
  34
  35
  36
  37
  38
  39
  40
  41
  42
  43
  44
  45
  46
  47
  48
  49
  50
  51
  52
  53
  54
  55
  56
  57
  58
  59
  60
  61
  62
  63
  64
  65
  66
  67
  68
  69
  70
  71
  72
  73
  74
  75
  76
  77
  78
  79
  80
  81
  82
  83
  84
  85
  86
  87
  88
  89
  90
  91
  92
  93
  94
  95
  96
  97
  98
  99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 173
 174
 175
 176
 177
 178
 179
 180
 181
 182
 183
 184
 185
 186
 187
 188
 189
 190
 191
 192
 193
 194
 195
 196
 197
 198
 199
 200
 201
 202
 203
 204
 205
 206
 207
 208
 209
 210
 211
 212
 213
 214
 215
 216
 217
 218
 219
 220
 221
 222
 223
 224
 225
 226
 227
 228
 229
 230
 231
 232
 233
 234
 235
 236
 237
 238
 239
 240
 241
version: '3.7'

services:
#CEPTD
suricata:
image: registry.curex-project.eu:443/curex-local/kea_suricata:latest
container_name: kea_suricata
restart: unless-stopped
network_mode: "host"
cap_add:
- NET_ADMIN
- SYS_NICE
- NET_RAW
command: ONLINE
volumes:
- data_volume:/var/log/suricata
- pcap_volume:/var/pcap
elasticsearch:
image: registry.curex-project.eu:443/curex-local/kea_elasticsearch:latest
container_name: kea_elasticsearch
restart: unless-stopped
environment:
- cluster.name=keacluster
- node.name=keacluster-node-01
- discovery.type=single-node
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
- xpack.ml.enabled=false
- xpack.security.enabled=false
- xpack.ilm.enabled=false
- path.logs=/data/elk/log
- path.data=/data/elk/data
- http.host=0.0.0.0
- http.cors.enabled=true
- http.cors.allow-origin="*"
- indices.query.bool.max_clause_count=2000
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data_volume:/data
networks:
- "proxy-network"
expose:
- 9200
logstash:
image: registry.curex-project.eu:443/curex-local/kea_logstash:latest
container_name: kea_logstash
restart: unless-stopped
volumes:
- data_volume:/data
networks:
- "proxy-network"
kibana:
image: registry.curex-project.eu:443/curex-local/kea_kibana:latest
container_name: kea_kibana
restart: unless-stopped
expose:
- 5601
networks:
- "proxy-network"
environment:
- "VIRTUAL_HOST=kea-kibana.vlahavas.com"
- "VIRTUAL_PORT=5601"
- "LETSENCRYPT_HOST=kea-kibana.vlahavas.com"
- "LETSENCRYPT_EMAIL=gvlahavas@csd.auth.gr"

#Controller
webserver:
image: registry.curex-project.eu:443/curex-local/kea_webserver:latest
container_name: kea_webserver
restart: unless-stopped
depends_on:
- api
tty: true
expose:
- 80
volumes:
- api_volume:/var/www
networks:
- "proxy-network"
environment:
- "VIRTUAL_HOST=kea.curex-project.eu"
- "VIRTUAL_PORT=80"
- "LETSENCRYPT_HOST=kea.curex-project.eu"
- "LETSENCRYPT_EMAIL=gvlahavas@csd.auth.gr"
api:
image: registry.curex-project.eu:443/curex-local/kea_api:latest
container_name: kea_api
restart: unless-stopped
tty: true
working_dir: /var/www
volumes:
- api_volume:/var/www
environment:
- "APP_NAME=${APP_NAME}"
- "APP_ENV=${APP_ENV}"
- "APP_DEBUG=${APP_DEBUG}"
- "APP_URL=${APP_URL}"
- "KIBANA_URL=${KIBANA_URL}"
- "GRAFANA_URL=${GRAFANA_URL}"
- "KIBANA_PORT=${KIBANA_PORT}"
- "GRAFANA_PORT=${GRAFANA_PORT}"
- "LOG_CHANNEL=${LOG_CHANNEL}"
- "DB_CONNECTION=${DB_CONNECTION}"
- "DB_HOST=${DB_HOST}"
- "DB_PORT=${DB_PORT}"
- "DB_DATABASE=${DB_DATABASE}"
- "DB_USERNAME=${DB_USERNAME}"
- "DB_PASSWORD=${DB_PASSWORD}"
- "BROADCAST_DRIVER=${BROADCAST_DRIVER}"
- "CACHE_DRIVER=${CACHE_DRIVER}"
- "QUEUE_CONNECTION=${QUEUE_CONNECTION}"
- "SESSION_DRIVER=${SESSION_DRIVER}"
- "SESSION_LIFETIME=${SESSION_LIFETIME}"
- "ELASTICSEARCH_HOST=${ELASTICSEARCH_HOST}"
- "ELASTICSEARCH_PORT=${ELASTICSEARCH_PORT}"
- "ELASTICSEARCH_SCHEME=${ELASTICSEARCH_SCHEME}"
- "MQTT_HOST=${MQTT_HOST}"
- "MQTT_PORT=${MQTT_PORT}"
- "MQTT_DEBUG=${MQTT_DEBUG}"
- "MQTT_QOS=${MQTT_QOS}"
- "MQTT_RETAIN=${MQTT_RETAIN}"
- "MLTD_HOST=${MLTD_HOST}"
- "MLTD_PORT=${MLTD_PORT}"
- "OD_HOST=${OD_HOST}"
- "OD_PORT=${OD_PORT}"
- "KEYCLOAK_REALM_PUBLIC_KEY=${KEYCLOAK_REALM_PUBLIC_KEY}"
- "KEYCLOAK_LOAD_USER_FROM_DATABASE=${KEYCLOAK_LOAD_USER_FROM_DATABASE}"
- "KEYCLOAK_USER_PROVIDER_CREDENTIAL=${KEYCLOAK_USER_PROVIDER_CREDENTIAL}"
- "KEYCLOAK_TOKEN_PRINCIPAL_ATTRIBUTE=${KEYCLOAK_TOKEN_PRINCIPAL_ATTRIBUTE}"
- "KEYCLOAK_APPEND_DECODED_TOKEN=${KEYCLOAK_APPEND_DECODED_TOKEN}"
- "KEYCLOAK_ALLOWED_RESOURCES=${KEYCLOAK_ALLOWED_RESOURCES}"
- "KEYCLOAK_REALM=${KEYCLOAK_REALM}"
- "KEYCLOAK_URL=${KEYCLOAK_URL}"
- "KEYCLOAK_CLIENT_ID=${KEYCLOAK_CLIENT_ID}"
- "AUTH_ENABLED=${AUTH_ENABLED}"
- "OD_GRAFANA_PARAMS=${OD_GRAFANA_PARAMS}"
- "MLTD_GRAFANA_PARAMS=${MLTD_GRAFANA_PARAMS}"
- "CEPTD_KIBANA_PARAMS=${CEPTD_KIBANA_PARAMS}"
- "RSYSLOG_SERVER=${RSYSLOG_SERVER}"
- "RSYSLOG_PORT=${RSYSLOG_PORT}"
networks:
- "proxy-network"

#OD
od:
image: registry.curex-project.eu:443/curex-local/kea_od:latest
container_name: kea_od
depends_on:
- timescaledb
environment:
- "RSYSLOG_SERVER=${RSYSLOG_SERVER}"
- "RSYSLOG_PORT=${RSYSLOG_PORT}"
restart: unless-stopped
expose:
- 9091
networks:
- "proxy-network"
#MLTD
mltd:
image: registry.curex-project.eu:443/curex-local/kea_mltd:latest
container_name: kea_mltd
depends_on:
- timescaledb
- mosquitto
environment:
- "RSYSLOG_SERVER=${RSYSLOG_SERVER}"
- "RSYSLOG_PORT=${RSYSLOG_PORT}"
restart: unless-stopped
expose:
- 5000
networks:
- "proxy-network"
#MQTT
mosquitto:
image: registry.curex-project.eu:443/curex-local/kea_mqtt:latest
container_name: kea_mqtt
expose:
- 1883
- 9001
volumes:
- mqtt_data_volume:/mosquitto/data
- mqtt_log_volume:/mosquitto/log
networks:
- "proxy-network"
#Persistence
timescaledb:
image: registry.curex-project.eu:443/curex-local/kea_timescaledb:latest
container_name: kea_timescaledb
volumes:
- timescaledb_volume:/var/lib/postgresql/data
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
- POSTGRES_DB=kea
expose:
- 5432
networks:
- "proxy-network"
#Visualization
grafana:
image: registry.curex-project.eu:443/curex-local/kea_grafana:latest
container_name: kea_grafana
expose:
- 3000
environment:
- GF_SECURITY_ALLOW_EMBEDDING=true
- GF_SECURITY_COOKIE_SAMESITE=none
- GF_AUTH_ANONYMOUS_ENABLED=true
- GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
- "VIRTUAL_HOST=kea-grafana.vlahavas.com"
- "VIRTUAL_PORT=3000"
- "LETSENCRYPT_HOST=kea-grafana.vlahavas.com"
- "LETSENCRYPT_EMAIL=gvlahavas@csd.auth.gr"
networks:
- "proxy-network"

networks:
proxy-network:
external:
name: proxy-network


volumes:
api_volume:
data_volume:
pcap_volume:
mqtt_data_volume:
mqtt_log_volume:
timescaledb_volume: