version: '3'
services:
#CEPTD
suricata:
image: registry.curex-project.eu:443/curex-local/kea_suricata:1.0.1
container_name: kea_suricata
restart: unless-stopped
network_mode: "host"
cap_add:
- NET_ADMIN
- SYS_NICE
- NET_RAW
command: ONLINE
volumes:
- data_volume:/var/log/suricata
- pcap_volume:/var/pcap
elasticsearch:
image: registry.curex-project.eu:443/curex-local/kea_elasticsearch:1.0.0
container_name: kea_elasticsearch
restart: unless-stopped
environment:
- cluster.name=keacluster
- node.name=keacluster-node-01
- discovery.type=single-node
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
- xpack.ml.enabled=false
- xpack.security.enabled=false
- xpack.ilm.enabled=false
- path.logs=/data/elk/log
- path.data=/data/elk/data
- http.host=0.0.0.0
- http.cors.enabled=true
- http.cors.allow-origin="*"
- indices.query.bool.max_clause_count=2000
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data_volume:/data
logstash:
image: registry.curex-project.eu:443/curex-local/kea_logstash:1.0.2
container_name: kea_logstash
restart: unless-stopped
volumes:
- data_volume:/data
kibana:
image: registry.curex-project.eu:443/curex-local/kea_kibana:7.6.2
container_name: kea_kibana
restart: unless-stopped
ports:
- "5611:5601"
#Controller
webserver:
image: registry.curex-project.eu:443/curex-local/kea_webserver:1.0.0
container_name: kea_webserver
restart: unless-stopped
depends_on:
- api
tty: true
ports:
- "13880:80"
volumes:
- api_volume:/var/www
api:
image: registry.curex-project.eu:443/curex-local/kea_api:1.3.8
container_name: kea_api
restart: unless-stopped
tty: true
working_dir: /var/www
volumes:
- api_volume:/var/www
environment:
- "APP_NAME=${APP_NAME}"
- "APP_ENV=${APP_ENV}"
- "APP_DEBUG=${APP_DEBUG}"
- "APP_URL=${APP_URL}"
- "KIBANA_PORT=${KIBANA_PORT}"
- "GRAFANA_PORT=${GRAFANA_PORT}"
- "LOG_CHANNEL=${LOG_CHANNEL}"
- "DB_CONNECTION=${DB_CONNECTION}"
- "DB_HOST=${DB_HOST}"
- "DB_PORT=${DB_PORT}"
- "DB_DATABASE=${DB_DATABASE}"
- "DB_USERNAME=${DB_USERNAME}"
- "DB_PASSWORD=${DB_PASSWORD}"
- "BROADCAST_DRIVER=${BROADCAST_DRIVER}"
- "CACHE_DRIVER=${CACHE_DRIVER}"
- "QUEUE_CONNECTION=${QUEUE_CONNECTION}"
- "SESSION_DRIVER=${SESSION_DRIVER}"
- "SESSION_LIFETIME=${SESSION_LIFETIME}"
- "ELASTICSEARCH_HOST=${ELASTICSEARCH_HOST}"
- "ELASTICSEARCH_PORT=${ELASTICSEARCH_PORT}"
- "ELASTICSEARCH_SCHEME=${ELASTICSEARCH_SCHEME}"
- "MQTT_HOST=${MQTT_HOST}"
- "MQTT_PORT=${MQTT_PORT}"
- "MQTT_DEBUG=${MQTT_DEBUG}"
- "MQTT_QOS=${MQTT_QOS}"
- "MQTT_RETAIN=${MQTT_RETAIN}"
- "MLTD_HOST=${MLTD_HOST}"
- "MLTD_PORT=${MLTD_PORT}"
- "OD_HOST=${OD_HOST}"
- "OD_PORT=${OD_PORT}"
- "KEYCLOAK_REALM_PUBLIC_KEY=${KEYCLOAK_REALM_PUBLIC_KEY}"
- "KEYCLOAK_LOAD_USER_FROM_DATABASE=${KEYCLOAK_LOAD_USER_FROM_DATABASE}"
- "KEYCLOAK_USER_PROVIDER_CREDENTIAL=${KEYCLOAK_USER_PROVIDER_CREDENTIAL}"
- "KEYCLOAK_TOKEN_PRINCIPAL_ATTRIBUTE=${KEYCLOAK_TOKEN_PRINCIPAL_ATTRIBUTE}"
- "KEYCLOAK_APPEND_DECODED_TOKEN=${KEYCLOAK_APPEND_DECODED_TOKEN}"
- "KEYCLOAK_ALLOWED_RESOURCES=${KEYCLOAK_ALLOWED_RESOURCES}"
- "AUTH_ENABLED=${AUTH_ENABLED}"
- "KEYCLOAK_REALM=${KEYCLOAK_REALM}"
- "KEYCLOAK_URL=${KEYCLOAK_URL}"
- "KEYCLOAK_CLIENT_ID=${KEYCLOAK_CLIENT_ID}"
- "KIBANA_URL=${KIBANA_URL}"
- "GRAFANA_URL=${GRAFANA_URL}"
- "OD_GRAFANA_PARAMS=${OD_GRAFANA_PARAMS}"
- "MLTD_GRAFANA_PARAMS=${MLTD_GRAFANA_PARAMS}"
- "CEPTD_KIBANA_PARAMS=${CEPTD_KIBANA_PARAMS}"
- "RSYSLOG_SERVER=${RSYSLOG_SERVER}"
- "RSYSLOG_PORT=${RSYSLOG_PORT}"
#OD
od:
image: registry.curex-project.eu:443/curex-local/kea_od:1.1.1
container_name: kea_od
depends_on:
- timescaledb
environment:
- "RSYSLOG_SERVER=${RSYSLOG_SERVER}"
- "RSYSLOG_PORT=${RSYSLOG_PORT}"
restart: unless-stopped
ports:
- "9091:9091"
#MLTD
mltd:
image: registry.curex-project.eu:443/curex-local/kea_mltd:1.1.3
container_name: kea_mltd
depends_on:
- timescaledb
- mosquitto
environment:
- "RSYSLOG_SERVER=${RSYSLOG_SERVER}"
- "RSYSLOG_PORT=${RSYSLOG_PORT}"
restart: unless-stopped
ports:
- "5000:5000"
rabbitmq-client:
image: xlsiem_rabbitmq:1.0.0-dev
container_name: rabbitmq_client
restart: unless-stopped
#MQTT
mosquitto:
image: registry.curex-project.eu:443/curex-local/kea_mqtt:1.6.9
container_name: kea_mqtt
ports:
- "1883:1883"
- "9001:9001"
volumes:
- mqtt_data_volume:/mosquitto/data
- mqtt_log_volume:/mosquitto/log
#Persistence
timescaledb:
image: registry.curex-project.eu:443/curex-local/kea_timescaledb:2.1.0-pg11-oss
container_name: kea_timescaledb
volumes:
- timescaledb_volume:/var/lib/postgresql/data
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
- POSTGRES_DB=kea
ports:
- "5432:5432"
#Visualization
grafana:
image: registry.curex-project.eu:443/curex-local/kea_grafana:1.0.0
container_name: kea_grafana
ports:
- "3001:3000"
environment:
- GF_SECURITY_ALLOW_EMBEDDING=true
- GF_SECURITY_COOKIE_SAMESITE=none
- GF_AUTH_ANONYMOUS_ENABLED=true
- GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
volumes:
api_volume:
data_volume:
pcap_volume:
mqtt_data_volume:
mqtt_log_volume:
timescaledb_volume: