bunkerweb/examples/crowdsec/docker-compose.yml

version: '3'

services:

  mywww:
    image: bunkerity/bunkerized-nginx
    restart: always
    # mandatory for crowdsec :
    # you need to redirect Docker logs to the syslog server
    logging:
      driver: syslog
      options:
        syslog-address: "udp://10.10.10.254:514"
    depends_on:
      - mysyslog
      - myapp1
      - myapp2
    ports:
      - 80:8080
      - 443:8443
    # bunkerized-nginx runs as an unprivileged user with UID/GID 101
    # don't forget to edit the permissions of the files and folders accordingly
    volumes:
      - ./web-files:/www:ro
      - ./letsencrypt:/etc/letsencrypt
      - ./bunkerized-nginx-crowdsec:/plugins/crowdsec # edit plugin.json
    environment:
      - SERVER_NAME=app1.example.com app2.example.com # replace with your domains
      - MULTISITE=yes
      - AUTO_LETS_ENCRYPT=yes
      - REDIRECT_HTTP_TO_HTTPS=yes
      - DISABLE_DEFAULT_SERVER=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - app1.example.com_REMOTE_PHP=myapp1
      - app1.example.com_REMOTE_PHP_PATH=/app
      - app2.example.com_REMOTE_PHP=myapp2
      - app2.example.com_REMOTE_PHP_PATH=/app
    networks:
      net0:
      net1:
      net2:

  mycrowdsec:
    image: crowdsecurity/crowdsec:v1.0.13
    restart: always
    volumes:
      - ./acquis.yaml:/etc/crowdsec/acquis.yaml
      - nginx_logs:/var/log:ro
    environment:
      - COLLECTIONS=crowdsecurity/nginx
      - REGISTER_TO_ONLINE_API=true
    networks:
      - net0

  mysyslog:
    image: balabit/syslog-ng
    restart: always
    volumes:
     - ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf 
     - nginx_logs:/var/log
    networks:
      net0:
        ipv4_address: 10.10.10.254

  myapp1:
    image: php:fpm
    restart: always
    volumes:
      - ./web-files/app1.example.com:/app
    networks:
      - net1

  myapp2:
    image: php:fpm
    restart: always
    volumes:
      - ./web-files/app2.example.com:/app
    networks:
      - net2

networks:
  net0:
    ipam:
      driver: default
      config:
        - subnet: 10.10.10.0/24
  net1:
  net2:

volumes:
  nginx_logs:
started crowdsec v1 integration 2020-12-28 17:42:20 +00:00			`version: '3'`

			`services:`

			`mywww:`
started work on moving variables from .lua to nginx 2021-05-18 13:14:45 +00:00			`image: bunkerity/bunkerized-nginx`
started crowdsec v1 integration 2020-12-28 17:42:20 +00:00			`restart: always`
crowdsec - fix bugs and update example 2021-05-18 12:03:16 +00:00			`# mandatory for crowdsec :`
			`# you need to redirect Docker logs to the syslog server`
			`logging:`
			`driver: syslog`
			`options:`
			`syslog-address: "udp://10.10.10.254:514"`
			`depends_on:`
			`- mysyslog`
			`- myapp1`
			`- myapp2`
started crowdsec v1 integration 2020-12-28 17:42:20 +00:00			`ports:`
			`- 80:8080`
			`- 443:8443`
check permissions for missing volumes and add comment about permissions on examples 2021-05-15 19:08:35 +00:00			`# bunkerized-nginx runs as an unprivileged user with UID/GID 101`
			`# don't forget to edit the permissions of the files and folders accordingly`
started crowdsec v1 integration 2020-12-28 17:42:20 +00:00			`volumes:`
			`- ./web-files:/www:ro`
			`- ./letsencrypt:/etc/letsencrypt`
crowdsec - move as external plugin 2021-07-16 08:05:53 +00:00			`- ./bunkerized-nginx-crowdsec:/plugins/crowdsec # edit plugin.json`
started crowdsec v1 integration 2020-12-28 17:42:20 +00:00			`environment:`
examples - use example.com instead of website.com 2021-07-16 07:40:02 +00:00			`- SERVER_NAME=app1.example.com app2.example.com # replace with your domains`
started crowdsec v1 integration 2020-12-28 17:42:20 +00:00			`- MULTISITE=yes`
			`- AUTO_LETS_ENCRYPT=yes`
			`- REDIRECT_HTTP_TO_HTTPS=yes`
			`- DISABLE_DEFAULT_SERVER=yes`
			`- USE_CLIENT_CACHE=yes`
			`- USE_GZIP=yes`
examples - use example.com instead of website.com 2021-07-16 07:40:02 +00:00			`- app1.example.com_REMOTE_PHP=myapp1`
			`- app1.example.com_REMOTE_PHP_PATH=/app`
			`- app2.example.com_REMOTE_PHP=myapp2`
			`- app2.example.com_REMOTE_PHP_PATH=/app`
started crowdsec v1 integration 2020-12-28 17:42:20 +00:00			`networks:`
crowdsec - fix bugs and update example 2021-05-18 12:03:16 +00:00			`net0:`
			`net1:`
			`net2:`
started crowdsec v1 integration 2020-12-28 17:42:20 +00:00
			`mycrowdsec:`
fix CVE-2021-20205 and examples update 2021-04-26 15:00:23 +00:00			`image: crowdsecurity/crowdsec:v1.0.13`
started crowdsec v1 integration 2020-12-28 17:42:20 +00:00			`restart: always`
			`volumes:`
			`- ./acquis.yaml:/etc/crowdsec/acquis.yaml`
			`- nginx_logs:/var/log:ro`
			`environment:`
			`- COLLECTIONS=crowdsecurity/nginx`
			`- REGISTER_TO_ONLINE_API=true`
			`networks:`
			`- net0`

crowdsec - fix bugs and update example 2021-05-18 12:03:16 +00:00			`mysyslog:`
			`image: balabit/syslog-ng`
			`restart: always`
			`volumes:`
			`- ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf`
			`- nginx_logs:/var/log`
			`networks:`
			`net0:`
			`ipv4_address: 10.10.10.254`

started crowdsec v1 integration 2020-12-28 17:42:20 +00:00			`myapp1:`
			`image: php:fpm`
			`restart: always`
			`volumes:`
examples - use example.com instead of website.com 2021-07-16 07:40:02 +00:00			`- ./web-files/app1.example.com:/app`
started crowdsec v1 integration 2020-12-28 17:42:20 +00:00			`networks:`
			`- net1`

			`myapp2:`
			`image: php:fpm`
			`restart: always`
			`volumes:`
examples - use example.com instead of website.com 2021-07-16 07:40:02 +00:00			`- ./web-files/app2.example.com:/app`
started crowdsec v1 integration 2020-12-28 17:42:20 +00:00			`networks:`
			`- net2`

			`networks:`
			`net0:`
crowdsec - fix bugs and update example 2021-05-18 12:03:16 +00:00			`ipam:`
			`driver: default`
			`config:`
			`- subnet: 10.10.10.0/24`
started crowdsec v1 integration 2020-12-28 17:42:20 +00:00			`net1:`
			`net2:`

			`volumes:`
			`nginx_logs:`