personal_interest_mirrors/Compose-Examples
1
0
Fork 0
mirror of https://github.com/Haxxnet/Compose-Examples.git synced 2026-02-14 16:54:24 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
1b020b67daf1d249239d02342fa25b1a46ded61e
Compose-Examples/examples/crowdsec/docker-compose.yml
LRVT 30b22a9c83
All checks were successful
CI / validateComposeSyntax (push) Successful in 20s
Details
Update docker-compose.yml with comments and adjustments 
Comment out the no-new-privileges security option and add notes for crowdsec-blocklist-import service.
2026-02-03 14:56:56 +01:00

54 lines
2.1 KiB
YAML
Raw Blame History

services:
crowdsec:
image: crowdsecurity/crowdsec:v1.7.6
container_name: crowdsec
restart: unless-stopped
ports:
- 127.0.0.1:9876:8080 # http api for local fw bouncers
- 127.0.0.1:6060:6060 # metrics endpoint for prometheus
expose:
- 8080 # http api for bouncers
- 6060 # metrics endpoint for prometheus
- 7422 # appsec waf endpoint
volumes:
# crowdsec container data
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/crowdsec/data:/var/lib/crowdsec/data
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/crowdsec/etc:/etc/crowdsec
# log bind mounts into crowdsec
- /var/log/auth.log:/var/log/auth.log:ro
- /var/log/syslog:/var/log/syslog:ro
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/var/log/traefik:ro
environment:
- GID=1000
- COLLECTIONS=crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/base-http-scenarios crowdsecurity/sshd crowdsecurity/linux crowdsecurity/appsec-crs crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching
#- BOUNCER_KEY_<NAME>=${CROWDSEC-BOUNCER-API-TOKEN:-FIXME-LAPI-KEY} # pre-supply a bouncer with api key
#- CUSTOM_HOSTNAME=crowdsec-host123
#security_opt:
# - no-new-privileges=true
#networks:
# - proxy
# - You can enable the below service to enhance crowdsec's blocklist
# - More info here: https://github.com/wolffcatskyy/crowdsec-blocklist-import
# ----------------------------------------------------------------------------
#crowdsec-blocklist-import:
# image: ghcr.io/wolffcatskyy/crowdsec-blocklist-import:2.1.0
# container_name: crowdsec-blocklist-import
# restart: "no"
# environment:
# # setup:
# # docker exec -it crowdsec cscli machines add blocklist-importer --password secretpassphrase -f blocklist-importer
# - CROWDSEC_LAPI_URL=http://crowdsec:8080
# - CROWDSEC_MACHINE_ID=blocklist-importer
# - CROWDSEC_MACHINE_PASSWORD=secretpassphrase
# - DECISION_DURATION=24h
# - TZ=Europe/Berlin
# - TELEMETRY_ENABLED=false
# #networks:
# # - proxy
#networks:
# proxy:
# external: true
Reference in New Issue View Git Blame Copy Permalink