-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
123 lines (116 loc) · 3.89 KB
/
Copy pathdocker-compose.yml
File metadata and controls
123 lines (116 loc) · 3.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
version: "3.9"
# ─────────────────────────────────────────────────────────────────────────────
# Sentinel-API — Production Stack v2.4.1
#
# Services:
# scanner Go enumeration engine (run-and-exit, triggered on demand)
# ai Python FastAPI + gRPC — LLM intelligence layer
# ui HTMX + Tailwind dashboard (FastAPI/Jinja2)
#
# Ports:
# 3000 UI Dashboard
# 8000 AI HTTP backend
# 50051 AI gRPC endpoint
#
# Transport:
# scanner → ai grpc://ai:50051 (real-time events + batch enrichment)
# scanner → ai http://ai:8000 (fallback, external CI/CD use)
# ui → ai http://ai:8000 (proxied API calls)
# browser → ui ws://ui:3000/ws/scan/{id} (scan event stream proxy)
# ─────────────────────────────────────────────────────────────────────────────
services:
# ---------------------------------------------------------------------------
# Go Scanner Engine (run-and-exit)
# ---------------------------------------------------------------------------
scanner:
build:
context: ./scanner
dockerfile: Dockerfile
image: sentinel-api/scanner:2.4.1
container_name: sentinel-scanner
restart: "no"
environment:
- SENTINEL_TARGET=${SENTINEL_TARGET:-}
- SENTINEL_TOKEN=${SENTINEL_TOKEN:-}
- SENTINEL_AI_BACKEND=${SENTINEL_AI_BACKEND:-grpc://ai:50051}
- SENTINEL_NVD_KEY=${SENTINEL_NVD_KEY:-}
volumes:
- ./reports:/reports
- ./wordlists:/wordlists:ro
networks:
- sentinel-net
depends_on:
ai:
condition: service_healthy
command: ["scan", "--help"]
# ---------------------------------------------------------------------------
# Python AI / Intelligence Layer
# ---------------------------------------------------------------------------
ai:
build:
context: .
dockerfile: ai/Dockerfile
image: sentinel-api/ai:2.4.1
container_name: sentinel-ai
restart: unless-stopped
ports:
- "8000:8000"
- "50051:50051"
environment:
- MODEL_PATH=/models/mistral-7b-instruct-v0.2.Q4_K_M.gguf
- DB_PATH=/data/sentinel.db
- LOG_LEVEL=INFO
- ENVIRONMENT=production
- GRPC_PORT=50051
- HTTP_PORT=8000
- API_KEY=${SENTINEL_API_KEY:-}
- MODEL_N_GPU_LAYERS=${MODEL_N_GPU_LAYERS:-0}
- MODEL_N_THREADS=${MODEL_N_THREADS:-8}
volumes:
- ./models:/models:ro
- sentinel-db:/data
networks:
- sentinel-net
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
interval: 10s
timeout: 5s
retries: 5
start_period: 45s
# ---------------------------------------------------------------------------
# HTMX Dashboard (Python/Jinja2 SSR)
# ---------------------------------------------------------------------------
ui:
build:
context: ./ui
dockerfile: Dockerfile
image: sentinel-api/ui:2.4.1
container_name: sentinel-ui
restart: unless-stopped
ports:
- "3000:3000"
environment:
- AI_BACKEND_URL=http://ai:8000
- AI_API_KEY=${SENTINEL_API_KEY:-}
- PORT=3000
- DEBUG=false
volumes:
# Mount reports dir so the UI server can read sentinel_*.json files
- ./reports:/reports:ro
networks:
- sentinel-net
depends_on:
ai:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/"]
interval: 30s
timeout: 5s
retries: 3
# ---------------------------------------------------------------------------
networks:
sentinel-net:
driver: bridge
volumes:
sentinel-db:
driver: local