caddy-docker-proxy-crowdsec/docker-compose.yaml at main · kmobs/caddy-docker-proxy-crowdsec · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

services:
  caddy:
    #image: lucaslorentz/caddy-docker-proxy
    #specify own build to include caddy-docker-proxy as well as crowdsec module
    container_name: caddy
    build: ./caddybuild
    image: kmobs/caddyproxycrowdsec
    depends_on:
      socket-proxy:
    ports:
      - 80:80
      - 443:443
    networks:
      - caddy
      - socket
    volumes:
      # set caddy path
      - /path/to/caddy/data:/data
      - logs:/var/log/caddy
    restart: unless-stopped
    environment:
      DOCKER_HOST: tcp://socket-proxy:2375
      CADDY_DOCKER_EVENT_THROTTLE_INTERVAL: "2s"
    labels:
      caddy_0.email: ${EMAIL}
      #Used a different port as I had a conflict on the default 8080
      caddy_1.crowdsec.api_url: http://${API_URL}:24444
      caddy_1.crowdsec.api_key: ${API_KEY}
      caddy_1.crowdsec.appsec_url: http://${API_URL}:7422
      # Create a snippet for enabling access logs. Can also import from a RO socket if you prefer
      caddy_2: (logging)
      caddy_2.log.output: file /var/log/caddy/{args[0]}.access.log
      caddy_2.log.output.roll_size: 10MiB
      caddy_2.log.output.roll_keep_for: 168h
      caddy_3: (internal-only)
      caddy_3.@external.not: remote_ip private_ranges
      caddy_3.handle: "@external"
      caddy_3.handle.abort:

  crowdsec:
    container_name: crowdsec
    image: crowdsecurity/crowdsec
    restart: unless-stopped
    ports:
      - 24444:8080
      - 7422:7422
    environment:
      COLLECTIONS: "crowdsecurity/caddy"
      GID: "${GID-1000}"
    depends_on:
      - 'caddy'
    volumes:
      # For the acquis.yaml
      - /path/to/crowdsec:/etc/crowdsec
      - /path/to/crowdsec/data:/var/lib/crowdsec/data/
      - logs:/var/log/caddy

  socket-proxy:
    container_name: socket-proxy
    image: tecnativa/socket-proxy
    user: "0:0" # Set to ame UID/GID as the owner of the socket
    restart: unless-stopped
    networks:
      - socket
    volumes:
      - /run/docker.sock:/run/docker.sock:ro
    environment:
      CONTAINERS: 1
      SERVICES: 1
      NETWORKS: 1
      CONFIGS: 1
      TASKS: 1
      NODES: 1
      INFO: 1
      SESSION: 1

networks:
  caddy:
    external: true
  socket:

volumes:
  logs: