hmpps-manage-people-on-probation-ui/docker-compose.yml at main · ministryofjustice/hmpps-manage-people-on-probation-ui · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
services:
  app:
    build:
      context: .
      args:
        BUILD_NUMBER: "1.0.0"
        GIT_REF: "a1b2c3"
        GIT_BRANCH: "main"
      secrets:
        - sentry
    networks:
      - hmpps
    ports:
      - "3000:3000"
    env_file:
      - .env

  waf:
    image: owasp/modsecurity-crs:4.25-nginx-lts
    networks:
      - hmpps
    ports:
      - "8080:8080"
    environment:
      BACKEND: "http://app:3000"
      SERVER_NAME: "localhost"
      MODSEC_RULE_ENGINE: "On"
      MODSEC_AUDIT_ENGINE: "On"
      MODSEC_AUDIT_LOG: "/var/log/modsecurity/audit.log"
      MODSEC_AUDIT_LOG_TYPE: "Serial"
      BLOCKING_PARANOIA: "1"
      DETECTION_PARANOIA: "1"
    volumes:
      - ./waf-conf/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:ro
      - ./waf-logs:/var/log/modsecurity
    depends_on:
      - app

networks:
  hmpps:

secrets:
  sentry:
    file: .sentry-token