Remove network for caddy

2025-07-14 22:42:15 +05:30
parent cfd78c5a00
commit a1be0f3ae7
2 changed files with 83 additions and 45 deletions
--- a/caddy-cloudflare-ddns-crowdsec/docker-compose.yml
+++ b/caddy-cloudflare-ddns-crowdsec/docker-compose.yml
@@ -1,17 +1,25 @@
+# Caddy with Cloudflare DDNS and CrowdSec Security
 services:
+  # CrowdSec - Security automation service that protects from attacks
  crowdsec:
    container_name: crowdsec
-    image: ghcr.io/crowdsecurity/crowdsec:v1.6.10
-    restart: unless-stopped
+    image: ghcr.io/crowdsecurity/crowdsec:v1.6.10  # Official CrowdSec image
+    restart: unless-stopped  # Auto-restart unless explicitly stopped
+    
+    # Environment configuration
    environment:
-      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
-      - GID=${GID}
-      - COLLECTIONS=${COLLECTIONS}
+      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}  # API key for Caddy integration
+      - GID=${GID}  # Group ID for file permissions
+      - COLLECTIONS=${COLLECTIONS}  # Security collections to enable
+    
+    # Persistent storage volumes
    volumes:
-      - ${APPDATA_PATH}/caddy/crowdsec-acquis.d:/etc/crowdsec/acquis.d
-      - ${APPDATA_PATH}/caddy/crowdsec-db:/var/lib/crowdsec/data/
-      - ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/
-      - ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro
+      - ${APPDATA_PATH}/caddy/crowdsec-acquis.d:/etc/crowdsec/acquis.d  # Log parsers
+      - ${APPDATA_PATH}/caddy/crowdsec-db:/var/lib/crowdsec/data/  # Security database
+      - ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/  # Configuration files
+      - ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro  # Read-only log access
+    
+    # Health check configuration
    healthcheck:
      test: ["CMD-SHELL", "wget --spider --quiet --tries=1 --timeout=5 http://localhost:8080/health > /dev/null 2>&1 || exit 1"]
      interval: 30s
@@ -19,25 +27,36 @@ services:
      retries: 3
      start_period: 30s 

+  # Caddy web server with Cloudflare DDNS integration
  caddy:
    container_name: caddy
-    image: docker.io/ryuupendragon/caddy-cloudflare-ddns-crowdsec:2.10.0
-    restart: unless-stopped
+    image: docker.io/ryuupendragon/caddy-cloudflare-ddns-crowdsec:2.10.0  # Custom Caddy image with Cloudflare, DDNS and CrowdSec plugins
+    restart: unless-stopped  # Auto-restart on failure
+    
+    # Service dependencies
    depends_on:
      crowdsec:
-        condition: service_healthy
+        condition: service_healthy  # Requires working CrowdSec before starting
+    
+    # Required network capabilities
    cap_add:
-      - NET_ADMIN
+      - NET_ADMIN  # Needed for network-level operations
+    
+    # Environment configuration
    environment:
-      - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
-      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
+      - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}  # Cloudflare API token for DNS updates
+      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}  # Security key for CrowdSec integration
+    
+    # Persistent storage volumes
    volumes:
-      - ${APPDATA_PATH}/caddy/caddy-file:/etc/caddy
-      - ${APPDATA_PATH}/caddy/caddy-config:/config
-      - ${APPDATA_PATH}/caddy/caddy-data:/data
-      - ${APPDATA_PATH}/caddy/caddy-logs:/logs
-      - ${APPDATA_PATH}/caddy/caddy-srv:/srv
+      - ${APPDATA_PATH}/caddy/caddy-file:/etc/caddy  # Caddyfile configuration
+      - ${APPDATA_PATH}/caddy/caddy-config:/config  # Automatic HTTPS certificates
+      - ${APPDATA_PATH}/caddy/caddy-data:/data  # Site data and assets
+      - ${APPDATA_PATH}/caddy/caddy-logs:/logs  # Access logs
+      - ${APPDATA_PATH}/caddy/caddy-srv:/srv  # Served content
+    
+    # Network ports
    ports:
-      - ${HTTP_PORT}:80
-      - ${HTTPS_PORT}:443
-      - ${HTTPS_PORT}:443/udp
+      - ${HTTP_PORT}:80  # HTTP traffic
+      - ${HTTPS_PORT}:443  # HTTPS traffic
+      - ${HTTPS_PORT}:443/udp  # QUIC/HTTP3 support
--- a/caddy-crowdsec/docker-compose.yml
+++ b/caddy-crowdsec/docker-compose.yml
@@ -1,17 +1,25 @@
+# Caddy with CrowdSec Security
 services:
+  # CrowdSec - Security automation service that protects from attacks
  crowdsec:
    container_name: crowdsec
-    image: ghcr.io/crowdsecurity/crowdsec:v1.6.10
-    restart: unless-stopped
+    image: ghcr.io/crowdsecurity/crowdsec:v1.6.10  # Official CrowdSec image
+    restart: unless-stopped  # Auto-restart unless explicitly stopped
+    
+    # Environment configuration
    environment:
-      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
-      - GID=${GID}
-      - COLLECTIONS=${COLLECTIONS}
+      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}  # API key for Caddy integration
+      - GID=${GID}  # Group ID for file permissions
+      - COLLECTIONS=${COLLECTIONS}  # Security collections to enable
+    
+    # Persistent storage volumes
    volumes:
-      - ${APPDATA_PATH}/caddy/crowdsec-acquis.d:/etc/crowdsec/acquis.d
-      - ${APPDATA_PATH}/caddy/crowdsec-db:/var/lib/crowdsec/data/
-      - ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/
-      - ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro
+      - ${APPDATA_PATH}/caddy/crowdsec-acquis.d:/etc/crowdsec/acquis.d  # Log parsers
+      - ${APPDATA_PATH}/caddy/crowdsec-db:/var/lib/crowdsec/data/  # Security database
+      - ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/  # Configuration files
+      - ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro  # Read-only log access
+    
+    # Health check configuration
    healthcheck:
      test: ["CMD-SHELL", "wget --spider --quiet --tries=1 --timeout=5 http://localhost:8080/health > /dev/null 2>&1 || exit 1"]
      interval: 30s
@@ -19,24 +27,35 @@ services:
      retries: 3
      start_period: 30s 

+  # Caddy web server with CrowdSec security
  caddy:
    container_name: caddy
-    image: docker.io/ryuupendragon/caddy-crowdsec:2.10.0
-    restart: unless-stopped
+    image: docker.io/ryuupendragon/caddy-crowdsec:2.10.0  # Custom Caddy image with CrowdSec plugins
+    restart: unless-stopped  # Auto-restart on failure
+    
+    # Service dependencies
    depends_on:
      crowdsec:
-        condition: service_healthy
+        condition: service_healthy  # Requires working CrowdSec before starting
+    
+    # Required network capabilities
    cap_add:
-      - NET_ADMIN
+      - NET_ADMIN  # Needed for network-level operations
+    
+    # Environment configuration
    environment:
-      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
+      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}  # Security key for CrowdSec integration
+    
+    # Persistent storage volumes
    volumes:
-      - ${APPDATA_PATH}/caddy/caddy-file:/etc/caddy
-      - ${APPDATA_PATH}/caddy/caddy-config:/config
-      - ${APPDATA_PATH}/caddy/caddy-data:/data
-      - ${APPDATA_PATH}/caddy/caddy-logs:/logs
-      - ${APPDATA_PATH}/caddy/caddy-srv:/srv
+      - ${APPDATA_PATH}/caddy/caddy-file:/etc/caddy  # Caddyfile configuration
+      - ${APPDATA_PATH}/caddy/caddy-config:/config  # Automatic HTTPS certificates
+      - ${APPDATA_PATH}/caddy/caddy-data:/data  # Site data and assets
+      - ${APPDATA_PATH}/caddy/caddy-logs:/logs  # Access logs
+      - ${APPDATA_PATH}/caddy/caddy-srv:/srv  # Served content
+    
+    # Network ports
    ports:
-      - ${HTTP_PORT}:80
-      - ${HTTPS_PORT}:443
-      - ${HTTPS_PORT}:443/udp
+      - ${HTTP_PORT}:80  # HTTP traffic
+      - ${HTTPS_PORT}:443  # HTTPS traffic
+      - ${HTTPS_PORT}:443/udp  # QUIC/HTTP3 support