Remove comments
This commit is contained in:
@@ -1,30 +1,20 @@
|
||||
# Caddy with CrowdSec Security
|
||||
services:
|
||||
# CrowdSec - Security automation service that protects from attacks
|
||||
crowdsec:
|
||||
container_name: crowdsec
|
||||
image: ghcr.io/crowdsecurity/crowdsec:v1.6.10 # Official CrowdSec image
|
||||
restart: unless-stopped # Auto-restart unless explicitly stopped
|
||||
|
||||
# Environment configuration
|
||||
image: ghcr.io/crowdsecurity/crowdsec:v1.6.10
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY} # API key for Caddy integration
|
||||
- GID=${GID} # Group ID for file permissions
|
||||
- COLLECTIONS=${COLLECTIONS} # Security collections to enable
|
||||
|
||||
# Persistent storage volumes
|
||||
- BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
|
||||
- GID=${GID}
|
||||
- COLLECTIONS=${COLLECTIONS}
|
||||
volumes:
|
||||
- ${APPDATA_PATH}/caddy/crowdsec-acquis.d:/etc/crowdsec/acquis.d # Log parsers
|
||||
- ${APPDATA_PATH}/caddy/crowdsec-db:/var/lib/crowdsec/data/ # Security database
|
||||
- ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/ # Configuration files
|
||||
- ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro # Read-only log access
|
||||
|
||||
# Networks
|
||||
- ${APPDATA_PATH}/caddy/crowdsec-acquis.d:/etc/crowdsec/acquis.d
|
||||
- ${APPDATA_PATH}/caddy/crowdsec-db:/var/lib/crowdsec/data/
|
||||
- ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/
|
||||
- ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro
|
||||
networks:
|
||||
proxy:
|
||||
ipv4_address: 172.30.0.3
|
||||
|
||||
# Health check configuration
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "wget --spider --quiet --tries=1 --timeout=5 http://localhost:8080/health > /dev/null 2>&1 || exit 1"]
|
||||
interval: 30s
|
||||
@@ -32,40 +22,27 @@ services:
|
||||
retries: 3
|
||||
start_period: 30s
|
||||
|
||||
# Caddy web server with CrowdSec security
|
||||
caddy:
|
||||
container_name: caddy
|
||||
image: docker.io/ryuupendragon/caddy-crowdsec:2.10.0 # Custom Caddy image with CrowdSec plugins
|
||||
restart: unless-stopped # Auto-restart on failure
|
||||
|
||||
# Service dependencies
|
||||
image: docker.io/ryuupendragon/caddy-crowdsec:2.10.0
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
crowdsec:
|
||||
condition: service_healthy # Requires working CrowdSec before starting
|
||||
|
||||
# Required network capabilities
|
||||
condition: service_healthy
|
||||
cap_add:
|
||||
- NET_ADMIN # Needed for network-level operations
|
||||
|
||||
# Environment configuration
|
||||
- NET_ADMIN
|
||||
environment:
|
||||
- CROWDSEC_API_KEY=${CROWDSEC_API_KEY} # Security key for CrowdSec integration
|
||||
|
||||
# Persistent storage volumes
|
||||
- CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
|
||||
volumes:
|
||||
- ${APPDATA_PATH}/caddy/caddy-file:/etc/caddy # Caddyfile configuration
|
||||
- ${APPDATA_PATH}/caddy/caddy-config:/config # Automatic HTTPS certificates
|
||||
- ${APPDATA_PATH}/caddy/caddy-data:/data # Site data and assets
|
||||
- ${APPDATA_PATH}/caddy/caddy-logs:/logs # Access logs
|
||||
- ${APPDATA_PATH}/caddy/caddy-srv:/srv # Served content
|
||||
|
||||
# Network ports
|
||||
- ${APPDATA_PATH}/caddy/caddy-file:/etc/caddy
|
||||
- ${APPDATA_PATH}/caddy/caddy-config:/config
|
||||
- ${APPDATA_PATH}/caddy/caddy-data:/data
|
||||
- ${APPDATA_PATH}/caddy/caddy-logs:/logs
|
||||
- ${APPDATA_PATH}/caddy/caddy-srv:/srv
|
||||
ports:
|
||||
- ${HTTP_PORT}:80 # HTTP traffic
|
||||
- ${HTTPS_PORT}:443 # HTTPS traffic
|
||||
- ${HTTPS_PORT}:443/udp # QUIC/HTTP3 support
|
||||
|
||||
# Networks
|
||||
- ${HTTP_PORT}:80
|
||||
- ${HTTPS_PORT}:443
|
||||
- ${HTTPS_PORT}:443/udp
|
||||
networks:
|
||||
proxy:
|
||||
ipv4_address: 172.30.0.2
|
||||
|
||||
Reference in New Issue
Block a user