59 lines
1.3 KiB
YAML
59 lines
1.3 KiB
YAML
services:
|
|
caddy:
|
|
build:
|
|
context: .
|
|
target: caddy
|
|
container_name: caddy
|
|
restart: unless-stopped
|
|
env_file:
|
|
- .env
|
|
environment:
|
|
- CLOUDFLARE_EMAIL=${CF_EMAIL}
|
|
- CLOUDFLARE_API_TOKEN=${CF_AUTH_TOKEN}
|
|
- ACME_AGREE=true
|
|
- CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
- "443:443/udp"
|
|
cap_add:
|
|
- NET_ADMIN
|
|
volumes:
|
|
- ./config:/etc/caddy
|
|
- caddy_data:/data
|
|
- caddy_config:/config
|
|
- caddy_logs:/var/log/caddy
|
|
networks:
|
|
- proxy
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
|
|
crowdsec:
|
|
image: docker.io/crowdsecurity/crowdsec:latest
|
|
container_name: crowdsec
|
|
restart: unless-stopped
|
|
environment:
|
|
- GID=1000
|
|
- COLLECTIONS=crowdsecurity/linux crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors
|
|
- BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
|
|
volumes:
|
|
- crowdsec_db:/var/lib/crowdsec/data/
|
|
- ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
|
|
- caddy_logs:/var/log/caddy:ro
|
|
networks:
|
|
- proxy
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
depends_on:
|
|
- caddy
|
|
|
|
volumes:
|
|
caddy_data: {}
|
|
caddy_config: {}
|
|
caddy_logs: {}
|
|
crowdsec_db: {}
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|