dnburgess/gist:7002f6a1813406e665ebe3204aefe04a

## gistfile1.txt

version: '3'

services:
  #the application itself : static html served by apache2.
  #the html can be found in ./app/
  app:
    image: httpd:alpine
    restart: always
    volumes:
      - ./app/:/usr/local/apache2/htdocs/
    networks:
      crowdsec_test:
        ipv4_address: 172.20.0.2

  #the reverse proxy that will serve the application
  #you can see nginx's config in ./reverse-proxy/nginx.conf
  reverse-proxy:
    image: nginx:alpine
    restart: always
    ports:
      - 8123:80
    depends_on:
      - 'app'
    volumes:
      - ./reverse-proxy/nginx.conf:/etc/nginx/nginx.conf
      - cslogs:/var/log/nginx
    networks:
      crowdsec_test:
        ipv4_address: 172.20.0.3

  #crowdsec : it will be fed nginx's logs
  #and later we're going to plug a firewall bouncer to it
  crowdsec:
    image: crowdsecurity/crowdsec:latest
    restart: always
    environment:
      #this is the list of collections we want to install
      #https://hub.crowdsec.net/author/crowdsecurity/collections/nginx
      COLLECTIONS: "crowdsecurity/linux crowdsecurity/nginx-proxy-manager crowdsecurity/sshd crowdsecurity/http-cve crowdsecurity/nginx"
      POSTOVERFLOWS: "crowdsecurity/whitelist-good-actors"
      GID: "${GID-1000}"
    depends_on:
      - 'reverse-proxy'
    volumes:
      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
      - cslogs:/var/log/nginx
      - /home/data/logs:/logs/npm:ro
      - cscrowdsec-db:/var/lib/crowdsec/data/
      - cscrowdsec-config:/etc/crowdsec/
    networks:
      crowdsec_test:
        ipv4_address: 172.20.0.4

  #metabase, because security is cool, but dashboards are cooler
  dashboard:
    #we're using a custom Dockerfile so that metabase pops with pre-configured dashboards
    build: ./crowdsec/dashboard
    restart: always
    ports:
      - 3034:3000
    environment:
      MB_DB_FILE: /data/metabase.db
      MGID: "${GID-1000}"
    depends_on:
      - 'crowdsec'
    volumes:
      - crowdsec-db:/metabase-data/
    networks:
      crowdsec_test:
        ipv4_address: 172.20.0.5

volumes:
  cslogs:
  cscrowdsec-db:
  cscrowdsec-config:

networks:
  crowdsec_test:
    ipam:
      driver: default
      config:
        - subnet: 172.20.0.0/24

	version: '3'

	services:
	#the application itself : static html served by apache2.
	#the html can be found in ./app/
	app:
	image: httpd:alpine
	restart: always
	volumes:
	- ./app/:/usr/local/apache2/htdocs/
	networks:
	crowdsec_test:
	ipv4_address: 172.20.0.2

	#the reverse proxy that will serve the application
	#you can see nginx's config in ./reverse-proxy/nginx.conf
	reverse-proxy:
	image: nginx:alpine
	restart: always
	ports:
	- 8123:80
	depends_on:
	- 'app'
	volumes:
	- ./reverse-proxy/nginx.conf:/etc/nginx/nginx.conf
	- cslogs:/var/log/nginx
	networks:
	crowdsec_test:
	ipv4_address: 172.20.0.3

	#crowdsec : it will be fed nginx's logs
	#and later we're going to plug a firewall bouncer to it
	crowdsec:
	image: crowdsecurity/crowdsec:latest
	restart: always
	environment:
	#this is the list of collections we want to install
	#https://hub.crowdsec.net/author/crowdsecurity/collections/nginx
	COLLECTIONS: "crowdsecurity/linux crowdsecurity/nginx-proxy-manager crowdsecurity/sshd crowdsecurity/http-cve crowdsecurity/nginx"
	POSTOVERFLOWS: "crowdsecurity/whitelist-good-actors"
	GID: "${GID-1000}"
	depends_on:
	- 'reverse-proxy'
	volumes:
	- ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
	- cslogs:/var/log/nginx
	- /home/data/logs:/logs/npm:ro
	- cscrowdsec-db:/var/lib/crowdsec/data/
	- cscrowdsec-config:/etc/crowdsec/
	networks:
	crowdsec_test:
	ipv4_address: 172.20.0.4

	#metabase, because security is cool, but dashboards are cooler
	dashboard:
	#we're using a custom Dockerfile so that metabase pops with pre-configured dashboards
	build: ./crowdsec/dashboard
	restart: always
	ports:
	- 3034:3000
	environment:
	MB_DB_FILE: /data/metabase.db
	MGID: "${GID-1000}"
	depends_on:
	- 'crowdsec'
	volumes:
	- crowdsec-db:/metabase-data/
	networks:
	crowdsec_test:
	ipv4_address: 172.20.0.5

	volumes:
	cslogs:
	cscrowdsec-db:
	cscrowdsec-config:

	networks:
	crowdsec_test:
	ipam:
	driver: default
	config:
	- subnet: 172.20.0.0/24