mirror of
https://github.com/Dokploy/templates.git
synced 2026-06-19 06:05:26 +02:00
126f6757c6
* add docker-compose for crowdsec * add template.toml * edit meta.json * add crowdsec logo * process-meta * Update blueprints/crowdsec/docker-compose.yml --------- Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
31 lines
1.6 KiB
YAML
31 lines
1.6 KiB
YAML
# --------------------------------------------------------------------------------
|
|
# note: this is the minimal crowdsec container
|
|
# this compose file prepared to work with two key remediation engines
|
|
# install and configure them via links below:
|
|
# traefik bouncer plugin | https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin
|
|
# firewall bouncer (iptables) | https://docs.crowdsec.net/u/bouncers/firewall/
|
|
# --------------------------------------------------------------------------------
|
|
services:
|
|
crowdsec:
|
|
image: crowdsecurity/crowdsec:latest
|
|
environment:
|
|
GID: "${GID-1000}"
|
|
COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik crowdsecurity/http-cve"
|
|
volumes:
|
|
- ../files/acquis.yaml:/etc/crowdsec/acquis.yaml # https://docs.crowdsec.net/u/getting_started/post_installation/acquisition_new/
|
|
- crowdsec-db:/var/lib/crowdsec/data/
|
|
- crowdsec-config:/etc/crowdsec/
|
|
- /etc/dokploy/traefik/dynamic/access.log:/var/log/traefik/access.log:ro # make sure access log is enabled in dokploy
|
|
- ${AUTH_LOG_PATH}:/var/log/ssh/auth.log:ro
|
|
# - /var/log/fail2ban.log:/var/log/fail2ban/fail2ban.log:ro # uncomment if you have fail2ban installed on the system
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
# uncomment these two lines if you intent to use firewall bouncer installed natively on the host
|
|
# ports:
|
|
# - "127.0.0.1:8080:8080" # local binding only, necessary for firewall-iptables-bouncer to connect to container's lapi
|
|
labels:
|
|
- traefik.enable=false
|
|
restart: unless-stopped
|
|
volumes:
|
|
crowdsec-db:
|
|
crowdsec-config: |