feat: add CrowdSec service and configuration for container security
This commit is contained in:
@@ -86,6 +86,8 @@ services:
|
|||||||
- traefik.http.routers.traefik-public-https.service=api@internal
|
- traefik.http.routers.traefik-public-https.service=api@internal
|
||||||
# Define the port inside of the Docker service to use
|
# Define the port inside of the Docker service to use
|
||||||
- traefik.http.services.traefik-public.loadbalancer.server.port=8080
|
- traefik.http.services.traefik-public.loadbalancer.server.port=8080
|
||||||
|
# - crowdsec.enable=true
|
||||||
|
# - crowdsec.labels.type=nginx
|
||||||
volumes:
|
volumes:
|
||||||
# Add Docker as a mounted volume, so that Traefik can read the labels of other services
|
# Add Docker as a mounted volume, so that Traefik can read the labels of other services
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
|||||||
@@ -0,0 +1,57 @@
|
|||||||
|
services:
|
||||||
|
crowdsec:
|
||||||
|
image: crowdsecurity/crowdsec:slim
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
crowdsec:
|
||||||
|
environment:
|
||||||
|
DOCKER_HOST: tcp://socket-proxy:2375
|
||||||
|
COLLECTIONS: "crowdsecurity/nginx"
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:8080:8080"
|
||||||
|
depends_on:
|
||||||
|
- 'socket-proxy'
|
||||||
|
volumes:
|
||||||
|
- ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
|
||||||
|
- crowdsec-db:/var/lib/crowdsec/data/
|
||||||
|
- crowdsec-config:/etc/crowdsec/
|
||||||
|
|
||||||
|
socket-proxy:
|
||||||
|
networks:
|
||||||
|
crowdsec:
|
||||||
|
restart: always
|
||||||
|
image: lscr.io/linuxserver/socket-proxy:latest
|
||||||
|
container_name: socket-proxy
|
||||||
|
environment:
|
||||||
|
INFO: 1
|
||||||
|
CONTAINERS: 1
|
||||||
|
POST: 0
|
||||||
|
BUILD: 0
|
||||||
|
COMMIT: 0
|
||||||
|
CONFIGS: 0
|
||||||
|
DISTRIBUTION: 0
|
||||||
|
EXEC: 0
|
||||||
|
GRPC: 0
|
||||||
|
IMAGES: 0
|
||||||
|
NETWORKS: 0
|
||||||
|
NODES: 0
|
||||||
|
PLUGINS: 0
|
||||||
|
SERVICES: 0
|
||||||
|
SESSION: 0
|
||||||
|
SWARM: 0
|
||||||
|
SYSTEM: 0
|
||||||
|
TASKS: 0
|
||||||
|
VOLUMES: 0
|
||||||
|
volumes:
|
||||||
|
- '/var/run/docker.sock:/var/run/docker.sock:ro'
|
||||||
|
read_only: true
|
||||||
|
tmpfs:
|
||||||
|
- /run
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
crowdsec-db:
|
||||||
|
crowdsec-config:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
crowdsec:
|
||||||
|
driver: bridge
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
source: docker
|
||||||
|
use_container_labels: true ## https://docs.crowdsec.net/docs/next/data_sources/docker#use_container_labels
|
||||||
|
check_interval: 10s ## How often to check for new containers https://docs.crowdsec.net/docs/next/appsec/quickstart/traefik
|
||||||
Reference in New Issue
Block a user