mirror of
https://github.com/StepanovPlaton/HomeServerServices.git
synced 2026-04-03 20:30:44 +04:00
115 lines
3.0 KiB
YAML
115 lines
3.0 KiB
YAML
services:
|
|
nginx-proxy:
|
|
image: nginx:alpine
|
|
container_name: nginx-proxy
|
|
restart: always
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
volumes:
|
|
- ./nginx/conf.d:/etc/nginx/conf.d:ro
|
|
# Папки для SSL сертификатов
|
|
- ./ssl/conf:/etc/letsencrypt:ro
|
|
- ./ssl/www:/var/www/certbot:ro
|
|
# Логи для канали CrowdSec
|
|
- ./nginx/logs:/var/log/nginx
|
|
# Подхватываем новые ssl сертификаты
|
|
command: /bin/sh -c "while :; do sleep 24h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'"
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.25'
|
|
memory: 128M
|
|
reservations:
|
|
memory: 64M
|
|
networks:
|
|
- proxy_network
|
|
- gitea_network
|
|
- cloud_network
|
|
- matrix_network
|
|
|
|
crowdsec:
|
|
image: crowdsecurity/crowdsec:latest
|
|
container_name: crowdsec
|
|
restart: always
|
|
environment:
|
|
# Какие коллекции правил установить сразу
|
|
COLLECTIONS: "crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors"
|
|
# Чтобы не захламлять вывод, можно включить только ошибки
|
|
# LEVEL_TRACE: "false"
|
|
volumes:
|
|
# Читаем логи Nginx
|
|
- ./nginx/logs:/var/log/nginx:ro
|
|
# Конфигурация и база данных
|
|
- ./crowdsec/config:/etc/crowdsec
|
|
- ./crowdsec/data:/var/lib/crowdsec/data
|
|
ports:
|
|
- 8081:8080
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.5'
|
|
memory: 256M
|
|
|
|
dashboard:
|
|
image: crowdsecurity/dashboard
|
|
container_name: crowdsec-dashboard
|
|
restart: always
|
|
environment:
|
|
- MB_DB_FILE=/data/metabase.db
|
|
volumes:
|
|
- ./crowdsec/data:/data
|
|
ports:
|
|
- 3001:3000
|
|
|
|
certbot:
|
|
image: certbot/certbot
|
|
container_name: certbot
|
|
volumes:
|
|
- ./ssl/conf:/etc/letsencrypt
|
|
- ./ssl/www:/var/www/certbot
|
|
# Проверяет сертификаты дважды в сутки. Если осталось менее 30 дней - обновляем
|
|
entrypoint: "/bin/sh -c 'trap exit TERM; while :; sleep 30s & wait $${!}; do certbot renew; sleep 12h & wait $${!}; done;'"
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.25'
|
|
memory: 128M
|
|
reservations:
|
|
memory: 64M
|
|
networks:
|
|
- proxy_network
|
|
|
|
ddns:
|
|
build: ./ddns
|
|
container_name: ddns
|
|
restart: always
|
|
command: ["${REGRU_LOGIN:?}", "${REGRU_PASSWORD:?}"]
|
|
volumes:
|
|
- ./ddns/domains.txt:/app/domains.txt
|
|
environment:
|
|
- TZ=Europe/Samara
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.25'
|
|
memory: 128M
|
|
reservations:
|
|
memory: 64M
|
|
networks:
|
|
- proxy_network
|
|
|
|
networks:
|
|
proxy_network:
|
|
name: proxy_network
|
|
driver: bridge
|
|
gitea_network:
|
|
external: true
|
|
name: gitea_network
|
|
cloud_network:
|
|
external: true
|
|
name: cloud_network
|
|
matrix_network:
|
|
external: true
|
|
name: matrix_network
|