new caddy
This commit is contained in:
traveler
parent
573a7d8f9e
commit
3b5fe16573
2 changed files with 70 additions and 12 deletions
40
swarm/stack/caddy/caddy-1.yaml
Normal file
40
swarm/stack/caddy/caddy-1.yaml
Normal file
|
|
@ -0,0 +1,40 @@
|
||||||
|
configs:
|
||||||
|
caddy-basic-content:
|
||||||
|
file: ./Caddyfile
|
||||||
|
labels:
|
||||||
|
caddy:
|
||||||
|
|
||||||
|
services:
|
||||||
|
caddy:
|
||||||
|
image: lucaslorentz/caddy-docker-proxy:ci-alpine
|
||||||
|
#image: ghcr.io/serfriz/caddy-crowdsec:latest
|
||||||
|
#image: caddy-crowdsec
|
||||||
|
#image: git.netgrimoire.com/traveler/caddy-crowdsec
|
||||||
|
ports:
|
||||||
|
- 8900:80
|
||||||
|
- 443:443
|
||||||
|
environment:
|
||||||
|
- CADDY_INGRESS_NETWORKS=netgrimoire
|
||||||
|
networks:
|
||||||
|
- netgrimoire
|
||||||
|
- vpn
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- /export/Docker/caddy/Caddyfile:/etc/caddy/Caddyfile
|
||||||
|
- /export/Docker/caddy:/data
|
||||||
|
#- /export/Docker/caddy/logs:/var/log/caddy # Mount logs for CrowdSec
|
||||||
|
|
||||||
|
deploy:
|
||||||
|
placement:
|
||||||
|
constraints:
|
||||||
|
- node.hostname == znas
|
||||||
|
|
||||||
|
# restart: unless-stopped
|
||||||
|
|
||||||
|
networks:
|
||||||
|
netgrimoire:
|
||||||
|
external: true
|
||||||
|
vpn:
|
||||||
|
external: true
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -6,35 +6,53 @@ configs:
|
||||||
|
|
||||||
services:
|
services:
|
||||||
caddy:
|
caddy:
|
||||||
image: lucaslorentz/caddy-docker-proxy:ci-alpine
|
image: ghcr.io/serfriz/caddy-crowdsec-geoip-ratelimit-security-dockerproxy:latest
|
||||||
#image: ghcr.io/serfriz/caddy-crowdsec:latest
|
|
||||||
#image: caddy-crowdsec
|
|
||||||
#image: git.netgrimoire.com/traveler/caddy-crowdsec
|
|
||||||
ports:
|
ports:
|
||||||
- 8900:80
|
- 8900:80
|
||||||
- 443:443
|
- 443:443
|
||||||
environment:
|
environment:
|
||||||
- CADDY_INGRESS_NETWORKS=netgrimoire
|
- CADDY_INGRESS_NETWORKS=netgrimoire
|
||||||
|
- CADDY_DOCKER_EVENT_THROTTLE_INTERVAL=2000 # Prevents non-deterministic reload with CrowdSec module
|
||||||
|
- CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
|
||||||
networks:
|
networks:
|
||||||
- netgrimoire
|
- netgrimoire
|
||||||
- vpn
|
- vpn
|
||||||
|
- crowdsec_net
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- /export/Docker/caddy/Caddyfile:/etc/caddy/Caddyfile
|
- /export/Docker/caddy/Caddyfile:/etc/caddy/Caddyfile
|
||||||
- /export/Docker/caddy:/data
|
- /export/Docker/caddy:/data
|
||||||
#- /export/Docker/caddy/logs:/var/log/caddy # Mount logs for CrowdSec
|
- caddy-logs:/var/log/caddy
|
||||||
|
|
||||||
deploy:
|
deploy:
|
||||||
placement:
|
placement:
|
||||||
constraints:
|
constraints:
|
||||||
- node.hostname == znas
|
- node.hostname == znas
|
||||||
|
|
||||||
# restart: unless-stopped
|
crowdsec:
|
||||||
|
image: crowdsecurity/crowdsec
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
COLLECTIONS: "crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors"
|
||||||
|
BOUNCER_KEY_CADDY: ${CROWDSEC_API_KEY} # Pre-registers the Caddy bouncer automatically
|
||||||
|
volumes:
|
||||||
|
- crowdsec-db:/var/lib/crowdsec/data
|
||||||
|
- ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
|
||||||
|
- caddy-logs:/var/log/caddy:ro
|
||||||
|
networks:
|
||||||
|
- crowdsec_net
|
||||||
|
deploy:
|
||||||
|
placement:
|
||||||
|
constraints:
|
||||||
|
- node.hostname == znas
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
caddy-logs:
|
||||||
|
crowdsec-db:
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
netgrimoire:
|
netgrimoire:
|
||||||
external: true
|
external: true
|
||||||
vpn:
|
vpn:
|
||||||
external: true
|
external: true
|
||||||
|
crowdsec_net:
|
||||||
|
driver: overlay # Swarm overlay network
|
||||||
Loading…
Add table
Add a link
Reference in a new issue