docker-compose-deploy.yml

version: '3.7'

services:
    app:
        volumes:
            - static_data:/vol/web
            - app_logs:/var/log/django
        environment:
            # could also add database config here and remove it from settings.py
            - DEBUG=0
            - SECRET_KEY=${SECRET_KEY:-qwerty}
            - MY_HOST=${MY_HOST:-localhost}
            - ALLOWED_HOSTS=${MY_HOST:-localhost,127.0.0.1}
            - SMTP_HOST=${SMTP_HOST}
            - SMTP_PORT=${SMTP_PORT}
            - FROM_EMAIL=${FROM_EMAIL:-webmaster@localhost}
            - SATNOGS_TOKEN=${SATNOGS_TOKEN}
            - CROWDSEC_LAPI
            - CROWDSEC_URL
        restart: always
        logging:
            driver: "json-file"
            options:
                max-file: "5"   # file count
                max-size: "10m" # file size


    proxy:
        build:
            context: ./proxy
        volumes:
            - static_data:/vol:ro
            - certificates:/certs:ro
            - logs:/var/log/nginx
        ports:
            - "80:8080"
            - "443:8443"
        environment:
            - MY_HOST=${MY_HOST:-localhost}
        depends_on:
            - app
            - pgadmin
            - grafana
            - influxdb
        restart: always
        logging:
            driver: "json-file"
            options:
                max-file: "5"   # file count
                max-size: "10m" # file size

    pgadmin:
        container_name: pgadmin4_container
        image: dpage/pgadmin4:8.9
        restart: always
        environment:
            - PGADMIN_DEFAULT_EMAIL=${PGADMIN_DEFAULT_EMAIL:-admin@admin.com}
            - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_DEFAULT_PASSWORD:-admin}
        depends_on:
            - "db"
        volumes:
            - pgadmin_persistent:/var/lib/pgadmin
        logging:
            driver: "json-file"
            options:
                max-file: "5"   # file count
                max-size: "10m" # file size


    crowdsec:
        image: crowdsecurity/crowdsec:v1.6.0-1
        restart: always
        ports:
            - "8080:8080"
        environment:
            #this is the list of collections we want to install
            #https://hub.crowdsec.net/author/crowdsecurity/collections/nginx
            COLLECTIONS: "crowdsecurity/nginx crowdsecurity/base-http-scenarios crowdsecurity/http-cve crowdsecurity/whitelist-good-actors"
            GID: "${GID-1000}"
            SMTP_HOST: "${SMTP_HOST}"
            SMTP_PORT: "${SMTP_PORT}"
            FROM_EMAIL: "${FROM_EMAIL}"
            ADMIN_EMAIL: "${ADMIN_EMAIL}"
            CUSTOM_HOSTNAME: "${MY_HOST}"
        depends_on:
            - 'proxy'
        volumes:
            - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
            - ./crowdsec/email.yaml:/etc/crowdsec/notifications/email.yaml
            - ./crowdsec/profiles.yaml:/etc/crowdsec/profiles.yaml
            - logs:/var/log/nginx/:ro
            - crowdsec_db:/var/lib/crowdsec/data/
            - crowdsec_config:/etc/crowdsec/

    #metabase, because security is cool, but dashboards are cooler
    # crowdsec_dashboard:
    #     #we're using a custom Dockerfile so that metabase pops with pre-configured dashboards
    #     build: ./crowdsec/dashboard
    #     restart: always
    #     ports:
    #         - 3100:3000
    #     environment:
    #         MB_DB_FILE: /data/metabase.db
    #         MGID: "${GID-1000}"
    #     depends_on:
    #         - 'crowdsec'
    #     volumes:
    #         - crowdsec_db:/metabase-data/

volumes:
    logs:
    app_logs:
    static_data:
    certificates:
    pgadmin_persistent:
    crowdsec_db:
    crowdsec_config: