Create docker-compose.yml

system-security/soar/shuffle/docker-compose.yml

@@ -0,0 +1,145 @@
+version: '3'
+
+networks:
+ shuffle:
+ driver: bridge
+
+services:
+ frontend:
+ image: ghcr.io/shuffle/shuffle-frontend:latest
+ container_name: shuffle-frontend
+ hostname: shuffle-frontend
+ ports:
+ - "${FRONTEND_PORT}:80"
+ - "${FRONTEND_PORT_HTTPS}:443"
+ networks:
+ - shuffle
+ environment:
+ - BACKEND_HOSTNAME=${BACKEND_HOSTNAME}
+ restart: unless-stopped
+ depends_on:
+ - backend
+
+ backend:
+ image: ghcr.io/shuffle/shuffle-backend:latest
+ container_name: shuffle-backend
+ hostname: ${BACKEND_HOSTNAME}
+ # Here for debugging:
+ ports:
+ - "${BACKEND_PORT}:5001"
+ networks:
+ - shuffle
+ volumes:
+ - /etc/localtime:/etc/localtime:ro
+ - $XDG_RUNTIME_DIR/podman/podman.sock:/var/run/docker.sock:ro
+ - ${SHUFFLE_APP_HOTLOAD_LOCATION}:/shuffle-apps:z
+ - ${SHUFFLE_FILE_LOCATION}:/shuffle-files:z
+ env_file: .env
+ environment:
+ #- DOCKER_HOST=tcp://docker-socket-proxy:2375
+ - SHUFFLE_APP_HOTLOAD_FOLDER=/shuffle-apps
+ - SHUFFLE_FILE_LOCATION=/shuffle-files
+ restart: unless-stopped
+
+ orborus:
+ image: ghcr.io/shuffle/shuffle-orborus:latest
+ container_name: shuffle-orborus
+ hostname: shuffle-orborus
+ networks:
+ - shuffle
+ volumes:
+ - /etc/localtime:/etc/localtime:ro
+ - $XDG_RUNTIME_DIR/podman/podman.sock:/var/run/docker.sock:ro
+ environment:
+ - SHUFFLE_APP_SDK_TIMEOUT=300 # New SDK default timeout
+ #- DOCKER_HOST=tcp://docker-socket-proxy:2375
+ - ENVIRONMENT_NAME=${ENVIRONMENT_NAME}
+ - BASE_URL=http://${OUTER_HOSTNAME}:5001
+ - DOCKER_API_VERSION=1.40
+ - SHUFFLE_BASE_IMAGE_NAME=${SHUFFLE_BASE_IMAGE_NAME}
+ - SHUFFLE_BASE_IMAGE_REGISTRY=${SHUFFLE_BASE_IMAGE_REGISTRY}
+ - SHUFFLE_BASE_IMAGE_TAG_SUFFIX=${SHUFFLE_BASE_IMAGE_TAG_SUFFIX}
+ - HTTP_PROXY=${HTTP_PROXY}
+ - HTTPS_PROXY=${HTTPS_PROXY}
+ - SHUFFLE_PASS_WORKER_PROXY=${SHUFFLE_PASS_WORKER_PROXY}
+ - SHUFFLE_PASS_APP_PROXY=${SHUFFLE_PASS_APP_PROXY}
+ restart: unless-stopped
+ security_opt:
+ - seccomp:unconfined
+
+ opensearch:
+ image: opensearchproject/opensearch:2.11.0
+ hostname: shuffle-opensearch
+ container_name: shuffle-opensearch
+ environment:
+ - "OPENSEARCH_JAVA_OPTS=-Xms2048m -Xmx2048m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
+ - bootstrap.memory_lock=true
+ - DISABLE_PERFORMANCE_ANALYZER_AGENT_CLI=true
+ - cluster.initial_master_nodes=shuffle-opensearch
+ - cluster.routing.allocation.disk.threshold_enabled=false
+ - cluster.name=shuffle-cluster
+ - node.name=shuffle-opensearch
+ - node.store.allow_mmap=false
+ - discovery.seed_hosts=shuffle-opensearch
+ ulimits:
+ memlock:
+ soft: -1
+ hard: -1
+ nofile:
+ soft: 65536 
+ hard: 65536
+ volumes:
+ - /etc/localtime:/etc/localtime:ro
+ - ${DB_LOCATION}:/usr/share/opensearch/data:z
+ ports:
+ - 9200:9200
+ networks:
+ - shuffle
+ restart: unless-stopped
+
+ #memcached:
+ # image: memcached:latest
+ # container_name: shuffle-cache
+ # hostname: shuffle-cache
+ # mem_limit: 1024m
+ # environment:
+ # - MEMCACHED_MEMORY=1024
+ # - MEMCACHED_MAX_CONNECTIONS=2500
+ # ports:
+ # - 11211:11211
+
+ #docker-socket-proxy:
+ # image: tecnativa/docker-socket-proxy
+ # container_name: docker-socket-proxy 
+ # hostname: docker-socket-proxy
+ # privileged: true
+ # environment:
+ # - SERVICES=1
+ # - TASKS=1
+ # - NETWORKS=1
+ # - NODES=1
+ # - BUILD=1
+ # - IMAGES=1
+ # - GRPC=1
+ # - CONTAINERS=1
+ # - PLUGINS=1
+ # - SYSTEM=1
+ # - VOLUMES=1
+ # - INFO=1
+ # - DISTRIBUTION=1
+ # - POST=1
+ # - AUTH=1
+ # - SECRETS=1
+ # - SWARM=1
+ # volumes:
+ # - /var/run/docker.sock:/var/run/docker.sock
+ # networks:
+ # - shuffle
+ #
+
+ # uncomment to set MTU for swarm mode.
+ # MTU should be whatever is your host's preferred MTU is.
+ # Refer to this doc to figure out what your host's MTU is:
+ # https://shuffler.io/docs/troubleshooting#TLS_timeout_error/Timeout_Errors/EOF_Errors 
+ # driver_opts:
+ # com.docker.network.driver.mtu: 1460