-
Notifications
You must be signed in to change notification settings - Fork 0
/
compose.yml
159 lines (155 loc) · 4.09 KB
/
compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
include:
- env_file:
- .env
networks:
internal:
volumes:
elastic-data: #for ES data persistency
evebox-data: #for EveBox data persistency
certgen-data: #for SSL cert persistency
services:
elasticsearch:
image: elasticsearch:8.15.1
restart: unless-stopped
env_file:
- elasticsearch/elasticsearch.env
environment:
- "ES_JAVA_OPTS=-Xms${ELASTIC_MEMORY:-4G} -Xmx${ELASTIC_MEMORY:-4G}"
volumes:
- ${ELASTIC_DATAPATH:-elastic-data}:/usr/share/elasticsearch/data
healthcheck:
test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
interval: 30s
timeout: 30s
retries: 3
#ports:
# - "9200:9200"
networks:
internal:
kibana:
image: kibana:8.15.1
restart: unless-stopped
env_file:
- kibana/kibana.env
healthcheck:
test: ["CMD-SHELL", "curl --silent --fail localhost:5601/api/status || exit 1"]
interval: 30s
timeout: 30s
retries: 3
depends_on:
elasticsearch:
condition: service_healthy
#ports:
# - "5601:5601"
networks:
internal:
arkime:
build:
context: arkime
dockerfile: Dockerfile-arkime
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "[ $(curl --silent localhost:8005) = 'Unauthorized' ] || exit 1"]
start_period: 120s
interval: 60s
timeout: 30s
retries: 3
depends_on:
elasticsearch:
condition: service_healthy
environment:
- FLAG_REGEX=${FLAG_REGEX}
#ports:
# - "8005:8005"
volumes:
- ${TRAFFIC_DIR_HOST}/arkime:/data
- ${TRAFFIC_DIR_HOST}/suricata_logs:/eve:ro
networks:
internal:
suricata:
build:
context: suricata
dockerfile: Dockerfile-suricata
restart: unless-stopped
volumes:
- ${TRAFFIC_DIR_HOST}/suricata:/data
- ${TRAFFIC_DIR_HOST}/suricata_logs:/eve
cap_add:
- SYS_NICE
pcapmover:
build:
context: pcapmover
dockerfile: Dockerfile-pcapmover
restart: unless-stopped
environment:
- TRAFFIC_DIR_DOCKER=false
- ELASTIC_HOST=http://elasticsearch:9200
- FLAG_REGEX=${FLAG_REGEX}
depends_on:
elasticsearch:
condition: service_healthy
networks:
internal:
volumes:
- ${TRAFFIC_DIR_HOST}:/data # all data
evebox:
image: jasonish/evebox
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "curl --silent --fail localhost:5636 || exit 1"]
start_period: 120s
interval: 60s
timeout: 30s
retries: 3
depends_on:
elasticsearch:
condition: service_healthy
environment:
- EVEBOX_HTTP_TLS_ENABLED=false
- EVEBOX_AUTHENTICATION_REQUIRED=false
command: ["--elasticsearch", "http://elasticsearch:9200", "--input", "/eve/eve.json", "--data-directory", "/state"]
#ports:
# - "5636:5636"
volumes:
- ${TRAFFIC_DIR_HOST}/suricata_logs:/eve:ro
- ${EVEBOX_DATAPATH:-evebox-data}:/state
networks:
internal:
certgen:
image: alpine/openssl
entrypoint: ["/bin/sh"]
command: ["-c", "cd /ssl; [ -f /ssl/ssl.pem ] && echo Cert already generated || (echo Generating new cert; openssl req -newkey rsa:2048 -nodes -x509 -days 3650 -keyout ssl.key -out ssl.crt -subj '/CN=Deathbaron' && cat ssl.crt ssl.key >> ssl.pem)"]
volumes:
- certgen-data:/ssl
haproxy:
image: haproxy
restart: unless-stopped
depends_on:
evebox:
condition: service_started
kibana:
condition: service_started
arkime:
condition: service_started
certgen:
condition: service_completed_successfully
ports:
- "80:80"
- "443:443"
volumes:
- ./haproxy:/usr/local/etc/haproxy:ro
- certgen-data:/ssl
networks:
internal:
vmtouch:
build:
context: vmtouch
dockerfile: Dockerfile-vmtouch
environment:
- MAX_SIZE=${VMTOUCH_MEMORY}
- SLEEP_SECONDS=300
networks: []
volumes:
- ${TRAFFIC_DIR_HOST}/arkime:/data
cap_add:
- CAP_IPC_LOCK