-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdocker-compose.yml
147 lines (139 loc) · 4.02 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
version: '3.7'
services:
#正常的網頁後端Container(PHP)
app:
image: php:5-fpm
container_name: castle-app
restart: unless-stopped
environment:
TZ: Asia/Taipei
working_dir: /var/www/
pid: "host" #為了要讓Falco警告裡面的PID可以直接拿來檢查php-fpm的log,所以要讓他們在同一個PID namespace
volumes:
- ./:/var/www
# - ./docker-compose/php-fpm/www.conf:/usr/local/etc/php-fpm.d/www.conf
networks:
- castle-network
#正常的網頁後端Container(PHP)
app-lb:
image: php:5-fpm
container_name: castle-app-lb
restart: unless-stopped
environment:
TZ: Asia/Taipei
working_dir: /var/www/
# pid: "host" #為了要讓Falco警告裡面的PID可以直接拿來檢查php-fpm的log,所以要讓他們在同一個PID namespace
volumes:
- ./:/var/www
# - ./docker-compose/php-fpm/www.conf:/usr/local/etc/php-fpm.d/www.conf
networks:
- castle-network
#正常的網頁後端Container(PHP)
app-lb2:
image: php:5-fpm
container_name: castle-app-lb2
restart: unless-stopped
environment:
TZ: Asia/Taipei
working_dir: /var/www/
# pid: "host" #為了要讓Falco警告裡面的PID可以直接拿來檢查php-fpm的log,所以要讓他們在同一個PID namespace
volumes:
- ./:/var/www
# - ./docker-compose/php-fpm/www.conf:/usr/local/etc/php-fpm.d/www.conf
networks:
- castle-network
#假的網頁後端Container (Honeypot Container)
honeypot:
image: php:5-fpm
#container_name: castle-honeypot
restart: unless-stopped
environment:
TZ: Asia/Taipei
working_dir: /var/www/
hostname: "This_Is_Honeypot_Container ^o^"
volumes:
- ./public/:/var/www/public/:ro #因為他是Honeypot,所以只給他public裡面的檔案,其他的機密檔案就不掛載進去了
networks:
- castle-network
# 隔離區Container
isolation:
image: php:5-fpm
container_name: castle-isolate
restart: unless-stopped
environment:
TZ: Asia/Taipei
working_dir: /var/www/
hostname: "This_Is_Isolation_Container"
volumes:
- ./public/:/var/www/public/
networks:
- castle-network
# 隔離區Container
isolation2:
image: php:5-fpm
container_name: castle-isolate2
restart: unless-stopped
environment:
TZ: Asia/Taipei
working_dir: /var/www/
hostname: "This_Is_Isolation_Container_2"
volumes:
- ./public/:/var/www/public/
networks:
- castle-network
# 隔離區Container
isolation3:
image: php:5-fpm
container_name: castle-isolate3
restart: unless-stopped
environment:
TZ: Asia/Taipei
working_dir: /var/www/
hostname: "This_Is_Isolation_Container_3"
volumes:
- ./public/:/var/www/public/
networks:
- castle-network
# Nginx web server
nginx:
image: nginx:1.21.6-alpine
container_name: castle-nginx
restart: unless-stopped
ports:
- '8088:8080'
volumes:
- ./:/var/www:ro
- ./docker-compose/nginx/${ENV_TYPE:-develop}:/etc/nginx/conf.d:ro
- ./docker-compose/nginx/nginx_log:/var/log/nginx
environment:
- TZ=Asia/Taipei
networks:
- castle-network
depends_on:
- app
falco_python:
build:
context: ./docker-compose/falco_python
dockerfile: Dockerfile.falco_python
container_name: falco_python
restart: unless-stopped
environment:
TZ: Asia/Taipei
working_dir: /app/
volumes:
- ./docker-compose/falco_python:/app
- ./docker-compose/php-fpm:/php-fpm:ro #需要讀取php-fpm的設定檔
- ./docker-compose/nginx:/nginx #需要去修改Nginx的設定檔
- /var/run/docker.sock:/var/run/docker.sock #因為要在Container裡面使用Python的Docker套件,所以需要Docker Engine API掛載進去
networks:
- castle-network
ports:
- '8089:5000'
depends_on:
- nginx
- app
- honeypot
- isolation
networks:
castle-network:
driver: bridge