mirror of
https://github.com/ChristianLempa/boilerplates.git
synced 2025-02-24 14:30:48 +01:00
175 lines
6.4 KiB
YAML
175 lines
6.4 KiB
YAML
---
|
|
services:
|
|
wazuh.manager:
|
|
image: docker.io/wazuh/wazuh-manager:4.10.1
|
|
container_name: wazuh-prod-1-manager
|
|
hostname: wazuh.manager
|
|
ulimits:
|
|
memlock:
|
|
soft: -1
|
|
hard: -1
|
|
nofile:
|
|
soft: 655360
|
|
hard: 655360
|
|
ports:
|
|
- "1514:1514"
|
|
- "1515:1515"
|
|
- "514:514/udp"
|
|
- "55000:55000"
|
|
environment:
|
|
- INDEXER_URL=https://wazuh.indexer:9200
|
|
- INDEXER_USERNAME=${INDEXER_USERNAME:?error}
|
|
- INDEXER_PASSWORD=${INDEXER_PASSWORD:?error}
|
|
- FILEBEAT_SSL_VERIFICATION_MODE=full
|
|
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
|
|
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
|
|
- SSL_KEY=/etc/ssl/filebeat.key
|
|
- API_USERNAME=${API_USERNAME:?error}
|
|
- API_PASSWORD=${API_PASSWORD:?error}
|
|
volumes:
|
|
- wazuh_api_configuration:/var/ossec/api/configuration
|
|
- wazuh_etc:/var/ossec/etc
|
|
- wazuh_logs:/var/ossec/logs
|
|
- wazuh_queue:/var/ossec/queue
|
|
- wazuh_var_multigroups:/var/ossec/var/multigroups
|
|
- wazuh_integrations:/var/ossec/integrations
|
|
- wazuh_active_response:/var/ossec/active-response/bin
|
|
- wazuh_agentless:/var/ossec/agentless
|
|
- wazuh_wodles:/var/ossec/wodles
|
|
- filebeat_etc:/etc/filebeat
|
|
- filebeat_var:/var/lib/filebeat
|
|
- ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
|
|
- ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
|
|
- ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
|
|
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
|
|
# --> (Optional) For custom rules
|
|
# - ./config/rules/local_rules.xml:/var/ossec/etc/rules/local_rules.xml:ro
|
|
# <--
|
|
# --> (Optional) When using traefik
|
|
# networks:
|
|
# - frontend
|
|
# <--
|
|
# --> (Optional) When using a separate backend network
|
|
# - backend
|
|
# <--
|
|
restart: unless-stopped
|
|
|
|
wazuh.indexer:
|
|
image: docker.io/wazuh/wazuh-indexer:4.10.1
|
|
container_name: wazuh-prod-1-indexer
|
|
hostname: wazuh.indexer
|
|
ports:
|
|
- "9200:9200"
|
|
environment:
|
|
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
|
|
ulimits:
|
|
memlock:
|
|
soft: -1
|
|
hard: -1
|
|
nofile:
|
|
soft: 65536
|
|
hard: 65536
|
|
volumes:
|
|
- wazuh-indexer-data:/var/lib/wazuh-indexer
|
|
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
|
|
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
|
|
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
|
|
- ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
|
|
- ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
|
|
- ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
|
|
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
|
|
# --> (Optional) When using traefik
|
|
# networks:
|
|
# - frontend
|
|
# <--
|
|
# --> (Optional) When using a separate backend network
|
|
# - backend
|
|
# <--
|
|
restart: unless-stopped
|
|
|
|
wazuh.dashboard:
|
|
image: docker.io/wazuh/wazuh-dashboard:4.10.1
|
|
container_name: wazuh-prod-1-dashboard
|
|
hostname: wazuh.dashboard
|
|
# --> (Optional) Remove the port mapping when using traefik
|
|
ports:
|
|
- 4443:5601
|
|
# <--
|
|
environment:
|
|
- INDEXER_USERNAME=${INDEXER_USERNAME:?error}
|
|
- INDEXER_PASSWORD=${INDEXER_PASSWORD:?error}
|
|
- WAZUH_API_URL=https://wazuh.manager
|
|
- DASHBOARD_USERNAME=${DASHBOARD_USERNAME:?error}
|
|
- DASHBOARD_PASSWORD=${DASHBOARD_PASSWORD:?error}
|
|
- API_USERNAME=${API_USERNAME:?error}
|
|
- API_PASSWORD=${API_PASSWORD:?error}
|
|
volumes:
|
|
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
|
|
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
|
|
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
|
|
- ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
|
|
- ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
|
|
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
|
|
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
|
|
# --> (Optional) When using traefik
|
|
# labels:
|
|
# - traefik.enable=true
|
|
# - traefik.http.routers.wazuh-prod-1-https.entrypoints=websecure
|
|
# - traefik.http.routers.wazuh-prod-1-https.rule=Host(`wazuh-prod-1.srv-prod-1.home.clcreative.de`)
|
|
# - traefik.http.routers.wazuh-prod-1-https.tls=true
|
|
# - traefik.http.routers.wazuh-prod-1-https.tls.certresolver=cloudflare
|
|
# - traefik.http.services.wazuh-prod-1-service.loadbalancer.server.port=5601
|
|
# - traefik.http.services.wazuh-prod-1-service.loadbalancer.server.scheme=https
|
|
# networks:
|
|
# - frontend
|
|
# <--
|
|
# --> (Optional) When using a separate backend network
|
|
# - backend
|
|
# <--
|
|
depends_on:
|
|
- wazuh.indexer
|
|
restart: unless-stopped
|
|
|
|
# --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required
|
|
# postfix:
|
|
# image: docker.io/mwader/postfix-relay:1.1.39
|
|
# environment:
|
|
# - POSTFIX_myhostname=postfix
|
|
# volumes:
|
|
# - ./config/postfix-relay/main.cf:/etc/postfix/main.cf:ro
|
|
# - ./config/postfix-relay/sasl_passwd:/etc/postfix/sasl_passwd:rw # <-- (Optional) Remove when using inline credentials
|
|
# - postfix_data:/etc/postfix
|
|
# networks:
|
|
# - backend
|
|
# restart: unless-stopped
|
|
# <--
|
|
|
|
volumes:
|
|
wazuh_api_configuration:
|
|
wazuh_etc:
|
|
wazuh_logs:
|
|
wazuh_queue:
|
|
wazuh_var_multigroups:
|
|
wazuh_integrations:
|
|
wazuh_active_response:
|
|
wazuh_agentless:
|
|
wazuh_wodles:
|
|
filebeat_etc:
|
|
filebeat_var:
|
|
wazuh-indexer-data:
|
|
wazuh-dashboard-config:
|
|
wazuh-dashboard-custom:
|
|
# --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required
|
|
# postfix_data:
|
|
# <--
|
|
|
|
# --> (Optional) When using traefik
|
|
# networks:
|
|
# frontend:
|
|
# external: true
|
|
# <--
|
|
# --> (Optional) When using a separate backend network
|
|
# backend:
|
|
# external: true
|
|
# <--
|