mirror of
https://github.com/openappsec/openappsec.git
synced 2025-06-28 16:41:02 +03:00
Delete deployment/docker-compose/envoy directory
This commit is contained in:
orianelou
GitHub
parent
7b3320ce10
commit
6fbe272378
@ -1,135 +0,0 @@
|
|||||||
# Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
|
|
||||||
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
##
|
|
||||||
## Docker compose file for open-appsec integrated with Envoy
|
|
||||||
##
|
|
||||||
|
|
||||||
version: "3.9"
|
|
||||||
services:
|
|
||||||
appsec-agent:
|
|
||||||
image: ghcr.io/openappsec/agent:${APPSEC_VERSION}
|
|
||||||
container_name: appsec-agent
|
|
||||||
environment:
|
|
||||||
- SHARED_STORAGE_HOST=appsec-shared-storage
|
|
||||||
- LEARNING_HOST=appsec-smartsync
|
|
||||||
- TUNING_HOST=appsec-tuning-svc
|
|
||||||
- https_proxy=${APPSEC_HTTPS_PROXY}
|
|
||||||
- user_email=${APPSEC_USER_EMAIL}
|
|
||||||
- AGENT_TOKEN=${APPSEC_AGENT_TOKEN}
|
|
||||||
- autoPolicyLoad=${APPSEC_AUTO_POLICY_LOAD}
|
|
||||||
- registered_server="Envoy Server"
|
|
||||||
ipc: shareable
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- ${APPSEC_CONFIG}:/etc/cp/conf
|
|
||||||
- ${APPSEC_DATA}:/etc/cp/data
|
|
||||||
- ${APPSEC_LOGS}:/var/log/nano_agent
|
|
||||||
- ${APPSEC_LOCALCONFIG}:/ext/appsec
|
|
||||||
command: /cp-nano-agent
|
|
||||||
|
|
||||||
appsec-envoy:
|
|
||||||
image: openappsec-envoy:${APPSEC_VERSION}
|
|
||||||
# for docs: image: ghcr.io/openappsec/envoy-attachment:${APPSEC_VERSION}
|
|
||||||
container_name: appsec-envoy
|
|
||||||
ipc: service:appsec-agent
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
- ENVOY_UID=0
|
|
||||||
- CONCURRENCY_CALC=${ENVOY_CONCURRENCY_CALC}
|
|
||||||
- CONCURRENCY_NUMBER=${ENVOY_CONCURRENCY_NUMBER}
|
|
||||||
volumes:
|
|
||||||
- ${ENVOY_CONFIG}:/envoy.yaml
|
|
||||||
command: -c /envoy.yaml
|
|
||||||
## adjustment of threads is possible as follows:
|
|
||||||
# command: -c /envoy.yaml --concurrency ${ENVOY_CONCURRENCY}
|
|
||||||
|
|
||||||
ports:
|
|
||||||
- "80:80"
|
|
||||||
- "443:443"
|
|
||||||
|
|
||||||
appsec-smartsync:
|
|
||||||
profiles:
|
|
||||||
- standalone
|
|
||||||
image: ghcr.io/openappsec/smartsync:${APPSEC_VERSION}
|
|
||||||
container_name: appsec-smartsync
|
|
||||||
environment:
|
|
||||||
- SHARED_STORAGE_HOST=appsec-shared-storage
|
|
||||||
restart: unless-stopped
|
|
||||||
depends_on:
|
|
||||||
- appsec-shared-storage
|
|
||||||
|
|
||||||
appsec-shared-storage:
|
|
||||||
profiles:
|
|
||||||
- standalone
|
|
||||||
image: ghcr.io/openappsec/smartsync-shared-files:${APPSEC_VERSION}
|
|
||||||
container_name: appsec-shared-storage
|
|
||||||
ipc: service:appsec-agent
|
|
||||||
restart: unless-stopped
|
|
||||||
## if you do not want to run this container as "root" user you can comment it out and instead run the below command after the deployment
|
|
||||||
## docker exec -u root appsec-shared-storage chown -R appuser:appuser /db
|
|
||||||
user: root
|
|
||||||
volumes:
|
|
||||||
- ${APPSEC_SMART_SYNC_STORAGE}:/db:z
|
|
||||||
## instead of using local storage for local learning (see line above)
|
|
||||||
## you can also configure central nfs storage by configuring nfs volume (uncomment the relevant section at end of this file)
|
|
||||||
## use a shared nfs storage which is recommended in redundant deployments (uncomment line below, comment out the line above)
|
|
||||||
# - learning_nfs:/db:z
|
|
||||||
|
|
||||||
appsec-tuning-svc:
|
|
||||||
profiles:
|
|
||||||
- standalone
|
|
||||||
image: ghcr.io/openappsec/smartsync-tuning:${APPSEC_VERSION}
|
|
||||||
container_name: appsec-tuning-svc
|
|
||||||
environment:
|
|
||||||
- SHARED_STORAGE_HOST=appsec-shared-storage
|
|
||||||
- QUERY_DB_PASSWORD=${APPSEC_DB_PASSWORD}
|
|
||||||
- QUERY_DB_HOST=${APPSEC_DB_HOST}
|
|
||||||
- QUERY_DB_USER=${APPSEC_DB_USER}
|
|
||||||
## only relevant when deploying own DB
|
|
||||||
# - SSLMODE:
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- ${APPSEC_CONFIG}:/etc/cp/conf
|
|
||||||
depends_on:
|
|
||||||
- appsec-shared-storage
|
|
||||||
- appsec-db
|
|
||||||
|
|
||||||
appsec-db:
|
|
||||||
profiles:
|
|
||||||
- standalone
|
|
||||||
image: postgres
|
|
||||||
container_name: appsec-db
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
- POSTGRES_PASSWORD=${APPSEC_DB_PASSWORD}
|
|
||||||
- POSTGRES_USER=${APPSEC_DB_USER}
|
|
||||||
volumes:
|
|
||||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql/data
|
|
||||||
|
|
||||||
## example juice-shop backend container (vulnerable webserver, USE ONLY FOR TESTING AND IN LAB ENV)
|
|
||||||
juiceshop-backend:
|
|
||||||
image: bkimminich/juice-shop:latest
|
|
||||||
container_name: juiceshop-backend
|
|
||||||
|
|
||||||
## advanced configuration: learning_nfs volume for nfs storage in shared_storage container
|
|
||||||
##
|
|
||||||
## when configuring nfs storage in shared_storage container configuration above, make sure to also specify learning_nfs volume (see example below for using AWS EFS storage)
|
|
||||||
##
|
|
||||||
#volumes:
|
|
||||||
# learning_nfs:
|
|
||||||
# driver: local
|
|
||||||
# driver_opts:
|
|
||||||
# type: nfs
|
|
||||||
# o: addr=fs-abcdef.efs.eu-west-1.amazonaws.com,rw,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport
|
|
||||||
# device: ":/"
|
|
||||||
@ -1,56 +0,0 @@
|
|||||||
static_resources:
|
|
||||||
listeners:
|
|
||||||
- name: listener_0
|
|
||||||
address:
|
|
||||||
socket_address:
|
|
||||||
address: 0.0.0.0
|
|
||||||
port_value: 80
|
|
||||||
filter_chains:
|
|
||||||
- filters:
|
|
||||||
- name: envoy.filters.network.http_connection_manager
|
|
||||||
typed_config:
|
|
||||||
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
|
|
||||||
stat_prefix: ingress_http
|
|
||||||
http_filters:
|
|
||||||
## The following 10 lines are required to load the envoy attachment filter for open-appsec
|
|
||||||
- name: envoy.filters.http.golang
|
|
||||||
typed_config:
|
|
||||||
"@type": type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.Config
|
|
||||||
library_id: cp_nano_filter
|
|
||||||
library_path: "/usr/lib/libenvoy_attachment.so"
|
|
||||||
plugin_name: cp_nano_filter
|
|
||||||
plugin_config:
|
|
||||||
"@type": type.googleapis.com/xds.type.v3.TypedStruct
|
|
||||||
value:
|
|
||||||
prefix_localreply_body: "Configured local reply from go"
|
|
||||||
- name: envoy.filters.http.router
|
|
||||||
typed_config:
|
|
||||||
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
|
|
||||||
|
|
||||||
##
|
|
||||||
## The following lines allow you to deploy routing of ingress traffic to the optional juice-shop example container available in the open-appsec docker-compose.yaml file.
|
|
||||||
##
|
|
||||||
route_config:
|
|
||||||
name: local_route
|
|
||||||
virtual_hosts:
|
|
||||||
- name: local_service
|
|
||||||
domains: ["*"]
|
|
||||||
routes:
|
|
||||||
- match:
|
|
||||||
prefix: "/"
|
|
||||||
route:
|
|
||||||
cluster: juiceshop
|
|
||||||
|
|
||||||
clusters:
|
|
||||||
- name: juiceshop
|
|
||||||
type: STRICT_DNS
|
|
||||||
lb_policy: ROUND_ROBIN
|
|
||||||
load_assignment:
|
|
||||||
cluster_name: juiceshop
|
|
||||||
endpoints:
|
|
||||||
- lb_endpoints:
|
|
||||||
- endpoint:
|
|
||||||
address:
|
|
||||||
socket_address:
|
|
||||||
address: juiceshop-backend
|
|
||||||
port_value: 3000
|
|
||||||
Loading…
x
Reference in New Issue
Block a user