mirror of
https://github.com/openappsec/openappsec.git
synced 2025-09-30 03:34:26 +03:00
Delete deployment directory
This commit is contained in:
orianelou
GitHub
@@ -1,54 +0,0 @@
|
||||
## .env file for docker-compose deployments of open-appsec integrated with NGINX
|
||||
## for more info see https://docs.openappsec.io
|
||||
|
||||
APPSEC_VERSION=latest
|
||||
APPSEC_CONFIG=./appsec-config
|
||||
APPSEC_DATA=./appsec-data
|
||||
APPSEC_LOGS=./appsec-logs
|
||||
APPSEC_LOCALCONFIG=./appsec-localconfig
|
||||
|
||||
## Make sure the parameter APPSEC_AUTO_POLICY_LOAD is set to false when centrally managing
|
||||
## open-appsec configuration via open-appsec Web UI.
|
||||
## You can optionally set it to true when using local, declarative management for open-appsec,
|
||||
## declarative configuration will then get applied automatically when changed.
|
||||
APPSEC_AUTO_POLICY_LOAD=false
|
||||
|
||||
## Example for configuring HTTPS Proxy:
|
||||
## APPSEC_HTTPS_PROXY=user:password@proxy_address:port
|
||||
APPSEC_HTTPS_PROXY=
|
||||
|
||||
APPSEC_SMART_SYNC_STORAGE=./appsec-smartsync-storage
|
||||
APPSEC_USER_EMAIL=user@email.com
|
||||
APPSEC_DB_PASSWORD=pass
|
||||
APPSEC_DB_USER=postgres
|
||||
APPSEC_DB_HOST=appsec-db
|
||||
APPSEC_POSTGRES_STORAGE=./appsec-postgres-data
|
||||
|
||||
## Make sure to have a valid NGINX configuration file default.conf in the folder specified for NGINX_CONFIG.
|
||||
## For deployment of a simple lab testing environment, you can deploy the example configuration provided
|
||||
## for the vulnerable juice-shop container, see instructions further below.
|
||||
NGINX_CONFIG=./nginx-config
|
||||
|
||||
## To connect your deployment to central open-appsec WebUI provide the token for a profile
|
||||
## which you created in open-appsec WebUI at https://my.openappsec.io
|
||||
## Example: APPSEC_AGENT_TOKEN=111-22222-111
|
||||
APPSEC_AGENT_TOKEN=
|
||||
|
||||
## Important: When not providing token for connection to central WebUI:
|
||||
## Make sure to add the value "standalone" to the COMPOSE_PROFILES value, this will enable
|
||||
## sharing of learning between processes and allow you to perform tuning locally on CLI
|
||||
COMPOSE_PROFILES=
|
||||
|
||||
## JUICE SHOP DEMO CONTAINER:
|
||||
## In order to deploy the optional, additional, vulnerable juiceshop container (for demo and testing purposes only!):
|
||||
## Add the value "juiceshop" to the COMPOSE_PROFILES value above.
|
||||
|
||||
## Make sure to also adjust the nginx.conf file in NGINX_CONFIG folder
|
||||
## to include a proxy_pass directive forwarding external traffic on e.g. port 80 to the juiceshop-backend container
|
||||
## you can use the example file available here:
|
||||
## https://raw.githubusercontent.com/openappsec/openappsec/examples/juiceshop/nginx/default.conf
|
||||
## place the file above in NGINX_CONFIG folder
|
||||
## note that juiceshop container listens on HTTP port 3000 by default
|
||||
|
||||
## Note that COMPOSE_PROFILES can also receive multiple values, e.g. as shown here:
|
||||
## COMPOSE_PROFILES=standalone,juiceshop
|
||||
@@ -1,136 +0,0 @@
|
||||
# Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
##
|
||||
## Docker compose file for open-appsec integrated with NGINX
|
||||
##
|
||||
|
||||
version: "3.9"
|
||||
services:
|
||||
appsec-agent:
|
||||
image: ghcr.io/openappsec/agent:${APPSEC_VERSION}
|
||||
container_name: appsec-agent
|
||||
environment:
|
||||
- SHARED_STORAGE_HOST=appsec-shared-storage
|
||||
- LEARNING_HOST=appsec-smartsync
|
||||
- TUNING_HOST=appsec-tuning-svc
|
||||
- https_proxy=${APPSEC_HTTPS_PROXY}
|
||||
- user_email=${APPSEC_USER_EMAIL}
|
||||
- AGENT_TOKEN=${APPSEC_AGENT_TOKEN}
|
||||
- autoPolicyLoad=${APPSEC_AUTO_POLICY_LOAD}
|
||||
- registered_server="NGINX Server"
|
||||
ipc: shareable
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${APPSEC_CONFIG}:/etc/cp/conf
|
||||
- ${APPSEC_DATA}:/etc/cp/data
|
||||
- ${APPSEC_LOGS}:/var/log/nano_agent
|
||||
- ${APPSEC_LOCALCONFIG}:/ext/appsec
|
||||
command: /cp-nano-agent
|
||||
|
||||
appsec-nginx:
|
||||
image: ghcr.io/openappsec/nginx-attachment:${APPSEC_VERSION}
|
||||
container_name: appsec-nginx
|
||||
ipc: service:appsec-agent
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${NGINX_CONFIG}:/etc/nginx/conf.d
|
||||
|
||||
## advanced configuration - volume mount for nginx.conf file:
|
||||
## To change global instructions it's possible to also mount your own nginx.conf file by uncommenting the line below
|
||||
## then specify a desired local folder for NGINX_CONF_FILE in the .env file.
|
||||
## In the nginx.conf file make sure to include the line starting with "load_module" which loads the appsec attachment
|
||||
## and is included in /etc/nginx/conf.d/nginx.conf file as part of the nginx-attachment container.
|
||||
# - ${NGINX_CONF_FILE}:/etc/nginx/nginx.conf
|
||||
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
|
||||
appsec-smartsync:
|
||||
profiles:
|
||||
- standalone
|
||||
image: ghcr.io/openappsec/smartsync:${APPSEC_VERSION}
|
||||
container_name: appsec-smartsync
|
||||
environment:
|
||||
- SHARED_STORAGE_HOST=appsec-shared-storage
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- appsec-shared-storage
|
||||
|
||||
appsec-shared-storage:
|
||||
profiles:
|
||||
- standalone
|
||||
image: ghcr.io/openappsec/smartsync-shared-files:${APPSEC_VERSION}
|
||||
container_name: appsec-shared-storage
|
||||
ipc: service:appsec-agent
|
||||
restart: unless-stopped
|
||||
## if you do not want to run this container as "root" user you can comment it out and instead run the below command after the deployment
|
||||
## docker exec -u root appsec-shared-storage chown -R appuser:appuser /db
|
||||
user: root
|
||||
volumes:
|
||||
- ${APPSEC_SMART_SYNC_STORAGE}:/db:z
|
||||
## instead of using local storage for local learning (see line above)
|
||||
## you can also configure central nfs storage by configuring nfs volume (uncomment the relevant section at end of this file)
|
||||
## use a shared nfs storage which is recommended in redundant deployments (uncomment line below, comment out the line above)
|
||||
# - learning_nfs:/db:z
|
||||
|
||||
appsec-tuning-svc:
|
||||
profiles:
|
||||
- standalone
|
||||
image: ghcr.io/openappsec/smartsync-tuning:${APPSEC_VERSION}
|
||||
container_name: appsec-tuning-svc
|
||||
environment:
|
||||
- SHARED_STORAGE_HOST=appsec-shared-storage
|
||||
- QUERY_DB_PASSWORD=${APPSEC_DB_PASSWORD}
|
||||
- QUERY_DB_HOST=${APPSEC_DB_HOST}
|
||||
- QUERY_DB_USER=${APPSEC_DB_USER}
|
||||
## only relevant when deploying own DB
|
||||
# - SSLMODE:
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${APPSEC_CONFIG}:/etc/cp/conf
|
||||
depends_on:
|
||||
- appsec-shared-storage
|
||||
- appsec-db
|
||||
|
||||
appsec-db:
|
||||
profiles:
|
||||
- standalone
|
||||
image: postgres
|
||||
container_name: appsec-db
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${APPSEC_DB_PASSWORD}
|
||||
- POSTGRES_USER=${APPSEC_DB_USER}
|
||||
volumes:
|
||||
- ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql/data
|
||||
|
||||
## example juice-shop backend container (vulnerable webserver, USE ONLY FOR TESTING AND IN LAB ENV)
|
||||
juiceshop-backend:
|
||||
image: bkimminich/juice-shop:latest
|
||||
container_name: juiceshop-backend
|
||||
profiles:
|
||||
- juiceshop
|
||||
|
||||
## advanced configuration: learning_nfs volume for nfs storage in shared_storage container
|
||||
##
|
||||
## when configuring nfs storage in shared_storage container configuration above, make sure to also specify learning_nfs volume (see example below for using AWS EFS storage)
|
||||
##
|
||||
#volumes:
|
||||
# learning_nfs:
|
||||
# driver: local
|
||||
# driver_opts:
|
||||
# type: nfs
|
||||
# o: addr=fs-abcdef.efs.eu-west-1.amazonaws.com,rw,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport
|
||||
# device: ":/"
|
||||
@@ -1,47 +0,0 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name _;
|
||||
|
||||
#access_log /var/log/nginx/host.access.log main;
|
||||
|
||||
location / {
|
||||
proxy_pass http://juiceshop-backend:3000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
#error_page 404 /404.html;
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# proxy_pass http://127.0.0.1;
|
||||
#}
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# root html;
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# fastcgi_index index.php;
|
||||
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
|
||||
# include fastcgi_params;
|
||||
#}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
#location ~ /\.ht {
|
||||
# deny all;
|
||||
#}
|
||||
}
|
||||
Reference in New Issue
Block a user