## .env file for docker-compose deployments of open-appsec integrated with SWAG ## for more info see https://docs.openappsec.io APPSEC_VERSION=latest APPSEC_CONFIG=./appsec-config APPSEC_DATA=./appsec-data APPSEC_LOGS=./appsec-logs APPSEC_LOCALCONFIG=./appsec-localconfig ## Make sure the parameter APPSEC_AUTO_POLICY_LOAD is set to false when centrally managing ## open-appsec configuration via open-appsec Web UI. ## You can optionally set it to true when using local, declarative management for open-appsec, ## declarative configuration will then get applied automatically when changed. APPSEC_AUTO_POLICY_LOAD=false ## Example for configuring HTTPS Proxy: ## APPSEC_HTTPS_PROXY=user:password@proxy_address:port APPSEC_HTTPS_PROXY= APPSEC_SMART_SYNC_STORAGE=./appsec-smartsync-storage APPSEC_USER_EMAIL=user@email.com APPSEC_DB_PASSWORD=pass APPSEC_DB_USER=postgres APPSEC_DB_HOST=appsec-db APPSEC_POSTGRES_STORAGE=./appsec-postgres-data ## Most relevant SWAG parameters have been moved here as well allowing configuration via .env file SWAG_CONFIG=./swag-config ## Make sure to have a valid nginx config default.conf in SWAG_NGINX_SITE_CONFS folder SWAG_NGINX_SITE_CONFS=./swag-nginx-site-confs ## Make sure to have valid *.conf proxy configuration in SWAG_NGINX_PROXY_CONFS folder SWAG_PROXY_CONFS=./swag-proxy-confs ## For deployment of a simple lab testing environment, you can deploy the example configuration provided ## for the vulnerable juice-shop container, see instructions further below. SWAG_TZ=Etc/UTC SWAG_VALIDATION=http # configure "http" or "dns" as validation modes SWAG_DNSPLUGIN="" # configure e.g. "route53" or some other DNS Plugin supported by SWAG if you set "dns" above ## Examples parameters for "route53" DNS plugin (AWS DNS service), you can add others here as required, ## when you do make sure to also add them to the docker compose file SWAG_AWS_ACCESS_KEY_ID="" SWAG_AWS_SECRET_ACCESS_KEY="" ## SWAG_STAGING=true ## switch to 'false' after successful testing SWAG_URL=yourdomain.url SWAG_SUBDOMAINS="" SWAG_ONLY_SUBDOMAINS="" ## replace yourdomain.url with your own domain ## make sure your domain's public IP resolves to ## the docker host for Let's Encrypt cert generation to succeed ## To connect your deployment to central open-appsec WebUI provide the token for a profile ## which you created in open-appsec WebUI at https://my.openappsec.io ## Example: APPSEC_AGENT_TOKEN=111-22222-111 APPSEC_AGENT_TOKEN= ## Important: When not providing token for connection to central WebUI: ## Make sure to add the value "standalone" to the COMPOSE_PROFILES value, this will enable ## sharing of learning between processes and allow you to perform tuning locally on CLI COMPOSE_PROFILES= ## JUICE SHOP DEMO CONTAINER: ## In order to deploy the optional, additional, vulnerable juiceshop container (for demo and testing purposes only!): ## Add the value "juiceshop" to the COMPOSE_PROFILES value above. ## Make sure to put a juiceshop.subfolder.conf file in SWAG_PROXY_CONFS folder ## for proxying external traffic to the juiceshop-backend container and also adjust the NGINX default.conf file in SWAG_NGINX_SITE_CONFS folder ## you can use the example files available here: ## https://raw.githubusercontent.com/openappsec/openappsec/examples/juiceshop/swag/juiceshop.subfolder.conf ## https://raw.githubusercontent.com/openappsec/openappsec/examples/juiceshop/swag/default.conf ## note that juiceshop container listens on HTTP port 3000 by default ## Note that COMPOSE_PROFILES can also receive multiple values, e.g. as shown here: ## COMPOSE_PROFILES=standalone,juiceshop