Enter file contents here## .env file for docker-compose deployments of open-appsec integrated with Envoy ## for more info see https://docs.openappsec.io APPSEC_VERSION=latest APPSEC_CONFIG=./appsec-config APPSEC_DATA=./appsec-data APPSEC_LOGS=./appsec-logs APPSEC_LOCALCONFIG=./appsec-localconfig ## Make sure the parameter APPSEC_AUTO_POLICY_LOAD is set to false when centrally managing ## open-appsec configuration via open-appsec Web UI. ## You can optionally set it to true when using local, declarative management for open-appsec, ## declarative configuration will then get applied automatically when changed. APPSEC_AUTO_POLICY_LOAD=false ## Example for configuring HTTPS Proxy: ## APPSEC_HTTPS_PROXY=user:password@proxy_address:port APPSEC_HTTPS_PROXY= APPSEC_SMART_SYNC_STORAGE=./appsec-smartsync-storage APPSEC_USER_EMAIL=user@email.com APPSEC_DB_PASSWORD=pass APPSEC_DB_USER=postgres APPSEC_DB_HOST=appsec-db APPSEC_POSTGRES_STORAGE=./appsec-postgres-data ## Make sure to have a valid envoy.yaml Envoy configuration file present in the path below. ## For deployment of a simple lab testing environment, you can deploy the example configuration provided ## for the vulnerable juice-shop container, see instructions further below. ENVOY_CONFIG=./envoy-config/envoy.yaml ## The following two parameters are only relevant if you made a custom configuration for ## the amount of Envoy worker threads using the optional ENVOY_CONCURRENCY parameter (see also explanation in docker-compose.yaml), ## these are then required to make sure that the open-appsec attachment will create the right amount of transaction handlers. ## In this case you must set ENVOY_CONCURRENCY_CALC to "custom" and provide the specified amount of Envoy worker ## threads via "ENVOY_CONCURRENCY_NUMBER". ## Possible values for ENVOY_CONCURRENCY_CALC: "numOfCores" (default), "custom" (allows to set the configured Envoy worker ## thread amount using the ENVOY_CONCURRENCY_NUMBER parameter) ENVOY_CONCURRENCY_CALC=numOfCores ENVOY_CONCURRENCY_NUMBER="" ## To connect your deployment to central open-appsec WebUI provide the token for a profile ## which you created in open-appsec WebUI at https://my.openappsec.io ## Example: APPSEC_AGENT_TOKEN=111-22222-111 APPSEC_AGENT_TOKEN= ## Important: When not providing token for connection to central WebUI: ## Make sure to add the value "standalone" to the COMPOSE_PROFILES value, this will enable ## sharing of learning between processes and allow you to perform tuning locally on CLI COMPOSE_PROFILES= ## JUICE SHOP DEMO CONTAINER: ## In order to deploy the optional, additional, vulnerable juiceshop container (for demo and testing purposes only!): ## Add the value "juiceshop" to the COMPOSE_PROFILES value above. ## Make sure to also adjust the envoy.yaml file in ENVOY_CONFIG path ## to add a routing configuration for forwarding external traffic on e.g. port 80 to the juiceshop-backend container ## you can use the example file available here: ## https://raw.githubusercontent.com/openappsec/openappsec/main/examples/juiceshop/envoy/envoy.yaml ## place the file above in ENVOY_CONFIG path ## note that juiceshop container listens on HTTP port 3000 by default ## Note that COMPOSE_PROFILES can also receive multiple values, e.g. as shown here: ## COMPOSE_PROFILES=standalone,juiceshop