mirror of
https://github.com/openappsec/openappsec.git
synced 2025-06-28 16:41:02 +03:00
77 lines
3.5 KiB
Bash
77 lines
3.5 KiB
Bash
## .env file for docker-compose deployments of open-appsec integrated with SWAG
|
|
## for more info see https://docs.openappsec.io
|
|
|
|
APPSEC_VERSION=latest
|
|
APPSEC_CONFIG=./appsec-config
|
|
APPSEC_DATA=./appsec-data
|
|
APPSEC_LOGS=./appsec-logs
|
|
APPSEC_LOCALCONFIG=./appsec-localconfig
|
|
|
|
## Make sure the parameter APPSEC_AUTO_POLICY_LOAD is set to false when centrally managing
|
|
## open-appsec configuration via open-appsec Web UI.
|
|
## You can optionally set it to true when using local, declarative management for open-appsec,
|
|
## declarative configuration will then get applied automatically when changed.
|
|
APPSEC_AUTO_POLICY_LOAD=false
|
|
|
|
## Example for configuring HTTPS Proxy:
|
|
## APPSEC_HTTPS_PROXY=user:password@proxy_address:port
|
|
APPSEC_HTTPS_PROXY=
|
|
|
|
APPSEC_SMART_SYNC_STORAGE=./appsec-smartsync-storage
|
|
APPSEC_USER_EMAIL=user@email.com
|
|
APPSEC_DB_PASSWORD=pass
|
|
APPSEC_DB_USER=postgres
|
|
APPSEC_DB_HOST=appsec-db
|
|
APPSEC_POSTGRES_STORAGE=./appsec-postgres-data
|
|
|
|
## Most relevant SWAG parameters have been moved here as well allowing configuration via .env file
|
|
SWAG_CONFIG=./swag-config
|
|
## Make sure to have a valid nginx config default.conf in SWAG_NGINX_SITE_CONFS folder
|
|
SWAG_NGINX_SITE_CONFS=./swag-nginx-site-confs
|
|
## Make sure to have valid *.conf proxy configuration in SWAG_NGINX_PROXY_CONFS folder
|
|
SWAG_PROXY_CONFS=./swag-proxy-confs
|
|
## For deployment of a simple lab testing environment, you can deploy the example configuration provided
|
|
## for the vulnerable juice-shop container, see instructions further below.
|
|
|
|
SWAG_TZ=Etc/UTC
|
|
SWAG_VALIDATION=http # configure "http" or "dns" as validation modes
|
|
SWAG_DNSPLUGIN="" # configure e.g. "route53" or some other DNS Plugin supported by SWAG if you set "dns" above
|
|
|
|
## Examples parameters for "route53" DNS plugin (AWS DNS service), you can add others here as required,
|
|
## when you do make sure to also add them to the docker compose file
|
|
SWAG_AWS_ACCESS_KEY_ID=""
|
|
SWAG_AWS_SECRET_ACCESS_KEY=""
|
|
##
|
|
|
|
SWAG_STAGING=true ## switch to 'false' after successful testing
|
|
SWAG_URL=yourdomain.url
|
|
SWAG_SUBDOMAINS=""
|
|
SWAG_ONLY_SUBDOMAINS=""
|
|
## replace yourdomain.url with your own domain
|
|
## make sure your domain's public IP resolves to
|
|
## the docker host for Let's Encrypt cert generation to succeed
|
|
|
|
## To connect your deployment to central open-appsec WebUI provide the token for a profile
|
|
## which you created in open-appsec WebUI at https://my.openappsec.io
|
|
## Example: APPSEC_AGENT_TOKEN=111-22222-111
|
|
APPSEC_AGENT_TOKEN=
|
|
|
|
## Important: When not providing token for connection to central WebUI:
|
|
## Make sure to add the value "standalone" to the COMPOSE_PROFILES value, this will enable
|
|
## sharing of learning between processes and allow you to perform tuning locally on CLI
|
|
COMPOSE_PROFILES=
|
|
|
|
## JUICE SHOP DEMO CONTAINER:
|
|
## In order to deploy the optional, additional, vulnerable juiceshop container (for demo and testing purposes only!):
|
|
## Add the value "juiceshop" to the COMPOSE_PROFILES value above.
|
|
|
|
## Make sure to put a juiceshop.subfolder.conf file in SWAG_PROXY_CONFS folder
|
|
## for proxying external traffic to the juiceshop-backend container and also adjust the NGINX default.conf file in SWAG_NGINX_SITE_CONFS folder
|
|
## you can use the example files available here:
|
|
## https://raw.githubusercontent.com/openappsec/openappsec/examples/juiceshop/swag/juiceshop.subfolder.conf
|
|
## https://raw.githubusercontent.com/openappsec/openappsec/examples/juiceshop/swag/default.conf
|
|
## note that juiceshop container listens on HTTP port 3000 by default
|
|
|
|
## Note that COMPOSE_PROFILES can also receive multiple values, e.g. as shown here:
|
|
## COMPOSE_PROFILES=standalone,juiceshop
|