forked from lawrencesystems/graylog
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
143 lines (133 loc) · 4 KB
/
docker-compose.yml
File metadata and controls
143 lines (133 loc) · 4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
version: '3'
# Set up an external network for Graylog
# https://www.reddit.com/r/docker/comments/fnt2k9/udp_packet_source_address_being_changed_to_bridge/
networks:
graynet:
driver: bridge
#driver_opts:
#com.docker.network.bridge.enable_ip_masquerade: "false"
secrets:
graylog_pw_sha2:
file: ./secrets/graylog/admin_sha2.txt
graylog_pepper:
file: ./secrets/graylog/pepper.txt
# This is how you persist data between container restarts
volumes:
mongo_data:
driver: local
log_data:
driver: local
graylog_data:
driver: local
services:
ubuntu:
image: nicolaka/netshoot
container_name: iptest
tty: true
networks:
- graynet
restart: always
# https://gist.github.com/ykarikos/06879cbb0d80828fe96445b504fa5b60
proxy:
image: nginx
container_name: proxy
restart: always
environment:
NGINX_HOST: ${EXT_URI}
ports:
- 80:80/tcp
- 443:443/tcp
volumes:
- "/var/www/html:/var/www/html"
- "./config/nginx:/etc/nginx/templates"
- "${PWD}/cert:/etc/nginx/cert"
- "/etc/letsencryt:/etc/letsencrypt"
networks:
- graynet
depends_on:
graylog:
condition: "service_started"
# Graylog stores configuration in MongoDB
mongo:
image: mongo:6.0.5-jammy
container_name: mongodb
volumes:
- "mongo_data:/data/db"
networks:
- graynet
restart: always
# The logs themselves are stored in Opensearch
opensearch:
image: opensearchproject/opensearch:2
container_name: opensearch
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- "bootstrap.memory_lock=true"
- "discovery.type=single-node"
- "action.auto_create_index=false"
- "plugins.security.ssl.http.enabled=false"
- "plugins.security.disabled=true"
volumes:
- "log_data:/usr/share/opensearch/data"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
ports:
- 9200:9200/tcp
networks:
- graynet
restart: always
graylog:
image: graylog/graylog:5.1
container_name: graylog
environment:
GRAYLOG_PASSWORD_SECRET__FILE: /run/secrets/graylog_pepper
GRAYLOG_ROOT_PASSWORD_SHA2__FILE: /run/secrets/graylog_pw_sha2
GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
GRAYLOG_HTTP_EXTERNAL_URI: "https://${EXT_URI}:9443/"
GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
GRAYLOG_TIMEZONE: "${TIMEZONE}"
TZ: "${TIMEZONE}"
GRAYLOG_TRANSPORT_EMAIL_PROTOCOL: "smtp"
GRAYLOG_TRANSPORT_EMAIL_WEB_INTERFACE_URL: "http://192.168.3.233:9000/"
GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: "outbound.mailhop.org"
GRAYLOG_TRANSPORT_EMAIL_ENABLED: "true"
GRAYLOG_TRANSPORT_EMAIL_PORT: "587"
GRAYLOG_TRANSPORT_EMAIL_USE_AUTH: "true"
GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME: "xxxxx"
GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD: "xxxxx"
GRAYLOG_TRANSPORT_EMAIL_USE_TLS: "true"
GRAYLOG_TRANSPORT_EMAIL_USE_SSL: "false"
GRAYLOG_TRANSPORT_FROM_EMAIL: "graylog@example.com"
GRAYLOG_TRANSPORT_SUBJECT_PREFIX: "[graylog]"
entrypoint: /usr/bin/tini -- wait-for-it opensearch:9200 -- /docker-entrypoint.sh
secrets:
- graylog_pw_sha2
- graylog_pepper
volumes:
- "${PWD}/config/graylog/graylog.conf:/usr/share/graylog/config/graylog.conf"
- "graylog_data:/usr/share/graylog/data"
networks:
- graynet
restart: always
depends_on:
opensearch:
condition: "service_started"
mongo:
condition: "service_started"
ports:
- 9000:9000/tcp # Graylog web interface and REST API
- 1514:1514/tcp # Syslog
- 1514:1514/udp # Syslog
- 1515:1515/udp # pfSense
- 1516:1516/udp # Avaya ERS Switch
- 1517:1517/udp # Avaya IPO
- 1518:1518/udp # QNAPs
- 1519:1519/udp # other devices?
- 12201:12201/tcp # GELF
- 12201:12201/udp # GELF