63 lines
1.6 KiB
YAML
63 lines
1.6 KiB
YAML
services:
|
|
# ============================================
|
|
# ModSecurity WAF (Frente do NGINX)
|
|
# ============================================
|
|
modsecurity:
|
|
image: owasp/modsecurity-crs:nginx-alpine
|
|
container_name: modsecurity-waf
|
|
restart: always
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
environment:
|
|
- BACKEND=http://nginx-proxy:8080
|
|
- PARANOIA=1
|
|
- ANOMALY_INBOUND=5
|
|
- ANOMALY_OUTBOUND=4
|
|
volumes:
|
|
- ./ssl:/etc/nginx/ssl:ro
|
|
- modsec_logs:/var/log/modsecurity
|
|
depends_on:
|
|
- nginx-proxy
|
|
|
|
# ============================================
|
|
# NGINX Proxy (Backend do ModSecurity)
|
|
# ============================================
|
|
nginx-proxy:
|
|
build: .
|
|
container_name: nginx-proxy
|
|
restart: always
|
|
expose:
|
|
- "8080"
|
|
environment:
|
|
- HOST_PUBLIC_IP=${HOST_PUBLIC_IP}
|
|
volumes:
|
|
- ./conf.d:/etc/nginx/conf.d
|
|
- ./ssl:/etc/nginx/ssl
|
|
- ./snippets:/etc/nginx/snippets
|
|
- nginx_cache:/var/cache/nginx
|
|
- nginx_logs:/var/log/nginx
|
|
- ./certbot/conf:/etc/letsencrypt
|
|
- ./certbot/www:/var/www/certbot
|
|
|
|
# ============================================
|
|
# Fail2ban (Lê logs e bane IPs)
|
|
# ============================================
|
|
fail2ban:
|
|
image: crazymax/fail2ban:latest
|
|
container_name: fail2ban
|
|
restart: always
|
|
network_mode: host
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
volumes:
|
|
- ./fail2ban:/data
|
|
- nginx_logs:/var/log/nginx:ro
|
|
- modsec_logs:/var/log/modsecurity:ro
|
|
|
|
volumes:
|
|
nginx_cache:
|
|
nginx_logs:
|
|
modsec_logs:
|