-
Notifications
You must be signed in to change notification settings - Fork 1
/
docker-compose.yml
116 lines (106 loc) · 3.1 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
version: '3'
networks:
graylog:
driver: bridge
volumes:
mongo_data:
driver: local
es_data:
driver: local
graylog_data:
driver: local
secrets:
traefik.certificate:
file: ./secrets/traefik/graylog.lab.lan.crt
traefik.key:
file: ./secrets/traefik/graylog.lab.lan.key
services:
reverse-proxy:
image: traefik:2.11.3
command:
- --providers.file.directory=/config
- --providers.docker
- --entryPoints.web.address=:80
- --entryPoints.https.address=:443
- --entrypoints.https.http.tls=true
networks:
- graylog
ports:
- 443:443/tcp
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./config/traefik:/config:ro
secrets:
- source: traefik.certificate
target: /certs/graylog.lab.lan.crt
- source: traefik.key
target: /certs/graylog.lab.lan.key
mongo:
image: mongo:6.0.14
volumes:
- mongo_data:/data/db
networks:
- graylog
opensearch:
image: opensearchproject/opensearch:2.14.0
volumes:
- es_data:/usr/share/opensearch/data
ports:
- 9200:9200/tcp
environment:
- "discovery.type=single-node"
- "bootstrap.memory_lock=true"
- "OPENSEARCH_JAVA_OPTS=-Xms8g -Xmx8g"
- "action.auto_create_index=false"
- "plugins.security.ssl.http.enabled=false"
- "plugins.security.disabled=true"
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=PassIsStrongForThisProject&"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
networks:
- graylog
graylog:
image: graylog/graylog:6.0.2
volumes:
- graylog_data:/usr/share/graylog/data
- ./csv:/srv
environment:
# CHANGE ME (must be at least 16 characters)!
GRAYLOG_PASSWORD_SECRET: somepasswordpepper
# To change password: echo -n "Enter Password: " && head -1 < /dev/stdin | tr -d '\n' | sha256sum | cut -d " " -f1
GRAYLOG_ROOT_PASSWORD_SHA2: e9052e72e4c6780e291912e108dbd79e33812e7c64440e789b915afef2feab3b
GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
GRAYLOG_HTTP_EXTERNAL_URI: "https://graylog.lab.lan/"
labels:
# inform traefik to serve this service
- "traefik.enable=true"
- "traefik.http.routers.graylog.rule=Host(`graylog.lab.lan`)"
- "traefik.http.routers.graylog.service=graylog"
- "traefik.http.routers.graylog.entrypoints=https"
- "traefik.http.services.graylog.loadbalancer.server.port=9000"
- "traefik.http.routers.graylog.middlewares=graylog-header"
- "traefik.http.middlewares.graylog-header.headers.customrequestheaders.X-Graylog-Server-URL=http://graylog.lab.lan/"
- "traefik.docker.network=graylog"
entrypoint: /usr/bin/tini -- wait-for-it opensearch:9200 -- /docker-entrypoint.sh
networks:
- graylog
restart: always
depends_on:
- mongo
- opensearch
ports:
# Syslog TCP
- 1514:1514/tcp
# Syslog UDP
- 1514:1514/udp
# Beats
- 5044:5044/tcp
# GELF UDP
- 12201:12201/udp
# GELF TCP
- 12202:12202/tcp