diff --git a/.env b/.env index 9c9aef6..618af9f 100644 --- a/.env +++ b/.env @@ -13,3 +13,4 @@ PROXY_AUTH_PASS= PUBLIC_ADDRESS=https://localhost:8443 DOCKER_DEPLOYMENT=1 LDAPTLS_REQCERT=never +TRIGGER_RUNNER_SHARED_SECRET=c86b1a9edd5fdad7f85c95775f42246d761c5486b9059b7db23efc69410b9eaf diff --git a/README.md b/README.md index 92172ab..72581bb 100644 --- a/README.md +++ b/README.md @@ -1 +1,3 @@ -Welcome to eramba's official Github account, for Docker installs please review our website Learning Platform ([eramba.org](https://www.eramba.org/learning/courses/12/episodes/274)) under Docker Install +Welcome to eramba's official Github account, for Docker installs please review our website Learning Platform ([eramba.org](https://www.eramba.org/learning/courses/12/episodes/274)) under Docker Install. + +The bundled files in `apache/ssl/` are a branded local development certificate intended only for local or simple demo installs. It is signed by a local development CA and will only be trusted on machines where that CA has been installed. Replace it with your own CA-issued certificate and private key for any real deployment. diff --git a/apache/ssl/mycert.crt b/apache/ssl/mycert.crt index dcfeb4e..c8d6226 100644 --- a/apache/ssl/mycert.crt +++ b/apache/ssl/mycert.crt @@ -1,27 +1,31 @@ -----BEGIN CERTIFICATE----- -MIIEfjCCAuagAwIBAgIQRLO04ZLtbjSQeIuPpy1yCjANBgkqhkiG9w0BAQsFADCB -lTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMTUwMwYDVQQLDCxzaHJr -ejFATWFjQm9vay1Qcm8tNC5sb2NhbCAoTWFydGluIEhvcnbDoXRoKTE8MDoGA1UE -AwwzbWtjZXJ0IHNocmt6MUBNYWNCb29rLVByby00LmxvY2FsIChNYXJ0aW4gSG9y -dsOhdGgpMB4XDTI2MDEwODA5NDE0M1oXDTI4MDQwODA4NDE0M1owYDEnMCUGA1UE -ChMebWtjZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMTUwMwYDVQQLDCxzaHJr -ejFATWFjQm9vay1Qcm8tNC5sb2NhbCAoTWFydGluIEhvcnbDoXRoKTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/SX8LGivsNvONOBSBAILype2grsUu9 -pTd+AQhzJlSlOLUuvKW8BwK/4cOdo/XWu5FfzBPcrqac/su9DjohF94U6FZDKvg1 -8sNoqfjo6xLP9rtCiI7ZLQmb+4PXX0FUX1kNI5FzjGngJ2D6oZPG9r2sv80tloxm -Huw8aiQd3M08CPp6nktTM4hWoSK3MokUUYVmPdemB1V5cFEM3Q1nOZh810TREUuk -Pd2h3Bk89RfFj+DgfCquVp3zALlLzWtW0YH6E6Tlg5b2lWOzTFsU0ECANas6OHi0 -RHtcrWiB+25ZOVYVtb8zL8ervOfNNrDWoPQFR0VhykZp2xW1TxAsgEUCAwEAAaN+ -MHwwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB8GA1UdIwQY -MBaAFFXHJ440jxDrJMtk5lzcuEQEy8W6MDQGA1UdEQQtMCuCCWxvY2FsaG9zdIIG -ZXJhbWJhhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEBCwUAA4IB -gQBMsf8iIagWeTqZTTaO0LikkV3GvWrJ673eeDPVJEVErKdyz4k//61ajsYUb3lE -cHSCNmoIYwWXusgWcz6IWj1/Q2ifXYnSOX2H1148n6m7C1Kvq//UT/7o7qD3hIpY -Y3GXB0EYgH7h6F1ok4iXVa+VDHex4nUY9iyjSTI9sKd+4qJM9QIROMNozKSrlf4u -62PA3PapEmRsn4otSkFg7eE/4nS+8BDzbvXOx8BG8ayESyx+hbHTjjj06cwZRnqU -xYtYC74M5iGw6151JdeJRf6vD2mBX4f0La6/bOXAZ9i2x67jKD0F+HZq92RVtCP9 -XZAMxdf+pTdF6Xzs0XkMZcQpJaa4agYEAMABGUx0SVhPqJR2upQBJRfq463Bm589 -sfBisvMZFsRkPs1qXTtKC6hwz3UYjvVfvXiqt/kLXaVgf2ZfBd5HeykoNDQsjBOa -Ja/KsKRUFcKAGqo9llA7muiPgVQV8BI/LbHoFjNdexFOONG0Br0XK02I30DHrUbu -btI= +MIIFVjCCAz6gAwIBAgIUIdCLY6GXvMH6qhPRMbIFdyGgtCwwDQYJKoZIhvcNAQEL +BQAwgZkxCzAJBgNVBAYTAlNLMRMwEQYDVQQIDApCcmF0aXNsYXZhMRMwEQYDVQQH +DApCcmF0aXNsYXZhMRMwEQYDVQQKDApFcmFtYmEgTFREMSgwJgYDVQQDDB9FcmFt +YmEgTFREIExvY2FsIERldmVsb3BtZW50IENBMSEwHwYJKoZIhvcNAQkBFhJzdXBw +b3J0QGVyYW1iYS5vcmcwHhcNMjYwNDA5MDg1NTM2WhcNMjgwNzEyMDg1NTM2WjCB +gzELMAkGA1UEBhMCU0sxEzARBgNVBAgMCkJyYXRpc2xhdmExEzARBgNVBAcMCkJy +YXRpc2xhdmExEzARBgNVBAoMCkVyYW1iYSBMVEQxEjAQBgNVBAMMCWxvY2FsaG9z +dDEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBlcmFtYmEub3JnMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13GelrXcn75CX+q5jfu3pKcdsjB3W8EvLxhV +tW+3ShQM73OdCjtCewv6P2wCgZFeRpz6gvuRpaCjqsaIdTw4+cRcGCI5TYBnZtm0 +JYCZiaASojyf0FkPU2IIgzVKj6YsQIDeImof7uDQ7nTHVc9YCsFCPo31vLm0EsHL +705a94DaJi8ZH8nQgCC8goiWy+NAMO2X6dFFwnos9tDFmeAIn6sNMG4coXVnzdl/ +9Es+GeP3/JqFh5qmqnYBKUwEAIMg0pzA3O2/17/hRQDC+SkKqbEmVo9U8eR38up9 +MnXKds0aCDKGzjlgj/GSabSqoJ6Z9ShzW7S8s1TGxE6AxIpZzwIDAQABo4GpMIGm +MDQGA1UdEQQtMCuCCWxvY2FsaG9zdIIGZXJhbWJhhwR/AAABhxAAAAAAAAAAAAAA +AAAAAAABMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG +AQUFBwMBMB0GA1UdDgQWBBQGNuwppTRibxJvAp6h7q2QFmmyLDAfBgNVHSMEGDAW +gBTb6qmGBOtCDxKr8MCoEv6cuUIqRDANBgkqhkiG9w0BAQsFAAOCAgEAyXYoA5LK +XB7z7wL8kzFF//A5tXEEb7fLW1xUBjryQqgcoflrowUSWd1qYUZpkj2ebH1tgc/a +xlFeiOkr0OEchwrmfWEIsTBjhPX0Dc+N0qZWOS9v6cbJQ1oiFoHrX9ilN5Pyq97x +4Z6mpaF10A1nwmaDZXPS1vIf+4SbkmFCsokI9gYRJragSvRHwFXAgPiPPLN/dJKH +jk6V3ToSGpY29rdURwa0En9qje/QtepfdbcLCKVNWQkhjyXHB+lPqAFcdrdDN8yF +hktQRrd//w2WN+fpQSzxNONTa4wG6IOpOjROoHInhlvWO5EL7KDxHliqFDuSqc0S +VdiX4LJORN3v1DkVIi3/UukCDeDD6ald7rAgoUH/ZudH4slLfmnYWESG6+7yVzFj +AZcvLzRdgMKyUEHu+g0KgJ4bueHEPeYErTrdD9WIlareeWOTnBf9GPu52njbkTxy ++WefCX0suyWGZh9weWLmz/MQYUtJhRis/B+38hlKkUFa3vRL9DxsqoXyt/f3aYBL +dcFY+h/t/j+xf0KYS3NgDgB1shEtXjVCx2SV0zJ5pm17DHwg3EYiUbUwTkDfG5ji +SDqTIdGyCPcFfFdyvjInstMSWSr+FyPMdrZ8yvCu8atTccXYMmdIzMYHgLRzSk01 +01pcUcr+91WyeUVgfqTWRd572CGgSv0hnWk= -----END CERTIFICATE----- diff --git a/apache/ssl/mycert.csr b/apache/ssl/mycert.csr index 9bb9ca9..e5d98ab 100644 --- a/apache/ssl/mycert.csr +++ b/apache/ssl/mycert.csr @@ -1,17 +1,21 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICvzCCAacCAQAwejELMAkGA1UEBhMCU0sxETAPBgNVBAgMCFNsb3Zha2lhMRMw -EQYDVQQHDApCcmF0aXNsYXZhMQ8wDQYDVQQKDAZFcmFtYmExDzANBgNVBAMMBmVy -YW1iYTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBlcmFtYmEub3JnMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1O1lcf5xYhPU6YgxYpUPyWpvHm7qJ3jR -Wbced5JHkG+Nj3qVAuLmxGXG+EGsjyoyEGHFU/LfHecn9fcdg/O3iFyaozszxMLq -tJxUs3ulhfAgxJeFtxktvXgfvhRCR0EmG3mLN7mILU5jjY06CdijS5rHDIBtwamn -b+2wcq/LoufJpWIS/1rE0pTgHuOEuY4QnHJRXgMj1SPLzZv/bDH+4JybvIlfR5H9 -rmAFuLdQHZ5Pl9i3WbasFVqOBnBMZrUn872BVfNzH5h0oYIf5lqERDOtSTKMuMWd -ziqoxS0sj9ffzzj9nMeW0e6iVFC4LtpthCGT16/B+SF8MPzlGPagdQIDAQABoAAw -DQYJKoZIhvcNAQELBQADggEBACe3B/45keO8RYgDgDkuSTh/cXCKoZOAJl3r8uPN -BaPVv5Irw1wzT/mZzA2sPVcDE9xe6HUlfd83LNvvs7z0H2p+mkVEV7dR0R2+gm7+ -RtL3FIFpMu+MFoZ7cfICb9qMSyCAYSOzhqapRttamRhhaZYndS2/Wx5FfMXv4oO3 -HGjqnZ03eAOxFOoZNzbI1ESTkmR5aQc1Tr97Lb9NONe3v2cRJCtDqAvHFrLdaO9F -dvAgmKlk8piRSQ5ECzxldO9V89HBb/QsexZrr3PI1dnKZ4Vj/mbaGpqq7Kpm4z1L -iKSOGjd1ySRmZj8YknCeSKw11zNB/zte+47yuIySmHyRiA0= +MIIDYzCCAksCAQAwgYMxCzAJBgNVBAYTAlNLMRMwEQYDVQQIDApCcmF0aXNsYXZh +MRMwEQYDVQQHDApCcmF0aXNsYXZhMRMwEQYDVQQKDApFcmFtYmEgTFREMRIwEAYD +VQQDDAlsb2NhbGhvc3QxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAZXJhbWJhLm9y +ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANdxnpa13J++Ql/quY37 +t6SnHbIwd1vBLy8YVbVvt0oUDO9znQo7QnsL+j9sAoGRXkac+oL7kaWgo6rGiHU8 +OPnEXBgiOU2AZ2bZtCWAmYmgEqI8n9BZD1NiCIM1So+mLECA3iJqH+7g0O50x1XP +WArBQj6N9by5tBLBy+9OWveA2iYvGR/J0IAgvIKIlsvjQDDtl+nRRcJ6LPbQxZng +CJ+rDTBuHKF1Z83Zf/RLPhnj9/yahYeapqp2ASlMBACDINKcwNztv9e/4UUAwvkp +CqmxJlaPVPHkd/LqfTJ1ynbNGggyhs45YI/xkmm0qqCemfUoc1u0vLNUxsROgMSK +Wc8CAwEAAaCBmTCBlgYJKoZIhvcNAQkOMYGIMIGFMDQGA1UdEQQtMCuCCWxvY2Fs +aG9zdIIGZXJhbWJhhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMAkGA1UdEwQCMAAw +DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBQG +NuwppTRibxJvAp6h7q2QFmmyLDANBgkqhkiG9w0BAQsFAAOCAQEAKwu5yspq/uug +8aQUYjbjL0L8QDLYKOKKhm6+F73TceXudyfMCUXpyG8NqcD/InF6ZyGEuZVCndog +GEKzY666Q/1Q24OJ0t76VwiSVmoWSHBuPLCYFjheVD1zq3EAaMtUaleNrnjun0j/ +o8xjOve01oIpRSeR2ZfTKMKKF3CGjZvpmAbbdR0M2srlSeTdb+a8dgHPL3qVIqDB +amnRotRJ64icaG62zeeWkULcYAgTa1Pg1v2+lK1YvzAnVqDqzAK+Nk0oodmXpu2G +48Zi75A5T8YO+xIykdPi9IaSWooirHc5ww9JmPdwg2WHMGbdRRkJyqPJl2gsPhDR +posv18mxoA== -----END CERTIFICATE REQUEST----- diff --git a/apache/ssl/mycert.key b/apache/ssl/mycert.key index 83e04aa..23ae89c 100644 --- a/apache/ssl/mycert.key +++ b/apache/ssl/mycert.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCv0l/Cxor7Dbzj -TgUgQCC8qXtoK7FLvaU3fgEIcyZUpTi1LrylvAcCv+HDnaP11ruRX8wT3K6mnP7L -vQ46IRfeFOhWQyr4NfLDaKn46OsSz/a7QoiO2S0Jm/uD119BVF9ZDSORc4xp4Cdg -+qGTxva9rL/NLZaMZh7sPGokHdzNPAj6ep5LUzOIVqEitzKJFFGFZj3XpgdVeXBR -DN0NZzmYfNdE0RFLpD3dodwZPPUXxY/g4Hwqrlad8wC5S81rVtGB+hOk5YOW9pVj -s0xbFNBAgDWrOjh4tER7XK1ogftuWTlWFbW/My/Hq7znzTaw1qD0BUdFYcpGadsV -tU8QLIBFAgMBAAECggEAFCXRX2qNBpPeb1XDdJyko7nwMFHBcWJ8Ck3gJG29mLmO -NAT1DTDsxL3kSxxHa6Z9u/z0T9pcES+wavxxIuwj5gkTTr9Hr0XPWeEmiSV3uqIm -LfND3sq4RH+hZMxLWBspCfVdfA93qbJMEOrnlR2ZrMac/BAbTl9tb7jEmPrrEIF9 -8mZEGBt8BwYaUePz0QIR9nauK0EbccP/7xDQX2Lc6y+ges7poNe6uu9TlIl4jykh -NKEV3QZQgKtATNABJqXiru3tOWKFVUq/EdAds4uWHebByge3IEkYVo/V6YQxiaNw -TBNJPpRhpop/+Ezetr4VgMSgqFNzLYKoZda5nWJ8SQKBgQDi1t15QUktXd06Qxo9 -MQIujuKFl5AIPSVXR45sRXRZ2HOV5DmTzYv4sPaokwoGUAUMxIBtLBHd0/jD1prM -cq+t4TqhX26l0SqRwjGoqZ6JvLjYGpdJVFQhz1HSwJPLYjFqgmOkRKcfrlZ9G8sk -1u3y5Yz+mFhQbc9qKuC+omnppwKBgQDGbI3+KpLHsxgRuOFHzdBzQXxnQn8q+HDy -RuUQcR5tjdcW45P/lIvpLse/1af0Ah79xGsniLqwl2ZDbZ+NUq2Al4X4DkAqND0s -cvhZmQLdiqJ+McCwAuTIwojTp+1D9eWch6ApRtCA5f3UmOpyQ9OsZCmPemD2XtjT -NbebrIvsMwKBgQCxp7P25jGojS3ZFnqzV/Gsgw1XsVcFjNX04D7j/xVb1FDaIM8T -OdUY5YeYiOg9/2elEzS9y9kGUaAvyKCd5GhAlvfzMKmYxhM/6sY3oPhgSWS/Izw/ -GwN1I0ii9V4K2JF5KDtfiMEW59Qm0aCs7oOXSz68mpX4D7h1HrW7t7mZWwKBgQCh -1zzhiDv8IjmJivBErrxMpacgWf57P/RvyB9hj8IvvTcodirqlXCgmwVVlKDOx0Qb -269CqaUMEBDbAnjWvg7CCdS9hHIVelJDBOtHuSO7Ky5qG458gX+1t+X+LMO7YL8N -MxoRUK8T04N7edYPqP7nZzL20exwRuA3NWMy2EOwPQKBgEpi4IrJGiO2ZQ1wQkLL -2T9wpKWYcUjZPJZTR+UK5W4CwtdT5oEvUQNc4UP83pMsGCrJltKxYPEVcUlC4PrF -33xMGM6CcmNwBEwYD5T8jqO+FHEIf7un3RGqzsoC1OATI5ifFR8wyFLBs9/2SsOM -PkeiR3ZJbQyDrMyzd+WK0efB +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDXcZ6WtdyfvkJf +6rmN+7ekpx2yMHdbwS8vGFW1b7dKFAzvc50KO0J7C/o/bAKBkV5GnPqC+5GloKOq +xoh1PDj5xFwYIjlNgGdm2bQlgJmJoBKiPJ/QWQ9TYgiDNUqPpixAgN4iah/u4NDu +dMdVz1gKwUI+jfW8ubQSwcvvTlr3gNomLxkfydCAILyCiJbL40Aw7Zfp0UXCeiz2 +0MWZ4Aifqw0wbhyhdWfN2X/0Sz4Z4/f8moWHmqaqdgEpTAQAgyDSnMDc7b/Xv+FF +AML5KQqpsSZWj1Tx5Hfy6n0ydcp2zRoIMobOOWCP8ZJptKqgnpn1KHNbtLyzVMbE +ToDEilnPAgMBAAECggEAHoPSzRDsM1oM564E4yXkkHc1HxB7T20w5DBDr4Onx9/I +J0BOXW0gUPJU2xfO0RBIdKL2XogITJfQprchC83gWgwkaSyrxhzqSGiMegVZeeNI +0F7a2fVLVOmdQAxTx73nJam7DM/QPxLrtOKoezB3jWprGhYcWMNKzJ9TZc1I2CZO +8B69JyZW0VjAHxUXpSkDPQ9fDY9jTD4iVOhUsNFIflnQpQ0aOWGYtOMeWMBYPe7i +wO9UzBfkBuUz5Dd5rmo6Lfq0oLaiwTMVHG+LtiUr99FYiCzZn58CV0ynzmviHJ6h +cf+Y3bARLYOw/1UJRCYsl43s8RrU1GvF16jVl8TU0QKBgQDyZv/c+pxSLPa4A6tP +6Ab5VMJuD7xIWGImIrT6orfswIRqQ04w+uTzrN+jaRVuMwD7nzZpidNbHOcC364Q +mHcrfkpYqvbeBiObL7SzRngZ0PkaJTBoMwMRQkDoABalj19SskRBqqpP6wvNWUhs +mZ1nk4Kt/e+XjNyUHd2CzKCjcQKBgQDjh3v6qZjw9vdlyMiLkWxS08SRO5oobwhG +8rPmn3T2XGCtFDX2T28fTAR8lkceNETpsuyeLdRPGkzvKa83yoFmYgSXLYfdV38B +DZIbe5B9wrdZOETMqJRRymhF+X+9yXGqXFBmK6Ci63KZuTQ6IjZ46/DasphKQCR9 +LwU4lZGxPwKBgQCW5H8JtAdzMAI08jPF/g25T4XotWrjLgGK87fs/TW47u5+p38Z +BlVXSpm8Q0HP43gNKkLY16713LwBEfRs6Dvmmyr0nxglhXTMuZmmr4s7ptYp7FSB +yJ90MuXshYGTdfhEpivPJMn4Dby/C4EF+Wn+e9ixLo3irRDyMtUdAvxMQQKBgQDh +0xjUQvwPPa9ykIOrMpzG4HRaiUOKGhmnAUBZB664zhsN7d9ZJqHt+C8D0MupSMuV +AAclP+tWz43IWiEUSKOCEIrp2UDeCPd+/g8jw9I3X8lGfjiawD7lpvUzblzA620r +XxBVN7vpt7I4rL8Pa+GQxux4w4WvPFZ7AO43qQu/VQKBgQCuVUtcJMYyvIh4+QwG +GKqMWPq/P94Ug09V8OaDeSqelAVw5Dty7MmX5PnpY1iyyxhPscOO5msXYs/Oh1aL +pK+Yy4OoClXLwYgsiMZhBk5VsFkJTXfFzmp467Q+jt92EFbUcRmO003+a4FgvF02 +H6TN8ERGWaDIClpGcEm/1jpSfg== -----END PRIVATE KEY----- diff --git a/docker-compose.simple-install.enterprise.yml b/docker-compose.simple-install.enterprise.yml index b977aab..cdb0db2 100644 --- a/docker-compose.simple-install.enterprise.yml +++ b/docker-compose.simple-install.enterprise.yml @@ -1,5 +1,5 @@ services: eramba: - image: ghcr.io/eramba/eramba-enterprise:latest + image: ghcr.io/eramba/eramba-enterprise:3.x cron: - image: ghcr.io/eramba/eramba-enterprise:latest + image: ghcr.io/eramba/eramba-enterprise:3.x diff --git a/docker-compose.simple-install.yml b/docker-compose.simple-install.yml index 7e97ee4..b54f002 100644 --- a/docker-compose.simple-install.yml +++ b/docker-compose.simple-install.yml @@ -13,13 +13,18 @@ services: MYSQL_USER: ${DB_USERNAME} MYSQL_PASSWORD: ${DB_PASSWORD} MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} + networks: + - app_internal + - host_access redis: container_name: redis image: redis:7.4.2-alpine restart: always + networks: + - app_internal eramba: container_name: eramba - image: ghcr.io/eramba/eramba:latest + image: ghcr.io/eramba/eramba:3.x restart: always ports: - 8443:443 @@ -33,19 +38,21 @@ services: - ./apache/ports.conf:/etc/apache2/ports.conf - ./apache/vhost-ssl.conf:/etc/apache2/sites-available/000-default.conf - ./crontab/crontab:/etc/cron.d/eramba-crontab + - trigger-logs:/var/log/trigger-limits environment: DB_HOST: ${DB_HOST} DB_DATABASE: ${DB_DATABASE} DB_USERNAME: ${DB_USERNAME} DB_PASSWORD: ${DB_PASSWORD} CACHE_URL: ${CACHE_URL} + PUBLIC_ADDRESS: ${PUBLIC_ADDRESS} USE_PROXY: ${USE_PROXY} PROXY_HOST: ${PROXY_HOST} PROXY_PORT: ${PROXY_PORT} USE_PROXY_AUTH: ${USE_PROXY_AUTH} PROXY_AUTH_USER: ${PROXY_AUTH_USER} PROXY_AUTH_PASS: ${PROXY_AUTH_PASS} - PUBLIC_ADDRESS: ${PUBLIC_ADDRESS} + TRIGGER_RUNNER_SHARED_SECRET: ${TRIGGER_RUNNER_SHARED_SECRET} DOCKER_DEPLOYMENT: ${DOCKER_DEPLOYMENT} LDAPTLS_REQCERT: ${LDAPTLS_REQCERT} links: @@ -53,9 +60,12 @@ services: - redis depends_on: - mysql + networks: + - app_internal + - triggers_net cron: container_name: cron - image: ghcr.io/eramba/eramba:latest + image: ghcr.io/eramba/eramba:3.x command: ["cron", "-f"] entrypoint: ["/docker-cron-entrypoint.sh"] restart: always @@ -72,13 +82,14 @@ services: DB_USERNAME: ${DB_USERNAME} DB_PASSWORD: ${DB_PASSWORD} CACHE_URL: ${CACHE_URL} + PUBLIC_ADDRESS: ${PUBLIC_ADDRESS} USE_PROXY: ${USE_PROXY} PROXY_HOST: ${PROXY_HOST} PROXY_PORT: ${PROXY_PORT} USE_PROXY_AUTH: ${USE_PROXY_AUTH} PROXY_AUTH_USER: ${PROXY_AUTH_USER} PROXY_AUTH_PASS: ${PROXY_AUTH_PASS} - PUBLIC_ADDRESS: ${PUBLIC_ADDRESS} + TRIGGER_RUNNER_SHARED_SECRET: ${TRIGGER_RUNNER_SHARED_SECRET} DOCKER_DEPLOYMENT: ${DOCKER_DEPLOYMENT} LDAPTLS_REQCERT: ${LDAPTLS_REQCERT} links: @@ -87,8 +98,41 @@ services: - eramba depends_on: - eramba + networks: + - app_internal + - triggers_net + triggers_caddy: + image: ghcr.io/eramba/eramba-triggers:3.x + container_name: triggers_caddy + entrypoint: + - /app/iptables-entrypoint.sh + volumes: + - trigger-logs:/var/log/trigger-limits + - trigger-storage:/data/eramba_trigger_storage + depends_on: + - eramba + environment: + CRON_HOST: cron + TRIGGER_RUNNER_SHARED_SECRET: ${TRIGGER_RUNNER_SHARED_SECRET} + cap_add: + - NET_ADMIN + networks: + - triggers_net + healthcheck: + test: ["CMD-SHELL", "curl -sS -o /dev/null -w '%{http_code}' http://127.0.0.1:9001/health | grep -q '^200$'"] + interval: 30s + timeout: 5s + retries: 3 + start_period: 10s volumes: app: data: logs: db-data: + trigger-logs: + trigger-storage: +networks: + app_internal: + internal: true + triggers_net: + host_access: