base dashboard and login
This commit is contained in:
+23
-25
@@ -1,20 +1,24 @@
|
||||
# -----------------------------------------------------------------------
|
||||
# CrowdSec Dashy — Docker Compose
|
||||
#
|
||||
# Prerequisites:
|
||||
# 1. Register the UI as a CrowdSec machine BEFORE starting this stack:
|
||||
# docker exec crowdsec cscli machines add crowdsec-dashy --password changeme -a
|
||||
# First-run setup:
|
||||
# 1. mkdir -p config
|
||||
# 2. docker compose up crowdsec-dashy
|
||||
# The container exits after creating ./config/app_config.conf
|
||||
#
|
||||
# 2. Edit the environment variables below (especially passwords).
|
||||
# 3. Edit ./config/app_config.conf
|
||||
# Set: crowdsec_api_login, crowdsec_api_password, ui_password
|
||||
#
|
||||
# cscli bind-mount:
|
||||
# The UI needs the cscli binary for bouncer/machine/hub/metrics management.
|
||||
# If CrowdSec is running in Docker, extract the binary from the image:
|
||||
# docker cp crowdsec:/usr/local/bin/cscli /usr/local/bin/cscli
|
||||
# Then the bind-mount below works automatically.
|
||||
# 4. Register the UI as a CrowdSec machine:
|
||||
# docker exec crowdsec cscli machines add crowdsec-dashy \
|
||||
# --password <crowdsec_api_password from config> -a
|
||||
#
|
||||
# If cscli is NOT available, those sections will show a degradation banner
|
||||
# and all LAPI-based features (decisions, alerts) continue to work normally.
|
||||
# 5. docker compose up -d
|
||||
#
|
||||
# cscli (optional):
|
||||
# Required for bouncers, machines, hub, and metrics pages.
|
||||
# docker cp crowdsec:/usr/local/bin/cscli /usr/local/bin/cscli
|
||||
# Then uncomment the cscli volume below.
|
||||
# -----------------------------------------------------------------------
|
||||
|
||||
services:
|
||||
@@ -34,26 +38,20 @@ services:
|
||||
|
||||
crowdsec-dashy:
|
||||
build: .
|
||||
# Or use a published image:
|
||||
# image: ghcr.io/your-org/crowdsec-dashy:latest
|
||||
container_name: crowdsec-dashy
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "8080:8080"
|
||||
environment:
|
||||
PORT: ":8080"
|
||||
CROWDSEC_API_URL: "http://crowdsec:8080"
|
||||
CROWDSEC_API_LOGIN: "crowdsec-dashy" # match what you registered above
|
||||
CROWDSEC_API_PASSWORD: "changeme" # CHANGE THIS
|
||||
CSCLI_PATH: "/usr/local/bin/cscli"
|
||||
UI_USERNAME: "admin" # UI Basic Auth login
|
||||
UI_PASSWORD: "changeme" # CHANGE THIS
|
||||
UI_SESSION_SECRET: "replace-with-32-random-chars-here" # CHANGE THIS
|
||||
POLL_INTERVAL_SEC: "15"
|
||||
# CONFIG_FILE points to the mounted config directory.
|
||||
# All secrets live in the file — not in environment variables.
|
||||
CONFIG_FILE: /app/config/app_config.conf
|
||||
volumes:
|
||||
# Bind-mount cscli binary from host (or from crowdsec container)
|
||||
# See setup instructions above
|
||||
- /usr/local/bin/cscli:/usr/local/bin/cscli:ro
|
||||
# Config directory — app_config.conf is auto-generated here on first run.
|
||||
- ./config:/app/config
|
||||
# cscli binary — optional; enables bouncers/machines/hub/metrics.
|
||||
# Uncomment after copying from the crowdsec container (see above).
|
||||
# - /usr/local/bin/cscli:/usr/local/bin/cscli:ro
|
||||
networks:
|
||||
- cs-internal
|
||||
depends_on:
|
||||
|
||||
Reference in New Issue
Block a user