soc-fortress/iris-web/docker-compose.yml

#  IRIS Source Code
#  contact@dfir-iris.org
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU Lesser General Public
#  License as published by the Free Software Foundation; either
#  version 3 of the License, or (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
#  Lesser General Public License for more details.
#
#  You should have received a copy of the GNU Lesser General Public License
#  along with this program; if not, write to the Free Software Foundation,
#  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

version: "3.5"
services:
  rabbitmq:
      image: rabbitmq:3-management-alpine
      container_name: iriswebapp_rabbitmq
      networks:
        - iris_backend

  db:
    build:
      context: docker/db
    container_name: iriswebapp_db
    image: iriswebapp_db:v2.3.3
    restart: always
    # Used for debugging purposes, should be deleted for production
    ports:
      - "127.0.0.1:5432:5432"
    environment:
      - POSTGRES_USER
      - POSTGRES_PASSWORD
      - POSTGRES_ADMIN_USER
      - POSTGRES_ADMIN_PASSWORD
      - POSTGRES_DB
    networks:
      - iris_backend
    volumes:
      - db_data:/var/lib/postgresql/data

  app:
    build:
      context: .
      dockerfile: docker/webApp/Dockerfile
    image: iriswebapp_app:v2.3.3
    container_name: iriswebapp_app
    command: ['nohup', './iris-entrypoint.sh', 'iriswebapp']
    volumes:
      # RootCA necessary when dealing with an auth server without a trusted CA signed certificate
      - ./certificates/rootCA/irisRootCACert.pem:/etc/irisRootCACert.pem:ro
      - ./certificates/:/home/iris/certificates/:ro
      - ./certificates/ldap/:/iriswebapp/certificates/ldap/:ro
      - iris-downloads:/home/iris/downloads
      - user_templates:/home/iris/user_templates
      - server_data:/home/iris/server_data
    restart: always
    depends_on:
      - "rabbitmq"
      - "db"
    # Used for debugging purposes, should be deleted for production
    ports:
      - "127.0.0.1:8000:8000"
    env_file:
      - .env
    environment:
      - POSTGRES_USER
      - POSTGRES_PASSWORD
      - POSTGRES_ADMIN_USER
      - POSTGRES_ADMIN_PASSWORD
      - POSTGRES_SERVER
      - POSTGRES_PORT
      - DOCKERIZED
      - IRIS_SECRET_KEY
      - IRIS_SECURITY_PASSWORD_SALT
    networks:
      - iris_backend
      - iris_frontend
      - shared-network

  worker:
    build:
      context: .
      dockerfile: docker/webApp/Dockerfile
    image: iriswebapp_app:v2.3.3
    container_name: iriswebapp_worker
    command: ['./wait-for-iriswebapp.sh', 'app:8000', './iris-entrypoint.sh', 'iris-worker']
    volumes:
      - ./certificates/rootCA/irisRootCACert.pem:/etc/irisRootCACert.pem:ro
      - ./certificates/:/home/iris/certificates/:ro
      - ./certificates/ldap/:/iriswebapp/certificates/ldap/:ro
      - iris-downloads:/home/iris/downloads
      - user_templates:/home/iris/user_templates
      - server_data:/home/iris/server_data
    depends_on:
      - "rabbitmq"
      - "db"
      - "app"
    env_file:
      - .env
    environment:
      - POSTGRES_USER
      - POSTGRES_PASSWORD
      - POSTGRES_ADMIN_USER
      - POSTGRES_ADMIN_PASSWORD
      - POSTGRES_SERVER
      - POSTGRES_PORT
      - DOCKERIZED
      - IRIS_SECRET_KEY
      - IRIS_SECURITY_PASSWORD_SALT
      - IRIS_WORKER
    networks:
      - iris_backend
      - shared-network
  nginx:
    build:
      context: ./docker/nginx
      args:
        NGINX_CONF_GID: 1234
        NGINX_CONF_FILE: nginx.conf
    image: iriswebapp_nginx:v2.3.3
    container_name: iriswebapp_nginx
    environment:
      - IRIS_UPSTREAM_SERVER
      - IRIS_UPSTREAM_PORT
      - INTERFACE_HTTPS_PORT
      - SERVER_NAME
      - CERT_FILENAME
      - KEY_FILENAME
      - IRIS_AUTHENTICATION_TYPE
    networks:
      - iris_frontend
      - shared-network
    ports:
      - "${INTERFACE_HTTPS_PORT:-8443}:${INTERFACE_HTTPS_PORT:-8443}"
    volumes:
      - "./certificates/web_certificates/:/www/certs/:ro"
    restart: on-failure:5
    depends_on:
      - "app"

volumes:
  iris-downloads:
  user_templates:
  server_data:
  db_data:

networks:
  iris_backend:
    name: iris_backend
  iris_frontend:
    name: iris_frontend
  shared-network:
    external: true