forked from gchq/CyberChef
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.secretvm.yml
More file actions
60 lines (60 loc) · 1.81 KB
/
docker-compose.secretvm.yml
File metadata and controls
60 lines (60 loc) · 1.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
version: '3'
services:
cyberchef:
image: "mpepping/cyberchef:latest@sha256:1772a04fd261f971da89cf6212147afe55a37b4a93421db928a78e01de3d65ea"
restart: always
networks:
- traefik
labels:
- traefik.enable=true
- traefik.http.routers.cyberchef.rule=Host(`$DOMAIN_NAME`)
- traefik.http.routers.cyberchef.entrypoints=websecure
- traefik.http.routers.cyberchef.tls=true
- traefik.http.services.cyberchef.loadbalancer.server.port=8000
# Optional: If you need persistent storage for logs, config, etc.
# volumes:
# - "cyberchef-nginx:/etc/nginx"
# - "cyberchef-ssl:/etc/ssl"
# - "cyberchef-logs:/var/log/nginx"
# Optional: Define volumes if used above
# volumes:
# cyberchef-nginx:
# cyberchef-ssl:
# cyberchef-logs:
traefik:
image: traefik:v2.10
command:
- --api.insecure=false
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls.options=default@file
- --providers.file.directory=/etc/traefik/dynamic
- --providers.file.watch=true
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /mnt/secure/cert:/certs:ro
networks:
- traefik
configs:
- source: tls_config
target: /etc/traefik/dynamic/tls.yml
networks:
traefik:
driver: bridge
configs:
tls_config:
content: |-
tls:
certificates:
- certFile: /certs/secret_vm_fullchain.pem
keyFile: /certs/secret_vm_private.pem
stores:
default:
defaultCertificate:
certFile: /certs/secret_vm_fullchain.pem
keyFile: /certs/secret_vm_private.pem