-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
46 lines (40 loc) · 1.36 KB
/
docker-compose.yml
File metadata and controls
46 lines (40 loc) · 1.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
version: '3.8'
services:
fail2rest:
build:
context: .
dockerfile: Dockerfile
container_name: fail2rest
restart: unless-stopped
ports:
- "8080:8080"
volumes:
# Mount fail2ban socket (read-only access)
- /var/run/fail2ban/fail2ban.sock:/var/run/fail2ban/fail2ban.sock:ro
# Mount config file
- ./config.yaml:/etc/fail2rest/config.yaml:ro
# Optional: mount logs directory if you want persistent logs
# - ./logs:/app/logs
environment:
- TZ=UTC
# Socket access options:
# Option 1: Run as root (simplest, less secure)
# Uncomment the line below:
# user: "0:0"
# Option 2: Run as non-root (recommended)
# Requires: sudo chmod g+r /var/run/fail2ban/fail2ban.sock on host
# Requires: sudo chgrp fail2ban /var/run/fail2ban/fail2ban.sock on host
# Then uncomment and adjust GID:
# user: "1000:999" # UID:GID (999 is common fail2ban group GID)
# Option 3: Use privileged mode (NOT recommended)
# privileged: true
# Network mode: host allows direct access to host network
# This is useful if you want to bind to host network interfaces
# network_mode: "host"
# Security options
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- NET_BIND_SERVICE # Allow binding to ports < 1024 if needed