cf-tunnel-gate/docker-compose.yml at main · binbashing/cf-tunnel-gate · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
version: '3'
services:

  init:
    image: alpine:latest
    restart: on-failure
    volumes:
      - ./init/entrypoint.sh:/entrypoint.sh
      - ./logs/:/logs
    entrypoint: /entrypoint.sh

  cloudflared:
    image: cloudflare/cloudflared:latest
    pull_policy: always
    restart: unless-stopped
    networks:
      - cf-tunnel-gate
    links:
      - owasp-crs-ngxblocker:cf-tunnel-gate
    environment:
      - TUNNEL_TOKEN
    command: tunnel --no-autoupdate run
    depends_on:
      owasp-crs-ngxblocker:
          condition: service_healthy

  owasp-crs-ngxblocker:
    image: binbashing/owasp-crs-ngxblocker:latest
    pull_policy: always
    restart: unless-stopped
    networks:
      - cf-tunnel-gate
    environment:
      - BACKEND
    volumes:
      - ./logs:/var/log/nginx
    depends_on:
      init:
          condition: service_completed_successfully

  fail2ban:
    image: binbashing/fail2ban-cf-iplist:latest
    pull_policy: always
    restart: unless-stopped
    networks:
      - cf-tunnel-gate
    volumes:
      - ./logs/fail2ban.log:/var/log/fail2ban.log
      - ./logs/access.log:/var/log/nginx/access.log
      - ./logs/error.log:/var/log/nginx/error.log
      - ./fail2ban/jail.local:/jail.local
      - ./fail2ban/nginx-403-444.conf:/etc/fail2ban/filter.d/nginx-403-444.conf
      - ./fail2ban/data:/var/lib/fail2ban
    environment:
      - CF_API_TOKEN
      - BANTIME
      - FINDTIME
      - MAXRETRY
    depends_on:
      init:
          condition: service_completed_successfully

networks:
  cf-tunnel-gate: {}