服务器被黑-数据库被清空-请大佬们帮忙分析下问题出在哪儿
如题,请大佬们帮忙分析一下:
现状
1. 多个数据库所有表被清空,留下一个新建的 WARNING 表:
+---------+------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+---------+------+------+-----+---------+-------+
| id | int | NO | PRI | NULL | |
| warning | text | YES | | NULL | |
| website | text | YES | | NULL | |
| token | text | YES | | NULL | |
+---------+------+------+-----+---------+-------+id = 1
warning = To recover your lost databases and avoid leaking it: visit hn4wg4o6s5nc7763.onion and enter your unique token 19662ef1c31f0054 and pay the required amount of Bitcoin to get it back. Databases that we have: ljdg, ljcc, ljbm, ljsp. Your databases are downloaded and backed up on our servers. If we dont receive your payment in the next 9 Days, we will sell your database to the highest bidder or use them otherwise. To access this site you have use the tor browser www.torproject.org/projects/torbro...
website = hn4wg4o6s5nc7763.onion
token = 19662efxxfxx54
2. 系统数据库mysql下插入一个后门用户
+-----------+------------------+
| host | user |
+-----------+------------------+
| % | mysqlbackups |
+-----------+------------------+排查情况
搜索勒索地址找到以下关于相同攻击的文章
www.guardicore.com/labs/please-rea...
github.com/guardicore/labs_campaig...
系统环境
服务商:京东云
OS:
Linux version 3.10.0-957.el7.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) ) #1 SMP Thu Nov 8 23:39:32 UTC 2018Docker: version 19.03.8, build afacb8b
Docker-compose:
docker-compose version 1.25.5, build 8a1c60f6 docker-py version: 4.1.0 CPython version: 3.7.5 OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019Git: version 1.8.3.1
对外开放端口:
tcp 1521 tcp 9000 tcp 19281 tcp 8080 tcp 22 ssh tcp 443 https tcp 80 http tcp 8081 http tcp 2222 其他端口一律拒绝网络:
内网ip: 通过一个域名+端口号,映射访问该服务器 ssh -p 19281 root@xxx.com登录方式:
1. 用户名密码登录(不常用,非弱密码) 2. 证书登录(常用)登录日志未发现异常ip登录(或者日志被自动删除)
WEB 环境
配置:
########################################################### ###################### General Setup ###################### ########################################################### ### Paths ################################################# # Point to the path of your applications code on your host APP_CODE_PATH_HOST=../ # Point to where the `APP_CODE_PATH_HOST` should be in the container APP_CODE_PATH_CONTAINER=/var/www # You may add flags to the path `:cached`, `:delegated`. When using Docker Sync add `:nocopy` APP_CODE_CONTAINER_FLAG=:cached # Choose storage path on your machine. For all storage systems DATA_PATH_HOST=~/.laradock/data ### Drivers ################################################ # All volumes driver VOLUMES_DRIVER=local # All Networks driver NETWORKS_DRIVER=bridge ### Docker compose files ################################## # Select which docker-compose files to include. If using docker-sync append `:docker-compose.sync.yml` at the end COMPOSE_FILE=docker-compose.yml # Change the separator from : to ; on Windows COMPOSE_PATH_SEPARATOR=: # Define the prefix of container names. This is useful if you have multiple projects that use laradock to have separate containers per project. COMPOSE_PROJECT_NAME=laradock ### PHP Version ########################################### # Select a PHP version of the Workspace and PHP-FPM containers (Does not apply to HHVM). # Accepted values: 7.4 - 7.3 - 7.2 - 7.1 - 7.0 - 5.6 PHP_VERSION=7.3 ### Phalcon Version ########################################### # Select a Phalcon version of the Workspace and PHP-FPM containers (Does not apply to HHVM). Accepted values: 3.4.0+ PHALCON_VERSION=4.0.5 ### PHP Interpreter ####################################### # Select the PHP Interpreter. Accepted values: hhvm - php-fpm PHP_INTERPRETER=php-fpm ### Docker Host IP ######################################## # Enter your Docker Host IP (will be appended to /etc/hosts). Default is `10.0.75.1` DOCKER_HOST_IP=10.0.75.1 ### Remote Interpreter #################################### # Choose a Remote Interpreter entry matching name. Default is `laradock` PHP_IDE_CONFIG=serverName=laradock ### PHP DOWNGRADEOPENSSL TLS AND SECLEVEL ################# PHP_DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL=false ### Windows Path ########################################## # A fix for Windows users, to ensure the application path works COMPOSE_CONVERT_WINDOWS_PATHS=1 ### Environment ########################################### # If you need to change the sources (i.e. to China), set CHANGE_SOURCE to true CHANGE_SOURCE=true # Set CHANGE_SOURCE and UBUNTU_SOURCE option if you want to change the Ubuntu system sources.list file. UBUNTU_SOURCE=tsinghua ### Docker Sync ########################################### # If you are using Docker Sync. For `osx` use 'native_osx', for `windows` use 'unison', for `linux` docker-sync is not required DOCKER_SYNC_STRATEGY=native_osx ### Install Oh My ZSH! #################################### # If you want to use "Oh My ZSH!" with Laravel autocomplete plugin, set SHELL_OH_MY_ZSH to true. SHELL_OH_MY_ZSH=false SHELL_OH_MY_ZSH_AUTOSUGESTIONS=false SHELL_OH_MY_ZSH_ALIASES=false ########################################################### ################ Containers Customization ################# ########################################################### ### WORKSPACE ############################################# WORKSPACE_BASE_IMAGE_TAG_PREFIX=latest WORKSPACE_COMPOSER_GLOBAL_INSTALL=true WORKSPACE_COMPOSER_AUTH=false WORKSPACE_COMPOSER_REPO_PACKAGIST=https://mirrors.aliyun.com/composer/ WORKSPACE_NVM_NODEJS_ORG_MIRROR= WORKSPACE_INSTALL_NODE=true WORKSPACE_NODE_VERSION=node WORKSPACE_NPM_REGISTRY=https://registry.npm.taobao.org WORKSPACE_INSTALL_PNPM=false WORKSPACE_INSTALL_YARN=true WORKSPACE_YARN_VERSION=latest WORKSPACE_INSTALL_NPM_GULP=true WORKSPACE_INSTALL_NPM_BOWER=false WORKSPACE_INSTALL_NPM_VUE_CLI=true WORKSPACE_INSTALL_NPM_ANGULAR_CLI=false WORKSPACE_INSTALL_PHPREDIS=true WORKSPACE_INSTALL_WORKSPACE_SSH=false WORKSPACE_INSTALL_SUBVERSION=false WORKSPACE_INSTALL_BZ2=false WORKSPACE_INSTALL_GMP=false WORKSPACE_INSTALL_XDEBUG=false WORKSPACE_INSTALL_PCOV=false WORKSPACE_INSTALL_PHPDBG=false WORKSPACE_INSTALL_SSH2=false WORKSPACE_INSTALL_LDAP=false WORKSPACE_INSTALL_SOAP=false WORKSPACE_INSTALL_XSL=false WORKSPACE_INSTALL_SMB=false WORKSPACE_INSTALL_IMAP=false WORKSPACE_INSTALL_MONGO=false WORKSPACE_INSTALL_AMQP=false WORKSPACE_INSTALL_CASSANDRA=false WORKSPACE_INSTALL_GEARMAN=false WORKSPACE_INSTALL_MSSQL=false WORKSPACE_INSTALL_DRUSH=false WORKSPACE_DRUSH_VERSION=8.1.17 WORKSPACE_INSTALL_DRUPAL_CONSOLE=false WORKSPACE_INSTALL_WP_CLI=false WORKSPACE_INSTALL_AEROSPIKE=false WORKSPACE_INSTALL_OCI8=true WORKSPACE_INSTALL_V8JS=false WORKSPACE_INSTALL_LARAVEL_ENVOY=false WORKSPACE_INSTALL_LARAVEL_INSTALLER=false WORKSPACE_INSTALL_DEPLOYER=false WORKSPACE_INSTALL_PRESTISSIMO=false WORKSPACE_INSTALL_LINUXBREW=false WORKSPACE_INSTALL_MC=false WORKSPACE_INSTALL_SYMFONY=false WORKSPACE_INSTALL_PYTHON=false WORKSPACE_INSTALL_PYTHON3=false WORKSPACE_INSTALL_POWERLINE=false WORKSPACE_INSTALL_SUPERVISOR=false WORKSPACE_INSTALL_IMAGE_OPTIMIZERS=false WORKSPACE_INSTALL_IMAGEMAGICK=false WORKSPACE_INSTALL_TERRAFORM=false WORKSPACE_INSTALL_DUSK_DEPS=false WORKSPACE_INSTALL_PG_CLIENT=false WORKSPACE_INSTALL_PHALCON=false WORKSPACE_INSTALL_SWOOLE=true WORKSPACE_INSTALL_TAINT=false WORKSPACE_INSTALL_LIBPNG=false WORKSPACE_INSTALL_GRAPHVIZ=false WORKSPACE_INSTALL_IONCUBE=false WORKSPACE_INSTALL_MYSQL_CLIENT=true WORKSPACE_INSTALL_PING=false WORKSPACE_INSTALL_SSHPASS=false WORKSPACE_INSTALL_INOTIFY=false WORKSPACE_INSTALL_FSWATCH=false WORKSPACE_INSTALL_YAML=false WORKSPACE_INSTALL_RDKAFKA=false WORKSPACE_INSTALL_MAILPARSE=false WORKSPACE_INSTALL_XMLRPC=false WORKSPACE_PUID=1000 WORKSPACE_PGID=1000 WORKSPACE_CHROME_DRIVER_VERSION=2.42 WORKSPACE_TIMEZONE=Asia/Shanghai WORKSPACE_SSH_PORT=2222 WORKSPACE_INSTALL_FFMPEG=false WORKSPACE_INSTALL_AUDIOWAVEFORM=false WORKSPACE_INSTALL_WKHTMLTOPDF=false WORKSPACE_INSTALL_GNU_PARALLEL=false WORKSPACE_INSTALL_AST=true WORKSPACE_AST_VERSION=1.0.3 WORKSPACE_BROWSERSYNC_HOST_PORT=3000 WORKSPACE_BROWSERSYNC_UI_HOST_PORT=3001 WORKSPACE_VUE_CLI_SERVE_HOST_PORT=8080 WORKSPACE_VUE_CLI_UI_HOST_PORT=8001 WORKSPACE_ANGULAR_CLI_SERVE_HOST_PORT=4200 WORKSPACE_INSTALL_GIT_PROMPT=false WORKSPACE_INSTALL_LNAV=false WORKSPACE_INSTALL_PROTOC=false WORKSPACE_PROTOC_VERSION=latest ### PHP_FPM ############################################### PHP_FPM_BASE_IMAGE_TAG_PREFIX=latest PHP_FPM_INSTALL_BCMATH=true PHP_FPM_INSTALL_MYSQLI=true PHP_FPM_INSTALL_INTL=true PHP_FPM_INSTALL_IMAGEMAGICK=true PHP_FPM_INSTALL_OPCACHE=true PHP_FPM_INSTALL_IMAGE_OPTIMIZERS=true PHP_FPM_INSTALL_PHPREDIS=true PHP_FPM_INSTALL_MEMCACHED=false PHP_FPM_INSTALL_BZ2=false PHP_FPM_INSTALL_GMP=false PHP_FPM_INSTALL_XDEBUG=false PHP_FPM_INSTALL_PCOV=false PHP_FPM_INSTALL_XHPROF=false PHP_FPM_INSTALL_PHPDBG=false PHP_FPM_INSTALL_SMB=false PHP_FPM_INSTALL_IMAP=false PHP_FPM_INSTALL_MONGO=false PHP_FPM_INSTALL_AMQP=false PHP_FPM_INSTALL_CASSANDRA=false PHP_FPM_INSTALL_GEARMAN=false PHP_FPM_INSTALL_MSSQL=false PHP_FPM_INSTALL_SSH2=false PHP_FPM_INSTALL_SOAP=false PHP_FPM_INSTALL_XSL=false PHP_FPM_INSTALL_EXIF=false PHP_FPM_INSTALL_AEROSPIKE=false PHP_FPM_INSTALL_OCI8=true PHP_FPM_INSTALL_PGSQL=false PHP_FPM_INSTALL_GHOSTSCRIPT=false PHP_FPM_INSTALL_LDAP=false PHP_FPM_INSTALL_PHALCON=false PHP_FPM_INSTALL_SWOOLE=true PHP_FPM_INSTALL_TAINT=false PHP_FPM_INSTALL_PG_CLIENT=false PHP_FPM_INSTALL_POSTGIS=false PHP_FPM_INSTALL_PCNTL=false PHP_FPM_INSTALL_CALENDAR=false PHP_FPM_INSTALL_FAKETIME=false PHP_FPM_INSTALL_IONCUBE=false PHP_FPM_INSTALL_RDKAFKA=false PHP_FPM_INSTALL_GETTEXT=false PHP_FPM_INSTALL_XMLRPC=false PHP_FPM_FAKETIME=-0 PHP_FPM_INSTALL_APCU=false PHP_FPM_INSTALL_CACHETOOL=false PHP_FPM_INSTALL_YAML=false PHP_FPM_INSTALL_ADDITIONAL_LOCALES=false PHP_FPM_INSTALL_MYSQL_CLIENT=true PHP_FPM_INSTALL_PING=false PHP_FPM_INSTALL_SSHPASS=false PHP_FPM_INSTALL_MAILPARSE=false PHP_FPM_INSTALL_WKHTMLTOPDF=false PHP_FPM_FFMPEG=false PHP_FPM_AUDIOWAVEFORM=false PHP_FPM_ADDITIONAL_LOCALES="en_US.UTF-8 es_ES.UTF-8 fr_FR.UTF-8" PHP_FPM_DEFAULT_LOCALE=POSIX PHP_FPM_PUID=1000 PHP_FPM_PGID=1000 ### PHP_WORKER ############################################ PHP_WORKER_INSTALL_BZ2=false PHP_WORKER_INSTALL_GD=false PHP_WORKER_INSTALL_IMAGEMAGICK=false PHP_WORKER_INSTALL_GMP=false PHP_WORKER_INSTALL_PGSQL=false PHP_WORKER_INSTALL_BCMATH=false # PHP_WORKER_INSTALL_OCI8 Does not work in php5.6 version PHP_WORKER_INSTALL_OCI8=false PHP_WORKER_INSTALL_PHALCON=false PHP_WORKER_INSTALL_SOAP=false PHP_WORKER_INSTALL_ZIP_ARCHIVE=false PHP_WORKER_INSTALL_MYSQL_CLIENT=false PHP_WORKER_INSTALL_AMQP=false PHP_WORKER_INSTALL_GHOSTSCRIPT=false PHP_WORKER_INSTALL_SWOOLE=true PHP_WORKER_INSTALL_TAINT=false PHP_WORKER_INSTALL_FFMPEG=false PHP_WORKER_INSTALL_AUDIOWAVEFORM=false PHP_WORKER_INSTALL_CASSANDRA=false PHP_WORKER_INSTALL_GEARMAN=false PHP_WORKER_INSTALL_REDIS=false PHP_WORKER_INSTALL_IMAP=false PHP_WORKER_INSTALL_XMLRPC=false PHP_WORKER_PUID=1000 PHP_WORKER_PGID=1000 ### NGINX ################################################# NGINX_HOST_HTTP_PORT=80 NGINX_HOST_HTTPS_PORT=443 NGINX_HOST_LOG_PATH=./logs/nginx/ NGINX_SITES_PATH=./nginx/sites/ NGINX_PHP_UPSTREAM_CONTAINER=php-fpm NGINX_PHP_UPSTREAM_PORT=9000 NGINX_SSL_PATH=./nginx/ssl/ ### LARAVEL_HORIZON ################################################ LARAVEL_HORIZON_INSTALL_BZ2=false LARAVEL_HORIZON_INSTALL_GD=false LARAVEL_HORIZON_INSTALL_GMP=false LARAVEL_HORIZON_INSTALL_IMAGEMAGICK=false LARAVEL_HORIZON_INSTALL_SOCKETS=false LARAVEL_HORIZON_INSTALL_YAML=false LARAVEL_HORIZON_INSTALL_ZIP_ARCHIVE=false LARAVEL_HORIZON_INSTALL_PHPREDIS=true LARAVEL_HORIZON_INSTALL_MONGO=false LARAVEL_HORIZON_INSTALL_FFMPEG=false LARAVEL_HORIZON_INSTALL_AUDIOWAVEFORM=false LARAVEL_HORIZON_PGID=1000 LARAVEL_HORIZON_PUID=1000 ### APACHE ################################################ APACHE_HOST_HTTP_PORT=80 APACHE_HOST_HTTPS_PORT=443 APACHE_HOST_LOG_PATH=./logs/apache2 APACHE_SITES_PATH=./apache2/sites APACHE_PHP_UPSTREAM_CONTAINER=php-fpm APACHE_PHP_UPSTREAM_PORT=9000 APACHE_PHP_UPSTREAM_TIMEOUT=60 APACHE_DOCUMENT_ROOT=/var/www/ APACHE_INSTALL_HTTP2=false ### MYSQL ################################################# MYSQL_VERSION=latest MYSQL_DATABASE=default MYSQL_USER=default MYSQL_PASSWORD=secret MYSQL_PORT=3306 MYSQL_ROOT_PASSWORD=root MYSQL_ENTRYPOINT_INITDB=./mysql/docker-entrypoint-initdb.d ### REDIS ################################################# REDIS_PORT=6379 ### REDIS CLUSTER ######################################### REDIS_CLUSTER_PORT_RANGE=7000-7005 ### ZooKeeper ############################################# ZOOKEEPER_PORT=2181 ### Percona ############################################### PERCONA_DATABASE=homestead PERCONA_USER=homestead PERCONA_PASSWORD=secret PERCONA_PORT=3306 PERCONA_ROOT_PASSWORD=root PERCONA_ENTRYPOINT_INITDB=./percona/docker-entrypoint-initdb.d ### MSSQL ################################################# MSSQL_DATABASE=master MSSQL_PASSWORD="yourStrong(!)Password" MSSQL_PORT=1433 ### MARIADB ############################################### MARIADB_VERSION=latest MARIADB_DATABASE=default MARIADB_USER=default MARIADB_PASSWORD=secret MARIADB_PORT=3306 MARIADB_ROOT_PASSWORD=root MARIADB_ENTRYPOINT_INITDB=./mariadb/docker-entrypoint-initdb.d ### POSTGRES ############################################## POSTGRES_VERSION=alpine POSTGRES_DB=default POSTGRES_USER=default POSTGRES_PASSWORD=secret POSTGRES_PORT=5432 POSTGRES_ENTRYPOINT_INITDB=./postgres/docker-entrypoint-initdb.d ### SQS ############################################## SQS_NODE_HOST_PORT=9324 SQS_MANAGEMENT_HTTP_HOST_PORT=9325 ### RABBITMQ ############################################## RABBITMQ_NODE_HOST_PORT=5672 RABBITMQ_MANAGEMENT_HTTP_HOST_PORT=15672 RABBITMQ_MANAGEMENT_HTTPS_HOST_PORT=15671 RABBITMQ_DEFAULT_USER=guest RABBITMQ_DEFAULT_PASS=guest ### MEILISEARCH ########################################### MEILISEARCH_HOST_PORT=7700 MEILISEARCH_KEY=masterkey ### ELASTICSEARCH ######################################### ELASTICSEARCH_HOST_HTTP_PORT=9200 ELASTICSEARCH_HOST_TRANSPORT_PORT=9300 ### KIBANA ################################################ KIBANA_HTTP_PORT=5601 ### DEJAVU ################################################ DEJAVU_HTTP_PORT=1358 ### MEMCACHED ############################################# MEMCACHED_HOST_PORT=11211 ### BEANSTALKD CONSOLE #################################### BEANSTALKD_CONSOLE_BUILD_PATH=./beanstalkd-console BEANSTALKD_CONSOLE_CONTAINER_NAME=beanstalkd-console BEANSTALKD_CONSOLE_HOST_PORT=2080 ### BEANSTALKD ############################################ BEANSTALKD_HOST_PORT=11300 ### SELENIUM ############################################## SELENIUM_PORT=4444 ### MINIO ################################################# MINIO_PORT=9000 ### ADMINER ############################################### ADM_PORT=8081 ADM_INSTALL_MSSQL=false ADM_PLUGINS= ADM_DESIGN=pepa-linha ADM_DEFAULT_SERVER=mysql ### PHP MY ADMIN ########################################## # Accepted values: mariadb - mysql PMA_DB_ENGINE=mysql # Credentials/Port: PMA_USER=default PMA_PASSWORD=secret PMA_ROOT_PASSWORD=secret PMA_PORT=8081 ### MAILDEV ############################################### MAILDEV_HTTP_PORT=1080 MAILDEV_SMTP_PORT=25 ### VARNISH ############################################### VARNISH_CONFIG=/etc/varnish/default.vcl VARNISH_PORT=6081 VARNISH_BACKEND_PORT=81 VARNISHD_PARAMS="-p default_ttl=3600 -p default_grace=3600" ### Varnish ############################################### # Proxy 1 VARNISH_PROXY1_CACHE_SIZE=128m VARNISH_PROXY1_BACKEND_HOST=workspace VARNISH_PROXY1_SERVER=SERVER1 # Proxy 2 VARNISH_PROXY2_CACHE_SIZE=128m VARNISH_PROXY2_BACKEND_HOST=workspace VARNISH_PROXY2_SERVER=SERVER2 ### HAPROXY ############################################### HAPROXY_HOST_HTTP_PORT=8085 ### JENKINS ############################################### JENKINS_HOST_HTTP_PORT=8090 JENKINS_HOST_SLAVE_AGENT_PORT=50000 JENKINS_HOME=./jenkins/jenkins_home ### CONFLUENCE ############################################### CONFLUENCE_POSTGRES_INIT=true CONFLUENCE_VERSION=6.13-ubuntu-18.04-adoptopenjdk8 CONFLUENCE_POSTGRES_DB=laradock_confluence CONFLUENCE_POSTGRES_USER=laradock_confluence CONFLUENCE_POSTGRES_PASSWORD=laradock_confluence CONFLUENCE_HOST_HTTP_PORT=8090 ### GRAFANA ############################################### GRAFANA_PORT=3000 ### GRAYLOG ############################################### # password must be 16 characters long GRAYLOG_PASSWORD=somesupersecretpassword # sha256 representation of the password GRAYLOG_SHA256_PASSWORD=b1cb6e31e172577918c9e7806c572b5ed8477d3f57aa737bee4b5b1db3696f09 GRAYLOG_PORT=9000 GRAYLOG_SYSLOG_TCP_PORT=514 GRAYLOG_SYSLOG_UDP_PORT=514 GRAYLOG_GELF_TCP_PORT=12201 GRAYLOG_GELF_UDP_PORT=12201 ### BLACKFIRE ############################################# # Create an account on blackfire.io. Don't enable blackfire and xDebug at the same time. # visit https://blackfire.io/docs/24-days/06-installation#install-probe-debian for more info. INSTALL_BLACKFIRE=false BLACKFIRE_CLIENT_ID="<client_id>" BLACKFIRE_CLIENT_TOKEN="<client_token>" BLACKFIRE_SERVER_ID="<server_id>" BLACKFIRE_SERVER_TOKEN="<server_token>" ### AEROSPIKE ############################################# AEROSPIKE_SERVICE_PORT=3000 AEROSPIKE_FABRIC_PORT=3001 AEROSPIKE_HEARTBEAT_PORT=3002 AEROSPIKE_INFO_PORT=3003 AEROSPIKE_STORAGE_GB=1 AEROSPIKE_MEM_GB=1 AEROSPIKE_NAMESPACE=test ### RETHINKDB ############################################# RETHINKDB_PORT=8090 ### MONGODB ############################################### MONGODB_PORT=27017 ### CADDY ################################################# CADDY_HOST_HTTP_PORT=80 CADDY_HOST_HTTPS_PORT=443 CADDY_HOST_LOG_PATH=./logs/caddy CADDY_CONFIG_PATH=./caddy/caddy ### LARAVEL ECHO SERVER ################################### LARAVEL_ECHO_SERVER_PORT=6001 ### THUMBOR ############################################################################################################ THUMBOR_PORT=8000 THUMBOR_LOG_FORMAT="%(asctime)s %(name)s:%(levelname)s %(message)s" THUMBOR_LOG_DATE_FORMAT="%Y-%m-%d %H:%M:%S" MAX_WIDTH=0 MAX_HEIGHT=0 MIN_WIDTH=1 MIN_HEIGHT=1 ALLOWED_SOURCES=[] QUALITY=80 WEBP_QUALITY=None PNG_COMPRESSION_LEVEL=6 AUTO_WEBP=False MAX_AGE=86400 MAX_AGE_TEMP_IMAGE=0 RESPECT_ORIENTATION=False IGNORE_SMART_ERRORS=False PRESERVE_EXIF_INFO=False ALLOW_ANIMATED_GIFS=True USE_GIFSICLE_ENGINE=False USE_BLACKLIST=False LOADER=thumbor.loaders.http_loader STORAGE=thumbor.storages.file_storage AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= RESULT_STORAGE=thumbor.result_storages.file_storage ENGINE=thumbor.engines.pil SECURITY_KEY="MY_SECURE_KEY" ALLOW_UNSAFE_URL=True ALLOW_OLD_URLS=True FILE_LOADER_ROOT_PATH=/data/loader HTTP_LOADER_CONNECT_TIMEOUT=5 HTTP_LOADER_REQUEST_TIMEOUT=20 HTTP_LOADER_FOLLOW_REDIRECTS=True HTTP_LOADER_MAX_REDIRECTS=5 HTTP_LOADER_FORWARD_USER_AGENT=False HTTP_LOADER_DEFAULT_USER_AGENT="Thumbor/5.2.1" HTTP_LOADER_PROXY_HOST=None HTTP_LOADER_PROXY_PORT=None HTTP_LOADER_PROXY_USERNAME=None HTTP_LOADER_PROXY_PASSWORD=None HTTP_LOADER_CA_CERTS=None HTTP_LOADER_VALIDATE_CERTS=True HTTP_LOADER_CLIENT_KEY=None HTTP_LOADER_CLIENT_CERT=None HTTP_LOADER_CURL_ASYNC_HTTP_CLIENT=False STORAGE_EXPIRATION_SECONDS=2592000 STORES_CRYPTO_KEY_FOR_EACH_IMAGE=False FILE_STORAGE_ROOT_PATH=/data/storage UPLOAD_MAX_SIZE=0 UPLOAD_ENABLED=False UPLOAD_PHOTO_STORAGE=thumbor.storages.file_storage UPLOAD_DELETE_ALLOWED=False UPLOAD_PUT_ALLOWED=False UPLOAD_DEFAULT_FILENAME=image MONGO_STORAGE_SERVER_HOST=mongo MONGO_STORAGE_SERVER_PORT=27017 MONGO_STORAGE_SERVER_DB=thumbor MONGO_STORAGE_SERVER_COLLECTION=images REDIS_STORAGE_SERVER_HOST=redis REDIS_STORAGE_SERVER_PORT=6379 REDIS_STORAGE_SERVER_DB=0 REDIS_STORAGE_SERVER_PASSWORD=None REDIS_RESULT_STORAGE_SERVER_HOST=redis REDIS_RESULT_STORAGE_SERVER_PORT=6379 REDIS_RESULT_STORAGE_SERVER_DB=0 REDIS_RESULT_STORAGE_SERVER_PASSWORD=None MEMCACHE_STORAGE_SERVERS=["localhost:11211",] MIXED_STORAGE_FILE_STORAGE=thumbor.storages.no_storage MIXED_STORAGE_CRYPTO_STORAGE=thumbor.storages.no_storage MIXED_STORAGE_DETECTOR_STORAGE=thumbor.storages.no_storage META_CALLBACK_NAME=None DETECTORS=[] FACE_DETECTOR_CASCADE_FILE=haarcascade_frontalface_alt.xml OPTIMIZERS=[] JPEGTRAN_PATH=/usr/bin/jpegtran PROGRESSIVE_JPEG=True FILTERS="[thumbor.filters.brightness, thumbor.filters.contrast, thumbor.filters.rgb, thumbor.filters.round_corner, thumbor.filters.quality, thumbor.filters.noise, thumbor.filters.watermark, thumbor.filters.equalize, thumbor.filters.fill, thumbor.filters.sharpen, thumbor.filters.strip_icc, thumbor.filters.frame, thumbor.filters.grayscale, thumbor.filters.rotate, thumbor.filters.format, thumbor.filters.max_bytes, thumbor.filters.convolution, thumbor.filters.blur, thumbor.filters.extract_focal, thumbor.filters.no_upscale]" RESULT_STORAGE_EXPIRATION_SECONDS=0 RESULT_STORAGE_FILE_STORAGE_ROOT_PATH=/data/result_storage RESULT_STORAGE_STORES_UNSAFE=False REDIS_QUEUE_SERVER_HOST=redis REDIS_QUEUE_SERVER_PORT=6379 REDIS_QUEUE_SERVER_DB="0" REDIS_QUEUE_SERVER_PASSWORD=None SQS_QUEUE_KEY_ID=None SQS_QUEUE_KEY_SECRET=None SQS_QUEUE_REGION=us-east-1 USE_CUSTOM_ERROR_HANDLING=False ERROR_HANDLER_MODULE=thumbor.error_handlers.sentry ERROR_FILE_LOGGER=None ERROR_FILE_NAME_USE_CONTEXT="False" SENTRY_DSN_URL= TC_AWS_REGION=eu-west-1 TC_AWS_ENDPOINT=None TC_AWS_STORAGE_BUCKET= TC_AWS_STORAGE_ROOT_PATH= TC_AWS_LOADER_BUCKET= TC_AWS_LOADER_ROOT_PATH= TC_AWS_RESULT_STORAGE_BUCKET= TC_AWS_RESULT_STORAGE_ROOT_PATH= TC_AWS_STORAGE_SSE=False TC_AWS_STORAGE_RRS=False TC_AWS_ENABLE_HTTP_LOADER=False TC_AWS_ALLOWED_BUCKETS=False TC_AWS_STORE_METADATA=False ### SOLR ################################################## SOLR_VERSION=5.5 SOLR_PORT=8983 SOLR_DATAIMPORTHANDLER_MYSQL=false SOLR_DATAIMPORTHANDLER_MSSQL=false ### GITLAB ############################################### GITLAB_POSTGRES_INIT=true GITLAB_HOST_HTTP_PORT=8989 GITLAB_HOST_HTTPS_PORT=9898 GITLAB_HOST_SSH_PORT=2289 GITLAB_DOMAIN_NAME=http://localhost GITLAB_ROOT_PASSWORD=laradock GITLAB_HOST_LOG_PATH=./logs/gitlab GITLAB_POSTGRES_HOST=postgres GITLAB_POSTGRES_USER=laradock_gitlab GITLAB_POSTGRES_PASSWORD=laradock_gitlab GITLAB_POSTGRES_DB=laradock_gitlab ### GITLAB-RUNNER ############################################### GITLAB_CI_SERVER_URL=http://localhost:8989 GITLAB_RUNNER_REGISTRATION_TOKEN="<my-registration-token>" GITLAB_REGISTER_NON_INTERACTIVE=true ### JUPYTERHUB ############################################### JUPYTERHUB_POSTGRES_INIT=true JUPYTERHUB_POSTGRES_HOST=postgres JUPYTERHUB_POSTGRES_USER=laradock_jupyterhub JUPYTERHUB_POSTGRES_PASSWORD=laradock_jupyterhub JUPYTERHUB_POSTGRES_DB=laradock_jupyterhub JUPYTERHUB_PORT=9991 JUPYTERHUB_OAUTH_CALLBACK_URL=http://laradock:9991/hub/oauth_callback JUPYTERHUB_OAUTH_CLIENT_ID={GITHUB_CLIENT_ID} JUPYTERHUB_OAUTH_CLIENT_SECRET={GITHUB_CLIENT_SECRET} JUPYTERHUB_CUSTOM_CONFIG=./jupyterhub/jupyterhub_config.py JUPYTERHUB_USER_DATA=/jupyterhub JUPYTERHUB_USER_LIST=./jupyterhub/userlist JUPYTERHUB_ENABLE_NVIDIA=false ### IPYTHON ################################################## LARADOCK_IPYTHON_CONTROLLER_IP=127.0.0.1 ### NETDATA ############################################### NETDATA_PORT=19999 ### REDISWEBUI ######################################### REDIS_WEBUI_USERNAME=laradock REDIS_WEBUI_PASSWORD=laradock REDIS_WEBUI_CONNECT_HOST=redis REDIS_WEBUI_CONNECT_PORT=6379 REDIS_WEBUI_PORT=9987 ### MONGOWEBUI ############################################### MONGO_WEBUI_PORT=3000 MONGO_WEBUI_ROOT_URL=http://localhost MONGO_WEBUI_MONGO_URL=mongodb://mongo:27017/ MONGO_WEBUI_INSTALL_MONGO=false ### METABASE ############################################### METABASE_PORT=3030 METABASE_DB_FILE=metabase.db METABASE_JAVA_TIMEZONE=US/Pacific ### IDE ############################################### IDE_THEIA_PORT=987 IDE_WEBIDE_PORT=984 IDE_CODIAD_PORT=985 IDE_ICECODER_PORT=986 ### DOCKERREGISTRY ############################################### DOCKER_REGISTRY_PORT=5000 ### DOCKERWEBUI ############################################### DOCKER_WEBUI_REGISTRY_HOST=docker-registry DOCKER_WEBUI_REGISTRY_PORT=5000 # if have use https proxy please set to 1 DOCKER_REGISTRY_USE_SSL=0 DOCKER_REGISTRY_BROWSE_ONLY=false DOCKER_WEBUI_PORT=8754 ### MAILU ############################################### MAILU_VERSION=latest MAILU_RECAPTCHA_PUBLIC_KEY="<YOUR_RECAPTCHA_PUBLIC_KEY>" MAILU_RECAPTCHA_PRIVATE_KEY="<YOUR_RECAPTCHA_PRIVATE_KEY>" # Main mail domain MAILU_HTTP_PORT=6080 MAILU_HTTPS_PORT=60443 MAILU_DOMAIN=example.com MAILU_INIT_ADMIN_USERNAME=laradock MAILU_INIT_ADMIN_PASSWORD=laradock # Hostnames for this server, separated with comas MAILU_HOSTNAMES=mail.example.com,alternative.example.com,yetanother.example.com # Postmaster local part (will append the main mail domain) MAILU_POSTMASTER=admin # Set to a randomly generated 16 bytes string MAILU_SECRET_KEY=ChangeMeChangeMe # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail) MAILU_TLS_FLAVOR=cert # Authentication rate limit (per source IP address) MAILU_AUTH_RATELIMIT="10/minute;1000/hour" # Opt-out of statistics, replace with "True" to opt out MAILU_DISABLE_STATISTICS=False # Message size limit in bytes # Default: accept messages up to 50MB MAILU_MESSAGE_SIZE_LIMIT=50000000 # Will relay all outgoing mails if configured MAILU_RELAYHOST= # Networks granted relay permissions, make sure that you include your Docker # internal network (default to 172.17.0.0/16) MAILU_RELAYNETS=172.16.0.0/12 # Fetchmail delay MAILU_FETCHMAIL_DELAY=600 # Recipient delimiter, character used to delimiter localpart from custom address part # e.g. localpart+custom@domain;tld MAILU_RECIPIENT_DELIMITER=+ # DMARC rua and ruf email MAILU_DMARC_RUA=admin MAILU_DMARC_RUF=admin # Welcome email, enable and set a topic and body if you wish to send welcome # emails to all users. MAILU_WELCOME=True MAILU_WELCOME_SUBJECT="Welcome to your new email account" MAILU_WELCOME_BODY="Welcome to your new email account, if you can read this, then it is configured properly!" # Path to the admin interface if enabled MAILU_WEB_ADMIN=/admin # Path to the webmail if enabled MAILU_WEB_WEBMAIL=/webmail # Website name MAILU_SITENAME="Example Mail" # Linked Website URL MAILU_WEBSITE=http://mail.example.com # Default password scheme used for newly created accounts and changed passwords # (value: SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT) MAILU_PASSWORD_SCHEME=SHA512-CRYPT # Expose the admin interface (value: true, false) MAILU_ADMIN=true # Choose which webmail to run if any (values: roundcube, rainloop, none) MAILU_WEBMAIL=rainloop # Dav server implementation (value: radicale, none) MAILU_WEBDAV=radicale ### TRAEFIK ################################################# TRAEFIK_HOST_HTTP_PORT=80 TRAEFIK_HOST_HTTPS_PORT=443 TRAEFIK_DASHBOARD_PORT=8888 # basic authentication for traefik dashboard username: admin password:admin TRAEFIK_DASHBOARD_USER=admin:$2y$10$lXaL3lj6raFic6rFqr2.lOBoCudAIhB6zyoqObNg290UFppiUzTTi ACME_DOMAIN=example.org ACME_EMAIL=email@example.org ### MOSQUITTO ################################################# MOSQUITTO_PORT=9001 ### COUCHDB ################################################### COUCHDB_PORT=5984 ### Manticore Search ########################################## MANTICORE_CONFIG_PATH=./manticore/config MANTICORE_API_PORT=9312 MANTICORE_SPHINXQL_PORT=9306 MANTICORE_HTTP_PORT=9308 ### pgadmin ################################################## # use this address http://ip6-localhost:5050 PGADMIN_PORT=5050 PGADMIN_DEFAULT_EMAIL=pgadmin4@pgadmin.org PGADMIN_DEFAULT_PASSWORD=admin ### SONARQUBE ################################################ ## docker-compose up -d sonarqube ## (If you encounter a database error) ## docker-compose exec --user=root postgres ## source docker-entrypoint-initdb.d/init_sonarqube_db.sh ## (If you encounter logs error) ## docker-compose run --user=root --rm sonarqube chown sonarqube:sonarqube /opt/sonarqube/logs SONARQUBE_HOSTNAME=sonar.example.com SONARQUBE_PORT=9000 SONARQUBE_POSTGRES_INIT=true SONARQUBE_POSTGRES_HOST=postgres SONARQUBE_POSTGRES_DB=sonar SONARQUBE_POSTGRES_USER=sonar SONARQUBE_POSTGRES_PASSWORD=sonarPass ### TOMCAT ################################################ TOMCAT_VERSION=8.5.43 TOMCAT_HOST_HTTP_PORT=8080 ### CASSANDRA ################################################ # Cassandra Version, supported tags can be found at https://hub.docker.com/r/bitnami/cassandra/ CASSANDRA_VERSION=latest # Inter-node cluster communication port. Default: 7000 CASSANDRA_TRANSPORT_PORT_NUMBER=7000 # JMX connections port. Default: 7199 CASSANDRA_JMX_PORT_NUMBER=7199 # Client port. Default: 9042. CASSANDRA_CQL_PORT_NUMBER=9042 # Cassandra user name. Defaults: cassandra CASSANDRA_USER=cassandra # Password seeder will change the Cassandra default credentials at initialization. In clusters, only one node should be marked as password seeder. Default: no CASSANDRA_PASSWORD_SEEDER=no # Cassandra user password. Default: cassandra CASSANDRA_PASSWORD=cassandra # Number of tokens for the node. Default: 256. CASSANDRA_NUM_TOKENS=256 # Hostname used to configure Cassandra. It can be either an IP or a domain. If left empty, it will be resolved to the machine IP. CASSANDRA_HOST= # Cluster name to configure Cassandra.. Defaults: My Cluster CASSANDRA_CLUSTER_NAME="My Cluster" # : Hosts that will act as Cassandra seeds. No defaults. CASSANDRA_SEEDS= # Snitch name (which determines which data centers and racks nodes belong to). Default SimpleSnitch CASSANDRA_ENDPOINT_SNITCH=SimpleSnitch # Enable the thrift RPC endpoint. Default :true CASSANDRA_ENABLE_RPC=true # Datacenter name for the cluster. Ignored in SimpleSnitch endpoint snitch. Default: dc1. CASSANDRA_DATACENTER=dc1 # Rack name for the cluster. Ignored in SimpleSnitch endpoint snitch. Default: rack1. CASSANDRA_RACK=rack1 ### GEARMAN ################################################## # Gearman version to use. See available tags at https://hub.docker.com/r/artefactual/gearmand GEARMAN_VERSION=latest # Port to use (Default: 4730) GEARMAN_PORT=4730 # Logging Level (Default: INFO) GEARMAN_VERBOSE=INFO # Persistent queue type to use (Default: builtin) GEARMAN_QUEUE_TYPE=builtin # Number of I/O threads to use (Default: 4) GEARMAN_THREADS=4 # Number of backlog connections for listen (Default: 32) GEARMAN_BACKLOG=32 # Number of file descriptors to allow for the process (Default is max allowed for user) GEARMAN_FILE_DESCRIPTORS= # Number of attempts to run the job before the job server removes it. (Default: no limit = 0) GEARMAN_JOB_RETRIES=0 # Assign work in round-robin order per worker connection (Default: 0) GEARMAN_ROUND_ROBIN=0 # Number of workers to wakeup for each job received (Default: 0) GEARMAN_WORKER_WAKEUP=0 # Enable keepalive on sockets (Default: 0) GEARMAN_KEEPALIVE=0 # The duration between two keepalive transmissions in idle condition (Default: 30) GEARMAN_KEEPALIVE_IDLE=30 # The duration between two successive keepalive retransmissions, if acknowledgement to the previous keepalive transmission is not received (Default: 10) GEARMAN_KEEPALIVE_INTERVAL=10 # The number of retransmissions to be carried out before declaring that remote end is not available (Default: 5) GEARMAN_KEEPALIVE_COUNT=5 # Mysql server host (Default: localhost) GEARMAN_MYSQL_HOST=localhost # Mysql server port (Default: 3306) GEARMAN_MYSQL_PORT=3306 # Mysql server user (Default: root) GEARMAN_MYSQL_USER=root # Mysql password GEARMAN_MYSQL_PASSWORD= # Path to file with mysql password(Docker secrets) GEARMAN_MYSQL_PASSWORD_FILE= # Database to use by Gearman (Default: Gearmand) GEARMAN_MYSQL_DB=Gearmand # Table to use by Gearman (Default: gearman_queue) GEARMAN_MYSQL_TABLE=gearman_queue ### ELK Stack ################################################## ELK_VERSION=7.9.1 DB_HOST=mysql REDIS_HOST=redis QUEUE_HOST=beanstalkd编排文件:
version: '3' networks: frontend: driver: ${NETWORKS_DRIVER} backend: driver: ${NETWORKS_DRIVER} volumes: mysql: driver: ${VOLUMES_DRIVER} percona: driver: ${VOLUMES_DRIVER} mssql: driver: ${VOLUMES_DRIVER} postgres: driver: ${VOLUMES_DRIVER} memcached: driver: ${VOLUMES_DRIVER} redis: driver: ${VOLUMES_DRIVER} neo4j: driver: ${VOLUMES_DRIVER} mariadb: driver: ${VOLUMES_DRIVER} mongo: driver: ${VOLUMES_DRIVER} minio: driver: ${VOLUMES_DRIVER} rethinkdb: driver: ${VOLUMES_DRIVER} phpmyadmin: driver: ${VOLUMES_DRIVER} adminer: driver: ${VOLUMES_DRIVER} aerospike: driver: ${VOLUMES_DRIVER} caddy: driver: ${VOLUMES_DRIVER} meilisearch: driver: ${VOLUMES_DRIVER} elasticsearch: driver: ${VOLUMES_DRIVER} mosquitto: driver: ${VOLUMES_DRIVER} confluence: driver: ${VOLUMES_DRIVER} sonarqube: driver: ${VOLUMES_DRIVER} cassandra: driver: ${VOLUMES_DRIVER} graylog: driver: ${VOLUMES_DRIVER} docker-in-docker: driver: ${VOLUMES_DRIVER} services: ### Workspace Utilities ################################## workspace: build: context: ./workspace args: - CHANGE_SOURCE=${CHANGE_SOURCE} - SHELL_OH_MY_ZSH=${SHELL_OH_MY_ZSH} - SHELL_OH_MY_ZSH_AUTOSUGESTIONS=${SHELL_OH_MY_ZSH_AUTOSUGESTIONS} - SHELL_OH_MY_ZSH_ALIASES=${SHELL_OH_MY_ZSH_ALIASES} - UBUNTU_SOURCE=${UBUNTU_SOURCE} - BASE_IMAGE_TAG_PREFIX=${WORKSPACE_BASE_IMAGE_TAG_PREFIX} - LARADOCK_PHP_VERSION=${PHP_VERSION} - LARADOCK_PHALCON_VERSION=${PHALCON_VERSION} - INSTALL_SUBVERSION=${WORKSPACE_INSTALL_SUBVERSION} - INSTALL_BZ2=${WORKSPACE_INSTALL_BZ2} - INSTALL_GMP=${WORKSPACE_INSTALL_GMP} - INSTALL_XDEBUG=${WORKSPACE_INSTALL_XDEBUG} - INSTALL_PCOV=${WORKSPACE_INSTALL_PCOV} - INSTALL_PHPDBG=${WORKSPACE_INSTALL_PHPDBG} - INSTALL_BLACKFIRE=${INSTALL_BLACKFIRE} - INSTALL_SSH2=${WORKSPACE_INSTALL_SSH2} - INSTALL_SOAP=${WORKSPACE_INSTALL_SOAP} - INSTALL_XSL=${WORKSPACE_INSTALL_XSL} - INSTALL_LDAP=${WORKSPACE_INSTALL_LDAP} - INSTALL_SMB=${WORKSPACE_INSTALL_SMB} - INSTALL_IMAP=${WORKSPACE_INSTALL_IMAP} - INSTALL_MONGO=${WORKSPACE_INSTALL_MONGO} - INSTALL_AMQP=${WORKSPACE_INSTALL_AMQP} - INSTALL_CASSANDRA=${WORKSPACE_INSTALL_CASSANDRA} - INSTALL_GEARMAN=${WORKSPACE_INSTALL_GEARMAN} - INSTALL_PHPREDIS=${WORKSPACE_INSTALL_PHPREDIS} - INSTALL_MSSQL=${WORKSPACE_INSTALL_MSSQL} - NVM_NODEJS_ORG_MIRROR=${WORKSPACE_NVM_NODEJS_ORG_MIRROR} - INSTALL_NODE=${WORKSPACE_INSTALL_NODE} - NPM_REGISTRY=${WORKSPACE_NPM_REGISTRY} - INSTALL_PNPM=${WORKSPACE_INSTALL_PNPM} - INSTALL_YARN=${WORKSPACE_INSTALL_YARN} - INSTALL_NPM_GULP=${WORKSPACE_INSTALL_NPM_GULP} - INSTALL_NPM_BOWER=${WORKSPACE_INSTALL_NPM_BOWER} - INSTALL_NPM_VUE_CLI=${WORKSPACE_INSTALL_NPM_VUE_CLI} - INSTALL_NPM_ANGULAR_CLI=${WORKSPACE_INSTALL_NPM_ANGULAR_CLI} - INSTALL_DRUSH=${WORKSPACE_INSTALL_DRUSH} - INSTALL_WP_CLI=${WORKSPACE_INSTALL_WP_CLI} - INSTALL_DRUPAL_CONSOLE=${WORKSPACE_INSTALL_DRUPAL_CONSOLE} - INSTALL_AEROSPIKE=${WORKSPACE_INSTALL_AEROSPIKE} - INSTALL_OCI8=${WORKSPACE_INSTALL_OCI8} - INSTALL_V8JS=${WORKSPACE_INSTALL_V8JS} - COMPOSER_GLOBAL_INSTALL=${WORKSPACE_COMPOSER_GLOBAL_INSTALL} - COMPOSER_AUTH=${WORKSPACE_COMPOSER_AUTH} - COMPOSER_REPO_PACKAGIST=${WORKSPACE_COMPOSER_REPO_PACKAGIST} - INSTALL_WORKSPACE_SSH=${WORKSPACE_INSTALL_WORKSPACE_SSH} - INSTALL_LARAVEL_ENVOY=${WORKSPACE_INSTALL_LARAVEL_ENVOY} - INSTALL_LARAVEL_INSTALLER=${WORKSPACE_INSTALL_LARAVEL_INSTALLER} - INSTALL_DEPLOYER=${WORKSPACE_INSTALL_DEPLOYER} - INSTALL_PRESTISSIMO=${WORKSPACE_INSTALL_PRESTISSIMO} - INSTALL_LINUXBREW=${WORKSPACE_INSTALL_LINUXBREW} - INSTALL_MC=${WORKSPACE_INSTALL_MC} - INSTALL_SYMFONY=${WORKSPACE_INSTALL_SYMFONY} - INSTALL_PYTHON=${WORKSPACE_INSTALL_PYTHON} - INSTALL_PYTHON3=${WORKSPACE_INSTALL_PYTHON3} - INSTALL_IMAGE_OPTIMIZERS=${WORKSPACE_INSTALL_IMAGE_OPTIMIZERS} - INSTALL_IMAGEMAGICK=${WORKSPACE_INSTALL_IMAGEMAGICK} - INSTALL_TERRAFORM=${WORKSPACE_INSTALL_TERRAFORM} - INSTALL_DUSK_DEPS=${WORKSPACE_INSTALL_DUSK_DEPS} - INSTALL_PG_CLIENT=${WORKSPACE_INSTALL_PG_CLIENT} - INSTALL_PHALCON=${WORKSPACE_INSTALL_PHALCON} - INSTALL_SWOOLE=${WORKSPACE_INSTALL_SWOOLE} - INSTALL_TAINT=${WORKSPACE_INSTALL_TAINT} - INSTALL_LIBPNG=${WORKSPACE_INSTALL_LIBPNG} - INSTALL_GRAPHVIZ=${WORKSPACE_INSTALL_GRAPHVIZ} - INSTALL_IONCUBE=${WORKSPACE_INSTALL_IONCUBE} - INSTALL_MYSQL_CLIENT=${WORKSPACE_INSTALL_MYSQL_CLIENT} - INSTALL_PING=${WORKSPACE_INSTALL_PING} - INSTALL_SSHPASS=${WORKSPACE_INSTALL_SSHPASS} - INSTALL_INOTIFY=${WORKSPACE_INSTALL_INOTIFY} - INSTALL_FSWATCH=${WORKSPACE_INSTALL_FSWATCH} - INSTALL_AST=${WORKSPACE_INSTALL_AST} - INSTALL_YAML=${WORKSPACE_INSTALL_YAML} - INSTALL_RDKAFKA=${WORKSPACE_INSTALL_RDKAFKA} - INSTALL_MAILPARSE=${WORKSPACE_INSTALL_MAILPARSE} - INSTALL_GIT_PROMPT=${WORKSPACE_INSTALL_GIT_PROMPT} - INSTALL_XMLRPC=${WORKSPACE_INSTALL_XMLRPC} - PUID=${WORKSPACE_PUID} - PGID=${WORKSPACE_PGID} - CHROME_DRIVER_VERSION=${WORKSPACE_CHROME_DRIVER_VERSION} - NODE_VERSION=${WORKSPACE_NODE_VERSION} - YARN_VERSION=${WORKSPACE_YARN_VERSION} - DRUSH_VERSION=${WORKSPACE_DRUSH_VERSION} - AST_VERSION=${WORKSPACE_AST_VERSION} - TZ=${WORKSPACE_TIMEZONE} - BLACKFIRE_CLIENT_ID=${BLACKFIRE_CLIENT_ID} - BLACKFIRE_CLIENT_TOKEN=${BLACKFIRE_CLIENT_TOKEN} - INSTALL_POWERLINE=${WORKSPACE_INSTALL_POWERLINE} - INSTALL_SUPERVISOR=${WORKSPACE_INSTALL_SUPERVISOR} - INSTALL_FFMPEG=${WORKSPACE_INSTALL_FFMPEG} - INSTALL_AUDIOWAVEFORM=${WORKSPACE_INSTALL_AUDIOWAVEFORM} - INSTALL_WKHTMLTOPDF=${WORKSPACE_INSTALL_WKHTMLTOPDF} - INSTALL_GNU_PARALLEL=${WORKSPACE_INSTALL_GNU_PARALLEL} - INSTALL_LNAV=${WORKSPACE_INSTALL_LNAV} - INSTALL_PROTOC=${WORKSPACE_INSTALL_PROTOC} - PROTOC_VERSION=${WORKSPACE_PROTOC_VERSION} - http_proxy - https_proxy - no_proxy volumes: - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG} - docker-in-docker:/certs/client - ./php-worker/supervisord.d:/etc/supervisord.d extra_hosts: - "dockerhost:${DOCKER_HOST_IP}" ports: - "${WORKSPACE_SSH_PORT}:22" - "${WORKSPACE_BROWSERSYNC_HOST_PORT}:3000" - "${WORKSPACE_BROWSERSYNC_UI_HOST_PORT}:3001" - "${WORKSPACE_VUE_CLI_SERVE_HOST_PORT}:8080" - "${WORKSPACE_VUE_CLI_UI_HOST_PORT}:8000" - "${WORKSPACE_ANGULAR_CLI_SERVE_HOST_PORT}:4200" tty: true environment: - PHP_IDE_CONFIG=${PHP_IDE_CONFIG} - DOCKER_HOST=tcp://docker-in-docker:2376 - DOCKER_TLS_VERIFY=1 - DOCKER_TLS_CERTDIR=/certs - DOCKER_CERT_PATH=/certs/client networks: - frontend - backend links: - docker-in-docker ### PHP-FPM ############################################## php-fpm: build: context: ./php-fpm args: - CHANGE_SOURCE=${CHANGE_SOURCE} - BASE_IMAGE_TAG_PREFIX=${PHP_FPM_BASE_IMAGE_TAG_PREFIX} - LARADOCK_PHP_VERSION=${PHP_VERSION} - LARADOCK_PHALCON_VERSION=${PHALCON_VERSION} - INSTALL_BZ2=${PHP_FPM_INSTALL_BZ2} - INSTALL_GMP=${PHP_FPM_INSTALL_GMP} - INSTALL_XDEBUG=${PHP_FPM_INSTALL_XDEBUG} - INSTALL_PCOV=${PHP_FPM_INSTALL_PCOV} - INSTALL_PHPDBG=${PHP_FPM_INSTALL_PHPDBG} - INSTALL_BLACKFIRE=${INSTALL_BLACKFIRE} - INSTALL_SSH2=${PHP_FPM_INSTALL_SSH2} - INSTALL_SOAP=${PHP_FPM_INSTALL_SOAP} - INSTALL_XSL=${PHP_FPM_INSTALL_XSL} - INSTALL_SMB=${PHP_FPM_INSTALL_SMB} - INSTALL_IMAP=${PHP_FPM_INSTALL_IMAP} - INSTALL_MONGO=${PHP_FPM_INSTALL_MONGO} - INSTALL_AMQP=${PHP_FPM_INSTALL_AMQP} - INSTALL_CASSANDRA=${PHP_FPM_INSTALL_CASSANDRA} - INSTALL_GEARMAN=${PHP_FPM_INSTALL_GEARMAN} - INSTALL_MSSQL=${PHP_FPM_INSTALL_MSSQL} - INSTALL_BCMATH=${PHP_FPM_INSTALL_BCMATH} - INSTALL_PHPREDIS=${PHP_FPM_INSTALL_PHPREDIS} - INSTALL_MEMCACHED=${PHP_FPM_INSTALL_MEMCACHED} - INSTALL_OPCACHE=${PHP_FPM_INSTALL_OPCACHE} - INSTALL_EXIF=${PHP_FPM_INSTALL_EXIF} - INSTALL_AEROSPIKE=${PHP_FPM_INSTALL_AEROSPIKE} - INSTALL_OCI8=${PHP_FPM_INSTALL_OCI8} - INSTALL_MYSQLI=${PHP_FPM_INSTALL_MYSQLI} - INSTALL_PGSQL=${PHP_FPM_INSTALL_PGSQL} - INSTALL_PG_CLIENT=${PHP_FPM_INSTALL_PG_CLIENT} - INSTALL_POSTGIS=${PHP_FPM_INSTALL_POSTGIS} - INSTALL_INTL=${PHP_FPM_INSTALL_INTL} - INSTALL_GHOSTSCRIPT=${PHP_FPM_INSTALL_GHOSTSCRIPT} - INSTALL_LDAP=${PHP_FPM_INSTALL_LDAP} - INSTALL_PHALCON=${PHP_FPM_INSTALL_PHALCON} - INSTALL_SWOOLE=${PHP_FPM_INSTALL_SWOOLE} - INSTALL_TAINT=${PHP_FPM_INSTALL_TAINT} - INSTALL_IMAGE_OPTIMIZERS=${PHP_FPM_INSTALL_IMAGE_OPTIMIZERS} - INSTALL_IMAGEMAGICK=${PHP_FPM_INSTALL_IMAGEMAGICK} - INSTALL_CALENDAR=${PHP_FPM_INSTALL_CALENDAR} - INSTALL_FAKETIME=${PHP_FPM_INSTALL_FAKETIME} - INSTALL_IONCUBE=${PHP_FPM_INSTALL_IONCUBE} - INSTALL_APCU=${PHP_FPM_INSTALL_APCU} - INSTALL_CACHETOOL=${PHP_FPM_INSTALL_CACHETOOL} - INSTALL_YAML=${PHP_FPM_INSTALL_YAML} - INSTALL_RDKAFKA=${PHP_FPM_INSTALL_RDKAFKA} - INSTALL_GETTEXT=${PHP_FPM_INSTALL_GETTEXT} - INSTALL_ADDITIONAL_LOCALES=${PHP_FPM_INSTALL_ADDITIONAL_LOCALES} - INSTALL_MYSQL_CLIENT=${PHP_FPM_INSTALL_MYSQL_CLIENT} - INSTALL_PING=${PHP_FPM_INSTALL_PING} - INSTALL_SSHPASS=${PHP_FPM_INSTALL_SSHPASS} - INSTALL_MAILPARSE=${PHP_FPM_INSTALL_MAILPARSE} - INSTALL_PCNTL=${PHP_FPM_INSTALL_PCNTL} - ADDITIONAL_LOCALES=${PHP_FPM_ADDITIONAL_LOCALES} - INSTALL_FFMPEG=${PHP_FPM_FFMPEG} - INSTALL_AUDIOWAVEFORM=${PHP_FPM_AUDIOWAVEFORM} - INSTALL_WKHTMLTOPDF=${PHP_FPM_INSTALL_WKHTMLTOPDF} - INSTALL_XHPROF=${PHP_FPM_INSTALL_XHPROF} - INSTALL_XMLRPC=${PHP_FPM_INSTALL_XMLRPC} - DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL=${PHP_DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL} - PUID=${PHP_FPM_PUID} - PGID=${PHP_FPM_PGID} - LOCALE=${PHP_FPM_DEFAULT_LOCALE} - http_proxy - https_proxy - no_proxy volumes: - ./php-fpm/php${PHP_VERSION}.ini:/usr/local/etc/php/php.ini - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG} - docker-in-docker:/certs/client expose: - "9000" extra_hosts: - "dockerhost:${DOCKER_HOST_IP}" environment: - PHP_IDE_CONFIG=${PHP_IDE_CONFIG} - DOCKER_HOST=tcp://docker-in-docker:2376 - DOCKER_TLS_VERIFY=1 - DOCKER_TLS_CERTDIR=/certs - DOCKER_CERT_PATH=/certs/client - FAKETIME=${PHP_FPM_FAKETIME} depends_on: - workspace networks: - backend links: - docker-in-docker ### PHP Worker ############################################ php-worker: build: context: ./php-worker args: - CHANGE_SOURCE=${CHANGE_SOURCE} - LARADOCK_PHP_VERSION=${PHP_VERSION} - PHALCON_VERSION=${PHALCON_VERSION} - INSTALL_BZ2=${PHP_WORKER_INSTALL_BZ2} - INSTALL_GD=${PHP_WORKER_INSTALL_GD} - INSTALL_IMAGEMAGICK=${PHP_WORKER_INSTALL_IMAGEMAGICK} - INSTALL_GMP=${PHP_WORKER_INSTALL_GMP} - INSTALL_PGSQL=${PHP_WORKER_INSTALL_PGSQL} - INSTALL_BCMATH=${PHP_WORKER_INSTALL_BCMATH} - INSTALL_OCI8=${PHP_WORKER_INSTALL_OCI8} - INSTALL_PHALCON=${PHP_WORKER_INSTALL_PHALCON} - INSTALL_SOAP=${PHP_WORKER_INSTALL_SOAP} - INSTALL_ZIP_ARCHIVE=${PHP_WORKER_INSTALL_ZIP_ARCHIVE} - INSTALL_MYSQL_CLIENT=${PHP_WORKER_INSTALL_MYSQL_CLIENT} - INSTALL_AMQP=${PHP_WORKER_INSTALL_AMQP} - INSTALL_CASSANDRA=${PHP_WORKER_INSTALL_CASSANDRA} - INSTALL_GEARMAN=${PHP_WORKER_INSTALL_GEARMAN} - INSTALL_GHOSTSCRIPT=${PHP_WORKER_INSTALL_GHOSTSCRIPT} - INSTALL_SWOOLE=${PHP_WORKER_INSTALL_SWOOLE} - INSTALL_TAINT=${PHP_WORKER_INSTALL_TAINT} - INSTALL_FFMPEG=${PHP_WORKER_INSTALL_FFMPEG} - INSTALL_AUDIOWAVEFORM=${PHP_WORKER_INSTALL_AUDIOWAVEFORM} - INSTALL_REDIS=${PHP_WORKER_INSTALL_REDIS} - INSTALL_IMAP=${PHP_WORKER_INSTALL_IMAP} - INSTALL_XMLRPC=${PHP_WORKER_INSTALL_XMLRPC} - PUID=${PHP_WORKER_PUID} - PGID=${PHP_WORKER_PGID} volumes: - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG} - ./php-worker/supervisord.d:/etc/supervisord.d depends_on: - workspace extra_hosts: - "dockerhost:${DOCKER_HOST_IP}" networks: - backend ### Laravel Horizon ############################################ laravel-horizon: build: context: ./laravel-horizon args: - CHANGE_SOURCE=${CHANGE_SOURCE} - LARADOCK_PHP_VERSION=${PHP_VERSION} - INSTALL_BZ2=${LARAVEL_HORIZON_INSTALL_BZ2} - INSTALL_GD=${LARAVEL_HORIZON_INSTALL_GD} - INSTALL_GMP=${LARAVEL_HORIZON_INSTALL_GMP} - INSTALL_IMAGEMAGICK=${LARAVEL_HORIZON_INSTALL_IMAGEMAGICK} - INSTALL_PGSQL=${PHP_FPM_INSTALL_PGSQL} - INSTALL_ZIP_ARCHIVE=${LARAVEL_HORIZON_INSTALL_ZIP_ARCHIVE} - INSTALL_BCMATH=${PHP_FPM_INSTALL_BCMATH} - INSTALL_MEMCACHED=${PHP_FPM_INSTALL_MEMCACHED} - INSTALL_SOCKETS=${LARAVEL_HORIZON_INSTALL_SOCKETS} - INSTALL_YAML=${LARAVEL_HORIZON_INSTALL_YAML} - INSTALL_CASSANDRA=${PHP_FPM_INSTALL_CASSANDRA} - INSTALL_PHPREDIS=${LARAVEL_HORIZON_INSTALL_PHPREDIS} - INSTALL_MONGO=${LARAVEL_HORIZON_INSTALL_MONGO} - INSTALL_FFMPEG=${LARAVEL_HORIZON_INSTALL_FFMPEG} - INSTALL_AUDIOWAVEFORM=${LARAVEL_HORIZON_INSTALL_AUDIOWAVEFORM} - PUID=${LARAVEL_HORIZON_PUID} - PGID=${LARAVEL_HORIZON_PGID} volumes: - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER} - ./laravel-horizon/supervisord.d:/etc/supervisord.d depends_on: - workspace extra_hosts: - "dockerhost:${DOCKER_HOST_IP}" networks: - backend ### NGINX Server ######################################### nginx: build: context: ./nginx args: - CHANGE_SOURCE=${CHANGE_SOURCE} - PHP_UPSTREAM_CONTAINER=${NGINX_PHP_UPSTREAM_CONTAINER} - PHP_UPSTREAM_PORT=${NGINX_PHP_UPSTREAM_PORT} - http_proxy - https_proxy - no_proxy volumes: - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG} - ${NGINX_HOST_LOG_PATH}:/var/log/nginx - ${NGINX_SITES_PATH}:/etc/nginx/sites-available - ${NGINX_SSL_PATH}:/etc/nginx/ssl ports: - "${NGINX_HOST_HTTP_PORT}:80" - "${NGINX_HOST_HTTPS_PORT}:443" - "${VARNISH_BACKEND_PORT}:81" depends_on: - php-fpm networks: - frontend - backend ### Blackfire ######################################## blackfire: image: blackfire/blackfire environment: - BLACKFIRE_SERVER_ID=${BLACKFIRE_SERVER_ID} - BLACKFIRE_SERVER_TOKEN=${BLACKFIRE_SERVER_TOKEN} depends_on: - php-fpm networks: - backend ### Apache Server ######################################## apache2: build: context: ./apache2 args: - PHP_UPSTREAM_CONTAINER=${APACHE_PHP_UPSTREAM_CONTAINER} - PHP_UPSTREAM_PORT=${APACHE_PHP_UPSTREAM_PORT} - PHP_UPSTREAM_TIMEOUT=${APACHE_PHP_UPSTREAM_TIMEOUT} - DOCUMENT_ROOT=${APACHE_DOCUMENT_ROOT} - APACHE_INSTALL_HTTP2=${APACHE_INSTALL_HTTP2} volumes: - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG} - ${APACHE_HOST_LOG_PATH}:/var/log/apache2 - ${APACHE_SITES_PATH}:/etc/apache2/sites-available ports: - "${APACHE_HOST_HTTP_PORT}:80" - "${APACHE_HOST_HTTPS_PORT}:443" depends_on: - php-fpm networks: - frontend - backend ### HHVM ################################################# hhvm: build: ./hhvm volumes: - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG} expose: - "9000" depends_on: - workspace networks: - frontend - backend ### Minio ################################################ minio: build: ./minio volumes: - ${DATA_PATH_HOST}/minio/data:/export - ${DATA_PATH_HOST}/minio/config:/root/.minio ports: - "${MINIO_PORT}:9000" environment: - MINIO_ACCESS_KEY=access - MINIO_SECRET_KEY=secretkey networks: - frontend - backend ### MySQL ################################################ mysql: build: context: ./mysql args: - MYSQL_VERSION=${MYSQL_VERSION} environment: - MYSQL_DATABASE=${MYSQL_DATABASE} - MYSQL_USER=${MYSQL_USER} - MYSQL_PASSWORD=${MYSQL_PASSWORD} - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - TZ=${WORKSPACE_TIMEZONE} volumes: - ${DATA_PATH_HOST}/mysql:/var/lib/mysql - ${MYSQL_ENTRYPOINT_INITDB}:/docker-entrypoint-initdb.d ports: - "${MYSQL_PORT}:3306" networks: - backend ### Percona ################################################ percona: build: context: ./percona environment: - MYSQL_DATABASE=${PERCONA_DATABASE} - MYSQL_USER=${PERCONA_USER} - MYSQL_PASSWORD=${PERCONA_PASSWORD} - MYSQL_ROOT_PASSWORD=${PERCONA_ROOT_PASSWORD} volumes: - ${DATA_PATH_HOST}/percona:/var/lib/mysql - ${PERCONA_ENTRYPOINT_INITDB}:/docker-entrypoint-initdb.d ports: - "${PERCONA_PORT}:3306" networks: - backend ### MSSQL ################################################ mssql: build: context: ./mssql environment: - MSSQL_PID=Express - MSSQL_DATABASE=${MSSQL_DATABASE} - SA_PASSWORD=${MSSQL_PASSWORD} - ACCEPT_EULA=Y volumes: - ${DATA_PATH_HOST}/mssql:/var/opt/mssql ports: - "${MSSQL_PORT}:1433" networks: - backend ### MariaDB ############################################## mariadb: build: context: ./mariadb args: - http_proxy - https_proxy - no_proxy - MARIADB_VERSION=${MARIADB_VERSION} volumes: - ${DATA_PATH_HOST}/mariadb:/var/lib/mysql - ${MARIADB_ENTRYPOINT_INITDB}:/docker-entrypoint-initdb.d ports: - "${MARIADB_PORT}:3306" environment: - TZ=${WORKSPACE_TIMEZONE} - MYSQL_DATABASE=${MARIADB_DATABASE} - MYSQL_USER=${MARIADB_USER} - MYSQL_PASSWORD=${MARIADB_PASSWORD} - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD} networks: - backend ### PostgreSQL ########################################### postgres: build: context: ./postgres args: - POSTGRES_VERSION=${POSTGRES_VERSION} volumes: - ${DATA_PATH_HOST}/postgres:/var/lib/postgresql/data - ${POSTGRES_ENTRYPOINT_INITDB}:/docker-entrypoint-initdb.d ports: - "${POSTGRES_PORT}:5432" environment: - POSTGRES_DB=${POSTGRES_DB} - POSTGRES_USER=${POSTGRES_USER} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - GITLAB_POSTGRES_INIT=${GITLAB_POSTGRES_INIT} - GITLAB_POSTGRES_USER=${GITLAB_POSTGRES_USER} - GITLAB_POSTGRES_PASSWORD=${GITLAB_POSTGRES_PASSWORD} - GITLAB_POSTGRES_DB=${GITLAB_POSTGRES_DB} - JUPYTERHUB_POSTGRES_INIT=${JUPYTERHUB_POSTGRES_INIT} - JUPYTERHUB_POSTGRES_USER=${JUPYTERHUB_POSTGRES_USER} - JUPYTERHUB_POSTGRES_PASSWORD=${JUPYTERHUB_POSTGRES_PASSWORD} - JUPYTERHUB_POSTGRES_DB=${JUPYTERHUB_POSTGRES_DB} - SONARQUBE_POSTGRES_INIT=${SONARQUBE_POSTGRES_INIT} - SONARQUBE_POSTGRES_DB=${SONARQUBE_POSTGRES_DB} - SONARQUBE_POSTGRES_USER=${SONARQUBE_POSTGRES_USER} - SONARQUBE_POSTGRES_PASSWORD=${SONARQUBE_POSTGRES_PASSWORD} - POSTGRES_CONFLUENCE_INIT=${CONFLUENCE_POSTGRES_INIT} - POSTGRES_CONFLUENCE_DB=${CONFLUENCE_POSTGRES_DB} - POSTGRES_CONFLUENCE_USER=${CONFLUENCE_POSTGRES_USER} - POSTGRES_CONFLUENCE_PASSWORD=${CONFLUENCE_POSTGRES_PASSWORD} networks: - backend ### PostgreSQL PostGis ################################### postgres-postgis: build: ./postgres-postgis volumes: - ${DATA_PATH_HOST}/postgres:/var/lib/postgresql/data ports: - "${POSTGRES_PORT}:5432" environment: - POSTGRES_DB=${POSTGRES_DB} - POSTGRES_USER=${POSTGRES_USER} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} networks: - backend ### Neo4j ################################################ neo4j: build: ./neo4j ports: - "7474:7474" - "1337:1337" environment: - NEO4J_AUTH=default:secret volumes: - ${DATA_PATH_HOST}/neo4j:/var/lib/neo4j/data networks: - backend ### MongoDB ############################################## mongo: build: ./mongo ports: - "${MONGODB_PORT}:27017" volumes: - ${DATA_PATH_HOST}/mongo:/data/db - ${DATA_PATH_HOST}/mongo_config:/data/configdb networks: - backend ### RethinkDB ############################################## rethinkdb: build: ./rethinkdb ports: - "${RETHINKDB_PORT}:8080" volumes: - ${DATA_PATH_HOST}/rethinkdb:/data/rethinkdb_data networks: - backend ### Redis ################################################ redis: build: ./redis volumes: - ${DATA_PATH_HOST}/redis:/data ports: - "${REDIS_PORT}:6379" networks: - backend ### Redis Cluster ########################################## redis-cluster: build: ./redis-cluster ports: - "${REDIS_CLUSTER_PORT_RANGE}:7000-7005" networks: - backend ### ZooKeeper ######################################### zookeeper: build: ./zookeeper volumes: - ${DATA_PATH_HOST}/zookeeper/data:/data - ${DATA_PATH_HOST}/zookeeper/datalog:/datalog ports: - "${ZOOKEEPER_PORT}:2181" networks: - backend ### Aerospike ########################################## aerospike: build: ./aerospike volumes: - workspace - ${DATA_PATH_HOST}/aerospike:/opt/aerospike/data ports: - "${AEROSPIKE_SERVICE_PORT}:3000" - "${AEROSPIKE_FABRIC_PORT}:3001" - "${AEROSPIKE_HEARTBEAT_PORT}:3002" - "${AEROSPIKE_INFO_PORT}:3003" environment: - STORAGE_GB=${AEROSPIKE_STORAGE_GB} - MEM_GB=${AEROSPIKE_MEM_GB} - NAMESPACE=${AEROSPIKE_NAMESPACE} networks: - backend ### Memcached ############################################ memcached: build: ./memcached volumes: - ${DATA_PATH_HOST}/memcached:/var/lib/memcached ports: - "${MEMCACHED_HOST_PORT}:11211" depends_on: - php-fpm networks: - backend ### Beanstalkd ########################################### beanstalkd: build: ./beanstalkd ports: - "${BEANSTALKD_HOST_PORT}:11300" privileged: true depends_on: - php-fpm networks: - backend ### SQS ############################################# sqs: build: ./sqs ports: - "${SQS_NODE_HOST_PORT}:9324" - "${SQS_MANAGEMENT_HTTP_HOST_PORT}:9325" privileged: true hostname: laradock-sqs volumes: - ${DATA_PATH_HOST}/sqs:/opt/custom networks: - frontend - backend ### RabbitMQ ############################################# rabbitmq: build: ./rabbitmq ports: - "${RABBITMQ_NODE_HOST_PORT}:5672" - "${RABBITMQ_MANAGEMENT_HTTP_HOST_PORT}:15672" - "${RABBITMQ_MANAGEMENT_HTTPS_HOST_PORT}:15671" privileged: true environment: - RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER} - RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS} hostname: laradock-rabbitmq volumes: - ${DATA_PATH_HOST}/rabbitmq:/var/lib/rabbitmq depends_on: - php-fpm networks: - backend ### Cassandra ############################################ cassandra: build: ./cassandra ports: - "${CASSANDRA_TRANSPORT_PORT_NUMBER}:7000" - "${CASSANDRA_JMX_PORT_NUMBER}:7199" - "${CASSANDRA_CQL_PORT_NUMBER}:9042" privileged: true environment: - CASSANDRA_VERSION=${CASSANDRA_VERSION} - CASSANDRA_TRANSPORT_PORT_NUMBER=${CASSANDRA_TRANSPORT_PORT_NUMBER} - CASSANDRA_JMX_PORT_NUMBER=${CASSANDRA_JMX_PORT_NUMBER} - CASSANDRA_CQL_PORT_NUMBER=${CASSANDRA_CQL_PORT_NUMBER} - CASSANDRA_USER=${CASSANDRA_USER} - CASSANDRA_PASSWORD_SEEDER=${CASSANDRA_PASSWORD_SEEDER} - CASSANDRA_PASSWORD=${CASSANDRA_PASSWORD} - CASSANDRA_NUM_TOKENS=${CASSANDRA_NUM_TOKENS} - CASSANDRA_HOST=${CASSANDRA_HOST} - CASSANDRA_CLUSTER_NAME=${CASSANDRA_CLUSTER_NAME} - CASSANDRA_SEEDS=${CASSANDRA_SEEDS} - CASSANDRA_ENDPOINT_SNITCH=${CASSANDRA_ENDPOINT_SNITCH} - CASSANDRA_ENABLE_RPC=${CASSANDRA_ENABLE_RPC} - CASSANDRA_DATACENTER=${CASSANDRA_DATACENTER} - CASSANDRA_RACK=${CASSANDRA_RACK} hostname: laradock-cassandra volumes: - ${DATA_PATH_HOST}/cassandra:/var/lib/cassandra depends_on: - php-fpm networks: - backend ### Gearman ############################################ gearman: build: ./gearman ports: - "${GEARMAN_PORT}:4730" privileged: true environment: - GEARMAN_VERSION=${GEARMAN_VERSION} - GEARMAN_VERBOSE=${GEARMAN_VERBOSE} - GEARMAN_QUEUE_TYPE=${GEARMAN_QUEUE_TYPE} - GEARMAN_THREADS=${GEARMAN_THREADS} - GEARMAN_BACKLOG=${GEARMAN_BACKLOG} - GEARMAN_FILE_DESCRIPTORS=${GEARMAN_FILE_DESCRIPTORS} - GEARMAN_JOB_RETRIES=${GEARMAN_JOB_RETRIES} - GEARMAN_ROUND_ROBIN=${GEARMAN_ROUND_ROBIN} - GEARMAN_WORKER_WAKEUP=${GEARMAN_WORKER_WAKEUP} - GEARMAN_KEEPALIVE=${GEARMAN_KEEPALIVE} - GEARMAN_KEEPALIVE_IDLE=${GEARMAN_KEEPALIVE_IDLE} - GEARMAN_KEEPALIVE_INTERVAL=${GEARMAN_KEEPALIVE_INTERVAL} - GEARMAN_KEEPALIVE_COUNT=${GEARMAN_KEEPALIVE_COUNT} - GEARMAN_MYSQL_HOST=${GEARMAN_MYSQL_HOST} - GEARMAN_MYSQL_PORT=${GEARMAN_MYSQL_PORT} - GEARMAN_MYSQL_USER=${GEARMAN_MYSQL_USER} - GEARMAN_MYSQL_PASSWORD=${GEARMAN_MYSQL_PASSWORD} - GEARMAN_MYSQL_PASSWORD_FILE=${GEARMAN_MYSQL_PASSWORD_FILE} - GEARMAN_MYSQL_DB=${GEARMAN_MYSQL_DB} - GEARMAN_MYSQL_TABLE=${GEARMAN_MYSQL_TABLE} hostname: laradock-gearman depends_on: - php-fpm networks: - backend ### Beanstalkd Console ################################### beanstalkd-console: build: ./beanstalkd-console ports: - "${BEANSTALKD_CONSOLE_HOST_PORT}:2080" depends_on: - beanstalkd networks: - backend ### Caddy Server ######################################### caddy: build: ./caddy volumes: - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG} - ${CADDY_CONFIG_PATH}:/etc/caddy - ${CADDY_HOST_LOG_PATH}:/var/log/caddy - ${DATA_PATH_HOST}:/root/.caddy ports: - "${CADDY_HOST_HTTP_PORT}:80" - "${CADDY_HOST_HTTPS_PORT}:443" depends_on: - php-fpm networks: - frontend - backend ### phpMyAdmin ########################################### phpmyadmin: build: ./phpmyadmin environment: - PMA_ARBITRARY=1 - MYSQL_USER=${PMA_USER} - MYSQL_PASSWORD=${PMA_PASSWORD} - MYSQL_ROOT_PASSWORD=${PMA_ROOT_PASSWORD} ports: - "${PMA_PORT}:80" depends_on: - "${PMA_DB_ENGINE}" networks: - frontend - backend ### Adminer ########################################### adminer: build: context: ./adminer args: - INSTALL_MSSQL=${ADM_INSTALL_MSSQL} environment: - ADMINER_PLUGINS=${ADM_PLUGINS} - ADMINER_DESIGN=${ADM_DESIGN} - ADMINER_DEFAULT_SERVER=${ADM_DEFAULT_SERVER} ports: - "${ADM_PORT}:8080" depends_on: - php-fpm networks: - frontend - backend ### pgAdmin ############################################## pgadmin: image: dpage/pgadmin4:latest environment: - "PGADMIN_DEFAULT_EMAIL=${PGADMIN_DEFAULT_EMAIL}" - "PGADMIN_DEFAULT_PASSWORD=${PGADMIN_DEFAULT_PASSWORD}" ports: - "${PGADMIN_PORT}:80" volumes: - ${DATA_PATH_HOST}/pgadmin:/var/lib/pgadmin depends_on: - postgres networks: - frontend - backend ### MeiliSearch ########################################## meilisearch: image: getmeili/meilisearch:latest volumes: - ${DATA_PATH_HOST}/meilisearch:/var/lib/meilisearch ports: - "${MEILISEARCH_HOST_PORT}:7700" networks: - frontend - backend ### ElasticSearch ######################################## elasticsearch: build: context: ./elasticsearch args: - ELK_VERSION=${ELK_VERSION} volumes: - elasticsearch:/usr/share/elasticsearch/data environment: - cluster.name=laradock-cluster - node.name=laradock-node - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - cluster.initial_master_nodes=laradock-node ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 ports: - "${ELASTICSEARCH_HOST_HTTP_PORT}:9200" - "${ELASTICSEARCH_HOST_TRANSPORT_PORT}:9300" depends_on: - php-fpm networks: - frontend - backend ### Logstash ############################################## logstash: build: context: ./logstash args: - ELK_VERSION=${ELK_VERSION} volumes: - './logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml' - './logstash/pipeline:/usr/share/logstash/pipeline' ports: - '5001:5001' environment: LS_JAVA_OPTS: '-Xmx1g -Xms1g' env_file: - .env networks: - frontend - backend depends_on: - elasticsearch ### Kibana ############################################## kibana: build: context: ./kibana args: - ELK_VERSION=${ELK_VERSION} ports: - "${KIBANA_HTTP_PORT}:5601" depends_on: - elasticsearch networks: - frontend - backend ### Dejavu ############################################## dejavu: build: context: ./dejavu ports: - "${DEJAVU_HTTP_PORT}:1358" depends_on: - elasticsearch networks: - frontend - backend ### Certbot ######################################### certbot: build: context: ./certbot volumes: - ./data/certbot/certs/:/var/certs - ./certbot/letsencrypt/:/var/www/letsencrypt environment: - CN="fake.domain.com" - EMAIL="fake.email@gmail.com" networks: - frontend ### MailCatcher ################################################ mailcatcher: build: ./mailcatcher ports: - "1025:1025" - "1080:1080" networks: - frontend - backend ### Mailhog ################################################ mailhog: build: ./mailhog ports: - "1025:1025" - "8025:8025" networks: - frontend - backend ### MailDev ############################################## maildev: build: ./maildev ports: - "${MAILDEV_HTTP_PORT}:80" - "${MAILDEV_SMTP_PORT}:25" networks: - frontend - backend ### Selenium ############################################### selenium: build: ./selenium ports: - "${SELENIUM_PORT}:4444" volumes: - /dev/shm:/dev/shm networks: - frontend ### Varnish ########################################## proxy: container_name: proxy build: ./varnish expose: - ${VARNISH_PORT} environment: - VARNISH_CONFIG=${VARNISH_CONFIG} - CACHE_SIZE=${VARNISH_PROXY1_CACHE_SIZE} - VARNISHD_PARAMS=${VARNISHD_PARAMS} - VARNISH_PORT=${VARNISH_PORT} - BACKEND_HOST=${VARNISH_PROXY1_BACKEND_HOST} - BACKEND_PORT=${VARNISH_BACKEND_PORT} - VARNISH_SERVER=${VARNISH_PROXY1_SERVER} ports: - "${VARNISH_PORT}:${VARNISH_PORT}" links: - workspace networks: - frontend proxy2: container_name: proxy2 build: ./varnish expose: - ${VARNISH_PORT} environment: - VARNISH_CONFIG=${VARNISH_CONFIG} - CACHE_SIZE=${VARNISH_PROXY2_CACHE_SIZE} - VARNISHD_PARAMS=${VARNISHD_PARAMS} - VARNISH_PORT=${VARNISH_PORT} - BACKEND_HOST=${VARNISH_PROXY2_BACKEND_HOST} - BACKEND_PORT=${VARNISH_BACKEND_PORT} - VARNISH_SERVER=${VARNISH_PROXY2_SERVER} ports: - "${VARNISH_PORT}:${VARNISH_PORT}" links: - workspace networks: - frontend ### HAProxy #################################### haproxy: build: ./haproxy ports: - "${HAPROXY_HOST_HTTP_PORT}:8085" volumes: - /var/run/docker.sock:/var/run/docker.sock links: - proxy - proxy2 ### Jenkins ################################################### jenkins: build: ./jenkins environment: JAVA_OPTS: "-Djava.awt.headless=true" ports: - "${JENKINS_HOST_SLAVE_AGENT_PORT}:50000" - "${JENKINS_HOST_HTTP_PORT}:8080" privileged: true volumes: - ${JENKINS_HOME}:/var/jenkins_home - /var/run/docker.sock:/var/run/docker.sock networks: - frontend - backend ### Grafana ################################################ grafana: build: context: ./grafana volumes: - ${DATA_PATH_HOST}/grafana:/var/lib/grafana ports: - "${GRAFANA_PORT}:3000" networks: - backend ### Graylog ####################################### graylog: build: ./graylog environment: - GRAYLOG_PASSWORD_SECRET=${GRAYLOG_PASSWORD} - GRAYLOG_ROOT_PASSWORD_SHA2=${GRAYLOG_SHA256_PASSWORD} - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:${GRAYLOG_PORT}/ links: - mongo - elasticsearch depends_on: - mongo - elasticsearch ports: # Graylog web interface and REST API - ${GRAYLOG_PORT}:9000 # Syslog TCP - ${GRAYLOG_SYSLOG_TCP_PORT}:514 # Syslog UDP - ${GRAYLOG_SYSLOG_UDP_PORT}:514/udp # GELF TCP - ${GRAYLOG_GELF_TCP_PORT}:12201 # GELF UDP - ${GRAYLOG_GELF_UDP_PORT}:12201/udp user: graylog volumes: - ${DATA_PATH_HOST}/graylog:/usr/share/graylog/data networks: - backend ### Laravel Echo Server ####################################### laravel-echo-server: build: context: ./laravel-echo-server args: - CHANGE_SOURCE=${CHANGE_SOURCE} volumes: - ./laravel-echo-server/laravel-echo-server.json:/app/laravel-echo-server.json:ro ports: - "${LARAVEL_ECHO_SERVER_PORT}:6001" links: - redis networks: - frontend - backend ### Solr ################################################ solr: build: context: ./solr args: - SOLR_VERSION=${SOLR_VERSION} - SOLR_DATAIMPORTHANDLER_MYSQL=${SOLR_DATAIMPORTHANDLER_MYSQL} - SOLR_DATAIMPORTHANDLER_MSSQL=${SOLR_DATAIMPORTHANDLER_MSSQL} volumes: - ${DATA_PATH_HOST}/solr:/opt/solr/server/solr/mycores ports: - "${SOLR_PORT}:8983" networks: - backend ### Thumbor ######################################### thumbor: build: ./thumbor volumes: - ${DATA_PATH_HOST}/thumbor/data:/data - ${DATA_PATH_HOST}/thumbor/data:/logs ports: - "${THUMBOR_PORT}:8000" environment: - THUMBOR_LOG_FORMAT=${THUMBOR_LOG_FORMAT} - THUMBOR_LOG_DATE_FORMAT=${THUMBOR_LOG_DATE_FORMAT} - MAX_WIDTH=${MAX_WIDTH} - MAX_HEIGHT=${MAX_HEIGHT} - MIN_WIDTH=${MIN_WIDTH} - MIN_HEIGHT=${MIN_HEIGHT} - ALLOWED_SOURCES=${ALLOWED_SOURCES} - QUALITY=${QUALITY} - WEBP_QUALITY=${WEBP_QUALITY} - PNG_COMPRESSION_LEVEL=${PNG_COMPRESSION_LEVEL} - AUTO_WEBP=${AUTO_WEBP} - MAX_AGE=${MAX_AGE} - MAX_AGE_TEMP_IMAGE=${MAX_AGE_TEMP_IMAGE} - RESPECT_ORIENTATION=${RESPECT_ORIENTATION} - IGNORE_SMART_ERRORS=${IGNORE_SMART_ERRORS} - PRESERVE_EXIF_INFO=${PRESERVE_EXIF_INFO} - ALLOW_ANIMATED_GIFS=${ALLOW_ANIMATED_GIFS} - USE_GIFSICLE_ENGINE=${USE_GIFSICLE_ENGINE} - USE_BLACKLIST=${USE_BLACKLIST} - LOADER=${LOADER} - STORAGE=${STORAGE} - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} - RESULT_STORAGE=${RESULT_STORAGE} - ENGINE=${ENGINE} - SECURITY_KEY=${SECURITY_KEY} - ALLOW_UNSAFE_URL=${ALLOW_UNSAFE_URL} - ALLOW_OLD_URLS=${ALLOW_OLD_URLS} - FILE_LOADER_ROOT_PATH=${FILE_LOADER_ROOT_PATH} - HTTP_LOADER_CONNECT_TIMEOUT=${HTTP_LOADER_CONNECT_TIMEOUT} - HTTP_LOADER_REQUEST_TIMEOUT=${HTTP_LOADER_REQUEST_TIMEOUT} - HTTP_LOADER_FOLLOW_REDIRECTS=${HTTP_LOADER_FOLLOW_REDIRECTS} - HTTP_LOADER_MAX_REDIRECTS=${HTTP_LOADER_MAX_REDIRECTS} - HTTP_LOADER_FORWARD_USER_AGENT=${HTTP_LOADER_FORWARD_USER_AGENT} - HTTP_LOADER_DEFAULT_USER_AGENT=${HTTP_LOADER_DEFAULT_USER_AGENT} - HTTP_LOADER_PROXY_HOST=${HTTP_LOADER_PROXY_HOST} - HTTP_LOADER_PROXY_PORT=${HTTP_LOADER_PROXY_PORT} - HTTP_LOADER_PROXY_USERNAME=${HTTP_LOADER_PROXY_USERNAME} - HTTP_LOADER_PROXY_PASSWORD=${HTTP_LOADER_PROXY_PASSWORD} - HTTP_LOADER_CA_CERTS=${HTTP_LOADER_CA_CERTS} - HTTP_LOADER_VALIDATE_CERTS=${HTTP_LOADER_VALIDATE_CERTS} - HTTP_LOADER_CLIENT_KEY=${HTTP_LOADER_CLIENT_KEY} - HTTP_LOADER_CLIENT_CERT=${HTTP_LOADER_CLIENT_CERT} - HTTP_LOADER_CURL_ASYNC_HTTP_CLIENT=${HTTP_LOADER_CURL_ASYNC_HTTP_CLIENT} - STORAGE_EXPIRATION_SECONDS=${STORAGE_EXPIRATION_SECONDS} - STORES_CRYPTO_KEY_FOR_EACH_IMAGE=${STORES_CRYPTO_KEY_FOR_EACH_IMAGE} - FILE_STORAGE_ROOT_PATH=${FILE_STORAGE_ROOT_PATH} - UPLOAD_MAX_SIZE=${UPLOAD_MAX_SIZE} - UPLOAD_ENABLED=${UPLOAD_ENABLED} - UPLOAD_PHOTO_STORAGE=${UPLOAD_PHOTO_STORAGE} - UPLOAD_DELETE_ALLOWED=${UPLOAD_DELETE_ALLOWED} - UPLOAD_PUT_ALLOWED=${UPLOAD_PUT_ALLOWED} - UPLOAD_DEFAULT_FILENAME=${UPLOAD_DEFAULT_FILENAME} - MONGO_STORAGE_SERVER_HOST=${MONGO_STORAGE_SERVER_HOST} - MONGO_STORAGE_SERVER_PORT=${MONGO_STORAGE_SERVER_PORT} - MONGO_STORAGE_SERVER_DB=${MONGO_STORAGE_SERVER_DB} - MONGO_STORAGE_SERVER_COLLECTION=${MONGO_STORAGE_SERVER_COLLECTION} - REDIS_STORAGE_SERVER_HOST=${REDIS_STORAGE_SERVER_HOST} - REDIS_STORAGE_SERVER_PORT=${REDIS_STORAGE_SERVER_PORT} - REDIS_STORAGE_SERVER_DB=${REDIS_STORAGE_SERVER_DB} - REDIS_STORAGE_SERVER_PASSWORD=${REDIS_STORAGE_SERVER_PASSWORD} - REDIS_RESULT_STORAGE_SERVER_HOST=${REDIS_RESULT_STORAGE_SERVER_HOST} - REDIS_RESULT_STORAGE_SERVER_PORT=${REDIS_RESULT_STORAGE_SERVER_PORT} - REDIS_RESULT_STORAGE_SERVER_DB=${REDIS_RESULT_STORAGE_SERVER_DB} - REDIS_RESULT_STORAGE_SERVER_PASSWORD=${REDIS_RESULT_STORAGE_SERVER_PASSWORD} - MEMCACHE_STORAGE_SERVERS=${MEMCACHE_STORAGE_SERVERS} - MIXED_STORAGE_FILE_STORAGE=${MIXED_STORAGE_FILE_STORAGE} - MIXED_STORAGE_CRYPTO_STORAGE=${MIXED_STORAGE_CRYPTO_STORAGE} - MIXED_STORAGE_DETECTOR_STORAGE=${MIXED_STORAGE_DETECTOR_STORAGE} - META_CALLBACK_NAME=${META_CALLBACK_NAME} - DETECTORS=${DETECTORS} - FACE_DETECTOR_CASCADE_FILE=${FACE_DETECTOR_CASCADE_FILE} - OPTIMIZERS=${OPTIMIZERS} - JPEGTRAN_PATH=${JPEGTRAN_PATH} - PROGRESSIVE_JPEG=${PROGRESSIVE_JPEG} - RESULT_STORAGE_EXPIRATION_SECONDS=${RESULT_STORAGE_EXPIRATION_SECONDS} - RESULT_STORAGE_FILE_STORAGE_ROOT_PATH=${RESULT_STORAGE_FILE_STORAGE_ROOT_PATH} - RESULT_STORAGE_STORES_UNSAFE=${RESULT_STORAGE_STORES_UNSAFE} - REDIS_QUEUE_SERVER_HOST=${REDIS_QUEUE_SERVER_HOST} - REDIS_QUEUE_SERVER_PORT=${REDIS_QUEUE_SERVER_PORT} - REDIS_QUEUE_SERVER_DB=${REDIS_QUEUE_SERVER_DB} - REDIS_QUEUE_SERVER_PASSWORD=${REDIS_QUEUE_SERVER_PASSWORD} - SQS_QUEUE_KEY_ID=${SQS_QUEUE_KEY_ID} - SQS_QUEUE_KEY_SECRET=${SQS_QUEUE_KEY_SECRET} - SQS_QUEUE_REGION=${SQS_QUEUE_REGION} - USE_CUSTOM_ERROR_HANDLING=${USE_CUSTOM_ERROR_HANDLING} - ERROR_HANDLER_MODULE=${ERROR_HANDLER_MODULE} - ERROR_FILE_LOGGER=${ERROR_FILE_LOGGER} - ERROR_FILE_NAME_USE_CONTEXT=${ERROR_FILE_NAME_USE_CONTEXT} - SENTRY_DSN_URL=${SENTRY_DSN_URL} - TC_AWS_REGION=${TC_AWS_REGION} - TC_AWS_ENDPOINT=${TC_AWS_ENDPOINT} - TC_AWS_STORAGE_BUCKET=${TC_AWS_STORAGE_BUCKET} - TC_AWS_STORAGE_ROOT_PATH=${TC_AWS_STORAGE_ROOT_PATH} - TC_AWS_LOADER_BUCKET=${TC_AWS_LOADER_BUCKET} - TC_AWS_LOADER_ROOT_PATH=${TC_AWS_LOADER_ROOT_PATH} - TC_AWS_RESULT_STORAGE_BUCKET=${TC_AWS_RESULT_STORAGE_BUCKET} - TC_AWS_RESULT_STORAGE_ROOT_PATH=${TC_AWS_RESULT_STORAGE_ROOT_PATH} - TC_AWS_STORAGE_SSE=${TC_AWS_STORAGE_SSE} - TC_AWS_STORAGE_RRS=${TC_AWS_STORAGE_RRS} - TC_AWS_ENABLE_HTTP_LOADER=${TC_AWS_ENABLE_HTTP_LOADER} - TC_AWS_ALLOWED_BUCKETS=${TC_AWS_ALLOWED_BUCKETS} - TC_AWS_STORE_METADATA=${TC_AWS_STORE_METADATA} networks: - frontend - backend ### AWS EB-CLI ################################################ aws: build: context: ./aws-eb-cli volumes: - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG} depends_on: - workspace tty: true ### Portainer ################################################ portainer: build: context: ./portainer volumes: - ${DATA_PATH_HOST}/portainer_data:/data - /var/run/docker.sock:/var/run/docker.sock extra_hosts: - "dockerhost:${DOCKER_HOST_IP}" ports: - 9010:9000 networks: - backend ### Gitlab ################################################ gitlab: build: context: ./gitlab environment: GITLAB_OMNIBUS_CONFIG: | external_url '${GITLAB_DOMAIN_NAME}' redis['enable'] = false nginx['listen_https'] = false nginx['listen_port'] = 80 nginx['custom_gitlab_server_config'] = "set_real_ip_from 172.0.0.0/8;\nreal_ip_header X-Real-IP;\nreal_ip_recursive on;" postgresql['enable'] = false gitlab_rails['trusted_proxies'] = ['caddy','nginx','apache2'] gitlab_rails['redis_host'] = 'redis' gitlab_rails['redis_database'] = 8 gitlab_rails['db_host'] = '${GITLAB_POSTGRES_HOST}' gitlab_rails['db_username'] = '${GITLAB_POSTGRES_USER}' gitlab_rails['db_password'] = '${GITLAB_POSTGRES_PASSWORD}' gitlab_rails['db_database'] = '${GITLAB_POSTGRES_DB}' gitlab_rails['initial_root_password'] = '${GITLAB_ROOT_PASSWORD}' gitlab_rails['gitlab_shell_ssh_port'] = ${GITLAB_HOST_SSH_PORT} volumes: - ${DATA_PATH_HOST}/gitlab/config:/etc/gitlab - ${DATA_PATH_HOST}/gitlab/data:/var/opt/gitlab - ${GITLAB_HOST_LOG_PATH}:/var/log/gitlab ports: - "${GITLAB_HOST_HTTP_PORT}:80" - "${GITLAB_HOST_HTTPS_PORT}:443" - "${GITLAB_HOST_SSH_PORT}:22" networks: - backend depends_on: - redis - postgres gitlab-runner: image: gitlab/gitlab-runner:latest environment: - CI_SERVER_URL=${GITLAB_CI_SERVER_URL} - REGISTRATION_TOKEN=${GITLAB_RUNNER_REGISTRATION_TOKEN} - RUNNER_NAME=${COMPOSE_PROJECT_NAME}-runner - REGISTER_NON_INTERACTIVE=${GITLAB_REGISTER_NON_INTERACTIVE} - RUNNER_EXECUTOR=shell volumes: - ${DATA_PATH_HOST}/gitlab/runner:/etc/gitlab-runner - /var/run/docker.sock:/var/run/docker.sock:rw ### JupyterHub ######################################### jupyterhub: build: context: ./jupyterhub depends_on: - postgres - jupyterhub-user volumes: - /var/run/docker.sock:/var/run/docker.sock:rw - ${DATA_PATH_HOST}/jupyterhub/:/data - ${JUPYTERHUB_CUSTOM_CONFIG}:/jupyterhub_config.py - ${JUPYTERHUB_USER_DATA}:/user-data - ${JUPYTERHUB_USER_LIST}:/userlist networks: - backend ports: - "${JUPYTERHUB_PORT}:80" environment: - TERM=xterm - JUPYTERHUB_USER_DATA=${JUPYTERHUB_USER_DATA} - JUPYTERHUB_POSTGRES_DB=${JUPYTERHUB_POSTGRES_DB} - JUPYTERHUB_POSTGRES_USER=${JUPYTERHUB_POSTGRES_USER} - JUPYTERHUB_POSTGRES_HOST=${JUPYTERHUB_POSTGRES_HOST} - JUPYTERHUB_POSTGRES_PASSWORD=${JUPYTERHUB_POSTGRES_PASSWORD} - JUPYTERHUB_OAUTH_CALLBACK_URL=${JUPYTERHUB_OAUTH_CALLBACK_URL} - JUPYTERHUB_OAUTH_CLIENT_ID=${JUPYTERHUB_OAUTH_CLIENT_ID} - JUPYTERHUB_OAUTH_CLIENT_SECRET=${JUPYTERHUB_OAUTH_CLIENT_SECRET} - JUPYTERHUB_LOCAL_NOTEBOOK_IMAGE=${COMPOSE_PROJECT_NAME}_jupyterhub-user - JUPYTERHUB_ENABLE_NVIDIA=${JUPYTERHUB_ENABLE_NVIDIA} jupyterhub-user: build: context: ./jupyterhub dockerfile: Dockerfile.user command: ["sh", "-c", "echo \"build only\""] ### IPython ######################################### ipython-controller: build: context: ./ipython dockerfile: Dockerfile.controller networks: - backend extra_hosts: - "laradock-ipython:${LARADOCK_IPYTHON_CONTROLLER_IP}" ports: - "33327-33338:33327-33338" ipython-engine: build: context: ./ipython dockerfile: Dockerfile.engine networks: - backend extra_hosts: - "laradock-ipython:${LARADOCK_IPYTHON_CONTROLLER_IP}" ### Docker-in-Docker ################################################ docker-in-docker: image: docker:19.03-dind environment: DOCKER_TLS_SAN: DNS:docker-in-docker privileged: true volumes: - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER} - docker-in-docker:/certs/client expose: - 2375 networks: - backend ### NetData ################################################ netdata: image: netdata/netdata:latest cap_add: - SYS_PTRACE volumes: - /proc:/host/proc:ro - /sys:/host/sys:ro - /var/run/docker.sock:/var/run/docker.sock:ro ports: - "${NETDATA_PORT}:19999" networks: - backend ### REDISWEBUI ################################################ redis-webui: build: context: ./redis-webui environment: - ADMIN_USER=${REDIS_WEBUI_USERNAME} - ADMIN_PASS=${REDIS_WEBUI_PASSWORD} - REDIS_1_HOST=${REDIS_WEBUI_CONNECT_HOST} - REDIS_1_PORT=${REDIS_WEBUI_CONNECT_PORT} networks: - backend ports: - "${REDIS_WEBUI_PORT}:80" depends_on: - redis ### MongoWebUI ################################################ mongo-webui: build: context: ./mongo-webui environment: - ROOT_URL=${MONGO_WEBUI_ROOT_URL} - MONGO_URL=${MONGO_WEBUI_MONGO_URL} - INSTALL_MONGO=${MONGO_WEBUI_INSTALL_MONGO} volumes: - ${DATA_PATH_HOST}/mongo-webui:/data/db ports: - "${MONGO_WEBUI_PORT}:3000" networks: - backend depends_on: - mongo ### Metabase ################################################# metabase: image: metabase/metabase:latest environment: - MB_DB_FILE=/metabase-data/${METABASE_DB_FILE} ports: - ${METABASE_PORT}:3000 volumes: - ${DATA_PATH_HOST}/metabase-data:/metabase-data networks: - backend ### IDE-THEIA ################################################ ide-theia: build: context: ./ide-theia volumes: - ${APP_CODE_PATH_HOST}:/home/project ports: - "${IDE_THEIA_PORT}:3000" networks: - backend ### IDE-WEBIDE ################################################ ide-webide: build: context: ./ide-webide volumes: - ${DATA_PATH_HOST}/ide/webide/ide.db:/root/.coding-ide/ide.db ports: - "${IDE_WEBIDE_PORT}:8080" networks: - backend ### IDE-CODIAD ################################################ ide-codiad: build: context: ./ide-codiad environment: - APP_CODE_PATH_CONTAINER=${APP_CODE_PATH_CONTAINER} - TZ=${WORKSPACE_TIMEZONE} - PGID=1000 - PUID=1000 volumes: - /etc/localtime:/etc/localtime:ro - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER} - ${DATA_PATH_HOST}/ide/codiad:/config ports: - "${IDE_CODIAD_PORT}:80" networks: - backend ### IDE-ICECODER ################################################ ide-icecoder: build: context: ./ide-icecoder environment: - DOCUMENT_ROOT=${APP_CODE_PATH_CONTAINER} - TZ=${WORKSPACE_TIMEZONE} - PGID=1000 - PUID=1000 volumes: - /etc/localtime:/etc/localtime:ro - ${APP_CODE_PATH_HOST}:/home/laradock/ICEcoder/dev ports: - "${IDE_ICECODER_PORT}:8080" networks: - backend ### DOCKER-REGISTRY ################################################ docker-registry: build: context: ./docker-registry volumes: - /etc/localtime:/etc/localtime:ro - ${DATA_PATH_HOST}/docker-registry:/var/lib/registry ports: - "${DOCKER_REGISTRY_PORT}:5000" networks: - backend ### DOCKER-WEB-UI ################################################ docker-web-ui: build: context: ./docker-web-ui environment: - TZ=${WORKSPACE_TIMEZONE} - ENV_DOCKER_REGISTRY_HOST=${DOCKER_WEBUI_REGISTRY_HOST} - ENV_DOCKER_REGISTRY_PORT=${DOCKER_WEBUI_REGISTRY_PORT} - ENV_DOCKER_REGISTRY_USE_SSL=${DOCKER_REGISTRY_USE_SSL} - ENV_MODE_BROWSE_ONLY=${DOCKER_REGISTRY_BROWSE_ONLY} volumes: - /etc/localtime:/etc/localtime:ro ports: - "${DOCKER_WEBUI_PORT}:80" networks: - frontend - backend ### MAILU ################################################ mailu: image: mailu/admin:${MAILU_VERSION} volumes: - "${DATA_PATH_HOST}/mailu/data:/data" - "${DATA_PATH_HOST}/mailu/dkim:/dkim" - "${DATA_PATH_HOST}/mailu/webmail:/webmail" - /var/run/docker.sock:/var/run/docker.sock:ro depends_on: - mailu-front - mailu-imap - mailu-smtp - mailu-antispam - mailu-antivirus - mailu-webdav - mailu-admin - mailu-webmail - mailu-fetchmail command: ["sh", "-c", "echo ${MAILU_INIT_ADMIN_USERNAME}@${MAILU_DOMAIN} ${MAILU_INIT_ADMIN_PASSWORD} ;python manage.py advertise ; python manage.py db upgrade ; python manage.py admin ${MAILU_INIT_ADMIN_USERNAME} ${MAILU_DOMAIN} ${MAILU_INIT_ADMIN_PASSWORD} || true;sed -i -- \"s/= Off/= On/g\" /webmail/_data_/_default_/configs/config.ini || true;if grep -Fq \"registration_link_url\" /webmail/_data_/_default_/configs/config.ini;then echo Already set!;else echo \"\" >> /webmail/_data_/_default_/configs/config.ini; echo \"[login]\" >> /webmail/_data_/_default_/configs/config.ini;echo \"registration_link_url = '${MAILU_WEBSITE}${MAILU_WEB_ADMIN}/ui/user/signup'\" >> /webmail/_data_/_default_/configs/config.ini;fi"] networks: - backend mailu-front: image: mailu/nginx:${MAILU_VERSION} environment: - ADMIN=${MAILU_ADMIN} - WEB_ADMIN=${MAILU_WEB_ADMIN} - WEB_WEBMAIL=${MAILU_WEB_WEBMAIL} - WEBDAV=${MAILU_WEBDAV} - HOSTNAMES=${MAILU_HOSTNAMES} - TLS_FLAVOR=${MAILU_TLS_FLAVOR} - MESSAGE_SIZE_LIMIT=${MAILU_MESSAGE_SIZE_LIMIT} ports: - "${MAILU_HTTP_PORT}:80" - "${MAILU_HTTPS_PORT}:443" - "110:110" - "143:143" - "993:993" - "995:995" - "25:25" - "465:465" - "587:587" volumes: - "${DATA_PATH_HOST}/mailu/certs:/certs" networks: backend: aliases: - front mailu-imap: image: mailu/dovecot:${MAILU_VERSION} environment: - DOMAIN=${MAILU_DOMAIN} - HOSTNAMES=${MAILU_HOSTNAMES} - POSTMASTER=${MAILU_POSTMASTER} - WEBMAIL=${MAILU_WEBMAIL} - RECIPIENT_DELIMITER=${MAILU_RECIPIENT_DELIMITER} volumes: - "${DATA_PATH_HOST}/mailu/data:/data" - "${DATA_PATH_HOST}/mailu/mail:/mail" - "${DATA_PATH_HOST}/mailu/overrides:/overrides" depends_on: - mailu-front networks: backend: aliases: - imap mailu-smtp: image: mailu/postfix:${MAILU_VERSION} environment: - DOMAIN=${MAILU_DOMAIN} - HOSTNAMES=${MAILU_HOSTNAMES} - RELAYHOST=${MAILU_RELAYHOST} - RELAYNETS=${MAILU_RELAYNETS} - RECIPIENT_DELIMITER=${MAILU_RECIPIENT_DELIMITER} - MESSAGE_SIZE_LIMIT=${MAILU_MESSAGE_SIZE_LIMIT} volumes: - "${DATA_PATH_HOST}/mailu/data:/data" - "${DATA_PATH_HOST}/mailu/overrides:/overrides" depends_on: - mailu-front networks: backend: aliases: - smtp mailu-antispam: image: mailu/rspamd:${MAILU_VERSION} volumes: - "${DATA_PATH_HOST}/mailu/filter:/var/lib/rspamd" - "${DATA_PATH_HOST}/mailu/dkim:/dkim" - "${DATA_PATH_HOST}/mailu/overrides/rspamd:/etc/rspamd/override.d" depends_on: - mailu-front networks: backend: aliases: - antispam mailu-antivirus: image: mailu/clamav:${MAILU_VERSION} volumes: - "${DATA_PATH_HOST}/mailu/filter:/data" networks: backend: aliases: - antivirus mailu-webdav: image: mailu/${MAILU_WEBDAV}:${MAILU_VERSION} volumes: - "${DATA_PATH_HOST}/mailu/dav:/data" networks: backend: aliases: - webdav mailu-admin: image: mailu/admin:${MAILU_VERSION} environment: - DOMAIN=${MAILU_DOMAIN} - HOSTNAMES=${MAILU_HOSTNAMES} - POSTMASTER=${MAILU_POSTMASTER} - SECRET_KEY=${MAILU_SECRET_KEY} - AUTH_RATELIMIT=${MAILU_AUTH_RATELIMIT} - TLS_FLAVOR=${MAILU_TLS_FLAVOR} - DISABLE_STATISTICS=${MAILU_DISABLE_STATISTICS} - DMARC_RUA=${MAILU_DMARC_RUA} - DMARC_RUF=${MAILU_DMARC_RUF} - WELCOME=${MAILU_WELCOME} - WELCOME_SUBJECT=${MAILU_WELCOME_SUBJECT} - WELCOME_BODY=${MAILU_WELCOME_BODY} - WEB_ADMIN=${MAILU_WEB_ADMIN} - WEB_WEBMAIL=${MAILU_WEB_WEBMAIL} - WEBSITE=${MAILU_WEBSITE} - WEBMAIL=${MAILU_WEBMAIL} - SITENAME=${MAILU_SITENAME} - PASSWORD_SCHEME=${MAILU_PASSWORD_SCHEME} - RECAPTCHA_PUBLIC_KEY=${MAILU_RECAPTCHA_PUBLIC_KEY} - RECAPTCHA_PRIVATE_KEY=${MAILU_RECAPTCHA_PRIVATE_KEY} volumes: - "${DATA_PATH_HOST}/mailu/data:/data" - "${DATA_PATH_HOST}/mailu/dkim:/dkim" - /var/run/docker.sock:/var/run/docker.sock:ro depends_on: - redis networks: backend: aliases: - admin mailu-webmail: image: "mailu/${MAILU_WEBMAIL}:${MAILU_VERSION}" volumes: - "${DATA_PATH_HOST}/mailu/webmail:/data" networks: backend: aliases: - webmail mailu-fetchmail: image: mailu/fetchmail:${MAILU_VERSION} environment: - FETCHMAIL_DELAY=${MAILU_FETCHMAIL_DELAY} volumes: - "${DATA_PATH_HOST}/mailu/data:/data" networks: backend: aliases: - fetchmail ### TRAEFIK ######################################### traefik: build: context: ./traefik volumes: - /var/run/docker.sock:/var/run/docker.sock - ./traefik/data:/data command: - "--api" - "--providers.docker.exposedbydefault=false" - "--accesslog.filepath=/data/access.log" # entrypoints - "--entrypoints.http.address=:${TRAEFIK_HOST_HTTP_PORT}" - "--entrypoints.http.http.redirections.entrypoint.to=https" - "--entrypoints.https.address=:${TRAEFIK_HOST_HTTPS_PORT}" - "--entrypoints.traefik.address=:${TRAEFIK_DASHBOARD_PORT}" # certificatesresolvers - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}" - "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json" - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http" ports: - "${TRAEFIK_HOST_HTTP_PORT}:${TRAEFIK_HOST_HTTP_PORT}" - "${TRAEFIK_HOST_HTTPS_PORT}:${TRAEFIK_HOST_HTTPS_PORT}" - "${TRAEFIK_DASHBOARD_PORT}:${TRAEFIK_DASHBOARD_PORT}" networks: - frontend - backend labels: - "traefik.enable=true" - "traefik.http.routers.traefik.rule=Host(`${ACME_DOMAIN}`)" - "traefik.http.routers.traefik.entrypoints=traefik" - "traefik.http.routers.traefik.service=api@internal" - "traefik.http.routers.traefik.middlewares=access-auth" - "traefik.http.routers.traefik.tls.certresolver=letsencrypt" - "traefik.http.middlewares.access-auth.basicauth.realm=Login Required" - "traefik.http.middlewares.access-auth.basicauth.users=${TRAEFIK_DASHBOARD_USER}" ### MOSQUITTO Broker ######################################### mosquitto: build: context: ./mosquitto volumes: - ${DATA_PATH_HOST}/mosquitto/data:/mosquitto/data ports: - "${MOSQUITTO_PORT}:9001" networks: - frontend - backend ### COUCHDB ################################################### couchdb: build: context: ./couchdb volumes: - ${DATA_PATH_HOST}/couchdb/data:/opt/couchdb/data ports: - "${COUCHDB_PORT}:5984" networks: - backend ### Manticore Search ########################################### manticore: build: context: ./manticore volumes: - ${MANTICORE_CONFIG_PATH}:/etc/sphinxsearch - ${DATA_PATH_HOST}/manticore/data:/var/lib/manticore/data - ${DATA_PATH_HOST}/manticore/log:/var/log/manticore ports: - "${MANTICORE_API_PORT}:9312" - "${MANTICORE_SPHINXQL_PORT}:9306" - "${MANTICORE_HTTP_PORT}:9308" networks: - backend ### SONARQUBE ################################################ sonarqube: build: context: ./sonarqube hostname: "${SONARQUBE_HOSTNAME}" volumes: - ${DATA_PATH_HOST}/sonarqube/conf:/opt/sonarqube/conf - ${DATA_PATH_HOST}/sonarqube/data:/opt/sonarqube/data - ${DATA_PATH_HOST}/sonarqube/logs:/opt/sonarqube/logs - ${DATA_PATH_HOST}/sonarqube/extensions:/opt/sonarqube/extensions - ${DATA_PATH_HOST}/sonarqube/plugins:/opt/sonarqube/lib/bundled-plugins ports: - ${SONARQUBE_PORT}:9000 depends_on: - postgres environment: - sonar.jdbc.username=${SONARQUBE_POSTGRES_USER} - sonar.jdbc.password=${SONARQUBE_POSTGRES_PASSWORD} - sonar.jdbc.url=jdbc:postgresql://${SONARQUBE_POSTGRES_HOST}:5432/${SONARQUBE_POSTGRES_DB} networks: - backend - frontend ### CONFLUENCE ################################################ confluence: container_name: Confluence image: atlassian/confluence-server:${CONFLUENCE_VERSION} restart: always ports: - "${CONFLUENCE_HOST_HTTP_PORT}:8090" networks: - frontend - backend depends_on: - postgres volumes: - ${DATA_PATH_HOST}/Confluence:/var/atlassian/application-data ### tomcat #################################################### tomcat: container_name: tomcat image: tomcat:${TOMCAT_VERSION} ports: - "${TOMCAT_HOST_HTTP_PORT}:8080" networks: - frontend - backend volumes: - ${DATA_PATH_HOST}/tomcat/webapps:/usr/local/tomcat/webapps - ${DATA_PATH_HOST}/tomcat/logs:/usr/local/tomcat/logs # restart: always
启动服务:
docker-compose up -d nginx mysql redis workspace容器运行情况:
[root@Too-app laradock]# docker-compose ps Name Command State Ports ------------------------------------------------------------------------------------------------------------------------------------------------------ laradock_docker-in-docker_1 dockerd-entrypoint.sh Up 2375/tcp, 2376/tcp laradock_mysql_1 docker-entrypoint.sh mysqld Up 0.0.0.0:3306->3306/tcp, 33060/tcp laradock_nginx_1 /bin/bash /opt/startup.sh Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp, 0.0.0.0:81->81/tcp laradock_php-fpm_1 docker-php-entrypoint php-fpm Up 9000/tcp laradock_redis_1 docker-entrypoint.sh redis ... Up 0.0.0.0:6379->6379/tcp laradock_workspace_1 /sbin/my_init Up 0.0.0.0:2222->22/tcp, 0.0.0.0:3000->3000/tcp, 0.0.0.0:3001->3001/tcp, 0.0.0.0:4200->4200/tcp, 0.0.0.0:8001->8000/tcp, 0.0.0.0:8080->8080/tcp服务密码
redis null (仅本地访问没设置密码) mysql root root (仅本地访问弱密码)服务日志
mysql未开启连接日志
WEB开发框架
Apiato version 8.0.1
关于 LearnKu
粤公网安备 44030502004330号
是阿里云的服务器吗
@Summer @liyu001989 大佬们帮忙看看
有一种工具能破别人服务器,以前有人演示过给我看,破了服务器,登陆他们的数据库,所以数据库能看,所以也能删除
以前遇到过一模一样的 :joy:,感觉还是放在rds比较靠谱
Web 日志呢
我们公司也遇到过,公司空降了一个精通go的大佬,整个项目docker,数据库,缓存,全上,项目上线稳定运行了半年没有啥问题,他离职后docker容器异常停止,硬盘塞满的日志文件,老板重新去各个大学找新人来解决,但是找了2个多月,问题依然没有解决,用户天天打电话投诉,没办法老板又重新找到了他,好像薪水给他加了3倍才请过来。 但老板后来换了RUST,把GO技术组裁掉以后,技术主管披露那项目的源码原来是他在docker里加了自己的源码【植入了自己的恶意代码】。
为啥好好的,单台机器,用容器?你是专业运维还是写代码的?如果非专业的运维,你怎么知道别人的DOCKER里有啥,为什么不用常规的lnmp?不用自己完全熟悉的东西
能出问题的都是对外开放的端口
首先确认异常连接请求
netstat –antlp一般可以根据显示的端口确认对方的主要攻击目标确认一下 ssh 端口以及 登录日志
检查进程树,确认是否有异常进程
检查 /tmp, 或者允许生成文件的目录,查看是否有异常文件
另外检查一下 nginx日志,看是否有大量异常请求在扫你的漏洞
web漏洞的话,只能说尽量的去检查一下了
一般来说无论密码强度如何,像22,3306这类端口都应该使用白名单的方式访问
甚至于很多服务器会修改此类固定端口
redis 看看 还有一些 包是有安全漏洞的
内核先升级下吧,看版本可能被提权。
redis 如果没有设置密码,并且是默认端口对外开放。也可以提权
各位大佬找到问题了吗?
盲猜一下:workspace容器的SSH密钥用的laradock的默认密钥,黑客用默认公钥扫一下2222端口直接就进了,laradock本身是个开发环境,很多默认设置都是不安全的,我看你这台服务器虽然是个测试环境,但还是尽量不要用laradock了,想容器化部署的话可以参考着laradock自己写Dockerfile和docker-compose.yaml。
生产环境用laradock干嘛,自己写dockerfile,那种现成的自己当开发环境还凑合