forked from DefectDojo/django-DefectDojo
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
140 lines (139 loc) · 6.02 KB
/
docker-compose.yml
File metadata and controls
140 lines (139 loc) · 6.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# This docker-compose.yml file is fully functional to evaluate DefectDojo
# in your local environment.
#
# Although Docker Compose is one of the supported installation methods to
# deploy a containerized DefectDojo in a production environment, the
# docker-compose.yml file is not intended for production use without first
# customizing it to your particular situation.
---
services:
nginx:
build:
context: ./
dockerfile: "Dockerfile.nginx-alpine"
image: "defectdojo/defectdojo-nginx:${NGINX_VERSION:-latest}"
depends_on:
uwsgi:
condition: service_started
environment:
NGINX_METRICS_ENABLED: "${NGINX_METRICS_ENABLED:-false}"
DD_UWSGI_HOST: "${DD_UWSGI_HOST:-uwsgi}"
DD_UWSGI_PORT: "${DD_UWSGI_PORT:-3031}"
volumes:
- defectdojo_media:/usr/share/nginx/html/media
ports:
- target: 8080
published: ${DD_PORT:-8080}
protocol: tcp
mode: host
- target: 8443
published: ${DD_TLS_PORT:-8443}
protocol: tcp
mode: host
uwsgi:
build:
context: ./
dockerfile: "Dockerfile.django-${DEFECT_DOJO_OS:-debian}"
target: release
image: "defectdojo/defectdojo-django:${DJANGO_VERSION:-latest}"
depends_on:
initializer:
condition: service_completed_successfully
postgres:
condition: service_started
valkey:
condition: service_started
entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST:-postgres}:${DD_DATABASE_PORT:-5432}', '-t', '30', '--', '/entrypoint-uwsgi.sh']
environment:
DD_DEBUG: 'False'
DD_DJANGO_METRICS_ENABLED: "${DD_DJANGO_METRICS_ENABLED:-False}"
DD_ALLOWED_HOSTS: "${DD_ALLOWED_HOSTS:-*}"
DD_DATABASE_URL: ${DD_DATABASE_URL:-postgresql://defectdojo:defectdojo@postgres:5432/defectdojo}
DD_CELERY_BROKER_URL: ${DD_CELERY_BROKER_URL:-redis://valkey:6379/0}
DD_SECRET_KEY: "${DD_SECRET_KEY:-hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq}"
DD_CREDENTIAL_AES_256_KEY: "${DD_CREDENTIAL_AES_256_KEY:-&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw}"
DD_DATABASE_READINESS_TIMEOUT: "${DD_DATABASE_READINESS_TIMEOUT:-30}"
volumes:
- type: bind
source: ./docker/extra_settings
target: /app/docker/extra_settings
- "defectdojo_media:${DD_MEDIA_ROOT:-/app/media}"
celerybeat:
image: "defectdojo/defectdojo-django:${DJANGO_VERSION:-latest}"
depends_on:
initializer:
condition: service_completed_successfully
postgres:
condition: service_started
valkey:
condition: service_started
entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST:-postgres}:${DD_DATABASE_PORT:-5432}', '-t', '30', '--', '/entrypoint-celery-beat.sh']
environment:
DD_DATABASE_URL: ${DD_DATABASE_URL:-postgresql://defectdojo:defectdojo@postgres:5432/defectdojo}
DD_CELERY_BROKER_URL: ${DD_CELERY_BROKER_URL:-redis://valkey:6379/0}
DD_SECRET_KEY: "${DD_SECRET_KEY:-hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq}"
DD_CREDENTIAL_AES_256_KEY: "${DD_CREDENTIAL_AES_256_KEY:-&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw}"
DD_DATABASE_READINESS_TIMEOUT: "${DD_DATABASE_READINESS_TIMEOUT:-30}"
volumes:
- type: bind
source: ./docker/extra_settings
target: /app/docker/extra_settings
celeryworker:
image: "defectdojo/defectdojo-django:${DJANGO_VERSION:-latest}"
depends_on:
initializer:
condition: service_completed_successfully
postgres:
condition: service_started
valkey:
condition: service_started
entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST:-postgres}:${DD_DATABASE_PORT:-5432}', '-t', '30', '--', '/entrypoint-celery-worker.sh']
environment:
DD_DATABASE_URL: ${DD_DATABASE_URL:-postgresql://defectdojo:defectdojo@postgres:5432/defectdojo}
DD_CELERY_BROKER_URL: ${DD_CELERY_BROKER_URL:-redis://valkey:6379/0}
DD_SECRET_KEY: "${DD_SECRET_KEY:-hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq}"
DD_CREDENTIAL_AES_256_KEY: "${DD_CREDENTIAL_AES_256_KEY:-&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw}"
DD_DATABASE_READINESS_TIMEOUT: "${DD_DATABASE_READINESS_TIMEOUT:-30}"
volumes:
- type: bind
source: ./docker/extra_settings
target: /app/docker/extra_settings
- "defectdojo_media:${DD_MEDIA_ROOT:-/app/media}"
initializer:
image: "defectdojo/defectdojo-django:${DJANGO_VERSION:-latest}"
depends_on:
postgres:
condition: service_started
entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST:-postgres}:${DD_DATABASE_PORT:-5432}', '--', '/entrypoint-initializer.sh']
environment:
DD_DATABASE_URL: ${DD_DATABASE_URL:-postgresql://defectdojo:defectdojo@postgres:5432/defectdojo}
DD_ADMIN_USER: "${DD_ADMIN_USER:-admin}"
DD_ADMIN_MAIL: "${DD_ADMIN_USER:-admin@defectdojo.local}"
DD_ADMIN_FIRST_NAME: "${DD_ADMIN_FIRST_NAME:-Admin}"
DD_ADMIN_LAST_NAME: "${DD_ADMIN_LAST_NAME:-User}"
DD_INITIALIZE: "${DD_INITIALIZE:-true}"
DD_SECRET_KEY: "${DD_SECRET_KEY:-hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq}"
DD_CREDENTIAL_AES_256_KEY: "${DD_CREDENTIAL_AES_256_KEY:-&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw}"
DD_DATABASE_READINESS_TIMEOUT: "${DD_DATABASE_READINESS_TIMEOUT:-30}"
volumes:
- type: bind
source: ./docker/extra_settings
target: /app/docker/extra_settings
postgres:
image: postgres:18.1-alpine@sha256:4eb15de8e7b692c02427a2df278d18eb89422a534e428efb6d43c968250334d4
environment:
POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo}
POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo}
POSTGRES_PASSWORD: ${DD_DATABASE_PASSWORD:-defectdojo}
volumes:
- defectdojo_postgres:/var/lib/postgresql/data
valkey:
image: valkey/valkey:7.2.11-alpine@sha256:9e483e0fe4c98b631b166b41d530c7ff1b8009a44f261bff28e9d1e2e27db58d
volumes:
# we keep using the redis volume as renaming is not possible and copying data over
# would require steps during downtime or complex commands in the intializer
- defectdojo_redis:/data
volumes:
defectdojo_postgres: {}
defectdojo_media: {}
defectdojo_redis: {}