services: netalertx: # Writable container configuration with tmpfs mounts for performance testing network_mode: ${NETALERTX_NETWORK_MODE:-host} build: context: ../../../ dockerfile: Dockerfile image: netalertx-test container_name: netalertx-test-writable read_only: false cap_drop: - ALL cap_add: - NET_ADMIN - NET_RAW - NET_BIND_SERVICE volumes: - type: volume source: netalertx_config target: /app/config read_only: false - type: volume source: netalertx_db target: /app/db read_only: false - type: bind source: /etc/localtime target: /etc/localtime read_only: true # Tempfs mounts for writable directories in a read-only container and improve system performance tmpfs: # Speed up logging - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime" # Speed up API access - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,sync,noatime,nodiratime" # Required for customization of the nginx listen addr/port - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime" # Required for nginx and php - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime" # Required by php for session save - "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime" environment: LISTEN_ADDR: ${LISTEN_ADDR:-0.0.0.0} PORT: ${PORT:-20211} APP_CONF_OVERRIDE: ${GRAPHQL_PORT:-20212} ALWAYS_FRESH_INSTALL: ${ALWAYS_FRESH_INSTALL:-false} NETALERTX_DEBUG: ${NETALERTX_DEBUG:-0} mem_limit: 2048m mem_reservation: 1024m cpu_shares: 512 pids_limit: 512 logging: driver: "json-file" options: max-size: "10m" max-file: "3" restart: unless-stopped volumes: netalertx_config: netalertx_db: