mirror of
https://github.com/jokob-sk/NetAlertX.git
synced 2025-12-06 17:15:38 -08:00
44 lines
2.1 KiB
YAML
Executable File
44 lines
2.1 KiB
YAML
Executable File
services:
|
|
netalertx:
|
|
network_mode: host # Use host networking for ARP scanning and other services
|
|
build:
|
|
context: . # Build context is the current directory
|
|
dockerfile: Dockerfile # Specify the Dockerfile to use
|
|
image: netalertx:latest
|
|
container_name: netalertx # The name when you docker contiainer ls
|
|
read_only: true # Make the container filesystem read-only
|
|
cap_drop: # Drop all capabilities for enhanced security
|
|
- ALL
|
|
cap_add: # Add only the necessary capabilities
|
|
- NET_ADMIN # Required for ARP scanning
|
|
- NET_RAW # Required for raw socket operations
|
|
security_opt: # Security options for the container
|
|
- no-new-privileges:true # Prevent privilege escalation
|
|
- seccomp:unconfined # Use unconfined seccomp profile (adjust as needed)
|
|
volumes:
|
|
- netalertx_config:/app/config # Store your NetAlertX config
|
|
- netalertx_db:/app/db # Store your NetAlertX devices and settings
|
|
- /etc/localtime:/etc/localtime:ro # Use your system clock inside the container (read-only)
|
|
#- /path/on/host:/app/front/plugins/custom # Test your plugin on the production container
|
|
|
|
# Tempfs mounts for writable directories in a read-only container and improve system performance
|
|
# by providing a clean R/W filesystem each container start and reducing disk I/O.
|
|
tmpfs:
|
|
- "/app/api:uid=20211,gid=20211,mode=700"
|
|
- "/app/log:uid=20211,gid=20211,mode=700"
|
|
- "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=700"
|
|
- "/services/run:uid=20211,gid=20211,mode=700"
|
|
environment:
|
|
LISTEN_ADDR: 0.0.0.0
|
|
PORT: 20211
|
|
GRAPHQL_PORT: 20212
|
|
NETALERTX_MODE: hardened
|
|
ALWAYS_FRESH_INSTALL: false
|
|
NETALERTX_DEBUG: 0
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
|
netalertx_config:
|
|
netalertx_db:
|
|
|