-
Notifications
You must be signed in to change notification settings - Fork 3
/
docker-compose.yml
110 lines (109 loc) · 6.33 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# Copyright (c) 2021 aasaam software development group
version: '3'
services:
aasaam-web-server:
container_name: aasaam-web-server
image: ghcr.io/aasaam/web-server:latest
network_mode: host
environment:
ASM_SUPPORT_EMAIL: ${ASM_SUPPORT_EMAIL}
ASM_SUPPORT_TEL: ${ASM_SUPPORT_TEL}
ASM_SUPPORT_URL: ${ASM_SUPPORT_URL}
ASM_PROTECTION_PORT: ${ASM_PROTECTION_PORT:-9121}
ASM_ACME_HTTP_HOST_PORT: ${ASM_ACME_HTTP_HOST_PORT:-http://192.168.1.128:28080}
ASM_LOG_METHOD: ${ASM_LOG_METHOD:-file}
ASM_NODE_ID: ${ASM_NODE_ID:-0}
ASM_ORGANIZATION_TITLE: ${ASM_ORGANIZATION_TITLE:-aasaam software development group}
ASM_ORGANIZATION_BRAND_ICON: ${ASM_ORGANIZATION_BRAND_ICON:-ir_aasaam}
ASM_CACHE_SIZE_MB: ${ASM_CACHE_SIZE_MB:-1024}
ASM_HTTP_PORTS: ${ASM_HTTP_PORTS:-80}
ASM_HTTPS_PORTS: ${ASM_HTTPS_PORTS:-443}
ASM_SSL_PROFILE: ${ASM_SSL_PROFILE:-intermediate}
ASM_BROTLI: ${ASM_BROTLI:-on}
ASM_BROTLI_STATIC: ${ASM_BROTLI_STATIC:-on}
ASM_BROTLI_COMP_LEVEL: ${ASM_BROTLI_COMP_LEVEL:-6}
ASM_BROTLI_MIN_LENGTH: ${ASM_BROTLI_MIN_LENGTH:-16}
ASM_WORKER_PROCESSES: ${ASM_WORKER_PROCESSES:-auto}
ASM_WORKER_RLIMIT_NOFILE: ${ASM_WORKER_RLIMIT_NOFILE:-20480}
ASM_WORKER_PRIORITY: ${ASM_WORKER_PRIORITY:-0}
ASM_WORKER_CONNECTIONS: ${ASM_WORKER_CONNECTIONS:-32}
ASM_MULTI_ACCEPT: ${ASM_MULTI_ACCEPT:-on}
ASM_ERROR_LOG_SYSLOG_SERVER_ADDR: ${ASM_ERROR_LOG_SYSLOG_SERVER_ADDR:-127.0.0.1:5140}
ASM_ACCESS_LOG_SYSLOG_SERVER_ADDR: ${ASM_ACCESS_LOG_SYSLOG_SERVER_ADDR:-127.0.0.1:5141}
ASM_ERROR_LOG_LEVEL: ${ASM_ERROR_LOG_LEVEL:-warn}
ASM_RESOLVER_ADDR: ${ASM_RESOLVER_ADDR:-127.0.0.1}
ASM_RESOLVER_VALID: ${ASM_RESOLVER_VALID:-10m}
ASM_RESOLVER_TIMEOUT: ${ASM_RESOLVER_TIMEOUT:-30s}
ASM_VARIABLES_HASH_MAX_SIZE: ${ASM_VARIABLES_HASH_MAX_SIZE:-4096}
ASM_OPEN_FILE_CACHE_MAX: ${ASM_OPEN_FILE_CACHE_MAX:-1024}
ASM_OPEN_FILE_CACHE_INACTIVE: ${ASM_OPEN_FILE_CACHE_INACTIVE:-10m}
ASM_OPEN_FILE_CACHE_VALID: ${ASM_OPEN_FILE_CACHE_VALID:-5m}
ASM_OPEN_FILE_CACHE_MIN_USES: ${ASM_OPEN_FILE_CACHE_MIN_USES:-2}
ASM_OPEN_FILE_CACHE_ERRORS: ${ASM_OPEN_FILE_CACHE_ERRORS:-on}
ASM_SERVER_TOKENS: ${ASM_SERVER_TOKENS:-off}
ASM_CLIENT_MAX_BODY_SIZE: ${ASM_CLIENT_MAX_BODY_SIZE:-16m}
ASM_CLIENT_BODY_TIMEOUT: ${ASM_CLIENT_BODY_TIMEOUT:-15}
ASM_KEEPALIVE_REQUESTS: ${ASM_KEEPALIVE_REQUESTS:-1024}
ASM_KEEPALIVE_TIMEOUT: ${ASM_KEEPALIVE_TIMEOUT:-10}
ASM_RESET_TIMEDOUT_CONNECTION: ${ASM_RESET_TIMEDOUT_CONNECTION:-on}
ASM_SEND_TIMEOUT: ${ASM_SEND_TIMEOUT:-10}
ASM_SENDFILE: ${ASM_SENDFILE:-on}
ASM_TCP_NODELAY: ${ASM_TCP_NODELAY:-on}
ASM_TCP_NOPUSH: ${ASM_TCP_NOPUSH:-on}
ASM_GZIP: ${ASM_GZIP:-on}
ASM_GZIP_MIN_LENGTH: ${ASM_GZIP_MIN_LENGTH:-16}
ASM_GZIP_COMP_LEVEL: ${ASM_GZIP_COMP_LEVEL:-6}
ASM_GZIP_VARY: ${ASM_GZIP_VARY:-on}
ASM_GZIP_PROXIED: ${ASM_GZIP_PROXIED:-any}
ASM_GZIP_STATIC: ${ASM_GZIP_STATIC:-on}
ASM_PROTECTION_CONN_LIMIT_PER_IP_ZONE: ${ASM_PROTECTION_CONN_LIMIT_PER_IP_ZONE:-10m}
ASM_PROTECTION_REQ_LIMIT_PER_IP_ZONE: ${ASM_PROTECTION_REQ_LIMIT_PER_IP_ZONE:-10m}
ASM_PROTECTION_REQ_LIMIT_IP_PER_SECOND: ${ASM_PROTECTION_REQ_LIMIT_IP_PER_SECOND:-10}
ASM_PROXY_CACHE_PATH_KEYS_ZONE: ${ASM_PROXY_CACHE_PATH_KEYS_ZONE:-32m}
ASM_PROXY_CACHE_PATH_KEYS_MAX_SIZE_MB: ${ASM_PROXY_CACHE_PATH_KEYS_MAX_SIZE_MB:-512}
ASM_PROXY_CACHE_PATH_KEYS_INACTIVE: ${ASM_PROXY_CACHE_PATH_KEYS_INACTIVE:-60m}
ASM_PROXY_CACHE_KEY: ${ASM_PROXY_CACHE_KEY:-$scheme$request_method$host$request_uri}
ASM_PROXY_CACHE_METHODS: ${ASM_PROXY_CACHE_METHODS:-GET HEAD}
ASM_PROXY_BUFFERS: ${ASM_PROXY_BUFFERS:-32}
ASM_PROXY_BUFFERS_SIZE: ${ASM_PROXY_BUFFERS_SIZE:-128k}
ASM_PROXY_BUFFER_SIZE: ${ASM_PROXY_BUFFER_SIZE:-256k}
ASM_USERID_NAME: ${ASM_USERID_NAME:-aasaam_cid}
ASM_USERID_PATH: ${ASM_USERID_PATH:-/}
ASM_USERID_FLAGS: ${ASM_USERID_FLAGS:-httponly samesite=lax}
ASM_USERID_EXPIRES: ${ASM_USERID_EXPIRES:-365d}
ASM_HTTP2_PUSH_PRELOAD: ${ASM_HTTP2_PUSH_PRELOAD:-on}
ASM_PAGESPEED: ${ASM_PAGESPEED:-standby}
ASM_PAGESPEED_USE_PER_VHOST_STATISTICS: ${ASM_PAGESPEED_USE_PER_VHOST_STATISTICS:-on}
ASM_PAGESPEED_HTTP_CACHE_COMPRESSION_LEVEL: ${ASM_PAGESPEED_HTTP_CACHE_COMPRESSION_LEVEL:-0}
ASM_PAGESPEED_FETCH_WITH_GZIP: ${ASM_PAGESPEED_FETCH_WITH_GZIP:-on}
ASM_PAGESPEED_STATISTICS: ${ASM_PAGESPEED_STATISTICS:-on}
ASM_PAGESPEED_STATISTICS_LOGGING: ${ASM_PAGESPEED_STATISTICS_LOGGING:-on}
ASM_PAGESPEED_STATISTICS_LOGGING_INTERVAL_MS: ${ASM_PAGESPEED_STATISTICS_LOGGING_INTERVAL_MS:-30000}
ASM_PAGESPEED_STATISTICS_LOGGING_MAX_FILE_SIZE_KB: ${ASM_PAGESPEED_STATISTICS_LOGGING_MAX_FILE_SIZE_KB:-8192}
ASM_PAGESPEED_MESSAGE_BUFFER_SIZE: ${ASM_PAGESPEED_MESSAGE_BUFFER_SIZE:-100000}
ASM_PAGESPEED_FILE_CACHE_SIZE_KB: ${ASM_PAGESPEED_FILE_CACHE_SIZE_KB:-102400}
ASM_PAGESPEED_FILE_CACHE_CLEAN_INTERVAL_MS: ${ASM_PAGESPEED_FILE_CACHE_CLEAN_INTERVAL_MS:-600000}
ASM_PAGESPEED_FILE_CACHE_INODE_LIMIT: ${ASM_PAGESPEED_FILE_CACHE_INODE_LIMIT:-262144}
ASM_PAGESPEED_LRU_CACHE_KB_PER_PROCESS: ${ASM_PAGESPEED_LRU_CACHE_KB_PER_PROCESS:-2048}
ASM_PAGESPEED_LRU_CACHE_BYTE_LIMIT: ${ASM_PAGESPEED_LRU_CACHE_BYTE_LIMIT:-32768}
volumes:
- /tmp/aasaam-web-server/log:/log
- ./addon:/usr/local/openresty/nginx/addon:ro
# - ./tmp/dhparam.pem:/usr/local/openresty/nginx/defaults/selfsigned/dhparam.pem:ro
# - ./tmp/monitoring.htpasswd:/usr/local/openresty/htpasswd/monitoring.htpasswd:ro
# - ./tmp/cache:/cache # use tmpfs or high speed storage like SSD, NVMe
# debug mode
# - ./config/defaults:/usr/local/openresty/nginx/defaults
tmpfs:
- /cache:rw,nodev,nosuid,noexec,noatime,size=${ASM_CACHE_SIZE_MB:-1024}m
restart: unless-stopped
nginx-protection:
container_name: nginx-protection
image: ghcr.io/aasaam/nginx-protection:latest
network_mode: host
command: run --aasaam-web-server --token-secret c3TxUExv+mHcRQ4yOlE6dmW5jvjKhUSmf815NLz0ntM= --client-secret qF/bOhSUzSZKvyOr9sQ7axjNyMCiXEl2tY3HR8jf9JM=
protection-rest-captcha-test:
container_name: protection-rest-captcha-test
image: ghcr.io/aasaam/rest-captcha:latest
network_mode: host
command: run -test-image -return-value