version: "2.2" services: gateway: image: docker.mitigator.ru/product/gateway:${VERSION:-latest} hostname: gateway cap_add: - NET_ADMIN sysctls: - net.ipv4.conf.all.src_valid_mark=1 networks: default: aliases: - accesslog.mitigator - backend.mitigator - carbon-clickhouse.mitigator - carbonapi.mitigator - clickhouse.mitigator - gateway.mitigator - graphite-clickhouse.mitigator - watchhog.mitigator ports: - "${MITIGATOR_BGP_PORT:-179}:179" - "${MITIGATOR_GRAFANA_PORT:-3000}:3000" - "${MITIGATOR_HTTPS_PORT:-443}:443" - "${MITIGATOR_HTTP_PORT:-80}:80" - "${MITIGATOR_SNMP_PORT:-705}:705" - "${MITIGATOR_SYSLOG_TCP_PORT:-7202}:7202" - "${MITIGATOR_SYSLOG_TLS_PORT:-7203}:7203" - "${MITIGATOR_SYSLOG_UDP_PORT:-7201}:7201/udp" - "${MITIGATOR_VPN_PORT:-4567}:${MITIGATOR_VPN_PORT:-4567}/udp" - "${MITIGATOR_SIGNALING_2_PORT:-9930}:9930/udp" environment: GATEWAY_ADDRESS: "${MITIGATOR_VPN_ADDRESS:-10.8.3.1}/${MITIGATOR_VPN_PREFIX:-24}" GATEWAY_RULES: 8888:${MITIGATOR_HOST_ADDRESS:?MITIGATOR_HOST_ADDRESS not set}:8888 data-plane: image: docker.mitigator.ru/product/click/${ARCH:-nehalem}:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} hostname: data-plane privileged: true network_mode: host volumes: - ./data-plane.conf:/data-plane/etc/data-plane.conf:ro - coredumps:/data-plane/coredumps:rw environment: DATA_PLANE_NR_POLICIES: ${DATA_PLANE_NR_POLICIES:-100} DATA_PLANE_NR_POLICIES_IPV6: ${DATA_PLANE_NR_POLICIES_IPV6:-100} postgres: image: docker.mitigator.ru/product/postgres:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} network_mode: service:gateway depends_on: [gateway] volumes: - postgres:/var/lib/postgresql:rw environment: POSTGRES_DB: mitigator POSTGRES_INITDB_ARGS: --encoding=UTF8 --locale=ru_RU.UTF-8 backend: image: docker.mitigator.ru/product/backend:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} network_mode: service:gateway depends_on: [gateway] volumes: - frontend:/var/www/netdike/www/:ro - own_id:/backend/own_id environment: BACKEND_ACCESSLOG_TOKEN: "${ACCESSLOG_TOKEN:-29e8744995e7794511c193005e1c691870ad7238}" BACKEND_CLICK_BASE_URL: "http://${MITIGATOR_VPN_ADDRESS:-localhost}:8888" BACKEND_DATABASE_URI: "postgres://backend@${MITIGATOR_STORAGE_HOST:-localhost}/mitigator?sslmode=disable" BACKEND_GRAPHITE_URL: "http://${MITIGATOR_STORAGE_HOST:-localhost}:3080/render/" BACKEND_PUBLIC_URL: "https://${MITIGATOR_HOST_ADDRESS:-0.0.0.0}:${MITIGATOR_HTTPS_PORT:-443}" MITIGATOR_OWN_NAME: "${MITIGATOR_OWN_NAME:-Mitigator}" WATCHHOG_BACKEND_TOKEN: "${TOKEN:-9d947a396b2553b4171a06dd54434238b3409e1a}" TZ: "${TZ:-Europe/Moscow}" NO_PROXY: ".mitigator,localhost" nginx: image: docker.mitigator.ru/vendor/nginx:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} network_mode: service:gateway depends_on: - backend - gateway volumes: - frontend:/var/www/mitigator:ro frontend: image: docker.mitigator.ru/product/frontend:${VERSION:-latest} network_mode: none hostname: frontend volumes: - frontend:/frontend-copy fwstats: image: docker.mitigator.ru/product/fwstats:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} network_mode: service:gateway depends_on: [gateway] environment: FWSTATS_GRAPHITE_ADDRESS: "${MITIGATOR_STORAGE_HOST:-localhost}:2003" watchhog: image: docker.mitigator.ru/product/watchhog:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} network_mode: service:gateway depends_on: [gateway] environment: WATCHHOG_BACKEND_TOKEN: "${TOKEN:-9d947a396b2553b4171a06dd54434238b3409e1a}" rts: image: docker.mitigator.ru/product/gsp:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} network_mode: service:gateway depends_on: [gateway] accesslog: image: docker.mitigator.ru/product/accesslog:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} network_mode: service:gateway depends_on: [gateway] gobgp: image: docker.mitigator.ru/vendor/gobgp:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} network_mode: service:gateway depends_on: [gateway] clickhouse: image: docker.mitigator.ru/vendor/clickhouse:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} network_mode: service:gateway depends_on: [gateway] ulimits: nofile: soft: 262144 hard: 262144 volumes: - "clickhouse:/var/lib/clickhouse:rw" graphite-clickhouse: image: docker.mitigator.ru/vendor/graphite-clickhouse:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} network_mode: service:gateway depends_on: - clickhouse - gateway carbon-clickhouse: image: docker.mitigator.ru/vendor/carbon-clickhouse:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} network_mode: service:gateway depends_on: - clickhouse - gateway carbonapi: image: docker.mitigator.ru/vendor/carbonapi:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} network_mode: service:gateway depends_on: - graphite-clickhouse - gateway grafana: image: docker.mitigator.ru/vendor/grafana:${VERSION:-latest} restart: ${CONTAINER_RESTART_POLICY:-always} scale: 0 network_mode: service:gateway depends_on: - carbonapi - gateway volumes: - grafana:/var/lib/grafana:rw networks: default: volumes: clickhouse: coredumps: frontend: grafana: postgres: own_id: