Docker Compose
This page describes the tasks necessary to deploy Curiefense using Docker Compose. It assumes that the instructions described in First Tasks have been completed successfully.
This process consists of the following tasks, described sequentially below:
If during this process you need to rebuild an image, see the instructions here: Building/Rebuilding an Image.
TLS Setup
If you want Curiefense to use TLS, then you should have already generated the certificates and keys.
To enable TLS for the protected site/application, go to curiefense/deploy/compose/curiesecrets/curieproxy_ssl/
and do the following:
Edit
site.crt
and add the certificate.Edit
site.key
and add the key.
To enable TLS for the nginx server that is used by uiserver
, go to curiefense/deploy/compose/curiesecrets/uiserver_ssl/
and do the following:
Edit
ui.crt
and add the certificate.Edit
ui.key
and add the key.
Set Database Credentials
The logdb database has two accounts:
The
postgres
account has write access, and is used bycurielogger
.The
logserver_ro
account has read-only access, and is used bycurielogserver
.
If you wish to change the default passwords for these accounts, you must edit the files in which they are defined:
The password for
postgres
is defined incuriesecrets/logdb/postgres_password.txt
.The password for
logserver_ro
is defined incuriesecrets/logdb/ro_password.txt
.
Set Deployment Variables
Docker Compose deployments can be configured in two ways:
By setting values for variables in
deploy/compose/.env
Or by setting OS environment variables (which will override any variables set in
.env
)
These variables are described below.
CURIE_BUCKET_LINK
Curiefense uses the storage defined here for synchronizing configuration changes between confserver
and the Curiefense sidecars.
By default, this points to the local_bucket
Docker volume:
For multi-node deployments, or to use S3 for a single node, replace this value with the URL of an S3 bucket:
In that case, you will need to supply AWS credentials in deploy/compose/curiesecrets/s3cfg
, following this template:
TARGET_ADDRESS and TARGET_PORT
The address of the destination service for which Curiefense acts as a reverse proxy. By default, this points to the echo
container, which simply echoes the HTTP requests it receives.
DOCKER_TAG
Defaults to latest
(the latest stable image). To run a version that matches the contents of your working directory, use the following command:
Deploy Curiefense
Once the tasks above are completed, run these commands:
Test the Deployment
After deployment, the Echo service should be running and protected behind Curiefense. You can test the success of the deployment by querying it:
Also verify the following:
The UIServer is now available at http://localhost:30080 (access logs are at http://localhost:30080/accesslog)
Grafana is now available at http://localhost:30300
The
confserver
is now available at http://localhost:30000/api/v1/
Clean Up
To stop all containers and remove any persistent data stored in volumes, run the following commands:
Last updated