Curiefense
Search…
main
Installation
Docker Compose
Introduction
This page describes the tasks necessary to deploy Curiefense using Docker Compose. The tasks are described sequentially below:
During this process, you might find it helpful to read the descriptions (which include the purpose, secrets, and network/port details) of the services and their containers: Services and Container Images​
If during this process you need to rebuild an image, see the instructions here: Building/Rebuilding an Image.
Clone the Repository
Clone the repository, if you have not already done so:
1
git clone https://github.com/curiefense/curiefense.git
Copied!
This documentation assumes it has been cloned to
~/curiefense.TLS Setup
A Docker Compose deployment can use TLS for communication with Curiefense's UI server and also for the protected service, but this is optional. (If you do not choose to set it up, HTTPS will be disabled.)
If you do not want Curiefense to use TLS, then skip this step and proceed to the next section. Otherwise, generate the certificate(s) and key(s) now.
To enable TLS for the protected site/application, go to
curiefense/deploy/compose/curiesecrets/curieproxy_ssl/ and do the following:- Edit
site.crtand add the certificate. - Edit
site.keyand add the key.
To enable TLS for the nginx server that is used by
uiserver, go to curiefense/deploy/compose/curiesecrets/uiserver_ssl/and do the following:- Edit
ui.crtand add the certificate. - Edit
ui.keyand add the key.
Set Deployment Variables
Docker Compose deployments can be configured in two ways:
- By setting values for variables in
deploy/compose/.env - Or by setting OS environment variables (which will override any variables set in
.env)
These variables are described below.
CURIE_BUCKET_LINK
Curiefense uses the storage defined here for synchronizing configuration changes between
confserver and the Curiefense sidecars.By default, this points to the
local_bucket Docker volume:1
$ grep CURIE_BUCKET_LINK .env
2
CURIE_BUCKET_LINK=file:///bucket/prod/manifest.json
Copied!
For multi-node deployments, or to use S3 for a single node, replace this value with the URL of an S3 bucket:
1
CURIE_BUCKET_LINK=s3:///BUCKETNAME/prod/manifest.json
Copied!
In that case, you will need to supply AWS credentials in
deploy/compose/curiesecrets/s3cfg, following this template:1
[default]
2
access_key = AAAAAAAAAAAAAAAAAAAA
3
secret_key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Copied!
TARGET_ADDRESS and TARGET_PORT
The address of the destination service for which Curiefense acts as a reverse proxy. By default, this points to the
echo container, which simply echoes the HTTP requests it receives.DOCKER_TAG
Defaults to
main (the latest stable image, automatically built from the main branch). To run a version that matches the contents of your working directory, use the following command:1
DOCKER_TAG="$(git describe --tag --long --dirty)-$(git rev-parse --short=12 HEAD:curiefense)"
Copied!
Deploy Curiefense
Once the tasks above are completed, run these commands:
1
cd curiefense/deploy/compose/
2
docker-compose up
Copied!
Test the Deployment
After deployment, the Echo service should be running and protected behind Curiefense. You can test the success of the deployment by querying it:
1
$ curl http://localhost:30081/
2
Request served by echo
3
​
4
HTTP/1.1 GET /
5
​
6
Host: localhost:30081
7
X-Envoy-Internal: true
8
X-Request-Id: 57dd8be5-6040-491a-903e-7ef3734ab9db
9
X-Envoy-Expected-Rq-Timeout-Ms: 15000
10
User-Agent: curl/7.74.0
11
Accept: */*
12
X-Forwarded-For: 172.18.0.1
13
X-Forwarded-Proto: http
Copied!
Also verify the following:
Clean Up
To stop all containers and remove any persistent data stored in volumes, run the following commands:
1
docker-compose rm -f && docker volume prune -f
Copied!
Last modified 5mo ago