This page describes the tasks necessary to deploy Curiefense using Docker Compose. It assumes that the instructions described in First Tasks have been completed successfully.
This process consists of the following tasks, described sequentially below:
If during this process you need to rebuild an image, see the instructions here: Building/Rebuilding an Image.
If you want Curiefense to use TLS, then you should have already generated the certificates and keys.
To enable TLS for the protected site/application, go to
curiefense/deploy/compose/curiesecrets/curieproxy_ssl/ and do the following:
site.crt and add the certificate.
site.key and add the key.
To enable TLS for the nginx server that is used by
uiserver, go to
curiefense/deploy/compose/curiesecrets/uiserver_ssl/and do the following:
ui.crt and add the certificate.
ui.key and add the key.
Docker Compose deployments can be configured in two ways:
By setting values for variables in
Or by setting OS environment variables (which will override any variables set in
These variables are described below.
Curiefense uses the storage defined here for synchronizing configuration changes between
confserver and the Curiefense sidecars.
By default, this points to the
local_bucket Docker volume:
$ grep CURIE_BUCKET_LINK .envCURIE_BUCKET_LINK=file:///bucket/prod/manifest.json
For multi-node deployments, or to use S3 for a single node, replace this value with the URL of an S3 bucket:
In that case, you will need to supply AWS credentials in
deploy/compose/curiesecrets/s3cfg, following this template:
[default]access_key = AAAAAAAAAAAAAAAAAAAAsecret_key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
The address of the destination service for which Curiefense acts as a reverse proxy. By default, this points to the
echo container, which simply echoes the HTTP requests it receives.
latest (the latest stable image). To run a version that matches the contents of your working directory, use the following command:
DOCKER_TAG="$(git describe --tag --long --dirty)-$(git rev-parse --short=12 HEAD:curiefense)"
Once the tasks above are completed, run these commands:
cd curiefense/deploy/compose/docker-compose up
After deployment, the Echo service should be running and protected behind Curiefense. You can test the success of the deployment by querying it:
$ curl http://localhost:30081/Echo
Also verify the following:
The UIServer is now available at
Grafana is now available at
confserver is now available at
To stop all containers and remove any persistent data stored in volumes, run the following commands:
docker-compose rm -f && docker volume prune -f