-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
133 lines (125 loc) · 3.95 KB
/
docker-compose.yml
File metadata and controls
133 lines (125 loc) · 3.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
networks:
graylog_net:
driver: bridge
monitoring_net:
external: true
services:
mongodb:
image: mongo:7.0
container_name: graylog-mongodb
networks:
- graylog_net
volumes:
- /opt/docker/graylog/data/mongodb:/data/db
environment:
- MONGO_INITDB_DATABASE=graylog
restart: unless-stopped
healthcheck:
test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017/test --quiet
interval: 10s
timeout: 5s
retries: 5
start_period: 40s
deploy:
resources:
limits:
memory: 512M
cpus: '0.5'
labels:
- "com.centurylinklabs.watchtower.enable=true"
opensearch:
image: opensearchproject/opensearch:2
container_name: graylog-opensearch
networks:
- graylog_net
volumes:
- /opt/docker/graylog/data/opensearch:/usr/share/opensearch/data
environment:
- discovery.type=single-node
- action.auto_create_index=false
- plugins.security.ssl.http.enabled=false
- plugins.security.disabled=true
- OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
- bootstrap.memory_lock=true
- OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:9200/_cluster/health || exit 1"]
interval: 10s
timeout: 5s
retries: 5
start_period: 60s
deploy:
resources:
limits:
memory: 2G
cpus: '1'
labels:
- "com.centurylinklabs.watchtower.enable=true"
graylog:
image: graylog/graylog:7.0
container_name: graylog
networks:
- graylog_net
- monitoring_net
volumes:
- /opt/docker/graylog/data/graylog:/usr/share/graylog/data
environment:
# Core authentication - from .env
- GRAYLOG_PASSWORD_SECRET=${GRAYLOG_PASSWORD_SECRET}
- GRAYLOG_ROOT_PASSWORD_SHA2=${GRAYLOG_ROOT_PASSWORD_SHA2}
# Config settings- required in 7.0
- GRAYLOG_DATA_DIR=/usr/share/graylog/data
- GRAYLOG_PLUGIN_DIR=/usr/share/graylog/plugin
# HTTP settings - from .env
- GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
- GRAYLOG_HTTP_EXTERNAL_URI=${GRAYLOG_HTTP_EXTERNAL_URI}
# Backend connections - static (could be in .env if you want flexibility)
- GRAYLOG_MONGODB_URI=mongodb://mongodb:27017/graylog
- GRAYLOG_ELASTICSEARCH_HOSTS=http://opensearch:9200
# Timezone - from .env
- GRAYLOG_ROOT_TIMEZONE=${GRAYLOG_ROOT_TIMEZONE}
# Email settings - from .env (optional, commented out by default)
- GRAYLOG_TRANSPORT_EMAIL_ENABLED=${GRAYLOG_EMAIL_ENABLED:-false}
- GRAYLOG_TRANSPORT_EMAIL_HOSTNAME=${GRAYLOG_EMAIL_HOSTNAME:-}
- GRAYLOG_TRANSPORT_EMAIL_PORT=${GRAYLOG_EMAIL_PORT:-587}
- GRAYLOG_TRANSPORT_EMAIL_USE_AUTH=${GRAYLOG_EMAIL_USE_AUTH:-true}
- GRAYLOG_TRANSPORT_EMAIL_USE_TLS=${GRAYLOG_EMAIL_USE_TLS:-true}
- GRAYLOG_TRANSPORT_EMAIL_USE_SSL=${GRAYLOG_EMAIL_USE_SSL:-false}
- GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME=${GRAYLOG_EMAIL_USERNAME:-}
- GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD=${GRAYLOG_EMAIL_PASSWORD:-}
- GRAYLOG_TRANSPORT_EMAIL_FROM_EMAIL=${GRAYLOG_EMAIL_FROM:-}
ports:
- "9000:9000"
- "514:514/udp"
- "1514:1514/udp"
- "514:514/tcp"
- "1514:1514/tcp"
- "12201:12201/udp"
- "12201:12201/tcp"
depends_on:
mongodb:
condition: service_healthy
opensearch:
condition: service_healthy
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/api/system/lbstatus"]
interval: 30s
timeout: 10s
retries: 3
start_period: 120s
deploy:
resources:
limits:
memory: 2G
cpus: '1'
labels:
- "com.centurylinklabs.watchtower.enable=true"