feat(docker-compose): add Docker Compose YAMLs and .env (#5909)

2025-12-19 05:17:47 +00:00 · 2024-11-30 17:21:31 -04:00
parent 17c31c64d9
commit ff80a47123
4 changed files with 294 additions and 1 deletions
--- a/.env
+++ b/.env
@@ -0,0 +1,89 @@
+#### Important Note ####
+# This file is used to store environment variables for the Prowler App.
+# For production, it is recommended to use a secure method to store these variables and change the default secret keys.
+
+#### Prowler UI Configuration ####
+PROWLER_UI_VERSION="latest"
+SITE_URL=http://localhost:3000
+API_BASE_URL=http://prowler-api:8080/api/v1
+AUTH_TRUST_HOST=true
+UI_PORT=3000
+# openssl rand -base64 32
+AUTH_SECRET="N/c6mnaS5+SWq81+819OrzQZlmx1Vxtp/orjttJSmw8="
+
+#### Prowler API Configuration ####
+PROWLER_API_VERSION="latest"
+# PostgreSQL settings
+# If running Django and celery on host, use 'localhost', else use 'postgres-db'
+POSTGRES_HOST=postgres-db
+POSTGRES_PORT=5432
+POSTGRES_ADMIN_USER=prowler
+POSTGRES_ADMIN_PASSWORD=postgres
+POSTGRES_USER=prowler
+POSTGRES_PASSWORD=postgres
+POSTGRES_DB=prowler_db
+
+# Valkey settings
+# If running Valkey and celery on host, use localhost, else use 'valkey'
+VALKEY_HOST=valkey
+VALKEY_PORT=6379
+VALKEY_DB=0
+
+# Django settings
+DJANGO_ALLOWED_HOSTS=localhost,127.0.0.1,prowler-api
+DJANGO_BIND_ADDRESS=0.0.0.0
+DJANGO_PORT=8080
+DJANGO_DEBUG=False
+DJANGO_SETTINGS_MODULE=config.django.production
+# Select one of [ndjson|human_readable]
+DJANGO_LOGGING_FORMATTER=human_readable
+# Select one of [DEBUG|INFO|WARNING|ERROR|CRITICAL]
+# Applies to both Django and Celery Workers
+DJANGO_LOGGING_LEVEL=INFO
+DJANGO_WORKERS=4 # Defaults to the maximum available based on CPU cores if not set.
+DJANGO_ACCESS_TOKEN_LIFETIME=30 # Token lifetime is in minutes
+DJANGO_REFRESH_TOKEN_LIFETIME=1440 # Token lifetime is in minutes
+DJANGO_CACHE_MAX_AGE=3600
+DJANGO_STALE_WHILE_REVALIDATE=60
+DJANGO_MANAGE_DB_PARTITIONS=True
+# openssl genrsa -out private.pem 2048
+DJANGO_TOKEN_SIGNING_KEY="-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDs4e+kt7SnUJek
+6V5r9zMGzXCoU5qnChfPiqu+BgANyawz+MyVZPs6RCRfeo6tlCknPQtOziyXYM2I
+7X+qckmuzsjqp8+u+o1mw3VvUuJew5k2SQLPYwsiTzuFNVJEOgRo3hywGiGwS2iv
+/5nh2QAl7fq2qLqZEXQa5+/xJlQggS1CYxOJgggvLyra50QZlBvPve/AxKJ/EV/Q
+irWTZU5lLNI8sH2iZR05vQeBsxZ0dCnGMT+vGl+cGkqrvzQzKsYbDmabMcfTYhYi
+78fpv6A4uharJFHayypYBjE39PwhMyyeycrNXlpm1jpq+03HgmDuDMHydk1tNwuT
+nEC7m7iNAgMBAAECggEAA2m48nJcJbn9SVi8bclMwKkWmbJErOnyEGEy2sTK3Of+
+NWx9BB0FmqAPNxn0ss8K7cANKOhDD7ZLF9E2MO4/HgfoMKtUzHRbM7MWvtEepldi
+nnvcUMEgULD8Dk4HnqiIVjt3BdmGiTv46OpBnRWrkSBV56pUL+7msZmMZTjUZvh2
+ZWv0+I3gtDIjo2Zo/FiwDV7CfwRjJarRpYUj/0YyuSA4FuOUYl41WAX1I301FKMH
+xo3jiAYi1s7IneJ16OtPpOA34Wg5F6ebm/UO0uNe+iD4kCXKaZmxYQPh5tfB0Qa3
+qj1T7GNpFNyvtG7VVdauhkb8iu8X/wl6PCwbg0RCKQKBgQD9HfpnpH0lDlHMRw9K
+X7Vby/1fSYy1BQtlXFEIPTN/btJ/asGxLmAVwJ2HAPXWlrfSjVAH7CtVmzN7v8oj
+HeIHfeSgoWEu1syvnv2AMaYSo03UjFFlfc/GUxF7DUScRIhcJUPCP8jkAROz9nFv
+DByNjUL17Q9r43DmDiRsy0IFqQKBgQDvlJ9Uhl+Sp7gRgKYwa/IG0+I4AduAM+Gz
+Dxbm52QrMGMTjaJFLmLHBUZ/ot+pge7tZZGws8YR8ufpyMJbMqPjxhIvRRa/p1Tf
+E3TQPW93FMsHUvxAgY3MV5MzXFPhlNAKb+akP/RcXUhetGAuZKLubtDCWa55ZQuL
+wj2OS+niRQKBgE7K8zUqNi6/22S8xhy/2GPgB1qPObbsABUofK0U6CAGLo6te+gc
+6Jo84IyzFtQbDNQFW2Fr+j1m18rw9AqkdcUhQndiZS9AfG07D+zFB86LeWHt4DS4
+ymIRX8Kvaak/iDcu/n3Mf0vCrhB6aetImObTj4GgrwlFvtJOmrYnO8EpAoGAIXXP
+Xt25gWD9OyyNiVu6HKwA/zN7NYeJcRmdaDhO7B1A6R0x2Zml4AfjlbXoqOLlvLAf
+zd79vcoAC82nH1eOPiSOq51plPDI0LMF8IN0CtyTkn1Lj7LIXA6rF1RAvtOqzppc
+SvpHpZK9pcRpXnFdtBE0BMDDtl6fYzCIqlP94UUCgYEAnhXbAQMF7LQifEm34Dx8
+BizRMOKcqJGPvbO2+Iyt50O5X6onU2ITzSV1QHtOvAazu+B1aG9pEuBFDQ+ASxEu
+L9ruJElkOkb/o45TSF6KCsHd55ReTZ8AqnRjf5R+lyzPqTZCXXb8KTcRvWT4zQa3
+VxyT2PnaSqEcexWUy4+UXoQ=
+-----END PRIVATE KEY-----"
+# openssl rsa -in private.pem -pubout -out public.pem
+DJANGO_TOKEN_VERIFYING_KEY="-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OHvpLe0p1CXpOlea/cz
+Bs1wqFOapwoXz4qrvgYADcmsM/jMlWT7OkQkX3qOrZQpJz0LTs4sl2DNiO1/qnJJ
+rs7I6qfPrvqNZsN1b1LiXsOZNkkCz2MLIk87hTVSRDoEaN4csBohsEtor/+Z4dkA
+Je36tqi6mRF0Gufv8SZUIIEtQmMTiYIILy8q2udEGZQbz73vwMSifxFf0Iq1k2VO
+ZSzSPLB9omUdOb0HgbMWdHQpxjE/rxpfnBpKq780MyrGGw5mmzHH02IWIu/H6b+g
+OLoWqyRR2ssqWAYxN/T8ITMsnsnKzV5aZtY6avtNx4Jg7gzB8nZNbTcLk5xAu5u4
+jQIDAQAB
+-----END PUBLIC KEY-----"
+# openssl rand -base64 32
+DJANGO_SECRETS_ENCRYPTION_KEY="oE/ltOhp/n1TdbHjVmzcjDPLcLA41CVI/4Rk+UB5ESc="
--- a/.gitignore
+++ b/.gitignore
@@ -47,7 +47,8 @@ junit-reports/
 *.tfstate

 # .env
-.env*
+ui/.env*
+api/.env*

 # Coverage
 .coverage*
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -0,0 +1,114 @@
+services:
+  api-dev:
+    hostname: "prowler-api"
+    build:
+      context: ./api
+      dockerfile: Dockerfile
+      target: dev
+    image: prowler-api-dev
+    environment:
+      - DJANGO_SETTINGS_MODULE=config.django.devel
+      - DJANGO_LOGGING_FORMATTER=${LOGGING_FORMATTER:-human_readable}
+    env_file:
+      - path: .env
+        required: false
+    ports:
+      - "${DJANGO_PORT:-8080}:${DJANGO_PORT:-8080}"
+    volumes:
+      - "./api/src/backend:/home/prowler/backend"
+      - "./api/pyproject.toml:/home/prowler/pyproject.toml"
+    depends_on:
+      postgres:
+        condition: service_healthy
+      valkey:
+        condition: service_healthy
+    entrypoint:
+      - "/home/prowler/docker-entrypoint.sh"
+      - "dev"
+
+  ui-dev:
+    build:
+      context: ./ui
+      dockerfile: Dockerfile
+      target: dev
+    env_file:
+      - path: .env
+        required: false
+    ports:
+      - 3000:3000
+
+  postgres:
+    image: postgres:16.3-alpine
+    hostname: "postgres-db"
+    volumes:
+      - ./api/_data/postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=${POSTGRES_ADMIN_USER:-prowler}
+      - POSTGRES_PASSWORD=${POSTGRES_ADMIN_PASSWORD:-S3cret}
+      - POSTGRES_DB=${POSTGRES_DB:-prowler_db}
+    env_file:
+      - path: .env
+        required: false
+    ports:
+      - "${POSTGRES_PORT:-5432}:${POSTGRES_PORT:-5432}"
+    healthcheck:
+      test: ["CMD-SHELL", "sh -c 'pg_isready -U ${POSTGRES_ADMIN_USER:-prowler} -d ${POSTGRES_DB:-prowler_db}'"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  valkey:
+    image: valkey/valkey:7-alpine3.19
+    hostname: "valkey"
+    volumes:
+      - ./api/_data/valkey:/data
+    env_file:
+      - path: .env
+        required: false
+    ports:
+      - "${VALKEY_PORT:-6379}:6379"
+    healthcheck:
+      test: ["CMD-SHELL", "sh -c 'valkey-cli ping'"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+
+  worker-dev:
+    build:
+      context: ./api
+      dockerfile: Dockerfile
+      target: dev
+    image: prowler-worker-dev
+    environment:
+      - DJANGO_SETTINGS_MODULE=config.django.devel
+    env_file:
+      - path: .env
+        required: false
+    depends_on:
+      valkey:
+        condition: service_healthy
+      postgres:
+        condition: service_healthy
+    entrypoint:
+      - "/home/prowler/docker-entrypoint.sh"
+      - "worker"
+
+  worker-beat:
+    build:
+      context: ./api
+      dockerfile: Dockerfile
+      target: dev
+    image: prowler-worker-dev
+    environment:
+      - DJANGO_SETTINGS_MODULE=config.django.devel
+    env_file:
+      - path: ./.env
+        required: false
+    depends_on:
+      valkey:
+        condition: service_healthy
+      postgres:
+        condition: service_healthy
+    entrypoint:
+      - "../docker-entrypoint.sh"
+      - "beat"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,89 @@
+services:
+  api:
+    hostname: "prowler-api"
+    image: prowlercloud/prowler-api:${PROWLER_API_VERSION:-latest}
+    env_file:
+      - path: .env
+        required: false
+    ports:
+      - "${DJANGO_PORT:-8080}:${DJANGO_PORT:-8080}"
+    depends_on:
+      postgres:
+        condition: service_healthy
+      valkey:
+        condition: service_healthy
+    entrypoint:
+      - "/home/prowler/docker-entrypoint.sh"
+      - "prod"
+
+  ui:
+    image: prowlercloud/prowler-ui:${PROWLER_UI_VERSION:-latest}
+    env_file:
+      - path: .env
+        required: false
+    ports:
+      - ${UI_PORT:-3000}:${UI_PORT:-3000}
+
+  postgres:
+    image: postgres:16.3-alpine
+    hostname: "postgres-db"
+    volumes:
+      - ./_data/postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=${POSTGRES_ADMIN_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_ADMIN_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
+    env_file:
+      - path: .env
+        required: false
+    ports:
+      - "${POSTGRES_PORT:-5432}:${POSTGRES_PORT:-5432}"
+    healthcheck:
+      test: ["CMD-SHELL", "sh -c 'pg_isready -U ${POSTGRES_ADMIN_USER} -d ${POSTGRES_DB}'"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  valkey:
+    image: valkey/valkey:7-alpine3.19
+    hostname: "valkey"
+    volumes:
+      - ./_data/valkey:/data
+    env_file:
+      - path: .env
+        required: false
+    ports:
+      - "${VALKEY_PORT:-6379}:6379"
+    healthcheck:
+      test: ["CMD-SHELL", "sh -c 'valkey-cli ping'"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+
+  worker:
+    image: prowlercloud/prowler-api:${PROWLER_API_VERSION:-latest}
+    env_file:
+      - path: .env
+        required: false
+    depends_on:
+      valkey:
+        condition: service_healthy
+      postgres:
+        condition: service_healthy
+    entrypoint:
+      - "/home/prowler/docker-entrypoint.sh"
+      - "worker"
+
+  worker-beat:
+    image: prowlercloud/prowler-api:${PROWLER_API_VERSION:-latest}
+    env_file:
+      - path: ./.env
+        required: false
+    depends_on:
+      valkey:
+        condition: service_healthy
+      postgres:
+        condition: service_healthy
+    entrypoint:
+      - "../docker-entrypoint.sh"
+      - "beat"