CxSAST Reporting Service Docker Compose Setup
The following is an example of docker-compose.yml
that can be used for a production deployment.
It requires:
Docker and Docker Compose installed.
The CxSAST Reporting Service images loaded into Docker. (For details, see CxSAST Reporting Manager Installation (Docker image)).
A
.env
file with all the necessary settings (In this example, we are usingserver.env
.)Connectivity to the database host.
version: '3' services: ############################################################################################################### cx-reporting-service: image: cx-reporting-service:latest container_name: cx-reporting-service restart: always env_file: server.env volumes: - ~/cx-reports:/app/CxReports - ~/logs:/app/Logs networks: - "cx" ############################################################################################################### cx-reporting-service-client: image: cx-reporting-service-client:latest container_name: cx-reporting-service-client restart: always env_file: server.env ports: - "5001:80" volumes: - ~/cx-reports:/app/CxReports - ~/logs:/app/Logs networks: - "cx" ############################################################################################################### cx-reporting-portal: image: cx-reporting-portal:latest container_name: cx-reporting-portal restart: always env_file: server.env ports: - "5005:8080" networks: - "cx" ############################################################################################################### cx-reporting-scheduler: image: cx-reporting-scheduler:latest container_name: cx-reporting-scheduler restart: always env_file: server.env networks: - "cx" ############################################################################################################### networks: cx: volumes: cx-reports:
SSL Configuration
In order to deploy over SSL using docker, a Nginx container is used as a load balancer for the incoming requests, redirecting them for the desired service.
Below you can find the configuration for the docker-compose and the Nginx:
docker-compose.yml
version: '3' services: rev-proxy: image: nginx container_name: nginx restart: unless-stopped ports: - "443:443" volumes: - ~/.nginx/conf.d:/etc/nginx/conf.d/ - ~/.nginx/certs:/etc/nginx/certs networks: - "cx" ############################################################################################################### cx-reporting-service: image: cx-reporting-service:latest container_name: cx-reporting-service restart: unless-stopped env_file: server.env volumes: - ~/cx-reporting-logs:/app/Logs - ~/cx-reports:/app/CxReports networks: - "cx" ############################################################################################################### cx-reporting-service-client: image: cx-reporting-service-client:latest container_name: cx-reporting-service-client restart: unless-stopped env_file: server.env depends_on: - "cx-reporting-service" volumes: - ~/cx-reporting-logs:/app/Logs - ~/cx-reports:/app/CxReports networks: - "cx" ############################################################################################################### cx-reporting-portal: image: cx-reporting-portal:latest container_name: cx-reporting-portal restart: unless-stopped env_file: server.env depends_on: - "cx-reporting-service-client" networks: - "cx" ############################################################################################################### networks: cx:
Nginx configuration (default.conf)
server{ listen 443 ssl http2; listen [::]:443 ssl http2; server_name *.<your domain>; ssl_certificate certs/<certificate file>; ssl_certificate_key certs/<certificate key file>; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem ssl_dhparam certs/dhparam.pem; # intermediate configuration ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; client_max_body_size 20m; location /swagger { proxy_pass http://cx-reporting-service-client:80; } location /api { proxy_pass http://cx-reporting-service-client:80; } location /notify { proxy_pass http://cx-reporting-service-client:80; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; } location / { proxy_pass http://cx-reporting-portal:80; } }