Skip to main content

CxSAST Reporting Service Docker Compose Setup

The following is an example of docker-compose.yml that can be used for a production deployment.

It requires:

  • Docker and Docker Compose installed.

  • The CxSAST Reporting Service images loaded into Docker. (For details, see CxSAST Reporting Manager Installation (Docker image)).

  • A .env file with all the necessary settings (In this example, we are using server.env.)

  • Connectivity to the database host.

version: '3'
services:
###############################################################################################################
    cx-reporting-service:
        image: cx-reporting-service:latest
        container_name: cx-reporting-service
        restart: always
        env_file: server.env
        volumes:
            -  ~/cx-reports:/app/CxReports
            -  ~/logs:/app/Logs
        networks:
            - "cx"
###############################################################################################################
    cx-reporting-service-client:
        image: cx-reporting-service-client:latest
        container_name: cx-reporting-service-client
        restart: always
        env_file: server.env
        ports:
            - "5001:80"
        volumes:
            -  ~/cx-reports:/app/CxReports
            -  ~/logs:/app/Logs
        networks:
            - "cx"
###############################################################################################################
cx-reporting-portal:
        image: cx-reporting-portal:latest
        container_name: cx-reporting-portal
        restart: always
        env_file: server.env
        ports:
            - "5005:8080"
        networks:
            - "cx"
###############################################################################################################
cx-reporting-scheduler:
        image: cx-reporting-scheduler:latest
        container_name: cx-reporting-scheduler
        restart: always
        env_file: server.env
        networks:
            - "cx"
###############################################################################################################
networks:
    cx:

volumes:
    cx-reports:

SSL Configuration

In order to deploy over SSL using docker, a Nginx container is used as a load balancer for the incoming requests, redirecting them for the desired service.

Below you can find the configuration for the docker-compose and the Nginx:

docker-compose.yml

version: '3'
services:
    rev-proxy:
        image: nginx
        container_name: nginx
        restart: unless-stopped
        ports:
            - "443:443"
        volumes:
            - ~/.nginx/conf.d:/etc/nginx/conf.d/
            - ~/.nginx/certs:/etc/nginx/certs
        networks:
            - "cx"
###############################################################################################################
    cx-reporting-service:
        image: cx-reporting-service:latest
        container_name: cx-reporting-service
        restart: unless-stopped
        env_file: server.env
        volumes:
            -  ~/cx-reporting-logs:/app/Logs
            -  ~/cx-reports:/app/CxReports
        networks:
            - "cx"
###############################################################################################################
    cx-reporting-service-client:
        image: cx-reporting-service-client:latest
        container_name: cx-reporting-service-client
        restart: unless-stopped
        env_file: server.env
        depends_on:
            - "cx-reporting-service"
        volumes:
            -  ~/cx-reporting-logs:/app/Logs
            -  ~/cx-reports:/app/CxReports
        networks:
            - "cx"
###############################################################################################################
    cx-reporting-portal:
        image: cx-reporting-portal:latest
        container_name: cx-reporting-portal
        restart: unless-stopped
        env_file: server.env
        depends_on:
            - "cx-reporting-service-client"
        networks:
            - "cx"
###############################################################################################################
networks:
    cx:

Nginx configuration (default.conf)

server{
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name *.<your domain>;
    ssl_certificate     certs/<certificate file>;
    ssl_certificate_key certs/<certificate key file>;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions

    # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
    ssl_dhparam certs/dhparam.pem;

    # intermediate configuration
    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    add_header Strict-Transport-Security "max-age=63072000" always;

    client_max_body_size 20m;
    location /swagger {
        
        proxy_pass http://cx-reporting-service-client:80;

    }

    location /api {
        
        proxy_pass http://cx-reporting-service-client:80;

    }
    
    location /notify {
        
        proxy_pass http://cx-reporting-service-client:80;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }

    location / {
        
        proxy_pass http://cx-reporting-portal:80;

    }

}