CxSAST Reporting Service Docker Compose Setup
The following is an example of docker-compose.yml that can be used for a production deployment.
It requires:
Docker and Docker Compose installed.
The CxSAST Reporting Service images loaded into Docker. (For details, see CxSAST Reporting Manager Installation (Docker image)).
A
.envfile with all the necessary settings (In this example, we are usingserver.env.)Connectivity to the database host.
version: '3'
services:
###############################################################################################################
cx-reporting-service:
image: cx-reporting-service:latest
container_name: cx-reporting-service
restart: always
env_file: server.env
volumes:
- ~/cx-reports:/app/CxReports
- ~/logs:/app/Logs
networks:
- "cx"
###############################################################################################################
cx-reporting-service-client:
image: cx-reporting-service-client:latest
container_name: cx-reporting-service-client
restart: always
env_file: server.env
ports:
- "5001:80"
volumes:
- ~/cx-reports:/app/CxReports
- ~/logs:/app/Logs
networks:
- "cx"
###############################################################################################################
cx-reporting-portal:
image: cx-reporting-portal:latest
container_name: cx-reporting-portal
restart: always
env_file: server.env
ports:
- "5005:8080"
networks:
- "cx"
###############################################################################################################
cx-reporting-scheduler:
image: cx-reporting-scheduler:latest
container_name: cx-reporting-scheduler
restart: always
env_file: server.env
networks:
- "cx"
###############################################################################################################
networks:
cx:
volumes:
cx-reports:
SSL Configuration
In order to deploy over SSL using docker, a Nginx container is used as a load balancer for the incoming requests, redirecting them for the desired service.
Below you can find the configuration for the docker-compose and the Nginx:
docker-compose.yml
version: '3'
services:
rev-proxy:
image: nginx
container_name: nginx
restart: unless-stopped
ports:
- "443:443"
volumes:
- ~/.nginx/conf.d:/etc/nginx/conf.d/
- ~/.nginx/certs:/etc/nginx/certs
networks:
- "cx"
###############################################################################################################
cx-reporting-service:
image: cx-reporting-service:latest
container_name: cx-reporting-service
restart: unless-stopped
env_file: server.env
volumes:
- ~/cx-reporting-logs:/app/Logs
- ~/cx-reports:/app/CxReports
networks:
- "cx"
###############################################################################################################
cx-reporting-service-client:
image: cx-reporting-service-client:latest
container_name: cx-reporting-service-client
restart: unless-stopped
env_file: server.env
depends_on:
- "cx-reporting-service"
volumes:
- ~/cx-reporting-logs:/app/Logs
- ~/cx-reports:/app/CxReports
networks:
- "cx"
###############################################################################################################
cx-reporting-portal:
image: cx-reporting-portal:latest
container_name: cx-reporting-portal
restart: unless-stopped
env_file: server.env
depends_on:
- "cx-reporting-service-client"
networks:
- "cx"
###############################################################################################################
networks:
cx:Nginx configuration (default.conf) - RS Version until 4.x
server{
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name *.<your domain>;
ssl_certificate certs/<certificate file>;
ssl_certificate_key certs/<certificate key file>;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
ssl_dhparam certs/dhparam.pem;
# intermediate configuration
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
client_max_body_size 20m;
location /swagger {
proxy_pass http://cx-reporting-service-client:80;
}
location /api {
proxy_pass http://cx-reporting-service-client:80;
}
location /notify {
proxy_pass http://cx-reporting-service-client:80;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location / {
proxy_pass http://cx-reporting-portal:80;
}
}Nginx configuration (default.conf) - RS Version 5.x
server{
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name *.<your domain>;
ssl_certificate certs/<certificate file>;
ssl_certificate_key certs/<certificate key file>;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
ssl_dhparam certs/dhparam.pem;
# intermediate configuration
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
client_max_body_size 20m;
location /swagger {
proxy_pass http://cx-reporting-service-client:8080;
}
location /api {
proxy_pass http://cx-reporting-service-client:8080;
}
location /notify {
proxy_pass http://cx-reporting-service-client:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location / {
proxy_pass http://cx-reporting-portal:80;
}
}