tweaking nginx, ddospot:

- Remove ddospot from standard - Add ddospot only to tarpit - Decouple nginx from host mode, only export tcp/64297, tcp/64294 - Adjust editions accordingly - Keep LUA settings in Nginx config for now, just in case we find a different use case
2025-07-02 01:27:27 -04:00 · 2024-12-09 17:38:25 +01:00
parent a67a765dd7
commit e43e8277fc
10 changed files with 136 additions and 128 deletions
--- a/compose/llm.yml
+++ b/compose/llm.yml
@ -2,7 +2,7 @@
 networks:
  beelzebub_local:
  galah_local:
-  spiderfoot_local:
+  nginx_local:
  ewsposter_local:

 services:
@ -165,6 +165,8 @@ services:
    depends_on:
      tpotinit:
        condition: service_healthy
+    networks:
+     - nginx_local
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
@ -193,6 +195,8 @@ services:
    depends_on:
      elasticsearch:
        condition: service_healthy
+    networks:
+     - nginx_local
    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
@ -206,6 +210,8 @@ services:
    depends_on:
      elasticsearch:
        condition: service_healthy
+    networks:
+     - nginx_local
    environment:
     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
     - TPOT_TYPE=${TPOT_TYPE:-HIVE}
@ -227,6 +233,8 @@ services:
    depends_on:
      tpotinit:
        condition: service_healthy
+    networks:
+     - nginx_local
    stop_signal: SIGKILL
    tty: true
    image: ${TPOT_REPO}/redis:${TPOT_VERSION}
@ -240,6 +248,8 @@ services:
    depends_on:
      tpotinit:
        condition: service_healthy
+    networks:
+     - nginx_local
    environment:
     - MAP_COMMAND=AttackMapServer.py
    stop_signal: SIGKILL
@ -256,6 +266,8 @@ services:
    depends_on:
      elasticsearch:
        condition: service_healthy
+    networks:
+     - nginx_local
    environment:
     - MAP_COMMAND=DataServer_v2.py
     - TPOT_ATTACKMAP_TEXT=${TPOT_ATTACKMAP_TEXT}
@ -307,9 +319,11 @@ services:
     - /var/tmp/nginx/scgi
     - /run
     - /var/lib/nginx/tmp:uid=100,gid=82
-    network_mode: "host"
+    networks:
+     - nginx_local
    ports:
     - "64297:64297"
+     - "64294:64294"
    image: ${TPOT_REPO}/nginx:${TPOT_VERSION}
    pull_policy: ${TPOT_PULL_POLICY}
    read_only: true
@ -327,7 +341,7 @@ services:
      tpotinit:
        condition: service_healthy
    networks:
-     - spiderfoot_local
+     - nginx_local
    ports:
     - "127.0.0.1:64303:8080"
    image: ${TPOT_REPO}/spiderfoot:${TPOT_VERSION}