tweaking nginx, ddospot:

- Remove ddospot from standard - Add ddospot only to tarpit - Decouple nginx from host mode, only export tcp/64297, tcp/64294 - Adjust editions accordingly - Keep LUA settings in Nginx config for now, just in case we find a different use case
2025-07-02 01:27:27 -04:00 · 2024-12-09 17:38:25 +01:00
parent a67a765dd7
commit e43e8277fc
10 changed files with 136 additions and 128 deletions
--- a/compose/tarpit.yml
+++ b/compose/tarpit.yml
@ -1,10 +1,11 @@
 # T-Pot: TARPIT
 networks:
+  ddospot_local:
  endlessh_local:
  go-pot_local:
  hellpot_local:
  heralding_local:
-  spiderfoot_local:
+  nginx_local:
  ewsposter_local:

 services:
@ -41,6 +42,29 @@ services:
 #### Honeypots
 ##################

+# Ddospot service
+  ddospot:
+    container_name: ddospot
+    restart: always
+    depends_on:
+      tpotinit:
+        condition: service_healthy
+    networks:
+     - ddospot_local
+    ports:
+     - "19:19/udp"
+     - "53:53/udp"
+     - "123:123/udp"
+#     - "161:161/udp"
+     - "1900:1900/udp"
+    image: ${TPOT_REPO}/ddospot:${TPOT_VERSION}
+    pull_policy: ${TPOT_PULL_POLICY}
+    read_only: true
+    volumes:
+     - ${TPOT_DATA_PATH}/ddospot/log:/opt/ddospot/ddospot/logs
+     - ${TPOT_DATA_PATH}/ddospot/bl:/opt/ddospot/ddospot/bl
+     - ${TPOT_DATA_PATH}/ddospot/db:/opt/ddospot/ddospot/db
+
 # Endlessh service
  endlessh:
    container_name: endlessh
@ -197,6 +221,8 @@ services:
    depends_on:
      tpotinit:
        condition: service_healthy
+    networks:
+     - nginx_local
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
@ -225,6 +251,8 @@ services:
    depends_on:
      elasticsearch:
        condition: service_healthy
+    networks:
+     - nginx_local
    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
@ -238,6 +266,8 @@ services:
    depends_on:
      elasticsearch:
        condition: service_healthy
+    networks:
+     - nginx_local
    environment:
     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
     - TPOT_TYPE=${TPOT_TYPE:-HIVE}
@ -259,6 +289,8 @@ services:
    depends_on:
      tpotinit:
        condition: service_healthy
+    networks:
+     - nginx_local
    stop_signal: SIGKILL
    tty: true
    image: ${TPOT_REPO}/redis:${TPOT_VERSION}
@ -272,6 +304,8 @@ services:
    depends_on:
      tpotinit:
        condition: service_healthy
+    networks:
+     - nginx_local
    environment:
     - MAP_COMMAND=AttackMapServer.py
    stop_signal: SIGKILL
@ -288,6 +322,8 @@ services:
    depends_on:
      elasticsearch:
        condition: service_healthy
+    networks:
+     - nginx_local
    environment:
     - MAP_COMMAND=DataServer_v2.py
     - TPOT_ATTACKMAP_TEXT=${TPOT_ATTACKMAP_TEXT}
@ -339,9 +375,11 @@ services:
     - /var/tmp/nginx/scgi
     - /run
     - /var/lib/nginx/tmp:uid=100,gid=82
-    network_mode: "host"
+    networks:
+     - nginx_local
    ports:
     - "64297:64297"
+     - "64294:64294"
    image: ${TPOT_REPO}/nginx:${TPOT_VERSION}
    pull_policy: ${TPOT_PULL_POLICY}
    read_only: true
@ -359,7 +397,7 @@ services:
      tpotinit:
        condition: service_healthy
    networks:
-     - spiderfoot_local
+     - nginx_local
    ports:
     - "127.0.0.1:64303:8080"
    image: ${TPOT_REPO}/spiderfoot:${TPOT_VERSION}