tweaking nginx, ddospot:

- Remove ddospot from standard - Add ddospot only to tarpit - Decouple nginx from host mode, only export tcp/64297, tcp/64294 - Adjust editions accordingly - Keep LUA settings in Nginx config for now, just in case we find a different use case
2025-07-02 01:27:27 -04:00 · 2024-12-09 17:38:25 +01:00
parent a67a765dd7
commit e43e8277fc
10 changed files with 136 additions and 128 deletions
--- a/compose/tpot_services.yml
+++ b/compose/tpot_services.yml
@ -33,7 +33,7 @@ networks:
  sentrypeer_local:
  tanner_local:
  wordpot_local:
-  spiderfoot_local:
+  nginx_local:
  ewsposter_local:

 services:
@ -925,6 +925,8 @@ services:
    depends_on:
      tpotinit:
        condition: service_healthy
+    networks:
+     - nginx_local
    environment:
     - bootstrap.memory_lock=true
     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
@ -953,6 +955,8 @@ services:
    depends_on:
      elasticsearch:
        condition: service_healthy
+    networks:
+     - nginx_local
    mem_limit: 1g
    ports:
     - "127.0.0.1:64296:5601"
@ -966,6 +970,8 @@ services:
    depends_on:
      elasticsearch:
        condition: service_healthy
+    networks:
+     - nginx_local
    environment:
     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
     - TPOT_TYPE=${TPOT_TYPE:-HIVE}
@ -987,6 +993,8 @@ services:
    depends_on:
      tpotinit:
        condition: service_healthy
+    networks:
+     - nginx_local
    stop_signal: SIGKILL
    tty: true
    image: ${TPOT_REPO}/redis:${TPOT_VERSION}
@ -1000,6 +1008,8 @@ services:
    depends_on:
      tpotinit:
        condition: service_healthy
+    networks:
+     - nginx_local
    environment:
     - MAP_COMMAND=AttackMapServer.py
    stop_signal: SIGKILL
@ -1016,6 +1026,8 @@ services:
    depends_on:
      elasticsearch:
        condition: service_healthy
+    networks:
+     - nginx_local
    environment:
     - MAP_COMMAND=DataServer_v2.py
     - TPOT_ATTACKMAP_TEXT=${TPOT_ATTACKMAP_TEXT}
@ -1067,9 +1079,11 @@ services:
     - /var/tmp/nginx/scgi
     - /run
     - /var/lib/nginx/tmp:uid=100,gid=82
-    network_mode: "host"
+    networks:
+     - nginx_local
    ports:
     - "64297:64297"
+     - "64294:64294"
    image: ${TPOT_REPO}/nginx:${TPOT_VERSION}
    pull_policy: ${TPOT_PULL_POLICY}
    read_only: true
@ -1087,7 +1101,7 @@ services:
      tpotinit:
        condition: service_healthy
    networks:
-     - spiderfoot_local
+     - nginx_local
    ports:
     - "127.0.0.1:64303:8080"
    image: ${TPOT_REPO}/spiderfoot:${TPOT_VERSION}