runtipi-appstore/apps/wazuh-runtipi/docker-compose.json

{
  "schemaVersion": 2,
  "services": [
    {
      "name": "wazuh-certs",
      "image": "wazuh/wazuh-certs-generator:0.0.3",
      "hostname": "wazuh-certs-generator",
      "entrypoint": [
        "sh",
        "/scripts/init-certs.sh"
      ],
      "environment": [
        {
          "key": "CERT_TOOL_VERSION",
          "value": "4.14"
        }
      ],
      "volumes": [
        {
          "hostPath": "${APP_DATA_DIR}/data/config",
          "containerPath": "/config"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/config/wazuh_ssl_certs",
          "containerPath": "/certificates"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/indexer-data",
          "containerPath": "/indexer-data"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/manager-api",
          "containerPath": "/manager-api"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/manager-logs",
          "containerPath": "/manager-logs"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/manager-queue",
          "containerPath": "/manager-queue"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/dashboard-config",
          "containerPath": "/dashboard-config"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/indexer-security",
          "containerPath": "/indexer-security"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/scripts",
          "containerPath": "/scripts"
        }
      ],
      "healthCheck": {
        "test": "test -f /certificates/root-ca.pem",
        "interval": "5s",
        "timeout": "5s",
        "retries": 10
      }
    },
    {
      "name": "wazuh-indexer",
      "image": "wazuh/wazuh-indexer:4.14.1",
      "hostname": "wazuh.indexer",
      "user": "1000:1000",
      "depends_on": {
        "wazuh-certs": {
          "condition": "service_healthy"
        }
      },
      "environment": [
        {
          "key": "OPENSEARCH_JAVA_OPTS",
          "value": "-Xms1g -Xmx1g"
        },
        {
          "key": "bootstrap.memory_lock",
          "value": "true"
        },
        {
          "key": "network.host",
          "value": "wazuh.indexer"
        },
        {
          "key": "node.name",
          "value": "wazuh.indexer"
        },
        {
          "key": "cluster.initial_cluster_manager_nodes",
          "value": "wazuh.indexer"
        },
        {
          "key": "node.max_local_storage_nodes",
          "value": "1"
        },
        {
          "key": "plugins.security.allow_default_init_securityindex",
          "value": "true"
        },
        {
          "key": "NODES_DN",
          "value": "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
        },
        {
          "key": "plugins.security.ssl.http.clientauth_mode",
          "value": "OPTIONAL"
        }
      ],
      "ulimits": {
        "memlock": {
          "soft": -1,
          "hard": -1
        },
        "nofile": {
          "soft": 65536,
          "hard": 65536
        }
      },
      "volumes": [
        {
          "hostPath": "${APP_DATA_DIR}/data/indexer-data",
          "containerPath": "/var/lib/wazuh-indexer"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/config/wazuh_ssl_certs",
          "containerPath": "/usr/share/wazuh-indexer/config/certs"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/indexer-security",
          "containerPath": "/usr/share/wazuh-indexer/opensearch-security"
        }
      ],
      "healthCheck": {
        "test": "curl -ks https://wazuh.indexer:9200 -u ${INDEXER_USERNAME:-admin}:${INDEXER_PASSWORD:-admin}",
        "interval": "10s",
        "timeout": "5s",
        "retries": 15,
        "startPeriod": "120s"
      }
    },
    {
      "name": "wazuh-indexer-init",
      "image": "wazuh/wazuh-indexer:4.14.1",
      "hostname": "wazuh-indexer-init",
      "depends_on": {
        "wazuh-indexer": {
          "condition": "service_healthy"
        }
      },
      "entrypoint": [
        "bash",
        "/scripts/init-indexer-init.sh"
      ],
      "volumes": [
        {
          "hostPath": "${APP_DATA_DIR}/data/config/wazuh_ssl_certs",
          "containerPath": "/usr/share/wazuh-indexer/config/certs"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/indexer-security",
          "containerPath": "/mnt/host-security"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/scripts",
          "containerPath": "/scripts"
        }
      ],
      "healthCheck": {
        "test": "test -f /mnt/host-security/.init-complete",
        "interval": "5s",
        "timeout": "5s",
        "retries": 60,
        "startPeriod": "120s"
      }
    },
    {
      "name": "wazuh-manager",
      "image": "wazuh/wazuh-manager:4.14.1",
      "hostname": "wazuh.manager",
      "entrypoint": [
        "bash",
        "/scripts/init-manager.sh"
      ],
      "depends_on": {
        "wazuh-indexer-init": {
          "condition": "service_healthy"
        }
      },
      "environment": [
        {
          "key": "WAZUH_INDEXER_HOSTS",
          "value": "wazuh.indexer:9200"
        },
        {
          "key": "WAZUH_NODE_NAME",
          "value": "manager"
        },
        {
          "key": "WAZUH_CLUSTER_NODES",
          "value": "wazuh.manager"
        },
        {
          "key": "WAZUH_CLUSTER_BIND_ADDR",
          "value": "wazuh.manager"
        },
        {
          "key": "INDEXER_URL",
          "value": "https://wazuh.indexer:9200"
        },
        {
          "key": "INDEXER_USERNAME",
          "value": "${INDEXER_USERNAME:-admin}"
        },
        {
          "key": "INDEXER_PASSWORD",
          "value": "${INDEXER_PASSWORD:-admin}"
        },
        {
          "key": "FILEBEAT_SSL_VERIFICATION_MODE",
          "value": "full"
        },
        {
          "key": "SSL_CERTIFICATE_AUTHORITIES",
          "value": "/var/ossec/etc/certs/root-ca.pem"
        },
        {
          "key": "SSL_CERTIFICATE",
          "value": "/var/ossec/etc/certs/server.pem"
        },
        {
          "key": "SSL_KEY",
          "value": "/var/ossec/etc/certs/server-key.pem"
        },
        {
          "key": "API_USERNAME",
          "value": "wazuh-wui"
        },
        {
          "key": "API_PASSWORD",
          "value": "${API_PASSWORD:-MyS3cr37P450r.*-}"
        }
      ],
      "ulimits": {
        "memlock": {
          "soft": -1,
          "hard": -1
        },
        "nofile": {
          "soft": 655360,
          "hard": 655360
        }
      },
      "addPorts": [
        {
          "containerPort": 1514,
          "hostPort": 1514,
          "tcp": true
        },
        {
          "containerPort": 1515,
          "hostPort": 1515,
          "tcp": true
        },
        {
          "containerPort": 514,
          "hostPort": 514,
          "udp": true
        },
        {
          "containerPort": 55000,
          "hostPort": 55000,
          "tcp": true
        }
      ],
      "volumes": [
        {
          "hostPath": "${APP_DATA_DIR}/data/manager-api",
          "containerPath": "/var/ossec/api/configuration"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/manager-etc",
          "containerPath": "/var/ossec/etc/custom"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/manager-logs",
          "containerPath": "/var/ossec/logs"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/manager-queue",
          "containerPath": "/var/ossec/queue"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/config/wazuh_ssl_certs",
          "containerPath": "/var/ossec/etc/certs"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/scripts",
          "containerPath": "/scripts"
        }
      ],
      "healthCheck": {
        "test": "/var/ossec/bin/wazuh-control status | grep -E 'wazuh-db is running|wazuh-analysisd is running|wazuh-remoted is running' | wc -l | grep -q 3",
        "interval": "30s",
        "timeout": "10s",
        "retries": 10,
        "startPeriod": "180s"
      }
    },
    {
      "name": "wazuh-dashboard",
      "image": "wazuh/wazuh-dashboard:4.14.1",
      "hostname": "wazuh.dashboard",
      "entrypoint": [
        "bash",
        "/scripts/init-dashboard.sh"
      ],
      "isMain": true,
      "internalPort": "5601",
      "depends_on": {
        "wazuh-indexer-init": {
          "condition": "service_healthy"
        },
        "wazuh-manager": {
          "condition": "service_healthy"
        }
      },
      "environment": [
        {
          "key": "SERVER_HOST",
          "value": "0.0.0.0"
        },
        {
          "key": "OPENSEARCH_HOSTS",
          "value": "https://wazuh.indexer:9200"
        },
        {
          "key": "INDEXER_USERNAME",
          "value": "${INDEXER_USERNAME:-admin}"
        },
        {
          "key": "INDEXER_PASSWORD",
          "value": "${INDEXER_PASSWORD:-admin}"
        },
        {
          "key": "WAZUH_API_URL",
          "value": "https://wazuh.manager"
        },
        {
          "key": "DASHBOARD_USERNAME",
          "value": "${DASHBOARD_USERNAME:-kibanaserver}"
        },
        {
          "key": "DASHBOARD_PASSWORD",
          "value": "${DASHBOARD_PASSWORD:-kibanaserver}"
        },
        {
          "key": "API_USERNAME",
          "value": "wazuh-wui"
        },
        {
          "key": "API_PASSWORD",
          "value": "${API_PASSWORD:-MyS3cr37P450r.*-}"
        },
        {
          "key": "SERVER_SSL_CERTIFICATE",
          "value": "/usr/share/wazuh-dashboard/config/certs/dashboard.pem"
        },
        {
          "key": "SERVER_SSL_KEY",
          "value": "/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem"
        },
        {
          "key": "OPENSEARCH_SSL_CERTIFICATE_AUTHORITIES",
          "value": "/usr/share/wazuh-dashboard/config/certs/root-ca.pem"
        }
      ],
      "volumes": [
        {
          "hostPath": "${APP_DATA_DIR}/data/config/wazuh_ssl_certs",
          "containerPath": "/usr/share/wazuh-dashboard/config/certs"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/dashboard-config",
          "containerPath": "/usr/share/wazuh-dashboard/config/custom"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/dashboard-custom",
          "containerPath": "/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom"
        },
        {
          "hostPath": "${APP_DATA_DIR}/data/scripts",
          "containerPath": "/scripts"
        }
      ],
      "healthCheck": {
        "test": "curl -ks https://localhost:5601/app/wazuh -o /dev/null -w '%{http_code}' | grep -qE '302|200' || exit 1",
        "interval": "30s",
        "timeout": "10s",
        "retries": 15,
        "startPeriod": "240s"
      }
    }
  ]
}