composer/anvil.yaml
## ANVIL CONTAINER
anvil_proxy:
depends_on:
- consul
restart: always
image: opsforge/nginx-auth:latest
entrypoint: sh
# Add htpassword here: http://www.htaccesstools.com/htpasswd-generator/ (example below is username=username password=password) - make sure to escape $ signs with $$HTPASSWD: 'username:$$apr1$$3X/xufbq$$xBqXarJxuOD0AMXJ4OYin.'
command:
- -c
- |
cat <<EOF> /etc/nginx/conf.d/default.conf
server {
listen 80 default_server;
location / {
auth_basic "Feed me passwords";
auth_basic_user_file auth.htpasswd;
proxy_connect_timeout 7d;
proxy_read_timeout 7d;
proxy_send_timeout 7d;
proxy_pass http://anvil:5757;
proxy_http_version 1.1;
proxy_set_header Host \$$host;
proxy_set_header Upgrade \$$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Origin "\$$scheme://\$$host";
}
}
EOF
cat <<EOF> /etc/nginx/auth.htpasswd
username:\$$apr1\$$3X/xufbq\$$xBqXarJxuOD0AMXJ4OYin.
EOF
# cat /etc/nginx/conf.d/default.conf
# cat /etc/nginx/auth.htpasswd
nginx -g "daemon off;"
ports:
- 8001:80
expose:
- 80
networks:
- consul
anvil:
depends_on:
- consul
- anvil_proxy
restart: always
privileged: true
image: opsforge/anvil
# Replace the values in the following command with your values. Further details in the readme.
entrypoint: /bin/zsh
command:
- -c
- |
/root/entrypoint.sh \
--proxy \
--shell='zsh' \
--fullname='My.Name' \
--myemail='my.name@email.io' \
--pastebinurl='https://pastebin.com/raw/38bgGTK7' \
--giturlwithcred='https://user:password@git.org/org/project.git'
ports:
- 8101:3501
- 8102:3502
expose:
# These ports are added to make the RDP forwarding work
- 5757
- 3501
- 3502
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./repos:/root/repos
networks:
- guac
- splunk
- concourse4
- consul
- ansible
- es
## CONSUL
consul:
restart: unless-stopped
command: consul agent -server -ui -bootstrap-expect=1 -data-dir=/consul/data -bind=0.0.0.0 -client=0.0.0.0 -datacenter=opsforge -node=consul_master
image: consul
environment:
- 'CONSUL_LOCAL_CONFIG={"skip_leave_on_interrupt": true}'
expose:
- 8600
- 8500
- 8300
ports:
- 8500:8500
networks:
- consul
# deskible:
# restart: unless-stopped
# image: opsforge/deskible
# ports:
# - 8004:80
# expose:
# - 80
# volumes:
# - ./deskible:/usr/share/nginx/html
## CONSUL SIDEKICK
consul_anvil:
restart: unless-stopped
command:
- /bin/sh
- -c
- |
cat <<EOF> /etc/consul.json
{
"services": [
{
"id": "anvil_shell_1",
"name": "anvil_web_shell",
"tags": ["anvil","linux shell"],
"address": "localhost",
"meta": {
"meta": "access anvil from a browser"
},
"port": 8001,
"checks": [
{
"id": "shell_check",
"name": "remote shell tcp check",
"tcp": "anvil:5757",
"interval": "10s",
"timeout": "3s"
}
],
"weights": {
"passing": 1,
"warning": 1
}
},
{
"id": "anvil_tcp_fw_1",
"name": "anvil_tcp_forwarder_socket_1",
"tags": ["anvil","tcp forwarding"],
"address": "anvil",
"meta": {
"meta": "used with ssh tunnels in guacamole or for regular port forwarding"
},
"port": 3501,
"checks": [
{
"id": "rdp_check_1",
"name": "tcp check on port 3501",
"tcp": "anvil:3501",
"interval": "10s",
"timeout": "3s"
}
],
"weights": {
"passing": 1,
"warning": 1
}
},
{
"id": "anvil_tcp_fw_on_host_1",
"name": "anvil_tcp_forwarder_socket_on_host1",
"tags": ["anvil","tcp forwarding"],
"address": "localhost",
"meta": {
"meta": "used on the host machine to access the port forwarding"
},
"port": 8101
},
{
"id": "anvil_tcp_fw_2",
"name": "anvil_tcp_forwarder_socket_2",
"tags": ["anvil","tcp forwarding"],
"address": "anvil",
"meta": {
"meta": "used with ssh tunnels in guacamole or for regular port forwarding"
},
"port": 3501,
"checks": [
{
"id": "rdp_check_2",
"name": "tcp check on port 3502",
"tcp": "anvil:3502",
"interval": "10s",
"timeout": "3s"
}
],
"weights": {
"passing": 1,
"warning": 1
}
},
{
"id": "anvil_tcp_fw_on_host_2",
"name": "anvil_tcp_forwarder_socket_on_host2",
"tags": ["anvil","tcp forwarding"],
"address": "localhost",
"meta": {
"meta": "used on the host machine to access the port forwarding"
},
"port": 8102
}
]
}
EOF
consul_if=$$(getent hosts consul | cut -d ' ' -f 1 | cut -d '.' -f1-2 | cut -d ' ' -f3)
consul_addr=$$(ip addr | grep $$consul_if | grep inet | sed 's/.*inet.//' | sed 's/\ brd.*//' | sed 's/\/.*//')
consul agent -retry-join "consul" -bind=$$consul_addr -data-dir=/etc/consul/data -datacenter=opsforge -node=anvil -config-file=/etc/consul.json
image: consul
networks:
- consul