marcelo-ochoa · May 23, 2018 13:05
diff --git a/docker-compose.yml b/docker-compose.yml
 version: '3.3'

 services:
  mysql:
    image: slab/pandorafms-mysql:v7.0NG.722.7677
    hostname: mysql
    volumes:
       - db_data:/var/lib/mysql
    restart: always
    environment:
      TZ: America/Argentina/Buenos_Aires
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PWD}
      MYSQL_DATABASE: pandora
      MYSQL_USER: pandora
      MYSQL_PASSWORD: ${MYSQL_DATABASE_PASSWORD} 
      MYSQL_ROOT_HOST: "%"
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: on-failure
        max_attempts: 3
        window: 120s
    networks:
      net:
        aliases:
          - mysql
  server:
    image: slab/pandorafms-server:v7.0NG.722.7677
    hostname: pandorafms-server
    volumes:
       - web_plugin:/var/www/html/pandora_console/attachment/plugin
    depends_on:
      - mysql
    ports:
      - "41121:41121"
    restart: always
    environment:
      TZ: America/Argentina/Buenos_Aires
      MYSQL_PORT_3306_TCP_ADDR: mysql
      MYSQL_PORT_3306_TCP_PORT: 3306
      PANDORA_DB_HOST: mysql
      PANDORA_DB_USER: pandora
      PANDORA_DB_PASSWORD: ${MYSQL_DATABASE_PASSWORD}
      PANDORA_DB_NAME: pandora
      PANDORA_SMTP_HOST: mail.exa.unicen.edu.ar
      PANDORA_SMTP_PORT: 25
      PANDORA_SMTP_FROM: [email protected]
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: on-failure
        max_attempts: 3
        window: 120s
    networks:
      net:
        aliases:
          - pandorafms-server
  cron:
    image: slab/pandorafms-server:v7.0NG.722.7677
    command: /run_cron.sh
    environment:
      TZ: America/Argentina/Buenos_Aires
      MYSQL_PORT_3306_TCP_ADDR: mysql
      MYSQL_PORT_3306_TCP_PORT: 3306
      PANDORA_DB_HOST: mysql
      PANDORA_DB_USER: pandora
      PANDORA_DB_PASSWORD: ${MYSQL_DATABASE_PASSWORD}
      PANDORA_DB_NAME: pandora
      PANDORA_SMTP_HOST: mail.exa.unicen.edu.ar
      PANDORA_SMTP_PORT: 25
      PANDORA_SMTP_FROM: [email protected]
    deploy:
      mode: replicated
      replicas: 0
      restart_policy:
        condition: none
    networks:
      net:
  web:
    image: slab/pandorafms-console:v7.0NG.722.7677
    hostname: monitoring.exa.unicen.edu.ar
    volumes:
       - web_certs:/etc/ssl/certs:ro
       - web_plugin:/var/www/html/pandora_console/attachment/plugin
    depends_on:
      - mysql
    restart: always
    environment:
      TZ: America/Argentina/Buenos_Aires
      VIRTUAL_HOST: "https://monitoring.exa.unicen.edu.ar"
      SERVICE_PORTS: "443"
      HEALTH_CHECK: "check ssl verify none"
      EXTRA_SETTINGS: "acl too_fast be_sess_rate gt 10,acl too_many be_conn gt 10,tcp-request inspect-delay 3s,tcp-request content accept if ! too_fast or ! too_many,tcp-request content accept if WAIT_END"
      PANDORA_DB_HOST: mysql
      PANDORA_DB_USER: pandora
      PANDORA_DB_PASSWORD: ${MYSQL_DATABASE_PASSWORD}
      PANDORA_DB_NAME: pandora
    networks:
      net:
        aliases:
          - pandorafms-console
      rproxy:
        aliases:
          - monitoring
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: on-failure
        max_attempts: 3
        window: 120s
    configs:
      - source: pandora_console_ssl
        target: /etc/httpd/conf.d/ssl.conf
        uid: '0'
        gid: '0'
        mode: 0644
 networks:
    net:
    rproxy:
        external:
            name: reverse_proxy
 configs:
    pandora_console_ssl:
        external: true
diff --git a/pandora_console_ssl.conf b/pandora_console_ssl.conf
 LoadModule ssl_module modules/mod_ssl.so
 Listen 443
 SSLPassPhraseDialog  builtin
 SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
 SSLSessionCacheTimeout  300
 SSLMutex default
 SSLRandomSeed startup file:/dev/urandom  256
 SSLRandomSeed connect builtin
 SSLCryptoDevice builtin
 <VirtualHost _default_:443>
 DocumentRoot "/var/www/html"
 ServerName monitoring.exa.unicen.edu.ar:443
 ErrorLog logs/ssl_error_log
 TransferLog logs/ssl_access_log
 LogLevel warn
 SSLEngine on
 SSLProtocol all -SSLv2
 SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
 SSLCertificateFile /etc/ssl/certs/live/exa.unicen.edu.ar/cert.pem
 SSLCertificateKeyFile /etc/ssl/certs/live/exa.unicen.edu.ar/privkey.pem
 SSLCertificateChainFile /etc/ssl/certs/live/exa.unicen.edu.ar/chain.pem
 <Files ~ "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
 </Files>
 <Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
 </Directory>
 SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
 CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 </VirtualHost>
	version: '3.3'

	services:
	mysql:
	image: slab/pandorafms-mysql:v7.0NG.722.7677
	hostname: mysql
	volumes:
	- db_data:/var/lib/mysql
	restart: always
	environment:
	TZ: America/Argentina/Buenos_Aires
	MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PWD}
	MYSQL_DATABASE: pandora
	MYSQL_USER: pandora
	MYSQL_PASSWORD: ${MYSQL_DATABASE_PASSWORD}
	MYSQL_ROOT_HOST: "%"
	deploy:
	mode: replicated
	replicas: 1
	restart_policy:
	condition: on-failure
	max_attempts: 3
	window: 120s
	networks:
	net:
	aliases:
	- mysql
	server:
	image: slab/pandorafms-server:v7.0NG.722.7677
	hostname: pandorafms-server
	volumes:
	- web_plugin:/var/www/html/pandora_console/attachment/plugin
	depends_on:
	- mysql
	ports:
	- "41121:41121"
	restart: always
	environment:
	TZ: America/Argentina/Buenos_Aires
	MYSQL_PORT_3306_TCP_ADDR: mysql
	MYSQL_PORT_3306_TCP_PORT: 3306
	PANDORA_DB_HOST: mysql
	PANDORA_DB_USER: pandora
	PANDORA_DB_PASSWORD: ${MYSQL_DATABASE_PASSWORD}
	PANDORA_DB_NAME: pandora
	PANDORA_SMTP_HOST: mail.exa.unicen.edu.ar
	PANDORA_SMTP_PORT: 25
	PANDORA_SMTP_FROM: [email protected]
	deploy:
	mode: replicated
	replicas: 1
	restart_policy:
	condition: on-failure
	max_attempts: 3
	window: 120s
	networks:
	net:
	aliases:
	- pandorafms-server
	cron:
	image: slab/pandorafms-server:v7.0NG.722.7677
	command: /run_cron.sh
	environment:
	TZ: America/Argentina/Buenos_Aires
	MYSQL_PORT_3306_TCP_ADDR: mysql
	MYSQL_PORT_3306_TCP_PORT: 3306
	PANDORA_DB_HOST: mysql
	PANDORA_DB_USER: pandora
	PANDORA_DB_PASSWORD: ${MYSQL_DATABASE_PASSWORD}
	PANDORA_DB_NAME: pandora
	PANDORA_SMTP_HOST: mail.exa.unicen.edu.ar
	PANDORA_SMTP_PORT: 25
	PANDORA_SMTP_FROM: [email protected]
	deploy:
	mode: replicated
	replicas: 0
	restart_policy:
	condition: none
	networks:
	net:
	web:
	image: slab/pandorafms-console:v7.0NG.722.7677
	hostname: monitoring.exa.unicen.edu.ar
	volumes:
	- web_certs:/etc/ssl/certs:ro
	- web_plugin:/var/www/html/pandora_console/attachment/plugin
	depends_on:
	- mysql
	restart: always
	environment:
	TZ: America/Argentina/Buenos_Aires
	VIRTUAL_HOST: "https://monitoring.exa.unicen.edu.ar"
	SERVICE_PORTS: "443"
	HEALTH_CHECK: "check ssl verify none"
	EXTRA_SETTINGS: "acl too_fast be_sess_rate gt 10,acl too_many be_conn gt 10,tcp-request inspect-delay 3s,tcp-request content accept if ! too_fast or ! too_many,tcp-request content accept if WAIT_END"
	PANDORA_DB_HOST: mysql
	PANDORA_DB_USER: pandora
	PANDORA_DB_PASSWORD: ${MYSQL_DATABASE_PASSWORD}
	PANDORA_DB_NAME: pandora
	networks:
	net:
	aliases:
	- pandorafms-console
	rproxy:
	aliases:
	- monitoring
	deploy:
	mode: replicated
	replicas: 1
	restart_policy:
	condition: on-failure
	max_attempts: 3
	window: 120s
	configs:
	- source: pandora_console_ssl
	target: /etc/httpd/conf.d/ssl.conf
	uid: '0'
	gid: '0'
	mode: 0644
	networks:
	net:
	rproxy:
	external:
	name: reverse_proxy
	configs:
	pandora_console_ssl:
	external: true
	LoadModule ssl_module modules/mod_ssl.so
	Listen 443
	SSLPassPhraseDialog builtin
	SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
	SSLSessionCacheTimeout 300
	SSLMutex default
	SSLRandomSeed startup file:/dev/urandom 256
	SSLRandomSeed connect builtin
	SSLCryptoDevice builtin
	<VirtualHost _default_:443>
	DocumentRoot "/var/www/html"
	ServerName monitoring.exa.unicen.edu.ar:443
	ErrorLog logs/ssl_error_log
	TransferLog logs/ssl_access_log
	LogLevel warn
	SSLEngine on
	SSLProtocol all -SSLv2
	SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
	SSLCertificateFile /etc/ssl/certs/live/exa.unicen.edu.ar/cert.pem
	SSLCertificateKeyFile /etc/ssl/certs/live/exa.unicen.edu.ar/privkey.pem
	SSLCertificateChainFile /etc/ssl/certs/live/exa.unicen.edu.ar/chain.pem
	<Files ~ "\.(cgi\|shtml\|phtml\|php)$">
	SSLOptions +StdEnvVars
	</Files>
	<Directory "/var/www/cgi-bin">
	SSLOptions +StdEnvVars
	</Directory>
	SetEnvIf User-Agent ".MSIE." \
	nokeepalive ssl-unclean-shutdown \
	downgrade-1.0 force-response-1.0
	CustomLog logs/ssl_request_log \
	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
	</VirtualHost>