senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/config/docker/docker-compose.local.yml
senke c0e2fe2e12 fix(v0.12.6.1): remediate remaining 15 MEDIUM + LOW pentest findings 
MEDIUM-002: Remove manual X-Forwarded-For parsing in metrics_protection.go,
  use c.ClientIP() only (respects SetTrustedProxies)
MEDIUM-003: Pin ClamAV Docker image to 1.4 across all compose files
MEDIUM-004: Add clampLimit(100) to 15+ handlers that parsed limit directly
MEDIUM-006: Remove unsafe-eval from CSP script-src on Swagger routes
MEDIUM-007: Pin all GitHub Actions to SHA in 11 workflow files
MEDIUM-008: Replace rabbitmq:3-management-alpine with rabbitmq:3-alpine in prod
MEDIUM-009: Add trial-already-used check in subscription service
MEDIUM-010: Add 60s periodic token re-validation to WebSocket connections
MEDIUM-011: Mask email in auth handler logs with maskEmail() helper
MEDIUM-012: Add k-anonymity threshold (k=5) to playback analytics stats
LOW-001: Align frontend password policy to 12 chars (matching backend)
LOW-003: Replace deprecated dotenv with dotenvy crate in Rust stream server
LOW-004: Enable xpack.security in Elasticsearch dev/local compose files
LOW-005: Accept context.Context in CleanupExpiredSessions instead of Background()
LOW-002: Noted — Hyperswitch version update deferred (requires payment integration tests)

29/30 findings remediated. 1 noted (LOW-002).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 06:13:38 +01:00

122 lines
3.2 KiB
YAML
Raw Blame History

version: '3.8'
services:
# Base de données PostgreSQL
postgres:
image: postgres:15-alpine
container_name: veza-postgres-local
environment:
POSTGRES_DB: veza_local
POSTGRES_USER: veza_user
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-devpassword}
ports:
- "5433:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
- ./scripts/database/init.sql:/docker-entrypoint-initdb.d/init.sql
networks:
- veza-network
# Cache Redis
redis:
image: redis:7-alpine
container_name: veza-redis-local
ports:
- "6379:6379"
volumes:
- redis_data:/data
networks:
- veza-network
# Monitoring - Prometheus
prometheus:
image: prom/prometheus:latest
container_name: veza-prometheus-local
ports:
- "9090:9090"
volumes:
- ./config/prometheus.yml:/etc/prometheus/prometheus.yml
- prometheus_data:/prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.retention.time=200h'
- '--web.enable-lifecycle'
networks:
- veza-network
# Monitoring - Grafana
grafana:
image: grafana/grafana:latest
container_name: veza-grafana-local
ports:
- "3000:3000"
environment:
GF_SECURITY_ADMIN_PASSWORD: admin
GF_USERS_ALLOW_SIGN_UP: "false"
volumes:
- grafana_data:/var/lib/grafana
- ./config/grafana/dashboards:/etc/grafana/provisioning/dashboards
- ./config/grafana/datasources:/etc/grafana/provisioning/datasources
networks:
- veza-network
# Logging - Elasticsearch
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.8.0
container_name: veza-elasticsearch-local
environment:
- discovery.type=single-node
# SECURITY(LOW-004): Enable xpack security. Set ELASTIC_PASSWORD in .env.
- xpack.security.enabled=true
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD:-devpassword}
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ports:
- "9200:9200"
volumes:
- elasticsearch_data:/usr/share/elasticsearch/data
networks:
- veza-network
# Logging - Kibana
kibana:
image: docker.elastic.co/kibana/kibana:8.8.0
container_name: veza-kibana-local
ports:
- "5601:5601"
environment:
ELASTICSEARCH_HOSTS: http://elasticsearch:9200
volumes:
- kibana_data:/usr/share/kibana/data
networks:
- veza-network
depends_on:
- elasticsearch
# Logging - Filebeat
filebeat:
image: docker.elastic.co/beats/filebeat:8.8.0
container_name: veza-filebeat-local
user: root
volumes:
- ./config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- veza-network
depends_on:
- elasticsearch
volumes:
postgres_data:
redis_data:
prometheus_data:
grafana_data:
elasticsearch_data:
kibana_data:
networks:
veza-network:
driver: bridge
Reference in a new issue View git blame Copy permalink