Last active
April 1, 2026 13:46
-
-
Save FlorianHeigl/d5c5dea1690243384579b6ee323be834 to your computer and use it in GitHub Desktop.
docker compose verinice
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| services: | |
| webapp: | |
| image: tomcat:9-jdk17-temurin-noble | |
| volumes: | |
| # deploymenttarget | |
| - verinice_webapp:/usr/local/tomcat/webapps | |
| - ./target/veriniceserver-plain.properties.local:/usr/local/tomcat/conf/veriniceserver-plain.properties.local | |
| # deploymentfile | |
| # evtl muss das noch per startscript angepasst werden | |
| # weil die .war am ende weg sein muesste, damit er nicht immer wieder | |
| # deployments macht | |
| - ./target/context.xml:/usr/local/tomcat/conf/context.xml | |
| - ./target/veriniceserver-${VERSION}.war:/usr/local/tomcat/webapps/verinice.war | |
| # passwoerter und port hier, versaut die permissions auf den deployment dirs | |
| #- ./target/veriniceserver-plain.properties.local:/usr/local/tomcat/webapps/verinice/WEB-INF/veriniceserver-plain.properties.local | |
| # logs | |
| - ./logs/webapp:/usr/local/tomcat/logs | |
| ports: | |
| - ${VPNIP}:8081:8080 | |
| environment: | |
| # das wird gesetzt aber dann vom deployment ignoriert | |
| - CATALINA_OPTS=-Djdbc.url=jdbc:postgresql://db:5432/verinicedb | |
| depends_on: | |
| - db | |
| db: | |
| image: postgres:17.7-alpine3.23 | |
| volumes: | |
| - pghome:/var/lib/postgresql | |
| # seed datei wird nur beim container erstellen reingeladen | |
| # initdb per se laeuft genau davor | |
| # https://docs.docker.com/guides/pre-seeding/ | |
| # SQL muss vorher konvertiert werden, siehe verinice doku: | |
| # docker-install/#datenbank | |
| - ./target/initdb.d:/docker-entrypoint-initdb.d | |
| # logs | |
| # gehen per default nach stdout | |
| - ./logs/db:/var/lib/postgresql/17/data/pg_log | |
| expose: | |
| - 5432 | |
| environment: | |
| - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} | |
| - VERINICE_PASSWORD=${VERINICE_PASSWORD} | |
| volumes: | |
| pghome: | |
| verinice_webapp: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -e | |
| # convert bin schema | |
| # if there's no compendium.sql AND there's a compendium.sql.bin | |
| # AND if this directory is writeable | |
| pg_restore -f verinicedb-compendium.sql verinicedb-compendium.sql.bin | |
| # create DB user | |
| # unsure if PW encrypted + what pghba settings are in effect | |
| # (we only talk via dedicated backend net, but that's no reason to | |
| # not safely store passwords | |
| psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL | |
| CREATE ROLE verinice WITH | |
| LOGIN | |
| NOSUPERUSER | |
| NOCREATEDB | |
| NOCREATEROLE | |
| NOINHERIT | |
| NOREPLICATION | |
| CONNECTION LIMIT -1 | |
| PASSWORD '${VERINICE_PASSWORD}'; | |
| EOSQL | |
| psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL | |
| CREATE DATABASE verinicedb; | |
| ALTER DATABASE verinicedb OWNER TO verinice; | |
| GRANT ALL PRIVILEGES ON DATABASE verinicedb TO verinice; | |
| GRANT ALL PRIVILEGES ON SCHEMA public TO verinice; | |
| EOSQL | |
| # unused | |
| # CREATE USER verinice with encrypted password 'verinice'; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment