-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.local.yml
More file actions
executable file
·120 lines (116 loc) · 4.7 KB
/
Copy pathdocker-compose.local.yml
File metadata and controls
executable file
·120 lines (116 loc) · 4.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# ===========================================
# MynetworK - Multi-Source Network Dashboard
# Docker Compose - Local Build
# ===========================================
#
# Docker Compose configuration for LOCAL DEVELOPMENT
# This file builds the image locally for testing and development.
#
# For production deployment, use docker-compose.yml instead (uses pre-built image from registry)
#
# Usage:
# 1. Build and start:
# docker-compose -f docker-compose.local.yml up -d --build
#
# 2. With custom port (default: 7505):
# DASHBOARD_PORT=8080 docker-compose -f docker-compose.local.yml up -d
#
# 3. With environment file:
# docker-compose -f docker-compose.local.yml --env-file .env up -d
#
# 4. Stop and remove:
# docker-compose -f docker-compose.local.yml down
#
# Environment variables:
# DASHBOARD_PORT - Port to expose the dashboard (default: 7505)
# FREEBOX_HOST - Freebox server hostname (default: mafreebox.freebox.fr)
# JWT_SECRET - JWT secret for authentication (required in production)
# CONFIG_FILE_PATH - Path to external config file (optional)
services:
mynetwork-local:
build:
context: .
dockerfile: Dockerfile
container_name: mynetwork-local
ports:
- "${DASHBOARD_PORT:-3000}:3000"
environment:
#- NODE_ENV=production
#- PORT=3000
- DASHBOARD_PORT=${DASHBOARD_PORT:-3000}
- FREEBOX_HOST=${FREEBOX_HOST:-mafreebox.freebox.fr}
- FREEBOX_TOKEN_FILE=/app/data/freebox_token.json
# HOST_IP: IP address of the host machine on the local network
# If not set, the container will try to auto-detect, but may use container IP
# Example: HOST_IP=192.168.1.100
- HOST_IP=${HOST_IP:-192.168.1.150}
- TZ=${TZ:-Europe/Paris}
# ⚠️ SECURITE CRITIQUE : JWT_SECRET - Secret pour signer les tokens JWT
#
# IMPORTANT : Ne JAMAIS utiliser la valeur par défaut en production !
# Le secret par défaut est uniquement pour le développement.
#
# Pour générer un secret sécurisé (minimum 32 caractères) :
# Linux/Mac: openssl rand -base64 32
# PowerShell: [Convert]::ToBase64String((1..32 | ForEach-Object { Get-Random -Maximum 256 }))
#
# Méthodes de configuration :
# 1. Fichier .env (recommandé) :
# Créez un fichier .env avec : JWT_SECRET=votre_secret_genere
# Puis lancez : docker-compose -f docker-compose.local.yml --env-file .env up -d --build
#
# 2. Variable d'environnement système :
# export JWT_SECRET=$(openssl rand -base64 32)
# docker-compose -f docker-compose.local.yml up -d --build
#
# 3. Ligne de commande :
# JWT_SECRET=votre_secret docker-compose -f docker-compose.local.yml up -d --build
#
# Exemple de secret généré : aB3xK9mP2vQ7wR5tY8uI0oP1aS6dF4gH7jK2lM9nB0vC3xZ6
- JWT_SECRET=${JWT_SECRET:-change-me-in-production-please-use-strong-secret}
- CONFIG_FILE_PATH=${CONFIG_FILE_PATH:-/app/config/mynetwork.conf}
volumes:
# Persistent storage for Freebox authentication token and database
- mynetwork_data_local:/app/data
# Mount host /proc and /sys (read-only) for CPU, memory, network stats, ARP table, hostname
- /proc:/host/proc:ro
- /sys:/host/sys:ro
# Mount specific host files needed for hostname resolution and system info
- /etc/hostname:/host/etc/hostname:ro
- /etc/hosts:/host/etc/hosts:ro
# ⚠️ SECURITY: Docker socket (optional, disabled by default — see docker-compose.yml for details)
# - /var/run/docker.sock:/var/run/docker.sock:ro
# ⚠️ SECURITY: Full host root mount (optional — only needed for host disk usage)
# - /:/host:ro
# Optional: Mount external configuration file
# Uncomment the line below to use an external config file
# - ./config/mynetwork.conf:/app/config/mynetwork.conf:ro
# Network capabilities required for network scanning (ping, arp)
# ⚠️ SECURITY: See docker-compose.yml for details on these capabilities
cap_add:
- NET_RAW
- NET_ADMIN
- SETUID
- SETGID
cap_drop:
- ALL
restart: unless-stopped
# Health check (use 127.0.0.1 instead of localhost to avoid IPv6 issues)
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:3000/api/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# Uncomment to limit resources (optional)
# deploy:
# resources:
# limits:
# cpus: '1'
# memory: 512M
# reservations:
# cpus: '0.5'
# memory: 256M
volumes:
mynetwork_data_local:
name: mynetwork_data_local