initial commit

Signed-off-by: ale <ale@manalejandro.com>

docker-compose.yml

@@ -0,0 +1,102 @@
+version: '3.8'
+
+services:
+  # Contenedor CSF Firewall
+  csf:
+    build:
+      context: .
+      dockerfile: Dockerfile.csf
+    container_name: csf-firewall
+    privileged: true
+    network_mode: host
+    restart: unless-stopped
+    volumes:
+      # Configuración persistente
+      - csf_config:/etc/csf
+      - csf_logs:/var/log/lfd
+      - csf_lib:/var/lib/csf
+      # Acceso a logs del sistema host (opcional)
+      - /var/log:/var/log/host:ro
+    environment:
+      - CSF_CONFIG_PATH=/etc/csf
+      - CSF_LOG_PATH=/var/log/lfd
+      - DEBIAN_FRONTEND=noninteractive
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+      - SYS_MODULE
+      - SYS_ADMIN
+    devices:
+      - /dev/net/tun
+    healthcheck:
+      test: ["CMD", "/usr/local/csf/bin/csf", "--status"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+
+  # Contenedor Web Interface
+  csf-web:
+    build:
+      context: .
+      dockerfile: Dockerfile.web
+    container_name: csf-web-interface
+    restart: unless-stopped
+    ports:
+      - "3000:3000"
+    volumes:
+      # Acceso a archivos de configuración CSF
+      - csf_config:/etc/csf:ro
+      - csf_logs:/var/log/lfd:ro
+    environment:
+      - NODE_ENV=production
+      - PORT=3000
+      - HOSTNAME=0.0.0.0
+      - JWT_SECRET=${JWT_SECRET:-csf-web-secret-change-this}
+      - CSF_CONFIG_PATH=/etc/csf
+      - CSF_LOG_PATH=/var/log/lfd
+    depends_on:
+      csf:
+        condition: service_healthy
+    networks:
+      - csf-network
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+
+  # Servicio de monitoreo de logs (opcional)
+  log-monitor:
+    image: busybox
+    container_name: csf-log-monitor
+    restart: unless-stopped
+    volumes:
+      - csf_logs:/logs:ro
+    command: tail -f /logs/lfd.log
+    depends_on:
+      - csf
+    networks:
+      - csf-network
+
+# Redes
+networks:
+  csf-network:
+    driver: bridge
+    name: csf-network
+    ipam:
+      config:
+        - subnet: 172.20.0.0/24
+
+# Volúmenes persistentes
+volumes:
+  csf_config:
+    name: csf_config
+    driver: local
+  csf_logs:
+    name: csf_logs
+    driver: local
+  csf_lib:
+    name: csf_lib
+    driver: local