version: '3.8' services: # Contenedor CSF Firewall csf: build: context: . dockerfile: Dockerfile.csf container_name: csf-firewall privileged: true network_mode: host restart: unless-stopped volumes: # Configuración persistente - csf_config:/etc/csf - csf_logs:/var/log/lfd - csf_lib:/var/lib/csf # Acceso a logs del sistema host (opcional) - /var/log:/var/log/host:ro environment: - CSF_CONFIG_PATH=/etc/csf - CSF_LOG_PATH=/var/log/lfd - DEBIAN_FRONTEND=noninteractive cap_add: - NET_ADMIN - NET_RAW - SYS_MODULE - SYS_ADMIN devices: - /dev/net/tun healthcheck: test: ["CMD", "/usr/local/csf/bin/csf", "--status"] interval: 30s timeout: 10s retries: 3 start_period: 30s # Contenedor Web Interface csf-web: build: context: . dockerfile: Dockerfile.web container_name: csf-web-interface restart: unless-stopped ports: - "3000:3000" volumes: # Acceso a archivos de configuración CSF - csf_config:/etc/csf:ro - csf_logs:/var/log/lfd:ro environment: - NODE_ENV=production - PORT=3000 - HOSTNAME=0.0.0.0 - JWT_SECRET=${JWT_SECRET:-csf-web-secret-change-this} - CSF_CONFIG_PATH=/etc/csf - CSF_LOG_PATH=/var/log/lfd depends_on: csf: condition: service_healthy networks: - csf-network healthcheck: test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"] interval: 30s timeout: 10s retries: 3 start_period: 30s # Servicio de monitoreo de logs (opcional) log-monitor: image: busybox container_name: csf-log-monitor restart: unless-stopped volumes: - csf_logs:/logs:ro command: tail -f /logs/lfd.log depends_on: - csf networks: - csf-network # Redes networks: csf-network: driver: bridge name: csf-network ipam: config: - subnet: 172.20.0.0/24 # Volúmenes persistentes volumes: csf_config: name: csf_config driver: local csf_logs: name: csf_logs driver: local csf_lib: name: csf_lib driver: local