csf-docker/docker-compose.yml

version: '3.8'

services:
  # Contenedor CSF Firewall
  csf:
    build:
      context: .
      dockerfile: Dockerfile.csf
    container_name: csf-firewall
    privileged: true
    network_mode: host
    restart: unless-stopped
    volumes:
      # Configuración persistente
      - csf_config:/etc/csf
      - csf_logs:/var/log/lfd
      - csf_lib:/var/lib/csf
      # Acceso a logs del sistema host (opcional)
      - /var/log:/var/log/host:ro
    environment:
      - CSF_CONFIG_PATH=/etc/csf
      - CSF_LOG_PATH=/var/log/lfd
      - DEBIAN_FRONTEND=noninteractive
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - SYS_MODULE
      - SYS_ADMIN
    devices:
      - /dev/net/tun
    healthcheck:
      test: ["CMD", "/usr/local/csf/bin/csf", "--status"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s

  # Contenedor Web Interface
  csf-web:
    build:
      context: .
      dockerfile: Dockerfile.web
    container_name: csf-web-interface
    restart: unless-stopped
    ports:
      - "3000:3000"
    volumes:
      # Acceso a archivos de configuración CSF
      - csf_config:/etc/csf:ro
      - csf_logs:/var/log/lfd:ro
    environment:
      - NODE_ENV=production
      - PORT=3000
      - HOSTNAME=0.0.0.0
      - JWT_SECRET=${JWT_SECRET:-csf-web-secret-change-this}
      - CSF_CONFIG_PATH=/etc/csf
      - CSF_LOG_PATH=/var/log/lfd
    depends_on:
      csf:
        condition: service_healthy
    networks:
      - csf-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s

  # Servicio de monitoreo de logs (opcional)
  log-monitor:
    image: busybox
    container_name: csf-log-monitor
    restart: unless-stopped
    volumes:
      - csf_logs:/logs:ro
    command: tail -f /logs/lfd.log
    depends_on:
      - csf
    networks:
      - csf-network

# Redes
networks:
  csf-network:
    driver: bridge
    name: csf-network
    ipam:
      config:
        - subnet: 172.20.0.0/24

# Volúmenes persistentes
volumes:
  csf_config:
    name: csf_config
    driver: local
  csf_logs:
    name: csf_logs
    driver: local
  csf_lib:
    name: csf_lib
    driver: local