forked from sandialabs/wiretap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
110 lines (108 loc) · 3.04 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# network layout for wiretap testing
#
# ┌──────────┐
# │ server │
# │ │
# │ 10.1.0.2 │
# │ fd:1::2 ├┬───────────────────────┐
# ├──────────┼│ exposed network │
# ├──────────┼│ 10.1.0.0/16,fd:1::/64 │
# │ 10.1.0.3 ├┴───────────────────────┘
# │ fd:1::3 │
# │ │
# │ agent │
# │ │
# │ 10.2.0.3 │
# │ fd:2::3 ├┬───────────────────────┐
# ├──────────┼│ target network │
# ├──────────┼│ 10.2.0.0/16,fd:2::/64 │
# │ 10.2.0.4 ├┴───────────────────────┘
# │ fd:2::4 │
# │ │
# │ target │
# │ │
# │ 10.3.0.4 │
# │ fd:3::4 ├┬───────────────────────┐
# ├──────────┼│ target2 network │
# ├──────────┼│ 10.3.0.0/16,fd:3::/64 │
# │ 10.3.0.5 ├┴───────────────────────┘
# │ fd:3::5 │
# │ │
# │ target2 │
# └──────────┘
services:
server:
# build:
# context: .
# dockerfile: wiretap.Dockerfile
image: wiretap:latest
networks:
exposed:
ipv4_address: 10.1.0.2
ipv6_address: fd:1::2
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
environment:
- DISPLAY=host.docker.internal:0
agent:
depends_on:
- server
build:
context: .
dockerfile: wiretap-agent.Dockerfile
image: wiretap-agent:latest
networks:
exposed:
ipv4_address: 10.1.0.3
ipv6_address: fd:1::3
target:
ipv4_address: 10.2.0.3
ipv6_address: fd:2::3
environment:
- AGENT_PRIVATE_KEY=
- TUNNEL_SUBNET=172.16.0
- APIIRO_ENDPOINT=10.1.0.2:51820
- MAPPING_PREFIX=10.100.0
- MAPPING_HOSTS=10.2.0.4,example.com:443
- APIIRO_DOMAIN=app-staging.apiiro.com
- SKIP_SSL_VERIFY=true
- CONFIG_TOKEN=xxxAccessTokenxxx
- VERBOSE_LOGS=true
- RELAY_MTU=1300
target:
depends_on:
- agent
image: wiretap:latest
networks:
target:
ipv4_address: 10.2.0.4
ipv6_address: fd:2::4
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
networks:
exposed:
enable_ipv6: true
driver: bridge
name: exposed
ipam:
config:
- subnet: 10.1.0.0/16
gateway: 10.1.0.1
- subnet: fd:1::/64
gateway: fd:1::1
target:
enable_ipv6: true
driver: bridge
name: target
ipam:
config:
- subnet: 10.2.0.0/16
gateway: 10.2.0.1
- subnet: fd:2::/64
gateway: fd:2::1