-
Notifications
You must be signed in to change notification settings - Fork 3
/
docker-compose.yml
105 lines (104 loc) · 3.14 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: traefik-bad-bot-blocker
services:
traefik:
image: traefik:3.0
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.web.address=:80"
- "--accesslog=true"
- "--experimental.localPlugins.botblocker.moduleName=github.com/discoverygarden/traefik-ultimate-bad-bot-blocker"
ports:
- "8080:80"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./:/plugins-local/src/github.com/discoverygarden/traefik-ultimate-bad-bot-blocker"
networks:
test:
whoami:
image: traefik/whoami
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.http.routers.whoami.middlewares=botblocker@docker"
- "traefik.http.middlewares.botblocker.plugin.botblocker.ipblocklisturls[0]=https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/_generator_lists/bad-ip-addresses.list"
- "traefik.http.middlewares.botblocker.plugin.botblocker.ipblocklisturls[1]=http://lists/ip-blocklist"
- "traefik.http.middlewares.botblocker.plugin.botblocker.loglevel=INFO"
- "traefik.http.middlewares.botblocker.plugin.botblocker.useragentblocklisturls[0]=https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list"
- "traefik.http.middlewares.botblocker.plugin.botblocker.useragentblocklisturls[1]=http://lists/useragent-blocklist"
networks:
test:
allowed:
image: quay.io/curl/curl
external_links:
- traefik:whoami.example.com
entrypoint:
- /bin/sh
- -c
- |
while true; do
curl whoami.example.com 2>/dev/null | grep X-Real-Ip
sleep 5
done
networks:
test:
ipv4_address: 10.10.10.1
blocked-ip:
image: quay.io/curl/curl
external_links:
- traefik:whoami.example.com
entrypoint:
- /bin/sh
- -c
- |
while true; do
curl whoami.example.com 2>/dev/null
sleep 5
done
networks:
test:
ipv4_address: 10.10.10.2
blocked-agent:
image: quay.io/curl/curl
external_links:
- traefik:whoami.example.com
entrypoint:
- /bin/sh
- -c
- |
while true; do
curl -A 'Mozilla/5.0 (Nintendo WiiU) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.4.2.12 NintendoBrowser/4.3.1.11264.US' whoami.example.com 2>/dev/null
sleep 5
done
networks:
test:
ipv4_address: 10.10.10.3
blocked-cidr:
image: quay.io/curl/curl
external_links:
- traefik:whoami.example.com
entrypoint:
- /bin/sh
- -c
- |
while true; do
curl whoami.example.com 2>/dev/null
sleep 5
done
networks:
test:
ipv4_address: 10.10.20.2
lists:
image: nginx
volumes:
- ./fixtures/lists/:/usr/share/nginx/html
networks:
test:
networks:
test:
driver: bridge
ipam:
config:
- subnet: 10.10.0.0/16
gateway: 10.10.0.1