--- services: wazuh.manager: image: docker.io/wazuh/wazuh-manager:4.12.0 container_name: wazuh-prod-1-manager hostname: wazuh.manager ulimits: memlock: soft: -1 hard: -1 nofile: soft: 655360 hard: 655360 ports: - "1514:1514" - "1515:1515" - "514:514/udp" - "55000:55000" environment: - INDEXER_URL=https://wazuh.indexer:9200 - INDEXER_USERNAME=${INDEXER_USERNAME:?error} - INDEXER_PASSWORD=${INDEXER_PASSWORD:?error} - FILEBEAT_SSL_VERIFICATION_MODE=full - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - SSL_KEY=/etc/ssl/filebeat.key - API_USERNAME=${API_USERNAME:?error} - API_PASSWORD=${API_PASSWORD:?error} volumes: - wazuh_api_configuration:/var/ossec/api/configuration - wazuh_etc:/var/ossec/etc - wazuh_logs:/var/ossec/logs - wazuh_queue:/var/ossec/queue - wazuh_var_multigroups:/var/ossec/var/multigroups - wazuh_integrations:/var/ossec/integrations - wazuh_active_response:/var/ossec/active-response/bin - wazuh_agentless:/var/ossec/agentless - wazuh_wodles:/var/ossec/wodles - filebeat_etc:/etc/filebeat - filebeat_var:/var/lib/filebeat - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf # --> (Optional) For custom rules # - ./config/rules/local_rules.xml:/var/ossec/etc/rules/local_rules.xml:ro # <-- # --> (Optional) When using traefik # networks: # - frontend # <-- # --> (Optional) When using a separate backend network # - backend # <-- restart: unless-stopped wazuh.indexer: image: docker.io/wazuh/wazuh-indexer:4.12.0 container_name: wazuh-prod-1-indexer hostname: wazuh.indexer ports: - "9200:9200" environment: - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 volumes: - wazuh-indexer-data:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml # --> (Optional) When using traefik # networks: # - frontend # <-- # --> (Optional) When using a separate backend network # - backend # <-- restart: unless-stopped wazuh.dashboard: image: docker.io/wazuh/wazuh-dashboard:4.12.0 container_name: wazuh-prod-1-dashboard hostname: wazuh.dashboard # --> (Optional) Remove the port mapping when using traefik ports: - 4443:5601 # <-- environment: - INDEXER_USERNAME=${INDEXER_USERNAME:?error} - INDEXER_PASSWORD=${INDEXER_PASSWORD:?error} - WAZUH_API_URL=https://wazuh.manager - DASHBOARD_USERNAME=${DASHBOARD_USERNAME:?error} - DASHBOARD_PASSWORD=${DASHBOARD_PASSWORD:?error} - API_USERNAME=${API_USERNAME:?error} - API_PASSWORD=${API_PASSWORD:?error} volumes: - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom # --> (Optional) When using traefik # labels: # - traefik.enable=true # - traefik.http.routers.wazuh-prod-1-https.entrypoints=websecure # - traefik.http.routers.wazuh-prod-1-https.rule=Host(`wazuh-prod-1.srv-prod-1.home.clcreative.de`) # - traefik.http.routers.wazuh-prod-1-https.tls=true # - traefik.http.routers.wazuh-prod-1-https.tls.certresolver=cloudflare # - traefik.http.services.wazuh-prod-1-service.loadbalancer.server.port=5601 # - traefik.http.services.wazuh-prod-1-service.loadbalancer.server.scheme=https # networks: # - frontend # <-- # --> (Optional) When using a separate backend network # - backend # <-- depends_on: - wazuh.indexer restart: unless-stopped # --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required # postfix: # image: docker.io/mwader/postfix-relay:1.1.39 # environment: # - POSTFIX_myhostname=postfix # volumes: # - ./config/postfix-relay/main.cf:/etc/postfix/main.cf:ro # - ./config/postfix-relay/sasl_passwd:/etc/postfix/sasl_passwd:rw # <-- (Optional) Remove when using inline credentials # - postfix_data:/etc/postfix # networks: # - backend # restart: unless-stopped # <-- volumes: wazuh_api_configuration: wazuh_etc: wazuh_logs: wazuh_queue: wazuh_var_multigroups: wazuh_integrations: wazuh_active_response: wazuh_agentless: wazuh_wodles: filebeat_etc: filebeat_var: wazuh-indexer-data: wazuh-dashboard-config: wazuh-dashboard-custom: # --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required # postfix_data: # <-- # --> (Optional) When using traefik # networks: # frontend: # external: true # <-- # --> (Optional) When using a separate backend network # backend: # external: true # <--