services: mysql: platform: ${FLEET_MYSQL_PLATFORM:-linux/x86_64} image: mysql:5.7 environment: MYSQL_ROOT_PASSWORD: toor MYSQL_DATABASE: fleet MYSQL_USER: fleet MYSQL_PASSWORD: fleet ports: - "3306" redis: image: redis:6 # reverse proxy and tls termination for fleet-a and fleet-b fleet: image: nginx volumes: # don't mount the config. These will be copied manually so that # we can reload nginx without recreating containers and getting a new public port each time. # - ./nginx/fleet-a.conf:/etc/nginx/conf.d/default.conf - ./fleet.crt:/etc/nginx/fleet.crt - ./fleet.key:/etc/nginx/fleet.key ports: - "443" fleet-a: &default-fleet image: fleetdm/fleet:${FLEET_VERSION_A:-latest} environment: FLEET_MYSQL_ADDRESS: mysql:3306 FLEET_MYSQL_DATABASE: fleet FLEET_MYSQL_USERNAME: fleet FLEET_MYSQL_PASSWORD: fleet FLEET_REDIS_ADDRESS: redis:6379 FLEET_SERVER_ADDRESS: 0.0.0.0:8080 FLEET_SERVER_TLS: 'false' FLEET_LOGGING_JSON: 'true' FLEET_LICENSE_KEY: ${FLEET_LICENSE_KEY} FLEET_OSQUERY_LABEL_UPDATE_INTERVAL: 1m FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS: "yes" FLEET_VULNERABILITIES_DATABASES_PATH: /fleet/vulndb FLEET_VULNERABILITIES_PERIODICITY: 5m FLEET_LOGGING_DEBUG: 'true' # This can be configured for testing purposes but otherwise uses the # typical default of provided. FLEET_OSQUERY_HOST_IDENTIFIER: ${FLEET_OSQUERY_HOST_IDENTIFIER:-provided} ports: - "8080" depends_on: - mysql - redis # Uses a different version than fleet-a fleet-b: <<: *default-fleet image: fleetdm/fleet:${FLEET_VERSION_B:-latest} osquery: image: "osquery/osquery:4.7.0-ubuntu20.04" volumes: - ./fleet.crt:/etc/osquery/fleet.crt - ./osquery.flags:/etc/osquery/osquery.flags environment: ENROLL_SECRET: "${ENROLL_SECRET}" command: osqueryd --flagfile=/etc/osquery/osquery.flags