From f2ac3c966dfee1dd1370a5d146133f0e279558c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 26 Feb 2026 08:33:36 +0100 Subject: [PATCH] Change: Use `compose.yaml` as canonical file name Docker compose uses `compose.yaml` as default file nowadays. See https://docs.docker.com/compose/intro/compose-application-model/#the-compose-file --- src/22.4/container/compose.yaml | 1 + src/22.4/container/docker-compose.yml | 1 - src/22.4/container/index.md | 8 +- src/_static/compose.yaml | 309 +++++++++++++++++++++++++ src/_static/docker-compose.yml | 310 +------------------------- src/changelog.md | 6 +- 6 files changed, 319 insertions(+), 316 deletions(-) create mode 120000 src/22.4/container/compose.yaml delete mode 120000 src/22.4/container/docker-compose.yml create mode 100644 src/_static/compose.yaml mode change 100644 => 120000 src/_static/docker-compose.yml diff --git a/src/22.4/container/compose.yaml b/src/22.4/container/compose.yaml new file mode 120000 index 00000000..db017e7d --- /dev/null +++ b/src/22.4/container/compose.yaml @@ -0,0 +1 @@ +../../_static/compose.yaml \ No newline at end of file diff --git a/src/22.4/container/docker-compose.yml b/src/22.4/container/docker-compose.yml deleted file mode 120000 index 4acec7c2..00000000 --- a/src/22.4/container/docker-compose.yml +++ /dev/null @@ -1 +0,0 @@ -../../_static/docker-compose.yml \ No newline at end of file diff --git a/src/22.4/container/index.md b/src/22.4/container/index.md index 36feb382..f948eba5 100644 --- a/src/22.4/container/index.md +++ b/src/22.4/container/index.md @@ -16,7 +16,7 @@ ## Docker Compose File ```{important} -Please always ensure to use the latest version of the `docker-compose.yml` file +Please always ensure to use the latest version of the `compose.yaml` file when following this guide. The file might get updates and important changes since your last download. ``` @@ -24,7 +24,7 @@ since your last download. To run the Greenbone Community Edition with containers, the following compose file should be used: -```{literalinclude} docker-compose.yml +```{literalinclude} compose.yaml --- language: yaml caption: "Docker Compose File" @@ -38,9 +38,9 @@ it can be downloaded with the following command directly: ```{code-block} shell --- -caption: Downloading docker-compose file +caption: Downloading Docker compose file --- -curl -f -O -L https://greenbone.github.io/docs/latest/_static/docker-compose.yml --output-dir "$DOWNLOAD_DIR" +curl -f -O -L https://greenbone.github.io/docs/latest/_static/compose.yaml --output-dir "$DOWNLOAD_DIR" ``` ### Description diff --git a/src/_static/compose.yaml b/src/_static/compose.yaml new file mode 100644 index 00000000..abf436af --- /dev/null +++ b/src/_static/compose.yaml @@ -0,0 +1,309 @@ +name: greenbone-community-edition + +services: + vulnerability-tests: + image: registry.community.greenbone.net/community/vulnerability-tests + environment: + FEED_RELEASE: "24.10" + KEEP_ALIVE: 1 + volumes: + - vt_data_vol:/mnt + + notus-data: + image: registry.community.greenbone.net/community/notus-data + environment: + KEEP_ALIVE: 1 + volumes: + - notus_data_vol:/mnt + + scap-data: + image: registry.community.greenbone.net/community/scap-data + environment: + KEEP_ALIVE: 1 + volumes: + - scap_data_vol:/mnt + + cert-bund-data: + image: registry.community.greenbone.net/community/cert-bund-data + environment: + KEEP_ALIVE: 1 + volumes: + - cert_data_vol:/mnt + + dfn-cert-data: + image: registry.community.greenbone.net/community/dfn-cert-data + environment: + KEEP_ALIVE: 1 + volumes: + - cert_data_vol:/mnt + depends_on: + cert-bund-data: + condition: service_healthy + + data-objects: + image: registry.community.greenbone.net/community/data-objects + environment: + FEED_RELEASE: "24.10" + KEEP_ALIVE: 1 + volumes: + - data_objects_vol:/mnt + + report-formats: + image: registry.community.greenbone.net/community/report-formats + environment: + FEED_RELEASE: "24.10" + KEEP_ALIVE: 1 + volumes: + - data_objects_vol:/mnt + depends_on: + data-objects: + condition: service_healthy + + gpg-data: + image: registry.community.greenbone.net/community/gpg-data + volumes: + - gpg_data_vol:/mnt + + redis-server: + image: registry.community.greenbone.net/community/redis-server + restart: on-failure + volumes: + - redis_socket_vol:/run/redis/ + + pg-gvm: + image: registry.community.greenbone.net/community/pg-gvm:stable + restart: on-failure:10 + volumes: + - psql_data_vol:/var/lib/postgresql + - psql_socket_vol:/var/run/postgresql + depends_on: + pg-gvm-migrator: + condition: service_completed_successfully + + pg-gvm-migrator: + image: registry.community.greenbone.net/community/pg-gvm-migrator:stable + restart: no + volumes: + - psql_data_vol:/var/lib/postgresql + - psql_socket_vol:/var/run/postgresql + + gvmd: + image: registry.community.greenbone.net/community/gvmd:stable + restart: on-failure + volumes: + - gvmd_data_vol:/var/lib/gvm + - scap_data_vol:/var/lib/gvm/scap-data/ + - cert_data_vol:/var/lib/gvm/cert-data + - data_objects_vol:/var/lib/gvm/data-objects/gvmd + - vt_data_vol:/var/lib/openvas/plugins + - psql_data_vol:/var/lib/postgresql + - gvmd_socket_vol:/run/gvmd + - ospd_openvas_socket_vol:/run/ospd + - psql_socket_vol:/var/run/postgresql + depends_on: + pg-gvm: + condition: service_started + scap-data: + condition: service_healthy + cert-bund-data: + condition: service_healthy + dfn-cert-data: + condition: service_healthy + data-objects: + condition: service_healthy + report-formats: + condition: service_healthy + + gsa: + image: registry.community.greenbone.net/community/gsa:stable-slim + environment: + MOUNT_PATH: "/mnt/web" + KEEP_ALIVE: 1 + healthcheck: + test: ["CMD-SHELL", "test -e /run/gsa/copying.done"] + start_period: 5s + volumes: + - gsa_data_vol:/mnt/web + + gsad: + image: registry.community.greenbone.net/community/gsad:stable + restart: on-failure + environment: + GSAD_ARGS: "--listen=0.0.0.0 --http-only --api-only -f" + volumes: + - gvmd_socket_vol:/run/gvmd + depends_on: + gvmd: + condition: service_started + + gvm-config: + image: registry.community.greenbone.net/community/gvm-config:latest + environment: + ENABLE_NGINX_CONFIG: 1 + ENABLE_TLS_GENERATION: 1 + volumes: + - nginx_templates_vol:/mnt/nginx/templates + - nginx_certificates_vol:/mnt/nginx/certs + + nginx: + image: nginx + environment: + NGINX_HOST: "localhost" + NGINX_HTTP_PORT: 9392 + NGINX_HTTPS_PORT: 443 + NGINX_SERVER_CERT: "/etc/nginx/certs/server.cert.pem" + NGINX_SERVER_KEY: "/etc/nginx/certs/server.key" + NGINX_ACCESS_CONTROL_ALLOW_ORIGIN_HEADER: "https://localhost" + NGINX_X_FRAME_OPTIONS_HEADER: "SAMEORIGIN" + NGINX_CONTENT_SECURITY_POLICY_HEADER: "default-src 'none'; object-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; script-src-elem 'self' 'unsafe-inline';frame-ancestors 'none'; form-action 'self'; style-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self';img-src 'self' blob: data:;" + NGINX_STRICT_TRANSPORT_SECURITY_HEADER: "max-age=31536000; includeSubDomains;" + ports: + - 127.0.0.1:443:443 + - 127.0.0.1:9392:9392 + volumes: + - nginx_templates_vol:/etc/nginx/templates:ro + - nginx_certificates_vol:/etc/nginx/certs:ro + - gsa_data_vol:/usr/share/nginx/html:ro + depends_on: + gvm-config: + condition: service_completed_successfully + gsa: + condition: service_healthy + gsad: + condition: service_started + + # Sets log level of openvas to the set LOG_LEVEL within the env + # and changes log output to /var/log/openvas instead /var/log/gvm + # to reduce likelihood of unwanted log interferences + configure-openvas: + image: registry.community.greenbone.net/community/openvas-scanner:stable + volumes: + - openvas_data_vol:/mnt + - openvas_log_data_vol:/var/log/openvas + command: + - /bin/sh + - -c + - | + printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf + sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf + chmod 644 /mnt/openvas.conf + chmod 644 /mnt/openvas_log.conf + touch /var/log/openvas/openvas.log + chmod 666 /var/log/openvas/openvas.log + + # shows logs of openvas + openvas: + image: registry.community.greenbone.net/community/openvas-scanner:stable + restart: on-failure + volumes: + - openvas_data_vol:/etc/openvas + - openvas_log_data_vol:/var/log/openvas + command: + - /bin/sh + - -c + - | + cat /etc/openvas/openvas.conf + tail -f /var/log/openvas/openvas.log + depends_on: + configure-openvas: + condition: service_completed_successfully + + openvasd: + image: registry.community.greenbone.net/community/openvas-scanner:stable + restart: on-failure + environment: + # `service_notus` is set to disable everything but notus, + # if you want to utilize openvasd directly, remove `OPENVASD_MODE` + OPENVASD_MODE: service_notus + GNUPGHOME: /etc/openvas/gnupg + LISTENING: 0.0.0.0:80 + volumes: + - openvas_data_vol:/etc/openvas + - openvas_log_data_vol:/var/log/openvas + - gpg_data_vol:/etc/openvas/gnupg + - notus_data_vol:/var/lib/notus + # enable port forwarding when you want to use the http api from your host machine + # ports: + # - 127.0.0.1:3000:80 + depends_on: + vulnerability-tests: + condition: service_healthy + notus-data: + condition: service_healthy + configure-openvas: + condition: service_completed_successfully + gpg-data: + condition: service_completed_successfully + networks: + default: + aliases: + - openvasd + + ospd-openvas: + image: registry.community.greenbone.net/community/ospd-openvas:stable + restart: on-failure + hostname: ospd-openvas.local + cap_add: + - NET_ADMIN # for capturing packages in promiscuous mode + - NET_RAW # for raw sockets e.g. used for the boreas alive detection + security_opt: + - seccomp=unconfined + - apparmor=unconfined + command: + [ + "ospd-openvas", + "-f", + "--config", + "/etc/gvm/ospd-openvas.conf", + "--notus-feed-dir", + "/var/lib/notus/advisories", + "-m", + "666", + ] + volumes: + - gpg_data_vol:/etc/openvas/gnupg + - vt_data_vol:/var/lib/openvas/plugins + - notus_data_vol:/var/lib/notus + - ospd_openvas_socket_vol:/run/ospd + - redis_socket_vol:/run/redis/ + - openvas_data_vol:/etc/openvas/ + - openvas_log_data_vol:/var/log/openvas + depends_on: + redis-server: + condition: service_started + gpg-data: + condition: service_completed_successfully + configure-openvas: + condition: service_completed_successfully + vulnerability-tests: + condition: service_healthy + notus-data: + condition: service_healthy + + gvm-tools: + image: registry.community.greenbone.net/community/gvm-tools + volumes: + - gvmd_socket_vol:/run/gvmd + - ospd_openvas_socket_vol:/run/ospd + depends_on: + - gvmd + - ospd-openvas + +volumes: + gpg_data_vol: + scap_data_vol: + cert_data_vol: + data_objects_vol: + gvmd_data_vol: + psql_data_vol: + vt_data_vol: + notus_data_vol: + psql_socket_vol: + gvmd_socket_vol: + ospd_openvas_socket_vol: + redis_socket_vol: + openvas_data_vol: + openvas_log_data_vol: + gsa_data_vol: + nginx_templates_vol: + nginx_certificates_vol: diff --git a/src/_static/docker-compose.yml b/src/_static/docker-compose.yml deleted file mode 100644 index abf436af..00000000 --- a/src/_static/docker-compose.yml +++ /dev/null @@ -1,309 +0,0 @@ -name: greenbone-community-edition - -services: - vulnerability-tests: - image: registry.community.greenbone.net/community/vulnerability-tests - environment: - FEED_RELEASE: "24.10" - KEEP_ALIVE: 1 - volumes: - - vt_data_vol:/mnt - - notus-data: - image: registry.community.greenbone.net/community/notus-data - environment: - KEEP_ALIVE: 1 - volumes: - - notus_data_vol:/mnt - - scap-data: - image: registry.community.greenbone.net/community/scap-data - environment: - KEEP_ALIVE: 1 - volumes: - - scap_data_vol:/mnt - - cert-bund-data: - image: registry.community.greenbone.net/community/cert-bund-data - environment: - KEEP_ALIVE: 1 - volumes: - - cert_data_vol:/mnt - - dfn-cert-data: - image: registry.community.greenbone.net/community/dfn-cert-data - environment: - KEEP_ALIVE: 1 - volumes: - - cert_data_vol:/mnt - depends_on: - cert-bund-data: - condition: service_healthy - - data-objects: - image: registry.community.greenbone.net/community/data-objects - environment: - FEED_RELEASE: "24.10" - KEEP_ALIVE: 1 - volumes: - - data_objects_vol:/mnt - - report-formats: - image: registry.community.greenbone.net/community/report-formats - environment: - FEED_RELEASE: "24.10" - KEEP_ALIVE: 1 - volumes: - - data_objects_vol:/mnt - depends_on: - data-objects: - condition: service_healthy - - gpg-data: - image: registry.community.greenbone.net/community/gpg-data - volumes: - - gpg_data_vol:/mnt - - redis-server: - image: registry.community.greenbone.net/community/redis-server - restart: on-failure - volumes: - - redis_socket_vol:/run/redis/ - - pg-gvm: - image: registry.community.greenbone.net/community/pg-gvm:stable - restart: on-failure:10 - volumes: - - psql_data_vol:/var/lib/postgresql - - psql_socket_vol:/var/run/postgresql - depends_on: - pg-gvm-migrator: - condition: service_completed_successfully - - pg-gvm-migrator: - image: registry.community.greenbone.net/community/pg-gvm-migrator:stable - restart: no - volumes: - - psql_data_vol:/var/lib/postgresql - - psql_socket_vol:/var/run/postgresql - - gvmd: - image: registry.community.greenbone.net/community/gvmd:stable - restart: on-failure - volumes: - - gvmd_data_vol:/var/lib/gvm - - scap_data_vol:/var/lib/gvm/scap-data/ - - cert_data_vol:/var/lib/gvm/cert-data - - data_objects_vol:/var/lib/gvm/data-objects/gvmd - - vt_data_vol:/var/lib/openvas/plugins - - psql_data_vol:/var/lib/postgresql - - gvmd_socket_vol:/run/gvmd - - ospd_openvas_socket_vol:/run/ospd - - psql_socket_vol:/var/run/postgresql - depends_on: - pg-gvm: - condition: service_started - scap-data: - condition: service_healthy - cert-bund-data: - condition: service_healthy - dfn-cert-data: - condition: service_healthy - data-objects: - condition: service_healthy - report-formats: - condition: service_healthy - - gsa: - image: registry.community.greenbone.net/community/gsa:stable-slim - environment: - MOUNT_PATH: "/mnt/web" - KEEP_ALIVE: 1 - healthcheck: - test: ["CMD-SHELL", "test -e /run/gsa/copying.done"] - start_period: 5s - volumes: - - gsa_data_vol:/mnt/web - - gsad: - image: registry.community.greenbone.net/community/gsad:stable - restart: on-failure - environment: - GSAD_ARGS: "--listen=0.0.0.0 --http-only --api-only -f" - volumes: - - gvmd_socket_vol:/run/gvmd - depends_on: - gvmd: - condition: service_started - - gvm-config: - image: registry.community.greenbone.net/community/gvm-config:latest - environment: - ENABLE_NGINX_CONFIG: 1 - ENABLE_TLS_GENERATION: 1 - volumes: - - nginx_templates_vol:/mnt/nginx/templates - - nginx_certificates_vol:/mnt/nginx/certs - - nginx: - image: nginx - environment: - NGINX_HOST: "localhost" - NGINX_HTTP_PORT: 9392 - NGINX_HTTPS_PORT: 443 - NGINX_SERVER_CERT: "/etc/nginx/certs/server.cert.pem" - NGINX_SERVER_KEY: "/etc/nginx/certs/server.key" - NGINX_ACCESS_CONTROL_ALLOW_ORIGIN_HEADER: "https://localhost" - NGINX_X_FRAME_OPTIONS_HEADER: "SAMEORIGIN" - NGINX_CONTENT_SECURITY_POLICY_HEADER: "default-src 'none'; object-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; script-src-elem 'self' 'unsafe-inline';frame-ancestors 'none'; form-action 'self'; style-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self';img-src 'self' blob: data:;" - NGINX_STRICT_TRANSPORT_SECURITY_HEADER: "max-age=31536000; includeSubDomains;" - ports: - - 127.0.0.1:443:443 - - 127.0.0.1:9392:9392 - volumes: - - nginx_templates_vol:/etc/nginx/templates:ro - - nginx_certificates_vol:/etc/nginx/certs:ro - - gsa_data_vol:/usr/share/nginx/html:ro - depends_on: - gvm-config: - condition: service_completed_successfully - gsa: - condition: service_healthy - gsad: - condition: service_started - - # Sets log level of openvas to the set LOG_LEVEL within the env - # and changes log output to /var/log/openvas instead /var/log/gvm - # to reduce likelihood of unwanted log interferences - configure-openvas: - image: registry.community.greenbone.net/community/openvas-scanner:stable - volumes: - - openvas_data_vol:/mnt - - openvas_log_data_vol:/var/log/openvas - command: - - /bin/sh - - -c - - | - printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf - sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf - chmod 644 /mnt/openvas.conf - chmod 644 /mnt/openvas_log.conf - touch /var/log/openvas/openvas.log - chmod 666 /var/log/openvas/openvas.log - - # shows logs of openvas - openvas: - image: registry.community.greenbone.net/community/openvas-scanner:stable - restart: on-failure - volumes: - - openvas_data_vol:/etc/openvas - - openvas_log_data_vol:/var/log/openvas - command: - - /bin/sh - - -c - - | - cat /etc/openvas/openvas.conf - tail -f /var/log/openvas/openvas.log - depends_on: - configure-openvas: - condition: service_completed_successfully - - openvasd: - image: registry.community.greenbone.net/community/openvas-scanner:stable - restart: on-failure - environment: - # `service_notus` is set to disable everything but notus, - # if you want to utilize openvasd directly, remove `OPENVASD_MODE` - OPENVASD_MODE: service_notus - GNUPGHOME: /etc/openvas/gnupg - LISTENING: 0.0.0.0:80 - volumes: - - openvas_data_vol:/etc/openvas - - openvas_log_data_vol:/var/log/openvas - - gpg_data_vol:/etc/openvas/gnupg - - notus_data_vol:/var/lib/notus - # enable port forwarding when you want to use the http api from your host machine - # ports: - # - 127.0.0.1:3000:80 - depends_on: - vulnerability-tests: - condition: service_healthy - notus-data: - condition: service_healthy - configure-openvas: - condition: service_completed_successfully - gpg-data: - condition: service_completed_successfully - networks: - default: - aliases: - - openvasd - - ospd-openvas: - image: registry.community.greenbone.net/community/ospd-openvas:stable - restart: on-failure - hostname: ospd-openvas.local - cap_add: - - NET_ADMIN # for capturing packages in promiscuous mode - - NET_RAW # for raw sockets e.g. used for the boreas alive detection - security_opt: - - seccomp=unconfined - - apparmor=unconfined - command: - [ - "ospd-openvas", - "-f", - "--config", - "/etc/gvm/ospd-openvas.conf", - "--notus-feed-dir", - "/var/lib/notus/advisories", - "-m", - "666", - ] - volumes: - - gpg_data_vol:/etc/openvas/gnupg - - vt_data_vol:/var/lib/openvas/plugins - - notus_data_vol:/var/lib/notus - - ospd_openvas_socket_vol:/run/ospd - - redis_socket_vol:/run/redis/ - - openvas_data_vol:/etc/openvas/ - - openvas_log_data_vol:/var/log/openvas - depends_on: - redis-server: - condition: service_started - gpg-data: - condition: service_completed_successfully - configure-openvas: - condition: service_completed_successfully - vulnerability-tests: - condition: service_healthy - notus-data: - condition: service_healthy - - gvm-tools: - image: registry.community.greenbone.net/community/gvm-tools - volumes: - - gvmd_socket_vol:/run/gvmd - - ospd_openvas_socket_vol:/run/ospd - depends_on: - - gvmd - - ospd-openvas - -volumes: - gpg_data_vol: - scap_data_vol: - cert_data_vol: - data_objects_vol: - gvmd_data_vol: - psql_data_vol: - vt_data_vol: - notus_data_vol: - psql_socket_vol: - gvmd_socket_vol: - ospd_openvas_socket_vol: - redis_socket_vol: - openvas_data_vol: - openvas_log_data_vol: - gsa_data_vol: - nginx_templates_vol: - nginx_certificates_vol: diff --git a/src/_static/docker-compose.yml b/src/_static/docker-compose.yml new file mode 120000 index 00000000..577ffa64 --- /dev/null +++ b/src/_static/docker-compose.yml @@ -0,0 +1 @@ +compose.yaml \ No newline at end of file diff --git a/src/changelog.md b/src/changelog.md index f775075b..058f410d 100644 --- a/src/changelog.md +++ b/src/changelog.md @@ -7,8 +7,10 @@ and this project adheres to [Calendar Versioning](https://calver.org). ## Latest -* Provide a single docker-compose.yml file and remove the versioned compose - file. The compose setup follows a rolling release model. +* Provide a single compose file and remove the versioned compose file. The + compose setup follows a rolling release model. +* Rename `docker-compose.yml` to `compose.yaml` as the later one is the + preferred canonical name nowadays. * Update the compose architecture: * Use nginx to serve the GSA frontend. * Run gsad in API-only mode.