使用1panel商店安装的 uuWAF 重启服务后docker不会自动重启,拦截攻击来源都是
Docker 网桥 IP(如 172.20.0.1) 哪位大佬帮帮我。
修改添加compose文件
添加重启配置
restart: always
修改网络模式
解决访问IP为Docker网桥问题
networks: host
完整示例
注意自己解决端口冲突【80,443,4443, 6612, 3306】,同时防火墙放行必要端口【数据库3306不可放行】,建议自己再调整下在容器-编排创建,而不是在应用商店安装修改
- 未测试,请自行再做修改
- 没看到数据库连接配置,盲猜固定是root:Safe3.WAF@wafdb:3306,所以加了hosts指向本地回环,如遇数据库无法连接问题,试试从这修复
services:
uuwaf:
image: uusec/waf:7.1.1
ulimits:
nproc: 65535
nofile:
soft: 102400
hard: 102400
container_name: uuwaf
networks: host
volumes:
- /etc/localtime:/etc/localtime:ro
- ./waf_config:/uuwaf/web/conf
- ./waf_acme:/uuwaf/acme
- ./waf_logs:/uuwaf/logs
environment:
- UUWAF_MYSQL_PASSWORD=Safe3.WAF
- UUWAF_RESOLVER=resolver 127.0.0.11 valid=30s ipv6=off;
extra_hosts:
- "wafdb:127.0.0.1"
- "wafdb.local:127.0.0.1"
depends_on:
wafdb:
condition: service_healthy
wafdb:
image: mysql:5.7.44
container_name: wafdb
networks: host
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- ./waf_data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=Safe3.WAF
command: ["--max_connections=512"]
healthcheck:
test: ["CMD", "mysqladmin", "-uroot", "-pSafe3.WAF", "ping", "-h", "127.0.0.1", "--silent"]
start_period: 3s
interval: 5s
timeout: 3s
retries: 10