39 lines
1.7 KiB
YAML
39 lines
1.7 KiB
YAML
services:
|
|
webhook-service:
|
|
build: .
|
|
container_name: webhook-service
|
|
restart: unless-stopped
|
|
environment:
|
|
- FLASK_SECRET_KEY=${FLASK_SECRET_KEY}
|
|
- WEBHOOK_SECRET=${WEBHOOK_SECRET}
|
|
- PARTICLE_WEBHOOK_SECRET=${PARTICLE_WEBHOOK_SECRET}
|
|
- SMTP_EMAIL=${SMTP_EMAIL}
|
|
- SMTP_PASSWORD=${SMTP_PASSWORD}
|
|
- RECIPIENT_EMAIL=${RECIPIENT_EMAIL}
|
|
networks:
|
|
- traefik
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.webhook.rule=Host(`webhook.maverickapplications.com`)"
|
|
- "traefik.http.routers.webhook.entrypoints=websecure"
|
|
- "traefik.http.routers.webhook.tls.certresolver=letsencrypt"
|
|
- "traefik.http.services.webhook.loadbalancer.server.port=5000"
|
|
|
|
# Security middleware
|
|
- "traefik.http.routers.webhook.middlewares=webhook-headers,webhook-ratelimit"
|
|
|
|
# Security headers
|
|
- "traefik.http.middlewares.webhook-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
|
- "traefik.http.middlewares.webhook-headers.headers.customresponseheaders.X-Content-Type-Options=nosniff"
|
|
- "traefik.http.middlewares.webhook-headers.headers.customresponseheaders.X-Frame-Options=DENY"
|
|
- "traefik.http.middlewares.webhook-headers.headers.customresponseheaders.X-XSS-Protection=1; mode=block"
|
|
- "traefik.http.middlewares.webhook-headers.headers.customresponseheaders.Referrer-Policy=strict-origin-when-cross-origin"
|
|
|
|
# Rate limiting
|
|
- "traefik.http.middlewares.webhook-ratelimit.ratelimit.average=10"
|
|
- "traefik.http.middlewares.webhook-ratelimit.ratelimit.burst=20"
|
|
- "traefik.http.middlewares.webhook-ratelimit.ratelimit.period=1m"
|
|
|
|
networks:
|
|
traefik:
|
|
external: true |