server-initializer/templates/caddy/full/docker-compose.yml

services:
  crowdsec:
    image: crowdsecurity/crowdsec:v1.7.6
    container_name: crowdsec
    volumes:
      - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
      - ./crowdsec/data:/var/lib/crowdsec/data
      - caddy_logs:/var/log/caddy:ro
    environment:
      - COLLECTIONS=crowdsecurity/caddy crowdsecurity/whitelist-good-actors crowdsecurity/http-cve crowdsecurity/base-http-scenarios
      - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
    networks:
      - monitoring_net
      - caddy_net
    restart: unless-stopped

  caddy:
    image: ghcr.io/elagala/server-initializer/caddy-waf-crowdsec:latest 
    container_name: caddy
    ports:
      - "80:80"
      - "443:443"
    environment:
      - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
      - PROMETHEUS_PASSWORD=${PROMETHEUS_PASSWORD}
      - LOKI_PASSWORD=${LOKI_PASSWORD}
    volumes:
      - ${HOME}/deploy/static:/srv/static # Your static files location
      - ./caddy/Caddyfile:/etc/caddy/Caddyfile
      - ./caddy/sites-enabled:/etc/caddy/sites-enabled
      - ./caddy/coraza/coraza.conf:/etc/caddy/coraza.conf
      - caddy_logs:/var/log/caddy
      - caddy_data:/data
      - caddy_config:/config
    networks:
      - caddy_net
      - monitoring_net
    depends_on:
      - crowdsec
    restart: unless-stopped

volumes:
  caddy_data:
  caddy_config:
  caddy_logs:
    name: caddy_logs

networks:
  caddy_net:
    external: true
  monitoring_net:
    external: true