File: HOWTO-Docker.md

package info (click to toggle)
portsentry 2.0.5-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,396 kB
  • sloc: ansic: 6,473; sh: 916; perl: 18; makefile: 5
file content (86 lines) | stat: -rw-r--r-- 2,984 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# Using Portsentry with Docker

## Versions

It's recommended to use either the **latest tag**, which corresponds to the latest stable version of Portsentry, or if you want to follow a specific branch, use a branch tag (such as v2.0).

These are the tags you can use:

| Tag Name | Description |
| -------- | ----------- |
| unstable | Follows the master branch, unreleased/unstable version |
| latest | Follows the latest stable release brnach/version |
| v2.0 | Follows the v2.0 branch (current stable branch) |
| v1.2 | The old **legacy/unmaintained** version |

## Quickstart
```
docker run -d --network=host --name portsentry portsentry/portsentry:latest
```

### Mounting important directories and files

There are **three** important files/directories you might want to consider mounting:

* The configuration file
* The ignore file
* The log directory

The configuration file should be mounted to `/etc/portsentry/portsentry.conf` and the ignore file to `/etc/portsentry/portsentry.ignore`. The log directory should be mounted to `/var/log`.

You can download the example config and ignore file with extensive documentation here:

https://github.com/portsentry/portsentry/blob/master/examples/portsentry.conf

https://github.com/portsentry/portsentry/blob/master/examples/portsentry.ignore

Here is a complete example of how to run Portsentry with a custom configruation and ignore file and the log directory mounted:


```
docker run -d --mount type=bind,src=./portsentry.ignore,dst=/etc/portsentry/portsentry.ignore \
--mount type=bind,src=./portsentry.conf,dst=/etc/portsentry/portsentry.conf \
--mount type=bind,src=./logs,dst=/var/log \
--network=host --name portsentry portsentry/portsentry:latest
```

## Using Docker Compose

An example docker-compose file can be found here:

https://github.com/portsentry/portsentry/blob/master/docker/docker-compose.yaml

Here is an example of how to run Portsentry with a custom configuration and ignore file and the log directory mounted using Docker Compose:

```
services:
  portsentry:
    container_name: portsentry
    image: portsentry/portsentry:latest
    restart: unless-stopped
    network_mode: host
    volumes:
      - type: bind
        source: ./portsentry.conf
        target: /etc/portsentry/portsentry.conf
        read_only: true
      - type: bind
        source: ./portsentry.ignore
        target: /etc/portsentry/portsentry.ignore
        read_only: true
      - type: bind
        source: ./logs
        target: /var/log
```

## Fail2ban Integration

It is highly recommended to use Portsentry with fail2ban if you want to block ip addresses. Fail2ban is able to block ip addresses using a wide variety of methods and will enforce state between system reboots and service restarts.

Get the fail2ban integration files here: https://github.com/portsentry/portsentry/tree/master/fail2ban

## Visit the Portsentry project at

Website: https://portsentry.xyz/

Github: https://github.com/portsentry/portsentry