Ryan Malloy
1ba05e160c
Layer 4 SIP protection with: - SIP traffic matching (REGISTER, INVITE, etc.) - Rate limiting and automatic IP banning - Attack pattern detection (sipvicious, friendly-scanner) - CIDR whitelisting - Admin API for ban management
50 lines
1.2 KiB
YAML
50 lines
1.2 KiB
YAML
# Docker Compose for Caddy SIP Guardian with Docker Proxy integration
|
|
#
|
|
# This combines:
|
|
# - caddy-docker-proxy: Auto-configure HTTP(S) reverse proxy via Docker labels
|
|
# - caddy-l4: Layer 4 SIP proxying
|
|
# - caddy-sip-guardian: SIP-aware rate limiting and attack detection
|
|
#
|
|
# Usage:
|
|
# docker compose up -d
|
|
|
|
services:
|
|
caddy:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
image: caddy-sip-guardian:latest
|
|
container_name: caddy-sip-guardian
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "443:443/udp" # HTTP/3
|
|
- "5060:5060/udp" # SIP UDP
|
|
- "5060:5060/tcp" # SIP TCP
|
|
- "5061:5061/tcp" # SIP TLS
|
|
volumes:
|
|
# Docker socket for caddy-docker-proxy
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
# Persistent data
|
|
- caddy_data:/data
|
|
- caddy_config:/config
|
|
# Global Caddyfile for Layer 4 config (merged with Docker labels)
|
|
- ./Caddyfile.global:/etc/caddy/Caddyfile:ro
|
|
environment:
|
|
- CADDY_DOCKER_CADDYFILE_PATH=/etc/caddy/Caddyfile
|
|
- CADDY_INGRESS_NETWORKS=caddy
|
|
networks:
|
|
- caddy
|
|
labels:
|
|
# Self-managed by caddy-docker-proxy
|
|
caddy: ""
|
|
|
|
volumes:
|
|
caddy_data:
|
|
caddy_config:
|
|
|
|
networks:
|
|
caddy:
|
|
external: true
|