docker-compose-for-heavymetal-metrics-stack.yml

version: "3.9"

networks:
  networks_metrics:
    external: true
  networks_internet:
    external: true
  networks_vlan_80:
    external: true
  networks_traefik_proxy:
    external: true

services:
  mongodb:
    container_name: mongo
    image: mongo:6.0.4
    user: $PUID:$PGID
    volumes:
      - ${DATA_STORAGE}/metrics/mongodb:/data/db
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    restart: "unless-stopped"
    environment:
      - TZ=${TZ}
      - PUID=${PUID}
      - PGID=${PGID}
    networks:
      - networks_metrics  

  elasticsearch:
    container_name: elasticsearch
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
    volumes:
      - ${DATA_STORAGE}/metrics/elasticsearch:/usr/share/elasticsearch/data
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    environment:
      - TZ=${TZ}
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    restart: "unless-stopped"
    networks:
      - networks_metrics

  graylog:
    container_name: graylog
    image: graylog/graylog:5.2
    user: "1100"
    volumes:
      - ${DATA_STORAGE}/metrics/graylog:/usr/share/graylog/data
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    environment:
      - TZ=${TZ}
      - ROOT_TIMEZONE=${TZ}
      - GRAYLOG_TIMEZONE=${TZ}
      # CHANGE ME (must be at least 16 characters)! This is not your password, this is meant for salting the password below.
      - GRAYLOG_PASSWORD_SECRET=${GRAYLOG_PASSWORD_SECRET}
      # Username is "admin"
      # Password is "admin", change this to your own hashed password. 'echo -n "password" | sha256sum' 
      - GRAYLOG_ROOT_PASSWORD_SHA2=${GRAYLOG_ROOT_PASSWORD_SHA2}
      - GRAYLOG_HTTP_EXTERNAL_URI=https://graylog.${DOMAIN}/
      - GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
      - GRAYLOG_MONGODB_URI=mongodb://mongodb:27017/graylog
    labels:
      - traefik.enable=true
      - traefik.http.routers.graylog.rule=Host(`graylog.${DOMAIN}`)
      - traefik.http.routers.graylog.tls.certresolver=certificato
      - traefik.http.routers.graylog.entrypoints=web,web-secure
      - traefik.http.services.graylog.loadbalancer.server.port=9000
      - traefik.docker.network=networks_traefik_proxy
    networks:
      networks_metrics:
      networks_internet:
      networks_vlan_80:
        ipv4_address: ${GRAYLOG_IP_ADDRESS}
      networks_traefik_proxy:
    depends_on:
      - mongodb
      - elasticsearch
    expose:
      # Graylog web interface and REST API
      - "9000"
      - 1514/udp # Publish to host so that it can server as opnsense's logging target
      - 1515/udp # Publish to host so that it can server as opnsense's logging target
      - 1516/udp # Publish to host so that it can server as opnsense's logging target
    # ports:
      # Syslog UDP
      # - 1514:1514/udp # Publish to host so that it can server as opnsense's logging target
      # Syslog TCP Optional
      #- 1514:1514
    restart: "unless-stopped"

  influxdb:
    container_name: influxdb
    image: influxdb:2.6.1
    ports:
      - '8086:8086' # Publish to host so that opnsense's telegraf can send data
    user: $PUID:$PGID
    volumes:
      - ${DATA_STORAGE}/metrics/influxdb2:/var/lib/influxdb2
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    environment:
      - TZ=${TZ}
      - PUID=${PUID}
      - PGID=${PGID}
    restart: "unless-stopped"
    networks:
      - networks_metrics
      - networks_traefik_proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.influxdb.rule=Host(`influxdb.${DOMAIN}`)
      - traefik.http.routers.influxdb.tls.certresolver=certificato
      - traefik.http.routers.influxdb.entrypoints=web,web-secure
      - traefik.http.services.influxdb.loadbalancer.server.port=8086
      - traefik.docker.network=networks_traefik_proxy

  grafana:
    container_name: grafana
    image: grafana/grafana:9.2.10
    expose:
      - "3000"
    user: $PUID:$PGID
    volumes:
      - ${DATA_STORAGE}/metrics/grafana:/var/lib/grafana
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    depends_on:
      - influxdb
    environment:
      - TZ=${TZ}
      - PUID=${PUID}
      - PGID=${PGID}
      # Change these
      - GF_SECURITY_ADMIN_USER=${GF_SECURITY_ADMIN_USER}
      - GF_SECURITY_ADMIN_PASSWORD=${GF_SECURITY_ADMIN_PASSWORD}
      - GF_INSTALL_PLUGINS=grafana-worldmap-panel
    restart: "unless-stopped"
    networks:
      - networks_metrics
      - networks_internet
      - networks_traefik_proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN}`)
      - traefik.http.routers.grafana.tls.certresolver=certificato
      - traefik.http.routers.grafana.entrypoints=web,web-secure
      - traefik.http.services.grafana.loadbalancer.server.port=3000
      - traefik.docker.network=networks_traefik_proxy