docker-compose.ymlβ’7.12 kB
networks:
splunk-network:
driver: bridge
attachable: true
services:
# Traefik reverse proxy and load balancer
traefik:
image: traefik:v3.0
container_name: traefik
restart: unless-stopped
command:
# Enable Docker provider
- --providers.docker=true
- --providers.docker.exposedbydefault=false
# Configure entrypoints
- --entrypoints.web.address=:80
- --entrypoints.mcp.address=:${MCP_SERVER_PORT:-8003}
- --entrypoints.inspector.address=:6274
# Enable API and dashboard (optional, for debugging)
- --api.dashboard=true
- --api.insecure=true
# Logging
- --log.level=INFO
- --accesslog=true
ports:
- "80:80" # HTTP
- "${MCP_SERVER_PORT:-8003}:${MCP_SERVER_PORT:-8003}" # MCP Server port (Traefik entrypoint)
- "8280:8080" # Traefik dashboard
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- splunk-network
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`traefik.localhost`)"
- "traefik.http.routers.traefik.service=api@internal"
# MCP Inspector - Web-based debugging interface
mcp-inspector:
image: node:22-alpine
container_name: mcp-inspector
restart: unless-stopped
working_dir: /app
networks:
- splunk-network
ports:
- "6274:6274" # Inspector UI (same port as local mode)
- "6277:6277" # Inspector Proxy server access
command: >
sh -c "
apk add --no-cache git &&
npm install -g @modelcontextprotocol/inspector@0.16.5 &&
echo 'Starting MCP Inspector...' &&
DANGEROUSLY_OMIT_AUTH=true npx @modelcontextprotocol/inspector --transport streamable-http --server-url http://mcp-server:8001/mcp
"
environment:
- NODE_ENV=development
- DANGEROUSLY_OMIT_AUTH=true
# Fix binding and origin issues per MCP Inspector docs
- HOST=0.0.0.0
- ALLOWED_ORIGINS=http://localhost:6274,http://127.0.0.1:6274,http://localhost:6277,http://127.0.0.1:6277
# Default MCP server configuration for Docker environment (through Traefik)
- DEFAULT_SERVER_URL=http://localhost:${MCP_SERVER_PORT:-8003}/mcp
- MCP_SERVER_URL=http://localhost:${MCP_SERVER_PORT:-8003}/mcp
- DEFAULT_TRANSPORT=streamable-http
depends_on:
- traefik
- mcp-server
labels:
# Enable Traefik for MCP Inspector
- "traefik.enable=true"
# HTTP router for Inspector UI
- "traefik.http.routers.mcp-inspector.rule=Host(`inspector.localhost`) || PathPrefix(`/inspector/`)"
- "traefik.http.routers.mcp-inspector.entrypoints=inspector"
- "traefik.http.routers.mcp-inspector.service=mcp-inspector"
# Service definition pointing to container port 6274 (MCP Inspector default)
- "traefik.http.services.mcp-inspector.loadbalancer.server.port=6274"
# Add middleware for CORS
- "traefik.http.middlewares.inspector-cors.headers.accesscontrolalloworiginlist=*"
- "traefik.http.middlewares.inspector-cors.headers.accesscontrolallowmethods=GET,POST,OPTIONS,PUT,DELETE"
- "traefik.http.middlewares.inspector-cors.headers.accesscontrolallowheaders=Content-Type,Authorization,Accept"
- "traefik.http.middlewares.inspector-cors.headers.accesscontrolmaxage=100"
- "traefik.http.routers.mcp-inspector.middlewares=inspector-cors"
# MCP Server for Splunk (Production Mode)
mcp-server:
build:
context: .
dockerfile: Dockerfile
container_name: mcp-server
restart: unless-stopped
networks:
- splunk-network
env_file:
- .env # Load environment variables from .env file
environment:
# Splunk connection settings
- SPLUNK_HOST=${SPLUNK_HOST:-localhost}
- SPLUNK_PORT=${SPLUNK_PORT:-8089}
- SPLUNK_USERNAME=${SPLUNK_USERNAME:-admin}
- SPLUNK_PASSWORD=${SPLUNK_PASSWORD:-Chang3d!}
- SPLUNK_VERIFY_SSL=${SPLUNK_VERIFY_SSL:-false}
# MCP Server settings - container uses port 8001 internally, Traefik uses MCP_SERVER_PORT
- MCP_SERVER_HOST=${MCP_SERVER_HOST:-0.0.0.0}
- MCP_SERVER_PORT=8001
- MCP_TRANSPORT=${MCP_TRANSPORT:-http}
# Production settings - Disable hot reload for performance
- MCP_HOT_RELOAD=false
- MCP_RELOAD_MODULES=false
- PYTHONPATH=/app
- PYTHONUNBUFFERED=1
# FastMCP StreamableHTTP specific environment variables
- FASTMCP_STREAMABLE_HTTP_ALLOWED_ORIGINS=*
- STREAMABLE_HTTP_ALLOW_ALL_ORIGINS=true
- MCP_HTTP_ALLOWED_ORIGINS=*
- MCP_STREAMABLE_HTTP_ORIGINS=*
- FASTMCP_ALLOWED_ORIGINS=*
- DISABLE_ORIGIN_CHECK=true
- MCP_DISABLE_ORIGIN_CHECK=true
- STREAMABLE_HTTP_DISABLE_CORS=true
# OpenAI Agent Settings (loaded from .env file)
- OPENAI_API_KEY=${OPENAI_API_KEY}
- OPENAI_MODEL=${OPENAI_MODEL:-gpt-4o}
- OPENAI_TEMPERATURE=${OPENAI_TEMPERATURE:-0.7}
- OPENAI_MAX_TOKENS=${OPENAI_MAX_TOKENS:-4000}
# Logging level for MCP server
- MCP_LOG_LEVEL=${MCP_LOG_LEVEL:-INFO}
depends_on:
- traefik
labels:
# Enable Traefik for this service
- "traefik.enable=true"
# HTTP router for MCP server (Streamable HTTP transport)
- "traefik.http.routers.mcp-server.rule=PathPrefix(`/mcp`)"
- "traefik.http.routers.mcp-server.entrypoints=mcp"
- "traefik.http.routers.mcp-server.service=mcp-server"
# Service definition pointing to container port 8001 (container always uses 8001)
- "traefik.http.services.mcp-server.loadbalancer.server.port=8001"
# Add middleware for CORS headers (important for web clients)
- "traefik.http.middlewares.mcp-cors.headers.accesscontrolalloworiginlist=*"
- "traefik.http.middlewares.mcp-cors.headers.accesscontrolallowmethods=GET,POST,OPTIONS,PUT,DELETE"
- "traefik.http.middlewares.mcp-cors.headers.accesscontrolallowheaders=Content-Type,Authorization,Accept"
- "traefik.http.middlewares.mcp-cors.headers.accesscontrolmaxage=100"
- "traefik.http.routers.mcp-server.middlewares=mcp-cors"
# Splunk Enterprise (Optional - enabled based on environment variables)
so1:
profiles:
- splunk
networks:
splunk-network:
aliases:
- so1
image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
platform: linux/amd64
hostname: so1
container_name: so1
restart: unless-stopped
environment:
- SPLUNK_START_ARGS=--accept-license
- SPLUNK_HEC_TOKEN=26898dec-83d1-49f1-b06e-90eabff7f543
- SPLUNK_PASSWORD=Chang3d!
ports:
- "9000:8000" # Splunk Web UI
- "8088:8088" # HEC
- "8089:8089" # Management port
# Optional: Provide your own Splunk license by mounting a local file
# volumes:
# - ./lic/splunk.lic:/tmp/license/splunk.lic:ro
healthcheck:
test: ["CMD", "curl", "-s", "-k", "https://localhost:8089/services/server/info"]
interval: 30s
timeout: 10s
retries: 5
start_period: 120s