compose.yml•2.46 kB
# Wazuh MCP Remote Server - Docker Compose v2 Latest
# MCP-compliant remote server with production-grade configuration
# Branch: mcp-remote - Production-ready remote MCP server
# Uses Docker Compose v2 latest format with compose.yml naming convention
name: wazuh-mcp-remote-server
services:
wazuh-mcp-remote-server:
build:
context: .
dockerfile: Dockerfile
args:
BUILD_DATE: ${BUILD_DATE}
PYTHON_VERSION: ${PYTHON_VERSION:-3.13}
VERSION: ${VERSION:-4.0.2}
target: production
image: wazuh-mcp-remote-server:${VERSION:-4.0.2}
container_name: wazuh-mcp-remote-server
hostname: wazuh-mcp-remote-server
restart: unless-stopped
init: true
env_file:
- .env
environment:
# Runtime overrides
MCP_HOST: 0.0.0.0
MCP_PORT: 3000
ENVIRONMENT: production
# Authentication mode: oauth (recommended), bearer (default), none (dev only)
AUTH_MODE: ${AUTH_MODE:-bearer}
ports:
- "${MCP_PORT:-3000}:3000"
# Modern health check with curl
healthcheck:
test: ["CMD", "curl", "-f", "--max-time", "5", "http://localhost:3000/health"]
interval: 15s
timeout: 5s
retries: 3
start_period: 45s
# Resource management
deploy:
resources:
limits:
cpus: '1.0'
memory: 512M
reservations:
cpus: '0.25'
memory: 128M
# Security hardening
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- NET_BIND_SERVICE
read_only: true
# Writable directories
tmpfs:
- /tmp:noexec,nosuid,size=64m
- /app/logs:noexec,nosuid,size=128m
# Structured logging
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
labels: "service=wazuh-mcp-remote-server"
# Service labels
labels:
- "com.docker.compose.service=wazuh-mcp-remote-server"
- "org.opencontainers.image.title=Wazuh MCP Remote Server"
- "org.opencontainers.image.description=MCP-compliant remote server for Wazuh SIEM (mcp-remote branch)"
- "monitoring.prometheus.scrape=true"
- "monitoring.prometheus.port=3000"
- "monitoring.prometheus.path=/metrics"
- "branch=mcp-remote"
# Persistent volumes (if needed)
volumes:
wazuh-mcp-remote-data:
name: wazuh-mcp-remote-data
driver: local