docker-compose.yml¶
manage_server writes a templated docker-compose.yml file during install. The main template below is provided as reference. This file is what will be used unless options like --no-warp are used to turn off specific services.
Warning
Do not edit the generated docker-compose.yml directly. Your changes will be overwritten by manage_server. Always use docker-compose.override.yml, config.env, or CLI flags to customize your deployment so future upgrades can regenerate the base template safely.
Docker¶
The following template is used when the ENTERPRISE_CONTAINER_ENGINE is set to docker:
# Do not edit this file directly - use docker-compose.override.yml to change defaults
services:
redis:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-redis
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_kvs:${IMAGE_VERSION:?Image version unset or empty}
deploy:
replicas: 1
networks:
- backend
expose:
- 6379
restart: unless-stopped
database:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-database
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_database:${IMAGE_VERSION:?Image version unset or empty}
deploy:
replicas: 1
environment:
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
PGDATA: /data/pgdata
POSTGRES_USER: ${ENTERPRISE_DATABASE_USER:?ENTERPRISE_DATABASE_USER must be set}
POSTGRES_DB: ${ENTERPRISE_DATABASE_NAME:?ENTERPRISE_DATABASE_NAME must be set}
SERVICE_USER_UID: ${ENTERPRISE_SERVER_UID:?ENTERPRISE_SERVER_UID must be set}
SERVICE_USER_GID: ${ENTERPRISE_SERVER_GID:?ENTERPRISE_SERVER_GID must be set}
FORCE_PERMISSION_CHANGE: ${FORCE_PERMISSION_CHANGE:-false}
secrets:
- db_password
volumes:
- data_db:/data
restart: unless-stopped
networks:
- backend
healthcheck:
test: ["CMD", "pg_isready", "-U", "binaryninja_enterprise"]
interval: 30s
timeout: 20s
start_period: 300s
retries: 5
backend:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-backend
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_server:${IMAGE_VERSION:?Image version unset or empty}
deploy:
replicas: 1
volumes:
- ./installers:/opt/enterprise/installers
secrets:
- server_license
- license_bundle
- signing_pubkey
- signing_pubkey_signature
- db_password
- license_signing_key
- secret_key
- server_id
- object_store_access_key_id
- object_store_secret_access_key
- initial_admin_password
networks:
- binja-enterprise
- backend
expose:
- 8000
environment:
ENTERPRISE_SERVER_ALLOWED_HOSTS: ${ENTERPRISE_SERVER_ALLOWED_HOSTS:-*}
ENTERPRISE_SERVER_DEBUG: ${ENTERPRISE_SERVER_DEBUG:-false}
DEBUG: ${DEBUG:-false}
ENTERPRISE_LICENSE_EXPIRATION: ${ENTERPRISE_LICENSE_EXPIRATION:-}
ENTERPRISE_SERVER_VALIDATE_TLS: ${ENTERPRISE_SERVER_VALIDATE_TLS:-true}
ENTERPRISE_DATABASE_NAME: ${ENTERPRISE_DATABASE_NAME:?ENTERPRISE_DATABASE_NAME must be set}
ENTERPRISE_DATABASE_HOST: ${ENTERPRISE_DATABASE_HOST:?ENTERPRISE_DATABASE_HOST must be set}
ENTERPRISE_DATABASE_PORT: ${ENTERPRISE_DATABASE_PORT:?ENTERPRISE_DATABASE_PORT must be set}
ENTERPRISE_DATABASE_USER: ${ENTERPRISE_DATABASE_USER:?ENTERPRISE_DATABASE_USER must be set}
ENTERPRISE_KV_STORE_URL: ${ENTERPRISE_KV_STORE_URL:?ENTERPRISE_KV_STORE_URL must be set}
ENTERPRISE_OBJECT_STORE_BUCKET_NAME: ${ENTERPRISE_OBJECT_STORE_BUCKET_NAME:?ENTERPRISE_OBJECT_STORE_BUCKET_NAME must be set}
ENTERPRISE_OBJECT_STORE_URL: ${ENTERPRISE_OBJECT_STORE_URL:?ENTERPRISE_OBJECT_STORE_URL must be set}
WARP_OAUTH_CLIENT_ID: ${WARP_OAUTH_CLIENT_ID:?WARP_OAUTH_CLIENT_ID must be set}
WARP_OAUTH_CLIENT_SECRET: ${WARP_OAUTH_CLIENT_SECRET:?WARP_OAUTH_CLIENT_SECRET must be set}
WARP_OAUTH_REDIRECT_URL: ${WARP_OAUTH_REDIRECT_URL:?WARP_OAUTH_REDIRECT_URL must be set}
SERVICE_USER_UID: ${ENTERPRISE_SERVER_UID:?ENTERPRISE_SERVER_UID must be set}
SERVICE_USER_GID: ${ENTERPRISE_SERVER_GID:?ENTERPRISE_SERVER_GID must be set}
FORCE_PERMISSION_CHANGE: ${FORCE_PERMISSION_CHANGE:-false}
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "20m"
max-file: "10"
depends_on:
- redis
- database
- object-store
warp-database:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-warp-database
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_database:${IMAGE_VERSION:?Image version unset or empty}
deploy:
replicas: 1
environment:
POSTGRES_PASSWORD_FILE: /run/secrets/warp_db_password
PGDATA: /data/pgdata
POSTGRES_USER: ${WARP_DATABASE_USER:?WARP_DATABASE_USER must be set}
POSTGRES_DB: ${WARP_DATABASE_NAME:?WARP_DATABASE_NAME must be set}
SERVICE_USER_UID: ${ENTERPRISE_SERVER_UID:?ENTERPRISE_SERVER_UID must be set}
SERVICE_USER_GID: ${ENTERPRISE_SERVER_GID:?ENTERPRISE_SERVER_GID must be set}
FORCE_PERMISSION_CHANGE: ${FORCE_PERMISSION_CHANGE:-false}
secrets:
- warp_db_password
volumes:
- data_warp:/data
restart: unless-stopped
networks:
- backend
healthcheck:
test: ["CMD", "pg_isready", "-U", "warp"]
interval: 30s
timeout: 20s
start_period: 300s
retries: 5
warp-backend:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-warp-backend
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_warp_backend:${IMAGE_VERSION:?Image version unset or empty}
deploy:
replicas: 1
networks:
- backend
- binja-enterprise
depends_on:
- database
- redis
- warp-database
expose:
- 8888
restart: unless-stopped
logging:
driver: json-file
options:
max-size: 20m
max-file: 10
environment:
SERVICE_USER_UID: ${ENTERPRISE_SERVER_UID:?ENTERPRISE_SERVER_UID must be set}
SERVICE_USER_GID: ${ENTERPRISE_SERVER_GID:?ENTERPRISE_SERVER_GID must be set}
DB_NAME: ${WARP_DATABASE_NAME:?WARP_DATABASE_NAME must be set}
DB_HOST: ${WARP_DATABASE_HOST:?WARP_DATABASE_HOST must be set}
DB_PORT: ${WARP_DATABASE_PORT:?WARP_DATABASE_PORT must be set}
DB_USERNAME: ${WARP_DATABASE_USER:?WARP_DATABASE_USER must be set}
DB_PASSWORD: /run/secrets/warp_db_password
REDIS_URL: ${WARP_REDIS_URL:?WARP_REDIS_URL must be set}
WEB_ALLOWED_ORIGINS: ${WARP_WEB_ALLOWED_ORIGINS:?WARP_WEB_ALLOWED_ORIGINS must be set}
OAUTH_CLAIM_USERNAME: "true"
OAUTH_CLIENT_ID: ${WARP_OAUTH_CLIENT_ID:?WARP_OAUTH_CLIENT_ID must be set}
OAUTH_CLIENT_SECRET: ${WARP_OAUTH_CLIENT_SECRET:?WARP_OAUTH_CLIENT_SECRET must be set}
OAUTH_REDIRECT_URL: ${WARP_OAUTH_REDIRECT_URL:?WARP_OAUTH_REDIRECT_URL must be set}
OAUTH_PROVIDER: ${WARP_OAUTH_PROVIDER:?WARP_OAUTH_PROVIDER must be set}
OAUTH_DOMAIN: ${ENTERPRISE_SERVER_DOMAIN:?ENTERPRISE_SERVER_DOMAIN must be set}
OAUTH_INTERNAL_DOMAIN: http://backend:8000
RUST_BACKTRACE: "true"
RUST_LOG: info
secrets:
- warp_db_password
warp-frontend:
container_name: binja_enterprise${ENTERPRISE_CONTAINER_SUFFIX}-warp-frontend
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_warp_frontend:${IMAGE_VERSION:?Image version unset or empty}
deploy:
replicas: 1
networks:
- backend
depends_on:
- warp-backend
restart: unless-stopped
logging:
driver: json-file
options:
max-size: 20m
max-file: 10
environment:
BASE_PATH: /warp/
API_BASE_PATH: /warp/
ENV_NAME: production
proxy:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-proxy
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_proxy:${IMAGE_VERSION:?Image version unset or empty}
environment:
ENTERPRISE_PROXY_NO_TLS: ${ENTERPRISE_PROXY_NO_TLS:-false}
ENTERPRISE_SERVER_BACKEND_HOST: ${ENTERPRISE_SERVER_BACKEND_HOST:-backend}
SERVICE_USER_UID: ${ENTERPRISE_SERVER_UID:?ENTERPRISE_SERVER_UID must be set}
SERVICE_USER_GID: ${ENTERPRISE_SERVER_GID:?ENTERPRISE_SERVER_GID must be set}
ENTERPRISE_PROXY_DISABLE_DIRECTIO: ${ENTERPRISE_PROXY_DISABLE_DIRECTIO:-false}
ENTERPRISE_INCLUDE_WARP: ${ENTERPRISE_INCLUDE_WARP:-true}
FORCE_PERMISSION_CHANGE: ${FORCE_PERMISSION_CHANGE:-false}
deploy:
replicas: 1
secrets:
- ssl_cert
- ssl_key
- signing_privkey
- signing_pubkey
- signing_pubkey_signature
networks:
- binja-enterprise
- backend
ports:
- ${ENTERPRISE_SERVER_BIND_IP:?ENTERPRISE_SERVER_BIND_IP must be set}:${ENTERPRISE_SERVER_PORT:?ENTERPRISE_SERVER_PORT must be set}:1337
depends_on:
- backend
- warp-backend
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "20m"
max-file: "10"
object-store:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-object-store
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_object_store:${IMAGE_VERSION:?Image version unset or empty}
healthcheck:
test: ["CMD", "curl", "-kf", "https://localhost:8333/status"]
interval: 30s
timeout: 20s
start_period: 300s
retries: 5
deploy:
replicas: 1
networks:
- backend
environment:
SERVICE_USER_UID: ${ENTERPRISE_SERVER_UID:?ENTERPRISE_SERVER_UID must be set}
SERVICE_USER_GID: ${ENTERPRISE_SERVER_GID:?ENTERPRISE_SERVER_GID must be set}
FORCE_PERMISSION_CHANGE: ${FORCE_PERMISSION_CHANGE:-false}
VOLUME_SIZE: ${ENTERPRISE_OBJECT_STORE_VOLUME_SIZE:?ENTERPRISE_OBJECT_STORE_VOLUME_SIZE must be set}
MAX_VOLUMES: ${ENTERPRISE_OBJECT_STORE_MAX_VOLUMES?ENTERPRISE_OBJECT_STORE_MAX_VOLUMES must be set}
restart: unless-stopped
volumes:
- data_object:/data
expose:
- 8333
secrets:
- object_store_access_key_id
- object_store_secret_access_key
volumes:
data_db:
name: ${COMPOSE_PROJECT_NAME}-data-db${VOLUME_SUFFIX?Volume suffix unset}
data_object:
name: ${COMPOSE_PROJECT_NAME}-data-object${VOLUME_SUFFIX?Volume suffix unset}
data_warp:
name: ${COMPOSE_PROJECT_NAME}-data-warp${VOLUME_SUFFIX?Volume suffix unset}
secrets:
server_license:
file: ${ENTERPRISE_SERVER_LICENSE_FILE:?ENTERPRISE_SERVER_LICENSE_FILE must be set}
license_bundle:
file: ${ENTERPRISE_SERVER_LICENSE_BUNDLE_FILE:?ENTERPRISE_SERVER_LICENSE_BUNDLE_FILE must be set}
ssl_cert:
file: ${ENTERPRISE_SERVER_CERT_FILE:?ENTERPRISE_SERVER_CERT_FILE must be set}
ssl_key:
file: ${ENTERPRISE_SERVER_KEY_FILE:?ENTERPRISE_SERVER_KEY_FILE must be set}
signing_privkey:
file: ./keys/server_key
signing_pubkey:
file: ./keys/server_key.pub
signing_pubkey_signature:
file: ./keys/server_key.pub.sig
secret_key:
file: ./secrets/secret_key
server_id:
file: ./secrets/server_id
license_signing_key:
file: ./secrets/license_signing_key
db_password:
file: ${ENTERPRISE_DATABASE_PASSWORD_FILE:?ENTERPRISE_DATABASE_PASSWORD_FILE must be set}
object_store_access_key_id:
file: ${ENTERPRISE_OBJECT_STORE_ACCESS_KEY_FILE:?ENTERPRISE_OBJECT_STORE_ACCESS_KEY_FILE must be set}
object_store_secret_access_key:
file: ${ENTERPRISE_OBJECT_STORE_SECRET_KEY_FILE:?ENTERPRISE_OBJECT_STORE_SECRET_KEY_FILE must be set}
initial_admin_password:
file: ${ENTERPRISE_INITIAL_ADMIN_PASSWORD_FILE:-/dev/null}
warp_db_password:
file: ${WARP_DATABASE_PASSWORD_FILE:?WARP_DATABASE_PASSWORD_FILE must be set}
networks:
backend:
internal: true
binja-enterprise:
Podman¶
The template below is used instead when the ENTERPRISE_CONTAINER_ENGINE is set to podman. The primary difference between this template and the "default" one for Docker deployments is that we avoid using the Podman secrets system and bind-mount the secret files instead. This is primarily to avoid issues with ownership, permissions, and SELinux that can't be solved currently in Podman using their implementation of secrets.
# Do not edit this file directly - use docker-compose.override.yml to change defaults
services:
redis:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-redis
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_kvs:${IMAGE_VERSION:?Image version unset or empty}
deploy:
replicas: 1
networks:
- backend
expose:
- 6379
restart: unless-stopped
database:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-database
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_database:${IMAGE_VERSION:?Image version unset or empty}
deploy:
replicas: 1
environment:
POSTGRES_PASSWORD_FILE: /secrets/db_password
PGDATA: /data/pgdata
POSTGRES_USER: ${ENTERPRISE_DATABASE_USER:?ENTERPRISE_DATABASE_USER must be set}
POSTGRES_DB: ${ENTERPRISE_DATABASE_NAME:?ENTERPRISE_DATABASE_NAME must be set}
SERVICE_USER_UID: ${ENTERPRISE_SERVER_UID:?ENTERPRISE_SERVER_UID must be set}
SERVICE_USER_GID: ${ENTERPRISE_SERVER_GID:?ENTERPRISE_SERVER_GID must be set}
FORCE_PERMISSION_CHANGE: ${FORCE_PERMISSION_CHANGE:-false}
volumes:
- data_db:/data
- ${ENTERPRISE_DATABASE_PASSWORD_FILE:?ENTERPRISE_DATABASE_PASSWORD_FILE must be set}:/secrets/db_password:ro,Z
restart: unless-stopped
networks:
- backend
healthcheck:
test: ["CMD", "pg_isready", "-U", "binaryninja_enterprise"]
interval: 30s
timeout: 20s
start_period: 300s
retries: 5
backend:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-backend
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_server:${IMAGE_VERSION:?Image version unset or empty}
deploy:
replicas: 1
volumes:
- ./installers:/opt/enterprise/installers:Z
- ${ENTERPRISE_SERVER_LICENSE_FILE:?ENTERPRISE_SERVER_LICENSE_FILE must be set}:/secrets/server_license:ro,Z
- ${ENTERPRISE_SERVER_LICENSE_BUNDLE_FILE:?ENTERPRISE_SERVER_LICENSE_BUNDLE_FILE must be set}:/secrets/license_bundle:ro,Z
- ./keys/server_key.pub:/secrets/signing_pubkey:ro,Z
- ./keys/server_key.pub.sig:/secrets/signing_pubkey_signature:ro,Z
- ${ENTERPRISE_DATABASE_PASSWORD_FILE:?ENTERPRISE_DATABASE_PASSWORD_FILE must be set}:/secrets/db_password:ro,Z
- ./secrets/license_signing_key:/secrets/license_signing_key:ro,Z
- ./secrets/secret_key:/secrets/secret_key:ro,Z
- ./secrets/server_id:/secrets/server_id:ro,Z
- ${ENTERPRISE_OBJECT_STORE_ACCESS_KEY_FILE:?ENTERPRISE_OBJECT_STORE_ACCESS_KEY_FILE must be set}:/secrets/object_store_access_key_id:ro,Z
- ${ENTERPRISE_OBJECT_STORE_SECRET_KEY_FILE:?ENTERPRISE_OBJECT_STORE_SECRET_KEY_FILE must be set}:/secrets/object_store_secret_access_key:ro,Z
- ${ENTERPRISE_INITIAL_ADMIN_PASSWORD_FILE:-/dev/null}:/secrets/initial_admin_password:ro,Z
networks:
- binja-enterprise
- backend
expose:
- 8000
environment:
ENTERPRISE_SERVER_ALLOWED_HOSTS: ${ENTERPRISE_SERVER_ALLOWED_HOSTS:-*}
ENTERPRISE_SERVER_DEBUG: ${ENTERPRISE_SERVER_DEBUG:-false}
DEBUG: ${DEBUG:-false}
ENTERPRISE_LICENSE_EXPIRATION: ${ENTERPRISE_LICENSE_EXPIRATION:-}
ENTERPRISE_SERVER_VALIDATE_TLS: ${ENTERPRISE_SERVER_VALIDATE_TLS:-true}
ENTERPRISE_DATABASE_NAME: ${ENTERPRISE_DATABASE_NAME:?ENTERPRISE_DATABASE_NAME must be set}
ENTERPRISE_DATABASE_HOST: ${ENTERPRISE_DATABASE_HOST:?ENTERPRISE_DATABASE_HOST must be set}
ENTERPRISE_DATABASE_PORT: ${ENTERPRISE_DATABASE_PORT:?ENTERPRISE_DATABASE_PORT must be set}
ENTERPRISE_DATABASE_USER: ${ENTERPRISE_DATABASE_USER:?ENTERPRISE_DATABASE_USER must be set}
ENTERPRISE_KV_STORE_URL: ${ENTERPRISE_KV_STORE_URL:?ENTERPRISE_KV_STORE_URL must be set}
ENTERPRISE_OBJECT_STORE_BUCKET_NAME: ${ENTERPRISE_OBJECT_STORE_BUCKET_NAME:?ENTERPRISE_OBJECT_STORE_BUCKET_NAME must be set}
ENTERPRISE_OBJECT_STORE_URL: ${ENTERPRISE_OBJECT_STORE_URL:?ENTERPRISE_OBJECT_STORE_URL must be set}
WARP_OAUTH_CLIENT_ID: ${WARP_OAUTH_CLIENT_ID:?WARP_OAUTH_CLIENT_ID must be set}
WARP_OAUTH_CLIENT_SECRET: ${WARP_OAUTH_CLIENT_SECRET:?WARP_OAUTH_CLIENT_SECRET must be set}
WARP_OAUTH_REDIRECT_URL: ${WARP_OAUTH_REDIRECT_URL:?WARP_OAUTH_REDIRECT_URL must be set}
SERVICE_USER_UID: ${ENTERPRISE_SERVER_UID:?ENTERPRISE_SERVER_UID must be set}
SERVICE_USER_GID: ${ENTERPRISE_SERVER_GID:?ENTERPRISE_SERVER_GID must be set}
FORCE_PERMISSION_CHANGE: ${FORCE_PERMISSION_CHANGE:-false}
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "20m"
max-file: "10"
depends_on:
- redis
- database
- object-store
warp-database:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-warp-database
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_database:${IMAGE_VERSION:?Image version unset or empty}
deploy:
replicas: 1
environment:
POSTGRES_PASSWORD_FILE: /secrets/warp_db_password
PGDATA: /data/pgdata
POSTGRES_USER: ${WARP_DATABASE_USER:?WARP_DATABASE_USER must be set}
POSTGRES_DB: ${WARP_DATABASE_NAME:?WARP_DATABASE_NAME must be set}
SERVICE_USER_UID: ${ENTERPRISE_SERVER_UID:?ENTERPRISE_SERVER_UID must be set}
SERVICE_USER_GID: ${ENTERPRISE_SERVER_GID:?ENTERPRISE_SERVER_GID must be set}
FORCE_PERMISSION_CHANGE: ${FORCE_PERMISSION_CHANGE:-false}
volumes:
- data_warp:/data
- ${WARP_DATABASE_PASSWORD_FILE:?WARP_DATABASE_PASSWORD_FILE must be set}:/secrets/warp_db_password:ro,Z
restart: unless-stopped
networks:
- backend
healthcheck:
test: ["CMD", "pg_isready", "-U", "warp"]
interval: 30s
timeout: 20s
start_period: 300s
retries: 5
warp-backend:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-warp-backend
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_warp_backend:${IMAGE_VERSION:?Image version unset or empty}
deploy:
replicas: 1
networks:
- backend
- binja-enterprise
depends_on:
- database
- redis
- warp-database
expose:
- 8888
restart: unless-stopped
logging:
driver: json-file
options:
max-size: 20m
max-file: 10
environment:
SERVICE_USER_UID: ${ENTERPRISE_SERVER_UID:?ENTERPRISE_SERVER_UID must be set}
SERVICE_USER_GID: ${ENTERPRISE_SERVER_GID:?ENTERPRISE_SERVER_GID must be set}
DB_NAME: ${WARP_DATABASE_NAME:?WARP_DATABASE_NAME must be set}
DB_HOST: ${WARP_DATABASE_HOST:?WARP_DATABASE_HOST must be set}
DB_PORT: ${WARP_DATABASE_PORT:?WARP_DATABASE_PORT must be set}
DB_USERNAME: ${WARP_DATABASE_USER:?WARP_DATABASE_USER must be set}
DB_PASSWORD: /secrets/warp_db_password
REDIS_URL: ${WARP_REDIS_URL:?WARP_REDIS_URL must be set}
WEB_ALLOWED_ORIGINS: ${WARP_WEB_ALLOWED_ORIGINS:?WARP_WEB_ALLOWED_ORIGINS must be set}
OAUTH_CLAIM_USERNAME: "true"
OAUTH_CLIENT_ID: ${WARP_OAUTH_CLIENT_ID:?WARP_OAUTH_CLIENT_ID must be set}
OAUTH_CLIENT_SECRET: ${WARP_OAUTH_CLIENT_SECRET:?WARP_OAUTH_CLIENT_SECRET must be set}
OAUTH_REDIRECT_URL: ${WARP_OAUTH_REDIRECT_URL:?WARP_OAUTH_REDIRECT_URL must be set}
OAUTH_PROVIDER: ${WARP_OAUTH_PROVIDER:?WARP_OAUTH_PROVIDER must be set}
OAUTH_DOMAIN: ${ENTERPRISE_SERVER_DOMAIN:?ENTERPRISE_SERVER_DOMAIN must be set}
OAUTH_INTERNAL_DOMAIN: http://backend:8000
RUST_BACKTRACE: "true"
RUST_LOG: info
volumes:
- ${WARP_DATABASE_PASSWORD_FILE:?WARP_DATABASE_PASSWORD_FILE must be set}:/secrets/warp_db_password:ro,Z
warp-frontend:
container_name: binja_enterprise${ENTERPRISE_CONTAINER_SUFFIX}-warp-frontend
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_warp_frontend:${IMAGE_VERSION:?Image version unset or empty}
deploy:
replicas: 1
networks:
- backend
depends_on:
- warp-backend
restart: unless-stopped
logging:
driver: json-file
options:
max-size: 20m
max-file: 10
environment:
BASE_PATH: /warp/
API_BASE_PATH: /warp/
ENV_NAME: production
proxy:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-proxy
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_proxy:${IMAGE_VERSION:?Image version unset or empty}
environment:
ENTERPRISE_PROXY_NO_TLS: ${ENTERPRISE_PROXY_NO_TLS:-false}
ENTERPRISE_SERVER_BACKEND_HOST: ${ENTERPRISE_SERVER_BACKEND_HOST:-backend}
SERVICE_USER_UID: ${ENTERPRISE_SERVER_UID:?ENTERPRISE_SERVER_UID must be set}
SERVICE_USER_GID: ${ENTERPRISE_SERVER_GID:?ENTERPRISE_SERVER_GID must be set}
ENTERPRISE_PROXY_DISABLE_DIRECTIO: ${ENTERPRISE_PROXY_DISABLE_DIRECTIO:-false}
ENTERPRISE_INCLUDE_WARP: ${ENTERPRISE_INCLUDE_WARP:-true}
FORCE_PERMISSION_CHANGE: ${FORCE_PERMISSION_CHANGE:-false}
deploy:
replicas: 1
networks:
- binja-enterprise
- backend
ports:
- ${ENTERPRISE_SERVER_BIND_IP:?ENTERPRISE_SERVER_BIND_IP must be set}:${ENTERPRISE_SERVER_PORT:?ENTERPRISE_SERVER_PORT must be set}:1337
depends_on:
- backend
- warp-backend
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "20m"
max-file: "10"
volumes:
- ${ENTERPRISE_SERVER_CERT_FILE:?ENTERPRISE_SERVER_CERT_FILE must be set}:/secrets/ssl_cert:ro,Z
- ${ENTERPRISE_SERVER_KEY_FILE:?ENTERPRISE_SERVER_KEY_FILE must be set}:/secrets/ssl_key:ro,Z
- ./keys/server_key:/secrets/signing_privkey:ro,Z
- ./keys/server_key.pub:/secrets/signing_pubkey:ro,Z
- ./keys/server_key.pub.sig:/secrets/signing_pubkey_signature:ro,Z
object-store:
container_name: binja-enterprise${ENTERPRISE_CONTAINER_SUFFIX}-object-store
image: ${ENTERPRISE_REGISTRY_HOST:?ENTERPRISE_REGISTRY_HOST must be set}/binaryninja_enterprise_object_store:${IMAGE_VERSION:?Image version unset or empty}
healthcheck:
test: ["CMD", "curl", "-kf", "https://localhost:8333/status"]
interval: 30s
timeout: 20s
start_period: 300s
retries: 5
deploy:
replicas: 1
networks:
- backend
environment:
SERVICE_USER_UID: ${ENTERPRISE_SERVER_UID:?ENTERPRISE_SERVER_UID must be set}
SERVICE_USER_GID: ${ENTERPRISE_SERVER_GID:?ENTERPRISE_SERVER_GID must be set}
FORCE_PERMISSION_CHANGE: ${FORCE_PERMISSION_CHANGE:-false}
VOLUME_SIZE: ${ENTERPRISE_OBJECT_STORE_VOLUME_SIZE:?ENTERPRISE_OBJECT_STORE_VOLUME_SIZE must be set}
MAX_VOLUMES: ${ENTERPRISE_OBJECT_STORE_MAX_VOLUMES?ENTERPRISE_OBJECT_STORE_MAX_VOLUMES must be set}
restart: unless-stopped
volumes:
- data_object:/data
- ${ENTERPRISE_OBJECT_STORE_ACCESS_KEY_FILE:?ENTERPRISE_OBJECT_STORE_ACCESS_KEY_FILE must be set}:/secrets/object_store_access_key_id:ro,Z
- ${ENTERPRISE_OBJECT_STORE_SECRET_KEY_FILE:?ENTERPRISE_OBJECT_STORE_SECRET_KEY_FILE must be set}:/secrets/object_store_secret_access_key:ro,Z
expose:
- 8333
volumes:
data_db:
name: ${COMPOSE_PROJECT_NAME}-data-db${VOLUME_SUFFIX?Volume suffix unset}
data_object:
name: ${COMPOSE_PROJECT_NAME}-data-object${VOLUME_SUFFIX?Volume suffix unset}
data_warp:
name: ${COMPOSE_PROJECT_NAME}-data-warp${VOLUME_SUFFIX?Volume suffix unset}
networks:
backend:
internal: true
binja-enterprise: