version: '3.8'

services:
  # Backend application
  backend:
    build: ./docker/backend
    container_name: cve-2026-3288-backend
    hostname: backend
    networks:
      - cve-lab
    environment:
      - FLASK_APP=app.py
      - FLASK_ENV=development
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:5000/health"]
      interval: 10s
      timeout: 5s
      retries: 3

  # Vulnerable NGINX (simulating Ingress Controller behavior)
  nginx:
    build: ./docker/nginx
    container_name: cve-2026-3288-nginx
    hostname: nginx
    ports:
      - "9090:80"
      - "9443:443"
    networks:
      - cve-lab
    depends_on:
      - backend
    volumes:
      - nginx-logs:/var/log/nginx
    environment:
      - BACKEND_HOST=backend
      - BACKEND_PORT=5000
    healthcheck:
      test: ["CMD", "nginx", "-t"]
      interval: 10s
      timeout: 5s
      retries: 3

  # Log monitoring container (optional)
  monitor:
    image: alpine:latest
    container_name: cve-2026-3288-monitor
    command: tail -f /logs/access.log /logs/error.log
    volumes:
      - nginx-logs:/logs
    networks:
      - cve-lab
    depends_on:
      - nginx

volumes:
  nginx-logs:
    driver: local

networks:
  cve-lab:
    driver: bridge

# Made with Bob