Deploy on Docker

Learn how to deploy a TrapEye instance using Docker. This guide covers deployment using the standard Docker CLI as well as Docker Compose.

The Docker image allows for rapid deployment on any Linux host, but requires specific network configurations to enable full detection capabilities.

1. Retrieve Configuration

   Navigate to Management → Installation in the TrapEye Platform. Select the Docker tab to view your specific installation command. This command is pre-populated with the necessary authentication tokens and UUIDs for your entity.

2. Run with Docker CLI

   Execute the command retrieved from the platform in your terminal. Below is an example of the command structure:

   docker run -d \
      --restart unless-stopped \
      --network host \
      -e INGESTION_URL="INGESTION-URL" \
      -e ENTITY_UUID="YOUR-ENTITY-UUID" \
      -e ENTITY_TOKEN="YOUR-ENTITY-TOKEN" \
      -e TRAPEYE_UUID="YOUR-TRAPEYE-UUID" \
      ghcr.io/anantis-security/trapeye:x.x.x

3. Alternative: Docker Compose

   If you prefer to manage your deployment via Docker Compose, you can use the configuration below. Create a docker-compose.yml file and paste the following content, replacing the environment variables with the values from Step 1.

   services:
     trapeye:
       image: ghcr.io/anantis-security/trapeye:x.x.x
       container_name: trapeye-sensor
       network_mode: host
       restart: unless-stopped
       environment:
         - INGESTION_URL=INGESTION-URL
         - ENTITY_UUID=YOUR-ENTITY-UUID
         - ENTITY_TOKEN=YOUR-ENTITY-TOKEN
         - TRAPEYE_UUID=YOUR-TRAPEYE-UUID

   Run the container using:

   docker-compose up -d

When deploying via Docker, please be aware of the following limitation regarding service availability:

Your TrapEye container is now running. It will appear in the Devices section of the TrapEye Deception Platform, and you will begin receiving real-time alerts as soon as activity is detected.