Setting up crAPI for Hacking APIs
By Jimmy Lindsey
Aug. 20, 2025 | Categories: devops, containers, security, Hacking_APIsIf you’ve ever dipped your toes into API security testing, you know that theory is one thing, but getting your hands dirty is where the real learning happens. That's the goal of the book Hacking APIs by Corey J. Ball. One of the many services you need to deploy for your hacking lab is crAPI. crAPI is a deliberately vulnerable API platform designed to sharpen your hacking skills and expose you to the most critical API security risks. However, getting crAPI up and running isn’t smooth sailing, especially if you’re working with its most recent stable release1. In this guide, I’ll walk you through two reliable setup methods and share an optional tweak to make your API hacking lab even more effective.
Prerequisites
First, I want to note that I have decided to make my hacking lab a remote one, so I'm running an Ubuntu 24.04 virtual machine in Azure. You can follow along on any cloud provider or your own homelab. Most of these steps should also work for a local setup, but please keep in mind that some of my configuration assumes a remote environment.
Before you begin, make sure you have:
- A working VM with any modern Linux distro
- unzip installed, e.g.
sudo apt install unzipon Ubuntu - Docker installed (choose one of the following methods):
- Snap package with
sudo snap install docker - Official Docker installation guide for Ubuntu.
Solution 1: Use the Development Version
We will start with the development version, as it is easiest. Of course, this is not an official release, so it is possible you will run into bugs.
First, run the following commands to download the development version and unzip it.
curl --location -o /tmp/crapi-develop.zip https://github.com/OWASP/crAPI/archive/refs/heads/develop.zip
unzip /tmp/crapi-develop.zip
cd crAPI-develop/deploy/docker
Now we need to make two changes to the .env file. The first is to set LISTEN_IP to "0.0.0.0" so we can access these containers remotely over HTTP/HTTPS. Next, we need to change VERSION to develop. This new version of crAPI contains some new images, and those new images are tagged "develop" instead of "latest".
IDENTITY_SERVER_PORT=8080
COMMUNITY_SERVER_PORT=8087
WORKSHOP_SERVER_PORT=8000
CHATBOT_SERVER_PORT=5002
ENABLE_SHELL_INJECTION=false
ENABLE_LOG4J=false
LISTEN_IP="0.0.0.0"
TLS_ENABLED=true
VERSION=develop
LOG_LEVEL=INFO
Now that we are ready to go, we can simply run these last two commands:
sudo docker compose pull
sudo docker compose -f docker-compose.yml --compatibility up -d
Wait a little bit after the deployment finishes, and then run sudo docker container ls. You should see something like the following:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4011ac6db860 crapi/crapi-web:develop "/etc/nginx/nginx-wr…" 25 minutes ago Up 23 minutes (healthy) 0.0.0.0:8888->80/tcp, 0.0.0.0:30080->80/tcp, 0.0.0.0:8443->443/tcp, 0.0.0.0:30443->443/tcp crapi-web
7f3142e88d70 crapi/crapi-workshop:develop "/app/runner.sh" 25 minutes ago Up 24 minutes (healthy) crapi-workshop
9832ba762341 crapi/crapi-community:develop "/bin/sh -c /app/main" 25 minutes ago Up 24 minutes (healthy) 6060/tcp crapi-community
428ac081a8ab crapi/crapi-chatbot:develop "/bin/sh -c /app/ent…" 25 minutes ago Up 24 minutes 5002/tcp, 5500/tcp crapi-chatbot
004d40461bab crapi/crapi-identity:develop "/__cacert_entrypoin…" 25 minutes ago Up 24 minutes (healthy) 8080/tcp, 8989/tcp, 10001/tcp crapi-identity
e89e263de748 crapi/gateway-service:develop "/app/server" 25 minutes ago Up 25 minutes (healthy) 443/tcp api.mypremiumdealership.com
f8ad8bea3264 crapi/mailhog:develop "MailHog" 25 minutes ago Up 25 minutes (healthy) 1025/tcp, 0.0.0.0:8025->8025/tcp mailhog
93c350744e24 chromadb/chroma:latest "dumb-init -- chroma…" 25 minutes ago Up 25 minutes (healthy) 8000/tcp chromadb
17dfa23a4323 mongo:4.4 "docker-entrypoint.s…" 25 minutes ago Up 25 minutes (healthy) 27017/tcp mongodb
331627fdad32 postgres:14 "docker-entrypoint.s…" 25 minutes ago Up 25 minutes (healthy) 5432/tcp postgresdb
The main thing is that we just want to see that all containers are healthy.
Solution 2: Modify the Stable Version
The other solution is to use the stable version and modify the docker-compose.yml file to fix a flaw.
curl --location -o /tmp/crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/main.zip
unzip /tmp/crapi.zip
cd crAPI-main/deploy/docker
We also want to modify LISTEN_IP the same as we did for Solution 1, but keep VERSION set to latest.
IDENTITY_SERVER_PORT=8080
COMMUNITY_SERVER_PORT=8087
WORKSHOP_SERVER_PORT=8000
ENABLE_SHELL_INJECTION=false
ENABLE_LOG4J=false
LISTEN_IP="0.0.0.0"
TLS_ENABLED=true
VERSION=latest
LOG_LEVEL=INFO
The issue is that the container running the image crapi/gateway-service has a bad health check. Specifically, the health check command never succeeds against the service, even though the service is running correctly. This docker-compose file is pretty big, so I will just put the fix for this service below.
api.mypremiumdealership.com:
container_name: api.mypremiumdealership.com
image: crapi/gateway-service:${VERSION:-latest}
#ports:
# - "${LISTEN_IP:-127.0.0.1}:8443:443" # https
healthcheck:
test: bash -c 'echo -n "GET / HTTP/1.1\n\n" > /dev/tcp/127.0.0.1/443'
interval: 15s
timeout: 15s
retries: 15
start_period: 15s
deploy:
resources:
limits:
cpus: '0.1'
memory: 50M
Then run the last two commands:
sudo docker compose pull
sudo docker compose -f docker-compose.yml --compatibility up -d
Again, wait a few moments, then use sudo docker container ls to make sure all containers are healthy.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
40dd62572e06 crapi/crapi-web:latest "/bin/sh -c /etc/ngi…" 4 minutes ago Up 3 minutes (healthy) 0.0.0.0:8888->80/tcp, 0.0.0.0:8443->443/tcp crapi-web
eea29e8b9320 crapi/crapi-workshop:latest "/bin/sh -c /app/run…" 4 minutes ago Up 3 minutes (healthy) crapi-workshop
bb3f70edc953 crapi/crapi-community:latest "/bin/sh -c /app/main" 4 minutes ago Up 3 minutes (healthy) 6060/tcp crapi-community
b8defabcc718 crapi/crapi-identity:latest "/entrypoint.sh" 4 minutes ago Up 4 minutes (healthy) 10001/tcp crapi-identity
57d06210e582 postgres:14 "docker-entrypoint.s…" 4 minutes ago Up 4 minutes (healthy) 5432/tcp postgresdb
b31ece85329b mongo:4.4 "docker-entrypoint.s…" 4 minutes ago Up 4 minutes (healthy) 27017/tcp mongodb
2513c768baea crapi/mailhog:latest "MailHog" 4 minutes ago Up 4 minutes (healthy) 1025/tcp, 0.0.0.0:8025->8025/tcp mailhog
aed8c95e4e16 crapi/gateway-service:latest "/app/server" 4 minutes ago Up 4 minutes (healthy) 443/tcp api.mypremiumdealership.com
Opening Ports for All Containers
Based on Corey's results from nmap, it is clear that in the past crAPI's docker-compose file had all containers running with an open port. If you look now, you will see something like this for most of them:
#ports:
# - "${LISTEN_IP:-127.0.0.1}:8443:443" # https
To get to a similar state, we need to uncomment all those lines. Doing this allowed me to get better nmap scans on crAPI. However, we will run into a problem with the container named api.mypremiumdealership.com. Both this container and crapi-web are listening on port 8443. However, we can fix it by changing api.mypremiumdealership.com to use port 8444. If you are using the development version, you will see a similar problem with the chromadb container, which I changed to listen on port 9000. Below you will see the complete docker-compose.yml for the development version, as well as the same for the stable version.
docker-compose.yml for the development version
# Licensed under the Apache License, Version 2.0 (the “License”);
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an “AS IS” BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
services:
crapi-identity:
container_name: crapi-identity
image: crapi/crapi-identity:${VERSION:-latest}
ports:
- "${LISTEN_IP:-127.0.0.1}:8080:8080"
volumes:
- ./keys:/app/keys
environment:
- LOG_LEVEL=${LOG_LEVEL:-INFO}
- DB_NAME=crapi
- DB_USER=admin
- DB_PASSWORD=crapisecretpassword
- DB_HOST=postgresdb
- DB_PORT=5432
- SERVER_PORT=${IDENTITY_SERVER_PORT:-8080}
- ENABLE_SHELL_INJECTION=${ENABLE_SHELL_INJECTION:-false}
- JWT_SECRET=crapi
- MAILHOG_HOST=mailhog
- MAILHOG_PORT=1025
- MAILHOG_DOMAIN=example.com
- SMTP_HOST=smtp.example.com
- SMTP_PORT=587
- SMTP_EMAIL=user@example.com
- SMTP_PASS=xxxxxxxxxxxxxx
- SMTP_FROM=no-reply@example.com
- SMTP_AUTH=true
- SMTP_STARTTLS=true
- JWT_EXPIRATION=604800000
- ENABLE_LOG4J=${ENABLE_LOG4J:-false}
- API_GATEWAY_URL=https://api.mypremiumdealership.com
- TLS_ENABLED=${TLS_ENABLED:-false}
- TLS_KEYSTORE_TYPE=PKCS12
- TLS_KEYSTORE=classpath:certs/server.p12
- TLS_KEYSTORE_PASSWORD=passw0rd
- TLS_KEY_PASSWORD=passw0rd
- TLS_KEY_ALIAS=identity
depends_on:
postgresdb:
condition: service_healthy
mongodb:
condition: service_healthy
mailhog:
condition: service_healthy
healthcheck:
test: /app/health.sh
interval: 15s
timeout: 15s
retries: 15
deploy:
resources:
limits:
cpus: '0.8'
memory: 384M
crapi-community:
container_name: crapi-community
image: crapi/crapi-community:${VERSION:-latest}
ports:
- "${LISTEN_IP:-127.0.0.1}:8087:8087"
environment:
- LOG_LEVEL=${LOG_LEVEL:-INFO}
- IDENTITY_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
- DB_NAME=crapi
- DB_USER=admin
- DB_PASSWORD=crapisecretpassword
- DB_HOST=postgresdb
- DB_PORT=5432
- SERVER_PORT=${COMMUNITY_SERVER_PORT:-8087}
- MONGO_DB_HOST=mongodb
- MONGO_DB_PORT=27017
- MONGO_DB_USER=admin
- MONGO_DB_PASSWORD=crapisecretpassword
- MONGO_DB_NAME=crapi
- TLS_ENABLED=${TLS_ENABLED:-false}
- TLS_CERTIFICATE=certs/server.crt
- TLS_KEY=certs/server.key
depends_on:
postgresdb:
condition: service_healthy
mongodb:
condition: service_healthy
crapi-identity:
condition: service_healthy
healthcheck:
test: /app/health.sh
interval: 15s
timeout: 15s
retries: 15
deploy:
resources:
limits:
cpus: '0.3'
memory: 192M
crapi-workshop:
container_name: crapi-workshop
image: crapi/crapi-workshop:${VERSION:-latest}
ports:
- "${LISTEN_IP:-127.0.0.1}:8000:8000"
environment:
- LOG_LEVEL=${LOG_LEVEL:-INFO}
- IDENTITY_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
- DB_NAME=crapi
- DB_USER=admin
- DB_PASSWORD=crapisecretpassword
- DB_HOST=postgresdb
- DB_PORT=5432
- SERVER_PORT=${WORKSHOP_SERVER_PORT:-8000}
- MONGO_DB_HOST=mongodb
- MONGO_DB_PORT=27017
- MONGO_DB_USER=admin
- MONGO_DB_PASSWORD=crapisecretpassword
- MONGO_DB_NAME=crapi
- SECRET_KEY=crapi
- API_GATEWAY_URL=https://api.mypremiumdealership.com
- TLS_ENABLED=${TLS_ENABLED:-false}
- TLS_CERTIFICATE=certs/server.crt
- TLS_KEY=certs/server.key
depends_on:
postgresdb:
condition: service_healthy
mongodb:
condition: service_healthy
crapi-identity:
condition: service_healthy
crapi-community:
condition: service_healthy
healthcheck:
test: /app/health.sh
interval: 15s
timeout: 15s
retries: 15
deploy:
resources:
limits:
cpus: '0.3'
memory: 128M
crapi-chatbot:
container_name: crapi-chatbot
image: crapi/crapi-chatbot:${VERSION:-latest}
environment:
- TLS_ENABLED=${TLS_ENABLED:-false}
- SERVER_PORT=${CHATBOT_SERVER_PORT:-5002}
- WEB_SERVICE=crapi-web
- IDENTITY_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
- DB_NAME=crapi
- DB_USER=admin
- DB_PASSWORD=crapisecretpassword
- DB_HOST=postgresdb
- DB_PORT=5432
- MONGO_DB_HOST=mongodb
- MONGO_DB_PORT=27017
- MONGO_DB_USER=admin
- MONGO_DB_PASSWORD=crapisecretpassword
- MONGO_DB_NAME=crapi
- API_USER=admin@example.com
- API_PASSWORD=Admin!123
- OPENAPI_SPEC=/app/resources/crapi-openapi-spec.json
- DEFAULT_MODEL=gpt-4o-mini
- CHROMA_HOST=chromadb
- CHROMA_PORT=8000
# - CHATBOT_OPENAI_API_KEY=
depends_on:
mongodb:
condition: service_healthy
crapi-identity:
condition: service_healthy
chromadb:
condition: service_healthy
ports:
- "${LISTEN_IP:-127.0.0.1}:5002:5002"
crapi-web:
container_name: crapi-web
image: crapi/crapi-web:${VERSION:-latest}
ports:
- "${LISTEN_IP:-127.0.0.1}:8888:80"
- "${LISTEN_IP:-127.0.0.1}:30080:80"
- "${LISTEN_IP:-127.0.0.1}:8443:443"
- "${LISTEN_IP:-127.0.0.1}:30443:443"
environment:
- COMMUNITY_SERVICE=crapi-community:${COMMUNITY_SERVER_PORT:-8087}
- IDENTITY_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
- WORKSHOP_SERVICE=crapi-workshop:${WORKSHOP_SERVER_PORT:-8000}
- CHATBOT_SERVICE=crapi-chatbot:${CHATBOT_SERVER_PORT:-5002}
- MAILHOG_WEB_SERVICE=mailhog:8025
- TLS_ENABLED=${TLS_ENABLED:-false}
depends_on:
crapi-community:
condition: service_healthy
crapi-identity:
condition: service_healthy
crapi-workshop:
condition: service_healthy
healthcheck:
test: curl 0.0.0.0:80/health
interval: 15s
timeout: 15s
retries: 15
deploy:
resources:
limits:
cpus: '0.3'
memory: 128M
postgresdb:
container_name: postgresdb
image: 'postgres:14'
command: ["postgres", "-c", "max_connections=500"]
environment:
POSTGRES_USER: admin
POSTGRES_PASSWORD: crapisecretpassword
POSTGRES_DB: crapi
ports:
- "${LISTEN_IP:-127.0.0.1}:5432:5432"
healthcheck:
test: [ "CMD-SHELL", "pg_isready" ]
interval: 15s
timeout: 15s
retries: 15
volumes:
- postgresql-data:/var/lib/postgresql/data/
deploy:
resources:
limits:
cpus: '0.5'
memory: 256M
mongodb:
container_name: mongodb
image: 'mongo:4.4'
environment:
MONGO_INITDB_ROOT_USERNAME: admin
MONGO_INITDB_ROOT_PASSWORD: crapisecretpassword
ports:
- "${LISTEN_IP:-127.0.0.1}:27017:27017"
healthcheck:
test: echo 'db.runCommand("ping").ok' | mongo mongodb:27017/test --quiet
interval: 15s
timeout: 15s
retries: 15
start_period: 20s
volumes:
- mongodb-data:/data/db
deploy:
resources:
limits:
cpus: '0.3'
memory: 128M
chromadb:
container_name: chromadb
image: 'chromadb/chroma:latest'
environment:
IS_PERSISTENT: 'TRUE'
healthcheck:
test: [ "CMD", "/bin/bash", "-c", "cat < /dev/null > /dev/tcp/localhost/8000" ]
interval: 15s
timeout: 15s
retries: 15
start_period: 20s
volumes:
- chromadb-data:/data
ports:
- "${LISTEN_IP:-127.0.0.1}:9000:8000"
mailhog:
user: root
container_name: mailhog
image: crapi/mailhog:${VERSION:-latest}
environment:
MH_MONGO_URI: admin:crapisecretpassword@mongodb:27017
MH_STORAGE: mongodb
ports:
# - "127.0.0.1:1025:1025" # smtp server
- "${LISTEN_IP:-127.0.0.1}:8025:8025" # Mail ui
healthcheck:
test: [ "CMD", "nc", "-z", "localhost", "8025" ]
interval: 15s
timeout: 15s
retries: 15
deploy:
resources:
limits:
cpus: '0.3'
memory: 128M
api.mypremiumdealership.com:
container_name: api.mypremiumdealership.com
image: crapi/gateway-service:${VERSION:-latest}
ports:
- "${LISTEN_IP:-127.0.0.1}:8444:443" # https
healthcheck:
test: bash -c 'echo -n "GET / HTTP/1.1\n\n" > /dev/tcp/127.0.0.1/443'
interval: 15s
timeout: 15s
retries: 15
start_period: 15s
deploy:
resources:
limits:
cpus: '0.1'
memory: 50M
volumes:
mongodb-data:
postgresql-data:
chromadb-data:
docker-compose.yml for the stable version
# Licensed under the Apache License, Version 2.0 (the “License”);
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an “AS IS” BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
services:
crapi-identity:
container_name: crapi-identity
image: crapi/crapi-identity:${VERSION:-latest}
ports:
- "${LISTEN_IP:-127.0.0.1}:8080:8080"
volumes:
- ./keys:/keys
environment:
- LOG_LEVEL=${LOG_LEVEL:-INFO}
- DB_NAME=crapi
- DB_USER=admin
- DB_PASSWORD=crapisecretpassword
- DB_HOST=postgresdb
- DB_PORT=5432
- SERVER_PORT=${IDENTITY_SERVER_PORT:-8080}
- ENABLE_SHELL_INJECTION=${ENABLE_SHELL_INJECTION:-false}
- JWT_SECRET=crapi
- MAILHOG_HOST=mailhog
- MAILHOG_PORT=1025
- MAILHOG_DOMAIN=example.com
- SMTP_HOST=smtp.example.com
- SMTP_PORT=587
- SMTP_EMAIL=user@example.com
- SMTP_PASS=xxxxxxxxxxxxxx
- SMTP_FROM=no-reply@example.com
- SMTP_AUTH=true
- SMTP_STARTTLS=true
- JWT_EXPIRATION=604800000
- ENABLE_LOG4J=${ENABLE_LOG4J:-false}
- API_GATEWAY_URL=<https://api.mypremiumdealership.com>
- TLS_ENABLED=${TLS_ENABLED:-false}
- TLS_KEYSTORE_TYPE=PKCS12
- TLS_KEYSTORE=classpath:certs/server.p12
- TLS_KEYSTORE_PASSWORD=passw0rd
- TLS_KEY_PASSWORD=passw0rd
- TLS_KEY_ALIAS=identity
depends_on:
postgresdb:
condition: service_healthy
mongodb:
condition: service_healthy
mailhog:
condition: service_healthy
healthcheck:
test: /app/health.sh
interval: 15s
timeout: 15s
retries: 15
deploy:
resources:
limits:
cpus: '0.8'
memory: 384M
crapi-community:
container_name: crapi-community
image: crapi/crapi-community:${VERSION:-latest}
ports:
- "${LISTEN_IP:-127.0.0.1}:8087:8087"
environment:
- LOG_LEVEL=${LOG_LEVEL:-INFO}
- IDENTITY_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
- DB_NAME=crapi
- DB_USER=admin
- DB_PASSWORD=crapisecretpassword
- DB_HOST=postgresdb
- DB_PORT=5432
- SERVER_PORT=${COMMUNITY_SERVER_PORT:-8087}
- MONGO_DB_HOST=mongodb
- MONGO_DB_PORT=27017
- MONGO_DB_USER=admin
- MONGO_DB_PASSWORD=crapisecretpassword
- MONGO_DB_NAME=crapi
- TLS_ENABLED=${TLS_ENABLED:-false}
- TLS_CERTIFICATE=certs/server.crt
- TLS_KEY=certs/server.key
depends_on:
postgresdb:
condition: service_healthy
mongodb:
condition: service_healthy
crapi-identity:
condition: service_healthy
healthcheck:
test: /app/health.sh
interval: 15s
timeout: 15s
retries: 15
deploy:
resources:
limits:
cpus: '0.3'
memory: 192M
crapi-workshop:
container_name: crapi-workshop
image: crapi/crapi-workshop:${VERSION:-latest}
ports:
- "${LISTEN_IP:-127.0.0.1}:8000:8000"
environment:
- LOG_LEVEL=${LOG_LEVEL:-INFO}
- IDENTITY_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
- DB_NAME=crapi
- DB_USER=admin
- DB_PASSWORD=crapisecretpassword
- DB_HOST=postgresdb
- DB_PORT=5432
- SERVER_PORT=${WORKSHOP_SERVER_PORT:-8000}
- MONGO_DB_HOST=mongodb
- MONGO_DB_PORT=27017
- MONGO_DB_USER=admin
- MONGO_DB_PASSWORD=crapisecretpassword
- MONGO_DB_NAME=crapi
- SECRET_KEY=crapi
- API_GATEWAY_URL=https://api.mypremiumdealership.com
- TLS_ENABLED=${TLS_ENABLED:-false}
- TLS_CERTIFICATE=certs/server.crt
- TLS_KEY=certs/server.key
depends_on:
postgresdb:
condition: service_healthy
mongodb:
condition: service_healthy
crapi-identity:
condition: service_healthy
crapi-community:
condition: service_healthy
healthcheck:
test: /app/health.sh
interval: 15s
timeout: 15s
retries: 15
deploy:
resources:
limits:
cpus: '0.3'
memory: 128M
crapi-web:
container_name: crapi-web
image: crapi/crapi-web:${VERSION:-latest}
ports:
- "${LISTEN_IP:-127.0.0.1}:8888:80"
- "${LISTEN_IP:-127.0.0.1}:8443:443"
environment:
- COMMUNITY_SERVICE=crapi-community:${COMMUNITY_SERVER_PORT:-8087}
- IDENTITY_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
- WORKSHOP_SERVICE=crapi-workshop:${WORKSHOP_SERVER_PORT:-8000}
- MAILHOG_WEB_SERVICE=mailhog:8025
- TLS_ENABLED=${TLS_ENABLED:-false}
depends_on:
crapi-community:
condition: service_healthy
crapi-identity:
condition: service_healthy
crapi-workshop:
condition: service_healthy
healthcheck:
test: curl 0.0.0.0:80/web/health
interval: 15s
timeout: 15s
retries: 15
deploy:
resources:
limits:
cpus: '0.3'
memory: 128M
postgresdb:
container_name: postgresdb
image: 'postgres:14'
command: ["postgres", "-c", "max_connections=500"]
environment:
POSTGRES_USER: admin
POSTGRES_PASSWORD: crapisecretpassword
POSTGRES_DB: crapi
ports:
- "${LISTEN_IP:-127.0.0.1}:5432:5432"
healthcheck:
test: [ "CMD-SHELL", "pg_isready" ]
interval: 15s
timeout: 15s
retries: 15
volumes:
- postgresql-data:/var/lib/postgresql/data/
deploy:
resources:
limits:
cpus: '0.5'
memory: 256M
mongodb:
container_name: mongodb
image: 'mongo:4.4'
environment:
MONGO_INITDB_ROOT_USERNAME: admin
MONGO_INITDB_ROOT_PASSWORD: crapisecretpassword
ports:
- "${LISTEN_IP:-127.0.0.1}:27017:27017"
healthcheck:
test: echo 'db.runCommand("ping").ok' | mongo mongodb:27017/test --quiet
interval: 15s
timeout: 15s
retries: 15
start_period: 20s
volumes:
- mongodb-data:/data/db
deploy:
resources:
limits:
cpus: '0.3'
memory: 128M
mailhog:
user: root
container_name: mailhog
image: crapi/mailhog:${VERSION:-latest}
environment:
MH_MONGO_URI: admin:crapisecretpassword@mongodb:27017
MH_STORAGE: mongodb
ports:
# - "127.0.0.1:1025:1025" # smtp server
- "${LISTEN_IP:-127.0.0.1}:8025:8025" # Mail ui
healthcheck:
test: [ "CMD", "nc", "-z", "localhost", "8025" ]
interval: 15s
timeout: 15s
retries: 15
deploy:
resources:
limits:
cpus: '0.3'
memory: 128M
api.mypremiumdealership.com:
container_name: api.mypremiumdealership.com
image: crapi/gateway-service:${VERSION:-latest}
ports:
- "${LISTEN_IP:-127.0.0.1}:8444:443" # https
healthcheck:
test: bash -c 'echo -n "GET / HTTP/1.1\n\n" > /dev/tcp/127.0.0.1/443'
interval: 15s
timeout: 15s
retries: 15
start_period: 15s
deploy:
resources:
limits:
cpus: '0.1'
memory: 50M
volumes:
mongodb-data:
postgresql-data:
Conclusion
With crAPI up and running, you can now explore the ins and outs of API security. Whether you went with the already-working development version or fixed the stable one, you're ready to hone your skills. Just remember that crAPI is still in active development, so keep an eye out for updates. Good luck with your future API hacking endeavors!
-
v1.1.5 released on February 5th, 2024 ↩