misp-docker/template.env

##
# Build-time variables
##

CORE_TAG=v2.4.192
MODULES_TAG=v2.4.192
PHP_VER=20190902
LIBFAUP_COMMIT=3a26d0a

# PYPY_* vars take precedence over MISP's
# PYPI_REDIS_VERSION="==5.0.*"
# PYPI_LIEF_VERSION=">=0.13.1"
# PYPI_PYDEEP2_VERSION="==0.5.*"
# PYPI_PYTHON_MAGIC_VERSION="==0.4.*"
# PYPI_MISP_LIB_STIX2_VERSION="==3.0.*"
# PYPI_MAEC_VERSION="==4.1.*"
# PYPI_MIXBOX_VERSION="==1.0.*"
# PYPI_CYBOX_VERSION="==2.1.*"
# PYPI_PYMISP_VERSION="==2.4.178"

# CORE_COMMIT takes precedence over CORE_TAG
# CORE_COMMIT=c56d537
# MODULES_COMMIT takes precedence over MODULES_TAG
# MODULES_COMMIT=de69ae3

##
# Run-time variables
##

# Email/username for user #1, defaults to MISP's default (admin@admin.test)
ADMIN_EMAIL=
# name of org #1, default to MISP's default (ORGNAME)
ADMIN_ORG=
# defaults to an automatically generated one
ADMIN_KEY=
# defaults to MISP's default (admin)
ADMIN_PASSWORD=
# defaults to 'passphrase'
GPG_PASSPHRASE=
# defaults to 1 (the admin user)
CRON_USER_ID=
# defaults to 'https://localhost'
BASE_URL=
# store settings in db except those that must stay in config.php. true/false, defaults to false
ENABLE_DB_SETTINGS=

# optional and used by the mail sub-system
SMARTHOST_ADDRESS=
SMARTHOST_PORT=
SMARTHOST_USER=
SMARTHOST_PASSWORD=
SMARTHOST_ALIASES=

# optional comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1)
# For this to work ADMIN_KEY must be set, or AUTOGEN_ADMIN_KEY must be true (default)
SYNCSERVERS=
# note: if you have more than one syncserver, you need to update docker-compose.yml
SYNCSERVERS_1_URL=
SYNCSERVERS_1_NAME=
SYNCSERVERS_1_UUID=
SYNCSERVERS_1_KEY=

# optional and used to set mysql db and credentials
# MYSQL_HOST=
# MYSQL_PORT=
# MYSQL_USER=
# MYSQL_PASSWORD=
# MYSQL_ROOT_PASSWORD=
# MYSQL_DATABASE=

# These variables allows overriding some MISP email values.
# They all default to ADMIN_EMAIL.

# MISP.email, used for notifications. Also used
# for GnuPG.email and GPG autogeneration.
# MISP_EMAIL=

# MISP.contact, the e-mail address that
# MISP should include as a contact address
# for the instance's support team.
# MISP_CONTACT=

# Enable GPG autogeneration (default true)
# AUTOCONF_GPG=true

# Enable admin (user #1) API key autogeneration
# if ADMIN_KEY is not set above (default true)
# AUTOGEN_ADMIN_KEY=true

# Disable IPv6 completely
# DISABLE_IPV6=true

# Disable SSL redirect
# DISABLE_SSL_REDIRECT=true

# Enable OIDC authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/README.md
# OIDC_ENABLE=true
# OIDC_PROVIDER_URL=
# OIDC_CLIENT_ID=
# OIDC_CLIENT_SECRET=
# OIDC_ROLES_PROPERTY="roles"
# OIDC_ROLES_MAPPING="{\"admin\": \"1\"}"
# OIDC_DEFAULT_ORG=

# Enable LDAP (using the ApacheSecureAuth component) authentication, according to https://github.com/MISP/MISP/issues/6189
# NOTE: Once you enable LDAP authentication with the ApacheSecureAuth component, users should not be able to control the HTTP header configured in LDAP_APACHE_ENV (e.g. REMOTE_USER).
#       This means you must not allow direct access to MISP.
# LDAP_ENABLE=true
# LDAP_APACHE_ENV="REMOTE_USER"
# LDAP_SERVER="ldap://your_domain_controller"
# LDAP_STARTTLS=true
# LDAP_READER_USER="CN=service_account_name,OU=Users,DC=domain,DC=net"
# LDAP_READER_PASSWORD="password"
# LDAP_DN="OU=Users,DC=domain,DC=net"
# LDAP_SEARCH_FILTER=""
# LDAP_SEARCH_ATTRIBUTE="uid"
# LDAP_FILTER="[\"mail\", \"uid\", \"cn\" ]"
# LDAP_DEFAULT_ROLE_ID="3"
# LDAP_DEFAULT_ORG="1"
# LDAP_EMAIL_FIELD="[\"mail\"]"
# LDAP_OPT_PROTOCOL_VERSION="3"
# LDAP_OPT_NETWORK_TIMEOUT="-1"
# LDAP_OPT_REFERRALS=false

# Enable Azure AD (Entra) authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/AadAuth/README.md
# AAD_ENABLE=true
# AAD_CLIENT_ID=
# AAD_TENANT_ID=
# AAD_CLIENT_SECRET=
# AAD_REDIRECT_URI="https://misp.mydomain.com/users/login"
# AAD_PROVIDER="https://login.microsoftonline.com/"
# AAD_PROVIDER_USER="https://graph.microsoft.com/"
# AAD_MISP_USER="Misp Users"
# AAD_MISP_ORGADMIN="Misp Org Admins"
# AAD_MISP_SITEADMIN="Misp Site Admins"
# AAD_CHECK_GROUPS=false

# Enable the use of a Proxy server
# PROXY_ENABLE=true
# PROXY_HOST=
# PROXY_PORT=
# PROXY_METHOD=
# PROXY_USER=
# PROXY_PASSWORD=
Bump MISP version 2023-09-28 09:58:46 +02:00			`##`
			`# Build-time variables`
			`##`

Bump misp-core 2024-05-03 15:25:48 +02:00			`CORE_TAG=v2.4.192`
Bump misp-modules and revert some defaults 2024-06-06 13:56:36 +02:00			`MODULES_TAG=v2.4.192`
Instantiate custom entrypoint 2022-09-03 13:59:35 +02:00			`PHP_VER=20190902`
Update to python 3.11, improve build times (#26) Changes: * misp-modules targets py3.11, so use that base, + ninja + wheels groundwork * slightly optimise local builder layer cache size * pin libfaup to specific commit * remove comment * move libfaup_commit to template, get apios from pypi and let it decide validators version 2023-09-12 11:23:20 +02:00			`LIBFAUP_COMMIT=3a26d0a`
Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set, that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic generation. AUTOCONF_GPG behaves as before. MISP_EMAIL sets MISP.email and GPG-related email. MISP_CONTACT sets MISP.contact (support email) 2023-08-01 17:59:47 +02:00
Prepare post https://github.com/MISP/MISP/pull/9304 merge 2023-10-08 14:52:51 +02:00			`# PYPY_* vars take precedence over MISP's`
			`# PYPI_REDIS_VERSION="==5.0.*"`
			`# PYPI_LIEF_VERSION=">=0.13.1"`
			`# PYPI_PYDEEP2_VERSION="==0.5.*"`
			`# PYPI_PYTHON_MAGIC_VERSION="==0.4.*"`
			`# PYPI_MISP_LIB_STIX2_VERSION="==3.0.*"`
			`# PYPI_MAEC_VERSION="==4.1.*"`
			`# PYPI_MIXBOX_VERSION="==1.0.*"`
			`# PYPI_CYBOX_VERSION="==2.1.*"`
Bump version 2023-11-23 18:42:53 +01:00			`# PYPI_PYMISP_VERSION="==2.4.178"`
Create smaller image, faster build times, rework dependencies (#27) Changes: * fetch pymisp version from submodule, remove erroneous module from additional dependencies * fix heredoc indentation, move files dist and permission to same layer to avoid duplicating * fix cybox addition, codecov removal * pinned pip versions for our own imports * size optimization by applying the intended file permissions from later step in initial copy * bind-mount wheels to reduce image size * fix var init, rework py module add script to require version and only overwrite when we have a version defined * handle missing MISP/MODULES_TAG in env * remove git package and (almost all of) .git directory * split MISP and PyMISP steps to allow faster iteration in module step 2023-09-15 12:50:30 +02:00
Make variable names consistent 2023-12-08 09:45:49 +01:00			`# CORE_COMMIT takes precedence over CORE_TAG`
			`# CORE_COMMIT=c56d537`
Instantiate custom entrypoint 2022-09-03 13:59:35 +02:00			`# MODULES_COMMIT takes precedence over MODULES_TAG`
			`# MODULES_COMMIT=de69ae3`

Bump MISP version 2023-09-28 09:58:46 +02:00			`##`
			`# Run-time variables`
			`##`

Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set, that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic generation. AUTOCONF_GPG behaves as before. MISP_EMAIL sets MISP.email and GPG-related email. MISP_CONTACT sets MISP.contact (support email) 2023-08-01 17:59:47 +02:00			`# Email/username for user #1, defaults to MISP's default (admin@admin.test)`
Instantiate custom entrypoint 2022-09-03 13:59:35 +02:00			`ADMIN_EMAIL=`
Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set, that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic generation. AUTOCONF_GPG behaves as before. MISP_EMAIL sets MISP.email and GPG-related email. MISP_CONTACT sets MISP.contact (support email) 2023-08-01 17:59:47 +02:00			`# name of org #1, default to MISP's default (ORGNAME)`
Instantiate custom entrypoint 2022-09-03 13:59:35 +02:00			`ADMIN_ORG=`
Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set, that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic generation. AUTOCONF_GPG behaves as before. MISP_EMAIL sets MISP.email and GPG-related email. MISP_CONTACT sets MISP.contact (support email) 2023-08-01 17:59:47 +02:00			`# defaults to an automatically generated one`
Instantiate custom entrypoint 2022-09-03 13:59:35 +02:00			`ADMIN_KEY=`
Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set, that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic generation. AUTOCONF_GPG behaves as before. MISP_EMAIL sets MISP.email and GPG-related email. MISP_CONTACT sets MISP.contact (support email) 2023-08-01 17:59:47 +02:00			`# defaults to MISP's default (admin)`
Fix first execution bugs and allow admin password to be changed Changes: - Allow admin password to be changed - Fix updating email.php the first time the container starts 2023-05-14 17:56:55 +02:00			`ADMIN_PASSWORD=`
Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set, that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic generation. AUTOCONF_GPG behaves as before. MISP_EMAIL sets MISP.email and GPG-related email. MISP_CONTACT sets MISP.contact (support email) 2023-08-01 17:59:47 +02:00			`# defaults to 'passphrase'`
Instantiate custom entrypoint 2022-09-03 13:59:35 +02:00			`GPG_PASSPHRASE=`
Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set, that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic generation. AUTOCONF_GPG behaves as before. MISP_EMAIL sets MISP.email and GPG-related email. MISP_CONTACT sets MISP.contact (support email) 2023-08-01 17:59:47 +02:00			`# defaults to 1 (the admin user)`
Read hostname and cron user id from environment variables 2023-05-15 13:13:25 +02:00			`CRON_USER_ID=`
Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set, that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic generation. AUTOCONF_GPG behaves as before. MISP_EMAIL sets MISP.email and GPG-related email. MISP_CONTACT sets MISP.contact (support email) 2023-08-01 17:59:47 +02:00			`# defaults to 'https://localhost'`
Rename variable 'HOSTNAME' to 'BASE_URL' 2023-12-22 11:02:20 +01:00			`BASE_URL=`
Introduce new system to persist mandatory and optional settings (#66) * Make safe settings functions handling config json objects. * Also, update cake's cacerts. Previous method was using ubuntu's crts, which weren't pem. * Bring config inline with previous config.php template version. * Move settings into files in /etc/misp-docker. * Fix Security.auth kludge. * Rename functions and settings json files for a bit more clarity. * Add documentation to README.md. * Add a bit of context around adding new envars. * Add ENABLE_DB_SETTINGS envar for turning on MISP.system_setting_db. * Add documentation regarding new envar, and add to docker-compose.yml and template.php. * Move "weird default" ZeroMQ setting to initialisation settings. * Move some settings to cli_only. * Add code to disable DB settings when applying cli_only settings. * Change system_settings table availability check to until loop. * Some language changes for clarity. 2024-06-06 10:30:12 +02:00			`# store settings in db except those that must stay in config.php. true/false, defaults to false`
			`ENABLE_DB_SETTINGS=`
Tidy things up before publishing (#11) Co-authored-by: Stefano Ortolani <ortolanis@vmware.com> 2022-12-06 18:13:23 +01:00
			`# optional and used by the mail sub-system`
Instantiate custom entrypoint 2022-09-03 13:59:35 +02:00			`SMARTHOST_ADDRESS=`
			`SMARTHOST_PORT=`
			`SMARTHOST_USER=`
			`SMARTHOST_PASSWORD=`
			`SMARTHOST_ALIASES=`
Add ability to specify new organizations that needs to be register at startup time (#5) Signed-off-by: Sebastiano Mariani <smariani@vmware.com> 2022-11-18 00:15:56 +01:00
Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set, that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic generation. AUTOCONF_GPG behaves as before. MISP_EMAIL sets MISP.email and GPG-related email. MISP_CONTACT sets MISP.contact (support email) 2023-08-01 17:59:47 +02:00			`# optional comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1)`
			`# For this to work ADMIN_KEY must be set, or AUTOGEN_ADMIN_KEY must be true (default)`
Tidy things up before publishing (#11) Co-authored-by: Stefano Ortolani <ortolanis@vmware.com> 2022-12-06 18:13:23 +01:00			`SYNCSERVERS=`
Refactor handling of syncserver variables 2023-05-13 15:17:53 +02:00			`# note: if you have more than one syncserver, you need to update docker-compose.yml`
Tidy things up before publishing (#11) Co-authored-by: Stefano Ortolani <ortolanis@vmware.com> 2022-12-06 18:13:23 +01:00			`SYNCSERVERS_1_URL=`
			`SYNCSERVERS_1_NAME=`
			`SYNCSERVERS_1_UUID=`
			`SYNCSERVERS_1_KEY=`
Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set, that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic generation. AUTOCONF_GPG behaves as before. MISP_EMAIL sets MISP.email and GPG-related email. MISP_CONTACT sets MISP.contact (support email) 2023-08-01 17:59:47 +02:00
Fix MySQL config mangling and workaround VirtioFS bug 2023-10-16 11:20:00 +02:00			`# optional and used to set mysql db and credentials`
			`# MYSQL_HOST=`
			`# MYSQL_PORT=`
			`# MYSQL_USER=`
			`# MYSQL_PASSWORD=`
			`# MYSQL_ROOT_PASSWORD=`
			`# MYSQL_DATABASE=`

Add/document AUTOGEN_ADMIN_KEY, AUTOCONF_GPG, MISP_EMAIL, MISP_CONTACT AUTOCONF_ADMIN_KEY renamed to AUTOGEN_ADMIN_KEY. If ADMIN_KEY is set, that will still be set, AUTOGEN_ADMIN_KEY only turns off automatic generation. AUTOCONF_GPG behaves as before. MISP_EMAIL sets MISP.email and GPG-related email. MISP_CONTACT sets MISP.contact (support email) 2023-08-01 17:59:47 +02:00			`# These variables allows overriding some MISP email values.`
			`# They all default to ADMIN_EMAIL.`

			`# MISP.email, used for notifications. Also used`
			`# for GnuPG.email and GPG autogeneration.`
			`# MISP_EMAIL=`

			`# MISP.contact, the e-mail address that`
			`# MISP should include as a contact address`
			`# for the instance's support team.`
			`# MISP_CONTACT=`

			`# Enable GPG autogeneration (default true)`
			`# AUTOCONF_GPG=true`

			`# Enable admin (user #1) API key autogeneration`
			`# if ADMIN_KEY is not set above (default true)`
			`# AUTOGEN_ADMIN_KEY=true`
Add option to disable IPv6 completely (#29) 2023-09-25 22:40:13 +02:00
Allow disabling of SSL redirection 2024-03-01 13:57:53 +01:00			`# Disable IPv6 completely`
Add option to disable IPv6 completely (#29) 2023-09-25 22:40:13 +02:00			`# DISABLE_IPV6=true`
Expose OIDC config parameters 2023-12-11 11:23:04 +01:00
Allow disabling of SSL redirection 2024-03-01 13:57:53 +01:00			`# Disable SSL redirect`
			`# DISABLE_SSL_REDIRECT=true`

Expose OIDC config parameters 2023-12-11 11:23:04 +01:00			`# Enable OIDC authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/README.md`
			`# OIDC_ENABLE=true`
			`# OIDC_PROVIDER_URL=`
			`# OIDC_CLIENT_ID=`
			`# OIDC_CLIENT_SECRET=`
Check for required env variables on OIDC 2023-12-11 12:19:49 +01:00			`# OIDC_ROLES_PROPERTY="roles"`
Add documentation and fix default values for OIDC_ROLES_MAPPING 2024-05-09 11:03:55 +02:00			`# OIDC_ROLES_MAPPING="{\"admin\": \"1\"}"`
Check for required env variables on OIDC 2023-12-11 12:19:49 +01:00			`# OIDC_DEFAULT_ORG=`
Add ApacheSecureAuth configuration option 2024-02-21 18:04:41 +01:00
			`# Enable LDAP (using the ApacheSecureAuth component) authentication, according to https://github.com/MISP/MISP/issues/6189`
			`# NOTE: Once you enable LDAP authentication with the ApacheSecureAuth component, users should not be able to control the HTTP header configured in LDAP_APACHE_ENV (e.g. REMOTE_USER).`
			`# This means you must not allow direct access to MISP.`
			`# LDAP_ENABLE=true`
			`# LDAP_APACHE_ENV="REMOTE_USER"`
			`# LDAP_SERVER="ldap://your_domain_controller"`
			`# LDAP_STARTTLS=true`
			`# LDAP_READER_USER="CN=service_account_name,OU=Users,DC=domain,DC=net"`
			`# LDAP_READER_PASSWORD="password"`
			`# LDAP_DN="OU=Users,DC=domain,DC=net"`
			`# LDAP_SEARCH_FILTER=""`
			`# LDAP_SEARCH_ATTRIBUTE="uid"`
			`# LDAP_FILTER="[\"mail\", \"uid\", \"cn\" ]"`
			`# LDAP_DEFAULT_ROLE_ID="3"`
			`# LDAP_DEFAULT_ORG="1"`
			`# LDAP_EMAIL_FIELD="[\"mail\"]"`
			`# LDAP_OPT_PROTOCOL_VERSION="3"`
			`# LDAP_OPT_NETWORK_TIMEOUT="-1"`
			`# LDAP_OPT_REFERRALS=false`
Add AadAuth support in configure_misp.sh (#39) 2024-04-10 17:56:44 +02:00
			`# Enable Azure AD (Entra) authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/AadAuth/README.md`
Fix missing AadAuth env var (#44) 2024-04-12 20:54:43 +02:00			`# AAD_ENABLE=true`
Add AadAuth support in configure_misp.sh (#39) 2024-04-10 17:56:44 +02:00			`# AAD_CLIENT_ID=`
			`# AAD_TENANT_ID=`
			`# AAD_CLIENT_SECRET=`
			`# AAD_REDIRECT_URI="https://misp.mydomain.com/users/login"`
			`# AAD_PROVIDER="https://login.microsoftonline.com/"`
			`# AAD_PROVIDER_USER="https://graph.microsoft.com/"`
			`# AAD_MISP_USER="Misp Users"`
			`# AAD_MISP_ORGADMIN="Misp Org Admins"`
			`# AAD_MISP_SITEADMIN="Misp Site Admins"`
			`# AAD_CHECK_GROUPS=false`
Add option to configure proxy using environment vars (#69) Co-authored-by: Thibault Van Win <thibault.van.win@axsguard.com> 2024-06-06 13:41:12 +02:00
			`# Enable the use of a Proxy server`
			`# PROXY_ENABLE=true`
			`# PROXY_HOST=`
			`# PROXY_PORT=`
			`# PROXY_METHOD=`
			`# PROXY_USER=`
			`# PROXY_PASSWORD=`