misp-docker/docker-compose.yml

version: '3'
services:
  # This is capable to relay via gmail, Amazon SES, or generic relays
  # See: https://hub.docker.com/r/ixdotai/smtp
  mail:
    image: ixdotai/smtp
    environment:
      - "SMARTHOST_ADDRESS=${SMARTHOST_ADDRESS}"
      - "SMARTHOST_PORT=${SMARTHOST_PORT}"
      - "SMARTHOST_USER=${SMARTHOST_USER}"
      - "SMARTHOST_PASSWORD=${SMARTHOST_PASSWORD}"
      - "SMARTHOST_ALIASES=${SMARTHOST_ALIASES}"

  redis:
    image: redis:7.2

  db:
    # We use MariaDB because it supports ARM and has the expected collations
    image: mariadb:10.11
    restart: always
    environment:
      - "MYSQL_USER=${MYSQL_USER:-misp}"
      - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"
      - "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-password}"
      - "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}"
    volumes:
      - mysql_data:/var/lib/mysql
    cap_add:
      - SYS_NICE  # CAP_SYS_NICE Prevent runaway mysql log

  misp-core:
    image: ghcr.io/misp/misp-docker/misp-core:latest
    build:
      context: core/.
      args:
          - CORE_TAG=${CORE_TAG}
          - CORE_COMMIT=${CORE_COMMIT}
          - PHP_VER=${PHP_VER}
          - PYPI_REDIS_VERSION=${PYPI_REDIS_VERSION}
          - PYPI_LIEF_VERSION=${PYPI_LIEF_VERSION}
          - PYPI_PYDEEP2_VERSION=${PYPI_PYDEEP2_VERSION}
          - PYPI_PYTHON_MAGIC_VERSION=${PYPI_PYTHON_MAGIC_VERSION}
          - PYPI_MISP_LIB_STIX2_VERSION=${PYPI_MISP_LIB_STIX2_VERSION}
          - PYPI_MAEC_VERSION=${PYPI_MAEC_VERSION}
          - PYPI_MIXBOX_VERSION=${PYPI_MIXBOX_VERSION}
          - PYPI_CYBOX_VERSION=${PYPI_CYBOX_VERSION}
          - PYPI_PYMISP_VERSION=${PYPI_PYMISP_VERSION}
    depends_on:
      - redis
      - db
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./configs/:/var/www/MISP/app/Config/"
      - "./logs/:/var/www/MISP/app/tmp/logs/"
      - "./files/:/var/www/MISP/app/files/"
      - "./ssl/:/etc/nginx/certs/"
      - "./gnupg/:/var/www/MISP/.gnupg/"
      # customize by replacing ${CUSTOM_PATH} with a path containing 'files/customize_misp.sh'
      # - "${CUSTOM_PATH}/:/custom/"
    environment:
      - "HOSTNAME=${HOSTNAME}"
      - "CRON_USER_ID=${CRON_USER_ID}"
      - "DISABLE_IPV6=${DISABLE_IPV6}"
      # standard settings
      - "ADMIN_EMAIL=${ADMIN_EMAIL}"
      - "ADMIN_PASSWORD=${ADMIN_PASSWORD}"
      - "ADMIN_KEY=${ADMIN_KEY}"
      - "ADMIN_ORG=${ADMIN_ORG}"
      - "GPG_PASSPHRASE=${GPG_PASSPHRASE}"
      # authentication settings
      - "OIDC_ENABLE=${OIDC_ENABLE}"
      - "OIDC_PROVIDER_URL=${OIDC_PROVIDER_URL}"
      - "OIDC_CLIENT_ID=${OIDC_CLIENT_ID}"
      - "OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}"
      - "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}"
      - "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}"
      - "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}"
      # sync server settings (see https://www.misp-project.org/openapi/#tag/Servers for more options)
      - "SYNCSERVERS=${SYNCSERVERS}"
      - |
        SYNCSERVERS_1_DATA=
        {
          "remote_org_uuid": "${SYNCSERVERS_1_UUID}",
          "name": "${SYNCSERVERS_1_NAME}",
          "authkey": "${SYNCSERVERS_1_KEY}",
          "url": "${SYNCSERVERS_1_URL}",
          "pull": true
        }
      # mysql settings
      - "MYSQL_HOST=${MYSQL_HOST:-db}"
      - "MYSQL_PORT=${MYSQL_PORT:-3306}"
      - "MYSQL_USER=${MYSQL_USER:-misp}"
      - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"
      - "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}"
  
  misp-modules:
    image: ghcr.io/misp/misp-docker/misp-modules:latest
    build:
      context: modules/.
      args:
        - MODULES_TAG=${MODULES_TAG}
        - MODULES_COMMIT=${MODULES_COMMIT}
        - LIBFAUP_COMMIT=${LIBFAUP_COMMIT}
    environment:
      - "REDIS_BACKEND=redis"
    depends_on:
      - redis

volumes:
    mysql_data:
Initial 2019-11-25 22:58:18 +01:00			`version: '3'`
			`services:`
Instantiate custom entrypoint 2022-09-03 13:59:35 +02:00			`# This is capable to relay via gmail, Amazon SES, or generic relays`
			`# See: https://hub.docker.com/r/ixdotai/smtp`
Add SMTP server and configs 2020-02-12 17:01:14 +01:00			`mail:`
Instantiate custom entrypoint 2022-09-03 13:59:35 +02:00			`image: ixdotai/smtp`
			`environment:`
			`- "SMARTHOST_ADDRESS=${SMARTHOST_ADDRESS}"`
			`- "SMARTHOST_PORT=${SMARTHOST_PORT}"`
			`- "SMARTHOST_USER=${SMARTHOST_USER}"`
			`- "SMARTHOST_PASSWORD=${SMARTHOST_PASSWORD}"`
			`- "SMARTHOST_ALIASES=${SMARTHOST_ALIASES}"`
Add SMTP server and configs 2020-02-12 17:01:14 +01:00
Initial 2019-11-25 22:58:18 +01:00			`redis:`
Prepare post https://github.com/MISP/MISP/pull/9304 merge 2023-10-08 14:52:51 +02:00			`image: redis:7.2`
Initial 2019-11-25 22:58:18 +01:00
			`db:`
Instantiate custom entrypoint 2022-09-03 13:59:35 +02:00			`# We use MariaDB because it supports ARM and has the expected collations`
Prepare post https://github.com/MISP/MISP/pull/9304 merge 2023-10-08 14:52:51 +02:00			`image: mariadb:10.11`
Initial 2019-11-25 22:58:18 +01:00			`restart: always`
			`environment:`
Fix MySQL config mangling and workaround VirtioFS bug 2023-10-16 11:20:00 +02:00			`- "MYSQL_USER=${MYSQL_USER:-misp}"`
			`- "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"`
			`- "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-password}"`
			`- "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}"`
Create volume for MySQL Database fixes #47 2020-03-21 17:34:09 +01:00			`volumes:`
			`- mysql_data:/var/lib/mysql`
Prevent runaway mysql log We recently ran into an issue where the mysql console output was filling up the disk with > mbind: Operation not permitted It turns out this is a common problem with the `mysql` docker image. This is the fix. https://stackoverflow.com/questions/55559386/how-to-fix-mbind-operation-not-permitted-in-mysql-error-log 2020-12-11 17:10:36 +01:00			`cap_add:`
			`- SYS_NICE # CAP_SYS_NICE Prevent runaway mysql log`
Initial 2019-11-25 22:58:18 +01:00
Finalize package split 2023-12-07 23:25:21 +01:00			`misp-core:`
			`image: ghcr.io/misp/misp-docker/misp-core:latest`
Tidy things up before publishing (#11) Co-authored-by: Stefano Ortolani <ortolanis@vmware.com> 2022-12-06 18:13:23 +01:00			`build:`
Finalize package split 2023-12-07 23:25:21 +01:00			`context: core/.`
Tidy things up before publishing (#11) Co-authored-by: Stefano Ortolani <ortolanis@vmware.com> 2022-12-06 18:13:23 +01:00			`args:`
Make variable names consistent 2023-12-08 09:45:49 +01:00			`- CORE_TAG=${CORE_TAG}`
			`- CORE_COMMIT=${CORE_COMMIT}`
Tidy things up before publishing (#11) Co-authored-by: Stefano Ortolani <ortolanis@vmware.com> 2022-12-06 18:13:23 +01:00			`- PHP_VER=${PHP_VER}`
Fix build arguments and pin pymisp (#28) 2023-09-17 13:37:02 +02:00			`- PYPI_REDIS_VERSION=${PYPI_REDIS_VERSION}`
			`- PYPI_LIEF_VERSION=${PYPI_LIEF_VERSION}`
			`- PYPI_PYDEEP2_VERSION=${PYPI_PYDEEP2_VERSION}`
			`- PYPI_PYTHON_MAGIC_VERSION=${PYPI_PYTHON_MAGIC_VERSION}`
			`- PYPI_MISP_LIB_STIX2_VERSION=${PYPI_MISP_LIB_STIX2_VERSION}`
			`- PYPI_MAEC_VERSION=${PYPI_MAEC_VERSION}`
			`- PYPI_MIXBOX_VERSION=${PYPI_MIXBOX_VERSION}`
			`- PYPI_CYBOX_VERSION=${PYPI_CYBOX_VERSION}`
			`- PYPI_PYMISP_VERSION=${PYPI_PYMISP_VERSION}`
Modules use Redis, and set some depends on 2019-11-28 20:14:38 +01:00			`depends_on:`
			`- redis`
			`- db`
Initial 2019-11-25 22:58:18 +01:00			`ports:`
			`- "80:80"`
			`- "443:443"`
			`volumes:`
Tidy things up before publishing (#11) Co-authored-by: Stefano Ortolani <ortolanis@vmware.com> 2022-12-06 18:13:23 +01:00			`- "./configs/:/var/www/MISP/app/Config/"`
			`- "./logs/:/var/www/MISP/app/tmp/logs/"`
			`- "./files/:/var/www/MISP/app/files/"`
			`- "./ssl/:/etc/nginx/certs/"`
			`- "./gnupg/:/var/www/MISP/.gnupg/"`
Remove plugin configuration and refactor REST client functions 2023-05-09 16:11:07 +02:00			`# customize by replacing ${CUSTOM_PATH} with a path containing 'files/customize_misp.sh'`
			`# - "${CUSTOM_PATH}/:/custom/"`
Initial 2019-11-25 22:58:18 +01:00			`environment:`
Read hostname and cron user id from environment variables 2023-05-15 13:13:25 +02:00			`- "HOSTNAME=${HOSTNAME}"`
			`- "CRON_USER_ID=${CRON_USER_ID}"`
Add option to disable IPv6 completely (#29) 2023-09-25 22:40:13 +02:00			`- "DISABLE_IPV6=${DISABLE_IPV6}"`
Remove plugin configuration and refactor REST client functions 2023-05-09 16:11:07 +02:00			`# standard settings`
			`- "ADMIN_EMAIL=${ADMIN_EMAIL}"`
Fix first execution bugs and allow admin password to be changed Changes: - Allow admin password to be changed - Fix updating email.php the first time the container starts 2023-05-14 17:56:55 +02:00			`- "ADMIN_PASSWORD=${ADMIN_PASSWORD}"`
Remove plugin configuration and refactor REST client functions 2023-05-09 16:11:07 +02:00			`- "ADMIN_KEY=${ADMIN_KEY}"`
			`- "ADMIN_ORG=${ADMIN_ORG}"`
			`- "GPG_PASSPHRASE=${GPG_PASSPHRASE}"`
Expose OIDC config parameters 2023-12-11 11:23:04 +01:00			`# authentication settings`
			`- "OIDC_ENABLE=${OIDC_ENABLE}"`
			`- "OIDC_PROVIDER_URL=${OIDC_PROVIDER_URL}"`
			`- "OIDC_CLIENT_ID=${OIDC_CLIENT_ID}"`
			`- "OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}"`
			`- "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}"`
Check for required env variables on OIDC 2023-12-11 12:19:49 +01:00			`- "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}"`
Expose OIDC config parameters 2023-12-11 11:23:04 +01:00			`- "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}"`
Refactor handling of syncserver variables 2023-05-13 15:17:53 +02:00			`# sync server settings (see https://www.misp-project.org/openapi/#tag/Servers for more options)`
Tidy things up before publishing (#11) Co-authored-by: Stefano Ortolani <ortolanis@vmware.com> 2022-12-06 18:13:23 +01:00			`- "SYNCSERVERS=${SYNCSERVERS}"`
Fix bugs and improve reliability 2022-11-04 18:22:12 +01:00			`- \|`
			`SYNCSERVERS_1_DATA=`
			`{`
Refactor handling of syncserver variables 2023-05-13 15:17:53 +02:00			`"remote_org_uuid": "${SYNCSERVERS_1_UUID}",`
			`"name": "${SYNCSERVERS_1_NAME}",`
			`"authkey": "${SYNCSERVERS_1_KEY}",`
Tidy things up before publishing (#11) Co-authored-by: Stefano Ortolani <ortolanis@vmware.com> 2022-12-06 18:13:23 +01:00			`"url": "${SYNCSERVERS_1_URL}",`
Fix bugs and improve reliability 2022-11-04 18:22:12 +01:00			`"pull": true`
			`}`
Fix MySQL config mangling and workaround VirtioFS bug 2023-10-16 11:20:00 +02:00			`# mysql settings`
			`- "MYSQL_HOST=${MYSQL_HOST:-db}"`
			`- "MYSQL_PORT=${MYSQL_PORT:-3306}"`
			`- "MYSQL_USER=${MYSQL_USER:-misp}"`
			`- "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"`
			`- "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}"`
Refactor the whole image and allow external customization 2023-04-13 16:02:02 +02:00
Initial 2019-11-25 22:58:18 +01:00			`misp-modules:`
Finalize package split 2023-12-07 23:25:21 +01:00			`image: ghcr.io/misp/misp-docker/misp-modules:latest`
Tidy things up before publishing (#11) Co-authored-by: Stefano Ortolani <ortolanis@vmware.com> 2022-12-06 18:13:23 +01:00			`build:`
			`context: modules/.`
			`args:`
			`- MODULES_TAG=${MODULES_TAG}`
			`- MODULES_COMMIT=${MODULES_COMMIT}`
Fix build arguments and pin pymisp (#28) 2023-09-17 13:37:02 +02:00			`- LIBFAUP_COMMIT=${LIBFAUP_COMMIT}`
Modules use Redis, and set some depends on 2019-11-28 20:14:38 +01:00			`environment:`
			`- "REDIS_BACKEND=redis"`
			`depends_on:`
			`- redis`

Create volume for MySQL Database fixes #47 2020-03-21 17:34:09 +01:00			`volumes:`
			`mysql_data:`