From 02f81b886e31b063cff7671297bd35ef0b55a177 Mon Sep 17 00:00:00 2001 From: Stefano Ortolani Date: Tue, 20 Aug 2024 20:08:02 +0100 Subject: [PATCH] Allow more redis options to be configured --- core/files/configure_misp.sh | 13 +--------- core/files/entrypoint.sh | 26 +++++++++++++++++++ core/files/entrypoint_cron.sh | 3 --- core/files/entrypoint_fpm.sh | 5 +--- core/files/entrypoint_nginx.sh | 13 +--------- .../misp-docker/initialisation.envars.json | 5 +++- .../misp-docker/minimum_config.defaults.json | 6 ----- .../misp-docker/minimum_config.envars.json | 10 +++++-- docker-compose.yml | 5 +++- template.env | 2 ++ 10 files changed, 47 insertions(+), 41 deletions(-) diff --git a/core/files/configure_misp.sh b/core/files/configure_misp.sh index d5126bc..43ddf31 100755 --- a/core/files/configure_misp.sh +++ b/core/files/configure_misp.sh @@ -2,19 +2,8 @@ source /rest_client.sh source /utilities.sh -[ -z "$ADMIN_EMAIL" ] && export ADMIN_EMAIL="admin@admin.test" -[ -z "$GPG_PASSPHRASE" ] && export GPG_PASSPHRASE="passphrase" -[ -z "$REDIS_FQDN" ] && export REDIS_FQDN="redis" -[ -z "$MISP_MODULES_FQDN" ] && export MISP_MODULES_FQDN="http://misp-modules" -# Switches to selectively disable configuration logic -[ -z "$AUTOCONF_GPG" ] && AUTOCONF_GPG="true" -[ -z "$AUTOCONF_ADMIN_KEY" ] && AUTOCONF_ADMIN_KEY="true" -[ -z "$OIDC_ENABLE" ] && OIDC_ENABLE="false" -[ -z "$LDAP_ENABLE" ] && LDAP_ENABLE="false" -[ -z "$ENABLE_DB_SETTINGS" ] && ENABLE_DB_SETTINGS="false" -[ -z "$PROXY_ENABLE" ] && PROXY_ENABLE="false" -[ -z "$DEBUG" ] && DEBUG=0 +MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE" # We now use envsubst for safe variable substitution with pseudo-json objects for env var enforcement # envsubst won't evaluate anything like $() or conditional variable expansion so lets do that here diff --git a/core/files/entrypoint.sh b/core/files/entrypoint.sh index 61c9d85..4fe2af4 100755 --- a/core/files/entrypoint.sh +++ b/core/files/entrypoint.sh @@ -7,5 +7,31 @@ export NUM_WORKERS_EMAIL=${NUM_WORKERS_EMAIL:-${WORKERS:-5}} export NUM_WORKERS_UPDATE=${NUM_WORKERS_UPDATE:-${WORKERS:-1}} export NUM_WORKERS_CACHE=${NUM_WORKERS_CACHE:-${WORKERS:-5}} +export MYSQL_HOST=${MYSQL_HOST:-db} +export MYSQL_PORT=${MYSQL_PORT:-3306} +export MYSQL_USER=${MYSQL_USER:-misp} +export MYSQL_PASSWORD=${MYSQL_PASSWORD:-example} +export MYSQL_DATABASE=${MYSQL_DATABASE:-misp} +export REDIS_HOST=${REDIS_HOST:-redis} +export REDIS_PORT=${REDIS_PORT:-6379} +export REDIS_PASSWORD=${REDIS_PASSWORD:-redispassword} +export CRON_USER_ID=${CRON_USER_ID:-1} +export BASE_URL=${BASE_URL:-https://localhost} +export DISABLE_IPV6=${DISABLE_IPV6:-false} +export DISABLE_SSL_REDIRECT=${DISABLE_SSL_REDIRECT:-false} +export SMTP_FQDN=${SMTP_FQDN:-mail} + +export ADMIN_EMAIL=${ADMIN_EMAIL:-admin@admin.test} +export GPG_PASSPHRASE=${GPG_PASSPHRASE:-passphrase} +export MISP_MODULES_FQDN=${MISP_MODULES_FQDN:-http://misp-modules} + +export AUTOCONF_GPG=${AUTOCONF_GPG:-true} +export AUTOCONF_ADMIN_KEY=${AUTOCONF_ADMIN_KEY:-true} +export OIDC_ENABLE=${OIDC_ENABLE:-false} +export LDAP_ENABLE=${LDAP_ENABLE:-false} +export ENABLE_DB_SETTINGS=${ENABLE_DB_SETTINGS:-false} +export PROXY_ENABLE=${PROXY_ENABLE:-false} +export DEBUG=${DEBUG:-0} + # start supervisord using the main configuration file so we have a socket interface /usr/bin/supervisord -c /etc/supervisor/supervisord.conf diff --git a/core/files/entrypoint_cron.sh b/core/files/entrypoint_cron.sh index 618a6cf..66e5bf8 100755 --- a/core/files/entrypoint_cron.sh +++ b/core/files/entrypoint_cron.sh @@ -1,7 +1,5 @@ #!/bin/bash -[ -z "$CRON_USER_ID" ] && CRON_USER_ID=1 - term_procs() { echo "Entrypoint CRON caught SIGTERM signal!" echo "Killing process $p1_pid" @@ -12,7 +10,6 @@ term_procs() { trap term_procs SIGTERM -# Create the misp cron tab cat << EOF > /etc/cron.d/misp 20 2 * * * www-data /var/www/MISP/app/Console/cake Server cacheFeed "$CRON_USER_ID" all > /tmp/cronlog 2>&1 30 2 * * * www-data /var/www/MISP/app/Console/cake Server fetchFeed "$CRON_USER_ID" all > /tmp/cronlog 2>&1 diff --git a/core/files/entrypoint_fpm.sh b/core/files/entrypoint_fpm.sh index 7999525..12f4035 100755 --- a/core/files/entrypoint_fpm.sh +++ b/core/files/entrypoint_fpm.sh @@ -8,9 +8,6 @@ term_proc() { trap term_proc SIGTERM -[ -z "$REDIS_FQDN" ] && REDIS_FQDN=redis -[ -z "$REDIS_PASSWORD" ] && REDIS_PASSWORD=redispassword - change_php_vars() { for FILE in /etc/php/*/fpm/php.ini do @@ -20,7 +17,7 @@ change_php_vars() { sed -i "s/upload_max_filesize = .*/upload_max_filesize = 50M/" "$FILE" sed -i "s/post_max_size = .*/post_max_size = 50M/" "$FILE" sed -i "s/session.save_handler = .*/session.save_handler = redis/" "$FILE" - sed -i "s|.*session.save_path = .*|session.save_path = '$(echo $REDIS_FQDN | grep -E '^\w+://' || echo tcp://$REDIS_FQDN):6379?auth=${REDIS_PASSWORD}'|" "$FILE" + sed -i "s|.*session.save_path = .*|session.save_path = '$(echo $REDIS_HOST | grep -E '^\w+://' || echo tcp://$REDIS_HOST):6379?auth=${REDIS_PASSWORD}'|" "$FILE" sed -i "s/session.sid_length = .*/session.sid_length = 64/" "$FILE" sed -i "s/session.use_strict_mode = .*/session.use_strict_mode = 1/" "$FILE" done diff --git a/core/files/entrypoint_nginx.sh b/core/files/entrypoint_nginx.sh index 28fe4e4..2c3d256 100755 --- a/core/files/entrypoint_nginx.sh +++ b/core/files/entrypoint_nginx.sh @@ -8,18 +8,7 @@ term_proc() { trap term_proc SIGTERM -[ -z "$MYSQL_HOST" ] && MYSQL_HOST=db -[ -z "$MYSQL_PORT" ] && MYSQL_PORT=3306 -[ -z "$MYSQL_USER" ] && MYSQL_USER=misp -[ -z "$MYSQL_PASSWORD" ] && MYSQL_PASSWORD=example -[ -z "$MYSQL_DATABASE" ] && MYSQL_DATABASE=misp -[ -z "$MYSQLCMD" ] && export MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE" -[ -z "$REDIS_PASSWORD" ] && export REDIS_PASSWORD=redispassword -[ -z "$CRON_USER_ID" ] && export CRON_USER_ID="1" -[ -z "$BASE_URL" ] && export BASE_URL="https://localhost" -[ -z "$DISABLE_IPV6" ] && export DISABLE_IPV6=false -[ -z "$DISABLE_SSL_REDIRECT" ] && export DISABLE_SSL_REDIRECT=false -[ -z "$SMTP_FQDN" ] && export SMTP_FQDN=mail +MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE" init_mysql(){ # Test when MySQL is ready.... diff --git a/core/files/etc/misp-docker/initialisation.envars.json b/core/files/etc/misp-docker/initialisation.envars.json index ddd9d0e..32fa502 100644 --- a/core/files/etc/misp-docker/initialisation.envars.json +++ b/core/files/etc/misp-docker/initialisation.envars.json @@ -13,7 +13,10 @@ "default_value": "${SETTING_CONTACT}" }, "Plugin.ZeroMQ_redis_host": { - "default_value": "${REDIS_FQDN}" + "default_value": "${REDIS_HOST}" + }, + "Plugin.ZeroMQ_redis_port": { + "default_value": "${REDIS_PORT}" }, "Plugin.ZeroMQ_redis_password": { "default_value": "${REDIS_PASSWORD}" diff --git a/core/files/etc/misp-docker/minimum_config.defaults.json b/core/files/etc/misp-docker/minimum_config.defaults.json index a3e1c6d..ae38772 100644 --- a/core/files/etc/misp-docker/minimum_config.defaults.json +++ b/core/files/etc/misp-docker/minimum_config.defaults.json @@ -24,9 +24,6 @@ "default_value": "/etc/ssl/certs/ca-certificates.crt", "command_args": "-f" }, - "MISP.redis_port": { - "default_value": 6379 - }, "MISP.redis_database": { "default_value": 13 }, @@ -64,9 +61,6 @@ "SimpleBackgroundJobs.supervisor_user": { "default_value": "supervisor" }, - "SimpleBackgroundJobs.redis_port": { - "default_value": 6379 - }, "SimpleBackgroundJobs.redis_database": { "default_value": 1 }, diff --git a/core/files/etc/misp-docker/minimum_config.envars.json b/core/files/etc/misp-docker/minimum_config.envars.json index 00ffabb..1d84687 100644 --- a/core/files/etc/misp-docker/minimum_config.envars.json +++ b/core/files/etc/misp-docker/minimum_config.envars.json @@ -3,7 +3,10 @@ "default_value": "${PYTHON_BIN}" }, "MISP.redis_host": { - "default_value": "${REDIS_FQDN}" + "default_value": "${REDIS_HOST}" + }, + "MISP.redis_port": { + "default_value": "${REDIS_PORT}" }, "MISP.redis_password": { "default_value": "${REDIS_PASSWORD}" @@ -12,7 +15,10 @@ "default_value": "${GPG_BINARY}" }, "SimpleBackgroundJobs.redis_host": { - "default_value": "${REDIS_FQDN}" + "default_value": "${REDIS_HOST}" + }, + "SimpleBackgroundJobs.redis_port": { + "default_value": "${REDIS_PORT}" }, "SimpleBackgroundJobs.redis_password": { "default_value": "${REDIS_PASSWORD}" diff --git a/docker-compose.yml b/docker-compose.yml index 4cff8a9..f37eca1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -160,6 +160,8 @@ services: - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}" - "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}" # redis settings + - "REDIS_HOST=${REDIS_HOST:-redis}" + - "REDIS_PORT=${REDIS_PORT:-6379}" - "REDIS_PASSWORD=${REDIS_PASSWORD:-redispassword}" # Debug setting - "DEBUG=${DEBUG}" @@ -175,7 +177,8 @@ services: - MODULES_COMMIT=${MODULES_COMMIT} - LIBFAUP_COMMIT=${LIBFAUP_COMMIT:?Missing .env file, see README.md for instructions} environment: - - "REDIS_BACKEND=redis" + - "REDIS_BACKEND=${REDIS_HOST:-redis}" + - "REDIS_PORT=${REDIS_PORT:-6379}" - "REDIS_PW=${REDIS_PASSWORD:-redispassword}" depends_on: redis: diff --git a/template.env b/template.env index 98f1a95..1200e24 100644 --- a/template.env +++ b/template.env @@ -79,6 +79,8 @@ SYNCSERVERS_1_PULL_RULES= # MYSQL_DATABASE= # optional and used to set redis password +# REDIS_HOST= +# REDIS_PORT= # REDIS_PASSWORD= # These variables allows overriding some MISP email values.