Add additional PHP settings and cookie configurations (#164)

Add additional PHP settings and cookie configurations

---------

Co-authored-by: diegolamaral <diego.arruda.amaral@gmail.com>
pull/170/head
DiegolAmaral 2024-10-10 12:49:51 +00:00 committed by GitHub
parent b6e25aa236
commit 0a836d203e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 67 additions and 2 deletions

View File

@ -219,6 +219,26 @@ set_up_aad() {
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" false sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" false
} }
set_up_session() {
# Command to modify MISP session configuration
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
\"Session\": {
\"timeout\": ${PHP_SESSION_TIMEOUT},
\"cookie_timeout\": ${PHP_SESSION_COOKIE_TIMEOUT},
\"defaults\": \"${PHP_SESSION_DEFAULTS}\",
\"autoRegenerate\": ${PHP_SESSION_AUTO_REGENERATE},
\"checkAgent\": ${PHP_SESSION_CHECK_AGENT},
\"ini\": {
\"session.cookie_secure\": ${PHP_SESSION_COOKIE_SECURE},
\"session.cookie_domain\": \"${PHP_SESSION_COOKIE_DOMAIN}\",
\"session.cookie_samesite\": \"${PHP_SESSION_COOKIE_SAMESITE}\"
}
}
}" > /dev/null
echo "... Session configured"
}
set_up_proxy() { set_up_proxy() {
if [[ "$PROXY_ENABLE" == "true" ]]; then if [[ "$PROXY_ENABLE" == "true" ]]; then
echo "... configuring proxy settings" echo "... configuring proxy settings"
@ -411,6 +431,8 @@ echo "MISP | Set Up LDAP ..." && set_up_ldap
echo "MISP | Set Up AAD ..." && set_up_aad echo "MISP | Set Up AAD ..." && set_up_aad
echo "MISP | Set Up Session ..." && set_up_session
echo "MISP | Set Up Proxy ..." && set_up_proxy echo "MISP | Set Up Proxy ..." && set_up_proxy
echo "MISP | Mark instance live" echo "MISP | Mark instance live"

View File

@ -45,6 +45,15 @@ export PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}
export PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M} export PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}
export PHP_MAX_INPUT_TIME=${PHP_MAX_INPUT_TIME:-300} export PHP_MAX_INPUT_TIME=${PHP_MAX_INPUT_TIME:-300}
export PHP_SESSION_TIMEOUT=${PHP_SESSION_TIMEOUT:-60}
export PHP_SESSION_COOKIE_TIMEOUT=${PHP_SESSION_COOKIE_TIMEOUT:-10080}
export PHP_SESSION_DEFAULTS=${PHP_SESSION_DEFAULTS:-php}
export PHP_SESSION_AUTO_REGENERATE=${PHP_SESSION_AUTO_REGENERATE:-false}
export PHP_SESSION_CHECK_AGENT=${PHP_SESSION_CHECK_AGENT:-false}
export PHP_SESSION_COOKIE_SECURE=${PHP_SESSION_COOKIE_SECURE:-true}
export PHP_SESSION_COOKIE_DOMAIN=${PHP_SESSION_COOKIE_DOMAIN}
export PHP_SESSION_COOKIE_SAMESITE=${PHP_SESSION_COOKIE_SAMESITE:-Lax}
export NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR:-false} export NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR:-false}
export NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM} export NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM}

View File

@ -193,6 +193,15 @@ services:
- "PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}" - "PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}"
- "PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}" - "PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}"
- "PHP_MAX_INPUT_TIME:${PHP_MAX_INPUT_TIME:-300}" - "PHP_MAX_INPUT_TIME:${PHP_MAX_INPUT_TIME:-300}"
# Additional PHP settings
- "PHP_SESSION_TIMEOUT=${PHP_SESSION_TIMEOUT:-60}"
- "PHP_SESSION_COOKIE_TIMEOUT=${PHP_SESSION_COOKIE_TIMEOUT:-10080}"
- "PHP_SESSION_DEFAULTS=${PHP_SESSION_DEFAULTS:-php}"
- "PHP_SESSION_AUTO_REGENERATE=${PHP_SESSION_AUTO_REGENERATE:-false}"
- "PHP_SESSION_CHECK_AGENT=${PHP_SESSION_CHECK_AGENT:-false}"
- "PHP_SESSION_COOKIE_SECURE=${PHP_SESSION_COOKIE_SECURE:-true}"
- "PHP_SESSION_COOKIE_DOMAIN=${PHP_SESSION_COOKIE_DOMAIN}"
- "PHP_SESSION_COOKIE_SAMESITE=${PHP_SESSION_COOKIE_SAMESITE:-Lax}"
# Security Settings # Security Settings
- "HSTS_MAX_AGE=${HSTS_MAX_AGE}" - "HSTS_MAX_AGE=${HSTS_MAX_AGE}"
- "X_FRAME_OPTIONS=${X_FRAME_OPTIONS}" - "X_FRAME_OPTIONS=${X_FRAME_OPTIONS}"

View File

@ -178,13 +178,38 @@ SYNCSERVERS_1_PULL_RULES=
# FASTCGI_SEND_TIMEOUT=300s # FASTCGI_SEND_TIMEOUT=300s
# FASTCGI_CONNECT_TIMEOUT=300s # FASTCGI_CONNECT_TIMEOUT=300s
# PHP fpm configuration # PHP FPM configuration
## Basic PHP settings
# Maximum memory a PHP script can use.
# PHP_MEMORY_LIMIT=2048M # PHP_MEMORY_LIMIT=2048M
# Maximum execution time for a PHP script in seconds.
# PHP_MAX_EXECUTION_TIME=300 # PHP_MAX_EXECUTION_TIME=300
# Maximum file upload size for PHP scripts.
# PHP_UPLOAD_MAX_FILESIZE=50M # PHP_UPLOAD_MAX_FILESIZE=50M
# Maximum size for POST data sent to PHP.
# PHP_POST_MAX_SIZE=50M # PHP_POST_MAX_SIZE=50M
# Maximum time PHP spends parsing input data in seconds.
# PHP_MAX_INPUT_TIME=300 # PHP_MAX_INPUT_TIME=300
## Additional PHP settings
# Timeout (in minutes) for user session inactivity before it expires.
# PHP_SESSION_TIMEOUT=60
# Session cookie validity period in minutes.
# PHP_SESSION_COOKIE_TIMEOUT=10080
# Default PHP configurations.
# PHP_SESSION_DEFAULTS=php
# Automatically regenerate session ID on each request.
# PHP_SESSION_AUTO_REGENERATE=false
# Check user agent on each request for security.
# PHP_SESSION_CHECK_AGENT=false
# Only send session cookies over HTTPS.
# PHP_SESSION_COOKIE_SECURE=true
# Domain for session cookie validity (leave empty for current domain).
# PHP_SESSION_COOKIE_DOMAIN=
# SameSite policy for cookies ("Lax" allows top-level navigation).
# PHP_SESSION_COOKIE_SAMESITE=Lax
# MariaSQL/MySQL (InnoDB) configuration # MariaSQL/MySQL (InnoDB) configuration
# INNODB_BUFFER_POOL_SIZE=2048M # INNODB_BUFFER_POOL_SIZE=2048M
# INNODB_CHANGE_BUFFERING=none # INNODB_CHANGE_BUFFERING=none