mirror of https://github.com/MISP/misp-docker
Add additional PHP settings and cookie configurations (#164)
Add additional PHP settings and cookie configurations --------- Co-authored-by: diegolamaral <diego.arruda.amaral@gmail.com>pull/170/head
parent
b6e25aa236
commit
0a836d203e
|
@ -219,6 +219,26 @@ set_up_aad() {
|
||||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" false
|
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
set_up_session() {
|
||||||
|
# Command to modify MISP session configuration
|
||||||
|
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
|
||||||
|
\"Session\": {
|
||||||
|
\"timeout\": ${PHP_SESSION_TIMEOUT},
|
||||||
|
\"cookie_timeout\": ${PHP_SESSION_COOKIE_TIMEOUT},
|
||||||
|
\"defaults\": \"${PHP_SESSION_DEFAULTS}\",
|
||||||
|
\"autoRegenerate\": ${PHP_SESSION_AUTO_REGENERATE},
|
||||||
|
\"checkAgent\": ${PHP_SESSION_CHECK_AGENT},
|
||||||
|
\"ini\": {
|
||||||
|
\"session.cookie_secure\": ${PHP_SESSION_COOKIE_SECURE},
|
||||||
|
\"session.cookie_domain\": \"${PHP_SESSION_COOKIE_DOMAIN}\",
|
||||||
|
\"session.cookie_samesite\": \"${PHP_SESSION_COOKIE_SAMESITE}\"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}" > /dev/null
|
||||||
|
|
||||||
|
echo "... Session configured"
|
||||||
|
}
|
||||||
|
|
||||||
set_up_proxy() {
|
set_up_proxy() {
|
||||||
if [[ "$PROXY_ENABLE" == "true" ]]; then
|
if [[ "$PROXY_ENABLE" == "true" ]]; then
|
||||||
echo "... configuring proxy settings"
|
echo "... configuring proxy settings"
|
||||||
|
@ -411,6 +431,8 @@ echo "MISP | Set Up LDAP ..." && set_up_ldap
|
||||||
|
|
||||||
echo "MISP | Set Up AAD ..." && set_up_aad
|
echo "MISP | Set Up AAD ..." && set_up_aad
|
||||||
|
|
||||||
|
echo "MISP | Set Up Session ..." && set_up_session
|
||||||
|
|
||||||
echo "MISP | Set Up Proxy ..." && set_up_proxy
|
echo "MISP | Set Up Proxy ..." && set_up_proxy
|
||||||
|
|
||||||
echo "MISP | Mark instance live"
|
echo "MISP | Mark instance live"
|
||||||
|
|
|
@ -45,6 +45,15 @@ export PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}
|
||||||
export PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}
|
export PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}
|
||||||
export PHP_MAX_INPUT_TIME=${PHP_MAX_INPUT_TIME:-300}
|
export PHP_MAX_INPUT_TIME=${PHP_MAX_INPUT_TIME:-300}
|
||||||
|
|
||||||
|
export PHP_SESSION_TIMEOUT=${PHP_SESSION_TIMEOUT:-60}
|
||||||
|
export PHP_SESSION_COOKIE_TIMEOUT=${PHP_SESSION_COOKIE_TIMEOUT:-10080}
|
||||||
|
export PHP_SESSION_DEFAULTS=${PHP_SESSION_DEFAULTS:-php}
|
||||||
|
export PHP_SESSION_AUTO_REGENERATE=${PHP_SESSION_AUTO_REGENERATE:-false}
|
||||||
|
export PHP_SESSION_CHECK_AGENT=${PHP_SESSION_CHECK_AGENT:-false}
|
||||||
|
export PHP_SESSION_COOKIE_SECURE=${PHP_SESSION_COOKIE_SECURE:-true}
|
||||||
|
export PHP_SESSION_COOKIE_DOMAIN=${PHP_SESSION_COOKIE_DOMAIN}
|
||||||
|
export PHP_SESSION_COOKIE_SAMESITE=${PHP_SESSION_COOKIE_SAMESITE:-Lax}
|
||||||
|
|
||||||
export NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR:-false}
|
export NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR:-false}
|
||||||
export NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM}
|
export NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM}
|
||||||
|
|
||||||
|
|
|
@ -193,11 +193,20 @@ services:
|
||||||
- "PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}"
|
- "PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}"
|
||||||
- "PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}"
|
- "PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}"
|
||||||
- "PHP_MAX_INPUT_TIME:${PHP_MAX_INPUT_TIME:-300}"
|
- "PHP_MAX_INPUT_TIME:${PHP_MAX_INPUT_TIME:-300}"
|
||||||
|
# Additional PHP settings
|
||||||
|
- "PHP_SESSION_TIMEOUT=${PHP_SESSION_TIMEOUT:-60}"
|
||||||
|
- "PHP_SESSION_COOKIE_TIMEOUT=${PHP_SESSION_COOKIE_TIMEOUT:-10080}"
|
||||||
|
- "PHP_SESSION_DEFAULTS=${PHP_SESSION_DEFAULTS:-php}"
|
||||||
|
- "PHP_SESSION_AUTO_REGENERATE=${PHP_SESSION_AUTO_REGENERATE:-false}"
|
||||||
|
- "PHP_SESSION_CHECK_AGENT=${PHP_SESSION_CHECK_AGENT:-false}"
|
||||||
|
- "PHP_SESSION_COOKIE_SECURE=${PHP_SESSION_COOKIE_SECURE:-true}"
|
||||||
|
- "PHP_SESSION_COOKIE_DOMAIN=${PHP_SESSION_COOKIE_DOMAIN}"
|
||||||
|
- "PHP_SESSION_COOKIE_SAMESITE=${PHP_SESSION_COOKIE_SAMESITE:-Lax}"
|
||||||
# Security Settings
|
# Security Settings
|
||||||
- "HSTS_MAX_AGE=${HSTS_MAX_AGE}"
|
- "HSTS_MAX_AGE=${HSTS_MAX_AGE}"
|
||||||
- "X_FRAME_OPTIONS=${X_FRAME_OPTIONS}"
|
- "X_FRAME_OPTIONS=${X_FRAME_OPTIONS}"
|
||||||
- "CONTENT_SECURITY_POLICY=${CONTENT_SECURITY_POLICY}"
|
- "CONTENT_SECURITY_POLICY=${CONTENT_SECURITY_POLICY}"
|
||||||
|
|
||||||
misp-modules:
|
misp-modules:
|
||||||
image: ghcr.io/misp/misp-docker/misp-modules:${MODULES_RUNNING_TAG:-latest}
|
image: ghcr.io/misp/misp-docker/misp-modules:${MODULES_RUNNING_TAG:-latest}
|
||||||
build:
|
build:
|
||||||
|
|
27
template.env
27
template.env
|
@ -178,13 +178,38 @@ SYNCSERVERS_1_PULL_RULES=
|
||||||
# FASTCGI_SEND_TIMEOUT=300s
|
# FASTCGI_SEND_TIMEOUT=300s
|
||||||
# FASTCGI_CONNECT_TIMEOUT=300s
|
# FASTCGI_CONNECT_TIMEOUT=300s
|
||||||
|
|
||||||
# PHP fpm configuration
|
# PHP FPM configuration
|
||||||
|
|
||||||
|
## Basic PHP settings
|
||||||
|
# Maximum memory a PHP script can use.
|
||||||
# PHP_MEMORY_LIMIT=2048M
|
# PHP_MEMORY_LIMIT=2048M
|
||||||
|
# Maximum execution time for a PHP script in seconds.
|
||||||
# PHP_MAX_EXECUTION_TIME=300
|
# PHP_MAX_EXECUTION_TIME=300
|
||||||
|
# Maximum file upload size for PHP scripts.
|
||||||
# PHP_UPLOAD_MAX_FILESIZE=50M
|
# PHP_UPLOAD_MAX_FILESIZE=50M
|
||||||
|
# Maximum size for POST data sent to PHP.
|
||||||
# PHP_POST_MAX_SIZE=50M
|
# PHP_POST_MAX_SIZE=50M
|
||||||
|
# Maximum time PHP spends parsing input data in seconds.
|
||||||
# PHP_MAX_INPUT_TIME=300
|
# PHP_MAX_INPUT_TIME=300
|
||||||
|
|
||||||
|
## Additional PHP settings
|
||||||
|
# Timeout (in minutes) for user session inactivity before it expires.
|
||||||
|
# PHP_SESSION_TIMEOUT=60
|
||||||
|
# Session cookie validity period in minutes.
|
||||||
|
# PHP_SESSION_COOKIE_TIMEOUT=10080
|
||||||
|
# Default PHP configurations.
|
||||||
|
# PHP_SESSION_DEFAULTS=php
|
||||||
|
# Automatically regenerate session ID on each request.
|
||||||
|
# PHP_SESSION_AUTO_REGENERATE=false
|
||||||
|
# Check user agent on each request for security.
|
||||||
|
# PHP_SESSION_CHECK_AGENT=false
|
||||||
|
# Only send session cookies over HTTPS.
|
||||||
|
# PHP_SESSION_COOKIE_SECURE=true
|
||||||
|
# Domain for session cookie validity (leave empty for current domain).
|
||||||
|
# PHP_SESSION_COOKIE_DOMAIN=
|
||||||
|
# SameSite policy for cookies ("Lax" allows top-level navigation).
|
||||||
|
# PHP_SESSION_COOKIE_SAMESITE=Lax
|
||||||
|
|
||||||
# MariaSQL/MySQL (InnoDB) configuration
|
# MariaSQL/MySQL (InnoDB) configuration
|
||||||
# INNODB_BUFFER_POOL_SIZE=2048M
|
# INNODB_BUFFER_POOL_SIZE=2048M
|
||||||
# INNODB_CHANGE_BUFFERING=none
|
# INNODB_CHANGE_BUFFERING=none
|
||||||
|
|
Loading…
Reference in New Issue