mirror of https://github.com/MISP/misp-docker
commit
4a7314d82b
|
@ -35,7 +35,7 @@ services:
|
|||
- "./server-configs/:/var/www/MISP/app/Config/"
|
||||
- "./logs/:/var/www/MISP/app/tmp/logs/"
|
||||
- "./files/:/var/www/MISP/app/files"
|
||||
- "./ssl/:/etc/apache2/ssl/"
|
||||
- "./ssl/:/etc/ssl/"
|
||||
environment:
|
||||
- "CRON_USER_ID=1"
|
||||
- "REDIS_FQDN=redis"
|
||||
|
|
|
@ -68,7 +68,7 @@ ARG PHP_VER
|
|||
RUN apt-get update; apt-get install -y --no-install-recommends \
|
||||
# Requirements:
|
||||
sudo \
|
||||
apache2 \
|
||||
nginx \
|
||||
supervisor \
|
||||
git \
|
||||
cron \
|
||||
|
@ -88,6 +88,7 @@ ARG PHP_VER
|
|||
php-mysql \
|
||||
php-redis \
|
||||
php-gd \
|
||||
php-fpm \
|
||||
# Unsure we need these
|
||||
zip unzip \
|
||||
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
|
||||
|
@ -116,29 +117,16 @@ ARG PHP_VER
|
|||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
;cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
# Apache
|
||||
# add HTTP MISP Config
|
||||
RUN rm /etc/apache2/sites-enabled/*;
|
||||
COPY files/etc/apache2/sites-enabled/misp.conf /etc/apache2/sites-enabled/
|
||||
COPY files/etc/apache2/sites-enabled/misp-ssl.conf /etc/apache2/sites-enabled/
|
||||
COPY files/etc/apache2/ports.conf /etc/apache2/ports.conf
|
||||
RUN set -eu \
|
||||
;chmod 640 /etc/apache2/ports.conf \
|
||||
;chown root.root /etc/apache2/ports.conf \
|
||||
;chmod 640 /etc/apache2/sites-available/* \
|
||||
;chown root.root /etc/apache2/sites-available/* \
|
||||
# Configure Apache
|
||||
;a2dismod status \
|
||||
;a2enmod ssl \
|
||||
;a2enmod rewrite \
|
||||
;a2enmod headers
|
||||
# nginx
|
||||
RUN rm /etc/nginx/sites-enabled/*; mkdir /run/php
|
||||
COPY files/etc/nginx/misp /etc/nginx/sites-enabled/misp
|
||||
|
||||
# Make a copy of the file store, so we can sync from it
|
||||
RUN cp -R /var/www/MISP/app/files /var/www/MISP/app/files.dist
|
||||
|
||||
# Entrypoints
|
||||
COPY files/etc/supervisor/supervisor.conf /etc/supervisor/conf.d/supervisord.conf
|
||||
COPY files/entrypoint_apache.sh /
|
||||
COPY files/entrypoint_nginx.sh /
|
||||
COPY files/entrypoint_cron.sh /
|
||||
COPY files/entrypoint_workers.sh /
|
||||
COPY files/entrypoint.sh /
|
||||
|
|
|
@ -13,7 +13,7 @@ ENTRYPOINT_PID_FILE="/entrypoint_apache.install"
|
|||
[ ! -f $ENTRYPOINT_PID_FILE ] && touch $ENTRYPOINT_PID_FILE
|
||||
|
||||
change_php_vars(){
|
||||
for FILE in /etc/php/*/apache2/php.ini
|
||||
for FILE in /etc/php/*/fpm/php.ini
|
||||
do
|
||||
[[ -e $FILE ]] || break
|
||||
sed -i "s/memory_limit = .*/memory_limit = 2048M/" "$FILE"
|
||||
|
@ -66,11 +66,11 @@ init_misp_files(){
|
|||
}
|
||||
|
||||
init_ssl() {
|
||||
if [[ (! -f /etc/apache2/ssl/dhparams.pem) ||
|
||||
(! -f /etc/apache2/ssl/cert.pem) ||
|
||||
(! -f /etc/apache2/ssl/key.pem) ||
|
||||
(! -f /etc/apache2/ssl/chain.pem) ]]; then
|
||||
cd /etc/apache2/ssl
|
||||
if [[ (! -f /etc/ssl/dhparams.pem) ||
|
||||
(! -f /etc/ssl/cert.pem) ||
|
||||
(! -f /etc/ssl/key.pem) ||
|
||||
(! -f /etc/ssl/chain.pem) ]]; then
|
||||
cd /etc/ssl
|
||||
openssl dhparam -out dhparams.pem 2048
|
||||
openssl req -x509 -subj '/CN=localhost' -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
|
||||
cp cert.pem chain.pem
|
||||
|
@ -99,12 +99,12 @@ init_mysql(){
|
|||
$MYSQLCMD < /var/www/MISP/INSTALL/MYSQL.sql
|
||||
}
|
||||
|
||||
start_apache() {
|
||||
# Apache gets grumpy about PID files pre-existing
|
||||
rm -f /run/apache2/apache2.pid
|
||||
# execute APACHE2
|
||||
/usr/sbin/apache2ctl -D FOREGROUND -k "$1"
|
||||
}
|
||||
#start_apache() {
|
||||
# # Apache gets grumpy about PID files pre-existing
|
||||
# rm -f /run/apache2/apache2.pid
|
||||
# # execute APACHE2
|
||||
# /usr/sbin/apache2ctl -D FOREGROUND -k "$1"
|
||||
#}
|
||||
|
||||
# Things we should do when we have the INITIALIZE Env Flag
|
||||
if [[ "$INIT" == true ]]; then
|
||||
|
@ -129,5 +129,5 @@ echo "... chmod -R g+ws /var/www/MISP/app/files/scripts/tmp ..." && chmod -R g+w
|
|||
# delete pid file
|
||||
[ -f $ENTRYPOINT_PID_FILE ] && rm $ENTRYPOINT_PID_FILE
|
||||
|
||||
# execute apache
|
||||
start_apache start
|
||||
# Start NGINX
|
||||
nginx -g 'daemon off;'
|
|
@ -1,15 +0,0 @@
|
|||
# If you just change the port or add more ports here, you will likely also
|
||||
# have to change the VirtualHost statement in
|
||||
# /etc/apache2/sites-enabled/000-default.conf
|
||||
|
||||
Listen 80
|
||||
|
||||
<IfModule ssl_module>
|
||||
Listen 443
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_gnutls.c>
|
||||
Listen 443
|
||||
</IfModule>
|
||||
|
||||
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
|
@ -1,29 +0,0 @@
|
|||
<VirtualHost *:443>
|
||||
ServerName misp-server
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
|
||||
SSLHonorCipherOrder on
|
||||
|
||||
SSLOpenSSLConfCmd DHParameters "/etc/apache2/ssl/dhparams.pem"
|
||||
SSLCertificateFile /etc/apache2/ssl/cert.pem
|
||||
SSLCertificateKeyFile /etc/apache2/ssl/key.pem
|
||||
SSLCertificateChainFile /etc/apache2/ssl/chain.pem
|
||||
|
||||
LogLevel warn
|
||||
|
||||
ErrorLog /dev/stdout
|
||||
CustomLog /dev/stdout combined
|
||||
|
||||
ServerSignature Off
|
||||
# Header set X-Content-Type-Options nosniff
|
||||
# Header set X-Frame-Options DENY
|
||||
</VirtualHost>
|
|
@ -1,21 +0,0 @@
|
|||
<VirtualHost *:80>
|
||||
ServerName misp-server
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel warn
|
||||
|
||||
ErrorLog /dev/stdout
|
||||
CustomLog /dev/stdout combined
|
||||
|
||||
ServerSignature Off
|
||||
Header set X-Content-Type-Options nosniff
|
||||
Header set X-Frame-Options DENY
|
||||
|
||||
RewriteEngine On
|
||||
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
|
||||
|
||||
</VirtualHost>
|
|
@ -0,0 +1,32 @@
|
|||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80;
|
||||
|
||||
server_name _;
|
||||
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
|
||||
server_name misp-server;
|
||||
listen 443 ssl http2 spdy;
|
||||
root /var/www/MISP/app/webroot;
|
||||
index index.php;
|
||||
|
||||
ssl_certificate /etc/ssl/cert.pem;
|
||||
ssl_certificate_key /etc/ssl/key.pem;
|
||||
|
||||
# enable HSTS
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
include snippets/fastcgi-php.conf;
|
||||
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
|
||||
}
|
||||
}
|
|
@ -6,14 +6,25 @@ stdout_logfile_maxbytes=0
|
|||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
|
||||
[program:apache2]
|
||||
command=/entrypoint_apache.sh
|
||||
[program:nginx]
|
||||
command=/entrypoint_nginx.sh
|
||||
autorestart=true
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
|
||||
[program:php-fpm]
|
||||
command=/usr/sbin/php-fpm7.3 -R -F
|
||||
process_name=%(program_name)s_%(process_num)02d
|
||||
numprocs=1
|
||||
autostart=true
|
||||
autorestart=false
|
||||
startsecs=0
|
||||
redirect_stderr=true
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
|
||||
[program:workers]
|
||||
command=/entrypoint_workers.sh
|
||||
stdout_logfile=/dev/stdout
|
||||
|
|
Loading…
Reference in New Issue