Update README.md

pull/2/head
Stefano Ortolani 2023-12-07 12:38:04 +00:00
parent 98ba9c3e0d
commit 62f1b61b7c
1 changed files with 24 additions and 31 deletions

View File

@ -1,20 +1,16 @@
# MISP Docker images # MISP Docker images
[![Build Status](https://img.shields.io/github/actions/workflow/status/MISP/misp-docker/release-latest.yml)](https://hub.docker.com/repository/docker/ostefano/misp-docker) [![Build Status](https://img.shields.io/github/actions/workflow/status/MISP/misp-docker/release-latest.yml)](https://github.com/MISP/misp-docker/pkgs/container/misp-docker/misp-docker/versions)
[![Gitter chat](https://badges.gitter.im/gitterHQ/gitter.png)](https://gitter.im/MISP/Docker) [![Gitter chat](https://badges.gitter.im/gitterHQ/gitter.png)](https://gitter.im/MISP/Docker)
A production ready Docker MISP project (formerly https://github.com/ostefano/docker-misp) loosely based on CoolAcid and DSCO builds (nearly all of the details have been rewritten). A production ready Docker MISP image (formerly hosted at https://github.com/ostefano/docker-misp, now deprecated) loosely based on CoolAcid and DSCO builds, with nearly all logic rewritten and verified for correctness and portability.
Notable features: Notable features:
- Components are split out where possible - MISP and MISP modules are split into two different Docker images, `core` and `modules`
- Cron job runs updates, pushes, and pulls - Docker images are pushed regularly, no build required
- Rely on off the shelf images for Redis and MySQL - Lightweigth Docker images by using multiple build stages and a slim parent image
- Images are pushed regularly, no build required - Rely on off the shelf Docker images for Exim4, Redis, and MariaDB
- Slimmed down images by using build stages and slim parent image - Cron jobs run updates, pushes, and pulls
- ARM (M1) support: move to mariadb for increase compatibility
- ARM (M1) support: move to updated and cross-platform mail exim4 image
- Fix and improve support for cron jobs
- Fix and improve support for syncservers
- Fix supervisord process control (processes are correctly terminated upon reload) - Fix supervisord process control (processes are correctly terminated upon reload)
- Fix schema update by making it completely offline (no user interaction required) - Fix schema update by making it completely offline (no user interaction required)
- Fix enforcement of permissions - Fix enforcement of permissions
@ -24,8 +20,10 @@ Notable features:
- Add support for building specific MISP and MISP-modules commits - Add support for building specific MISP and MISP-modules commits
- Add automatic configuration of syncservers (see `configure_misp.sh`) - Add automatic configuration of syncservers (see `configure_misp.sh`)
- Add automatic configuration of authentication keys (see `configure_misp.sh`) - Add automatic configuration of authentication keys (see `configure_misp.sh`)
- Add direct push of docker images to Docker Hub - Add direct push of docker images to GitHub Packages
- Consolidate docker compose files - Consolidated `docker-compose.yml` file
- Workardound VirtioFS bug when running Docker Desktop for Mac
- ... and many others
The underlying spirit of this project is to allow "repeatable deployments", and all pull requests in this direction will be merged post-haste. The underlying spirit of this project is to allow "repeatable deployments", and all pull requests in this direction will be merged post-haste.
@ -42,6 +40,8 @@ The underlying spirit of this project is to allow "repeatable deployments", and
- User: `admin@admin.test` - User: `admin@admin.test`
- Password: `admin` - Password: `admin`
Keeping the image up-to-date with upstream should be as simple as running `docker-compose pull`.
### Configuration ### Configuration
The `docker-compose.yml` file allows further configuration settings: The `docker-compose.yml` file allows further configuration settings:
@ -62,14 +62,9 @@ The `docker-compose.yml` file allows further configuration settings:
New options are added on a regular basis. New options are added on a regular basis.
### Updating
Updating the images should be as simple as `docker-compose pull` which, unless changed in the `docker-compose.yml` file, will pull the latest built images.
### Production ### Production
- It is recommended to specify which build you want to be running, and modify that version number when you would like to upgrade - It is recommended to specify the build you want run by editing `docker-compose.yml` (see here for the list of available tags https://github.com/MISP/misp-docker/pkgs/container/misp-docker/misp-docker)
- Use docker-compose, or some other config management tool
- Directory volume mount SSL Certs `./ssl`: `/etc/ssl/certs` - Directory volume mount SSL Certs `./ssl`: `/etc/ssl/certs`
- Certificate File: `cert.pem` - Certificate File: `cert.pem`
- Certificate Key File: `key.pem` - Certificate Key File: `key.pem`
@ -81,16 +76,14 @@ Updating the images should be as simple as `docker-compose pull` which, unless c
- `./gnupg`: `/var/www/MISP/.gnupg/` - `./gnupg`: `/var/www/MISP/.gnupg/`
- If you need to automatically run additional steps each time the container starts, create a new file `files/customize_misp.sh`, and replace the variable `${CUSTOM_PATH}` inside `docker-compose.yml` with its parent path. - If you need to automatically run additional steps each time the container starts, create a new file `files/customize_misp.sh`, and replace the variable `${CUSTOM_PATH}` inside `docker-compose.yml` with its parent path.
## Troubleshooting
- Make sure you run a fairly recent version of Docker and Docker Compose (if in doubt, update following the steps outlined in https://docs.docker.com/engine/install/ubuntu/)
- Make sure you are not running an old image or container; when in doubt run `docker system prune --volumes` and clone this repository into an empty directory
## Versioning ## Versioning
GitHub builds the images automatically and pushes them to [Docker hub](https://hub.docker.com/r/ostefano/misp-docker). We do not use tags and versioning works as follows: A GitHub Action builds both `core` and `modules` images automatically and pushes them to the [GitHub Package registry](https://github.com/MISP/misp-docker/pkgs/container/misp-docker/misp-docker). We do not use tags inside the repository; instead we tag images as they are pushed to the registry. For each build, `core` and `modules` images are tagged as follows:
- `core-${commit-sha1}[0:7]` and `modules-${commit-sha1}[0:7]` where `${commit-sha1}` is the commit hash triggering the build
- MISP (and modules) version specified inside the `template.env` file - `core-latest` and `modules-latest` in order to track the latest build available
- Docker images are tagged based on the commit hash - `core-${MISP_TAG}` and `modules-${MODULES_TAG}` reflecting the underlying version of MISP and MISP modules (as specified inside the `template.env` file at build time)
- Core and modules are tagged as core-commit-sha1[0:7] and modules-commit-sha1[0:7] respectively
- The latest images have additional tags core-latest and modules-latest
## Image file sizes
- Core server: 260MB
- Modules: 470MB