mirror of https://github.com/MISP/misp-docker
Update README.md
parent
98ba9c3e0d
commit
62f1b61b7c
53
README.md
53
README.md
|
@ -1,20 +1,16 @@
|
||||||
# MISP Docker images
|
# MISP Docker images
|
||||||
|
|
||||||
[![Build Status](https://img.shields.io/github/actions/workflow/status/MISP/misp-docker/release-latest.yml)](https://hub.docker.com/repository/docker/ostefano/misp-docker)
|
[![Build Status](https://img.shields.io/github/actions/workflow/status/MISP/misp-docker/release-latest.yml)](https://github.com/MISP/misp-docker/pkgs/container/misp-docker/misp-docker/versions)
|
||||||
[![Gitter chat](https://badges.gitter.im/gitterHQ/gitter.png)](https://gitter.im/MISP/Docker)
|
[![Gitter chat](https://badges.gitter.im/gitterHQ/gitter.png)](https://gitter.im/MISP/Docker)
|
||||||
|
|
||||||
A production ready Docker MISP project (formerly https://github.com/ostefano/docker-misp) loosely based on CoolAcid and DSCO builds (nearly all of the details have been rewritten).
|
A production ready Docker MISP image (formerly hosted at https://github.com/ostefano/docker-misp, now deprecated) loosely based on CoolAcid and DSCO builds, with nearly all logic rewritten and verified for correctness and portability.
|
||||||
|
|
||||||
Notable features:
|
Notable features:
|
||||||
- Components are split out where possible
|
- MISP and MISP modules are split into two different Docker images, `core` and `modules`
|
||||||
- Cron job runs updates, pushes, and pulls
|
- Docker images are pushed regularly, no build required
|
||||||
- Rely on off the shelf images for Redis and MySQL
|
- Lightweigth Docker images by using multiple build stages and a slim parent image
|
||||||
- Images are pushed regularly, no build required
|
- Rely on off the shelf Docker images for Exim4, Redis, and MariaDB
|
||||||
- Slimmed down images by using build stages and slim parent image
|
- Cron jobs run updates, pushes, and pulls
|
||||||
- ARM (M1) support: move to mariadb for increase compatibility
|
|
||||||
- ARM (M1) support: move to updated and cross-platform mail exim4 image
|
|
||||||
- Fix and improve support for cron jobs
|
|
||||||
- Fix and improve support for syncservers
|
|
||||||
- Fix supervisord process control (processes are correctly terminated upon reload)
|
- Fix supervisord process control (processes are correctly terminated upon reload)
|
||||||
- Fix schema update by making it completely offline (no user interaction required)
|
- Fix schema update by making it completely offline (no user interaction required)
|
||||||
- Fix enforcement of permissions
|
- Fix enforcement of permissions
|
||||||
|
@ -24,8 +20,10 @@ Notable features:
|
||||||
- Add support for building specific MISP and MISP-modules commits
|
- Add support for building specific MISP and MISP-modules commits
|
||||||
- Add automatic configuration of syncservers (see `configure_misp.sh`)
|
- Add automatic configuration of syncservers (see `configure_misp.sh`)
|
||||||
- Add automatic configuration of authentication keys (see `configure_misp.sh`)
|
- Add automatic configuration of authentication keys (see `configure_misp.sh`)
|
||||||
- Add direct push of docker images to Docker Hub
|
- Add direct push of docker images to GitHub Packages
|
||||||
- Consolidate docker compose files
|
- Consolidated `docker-compose.yml` file
|
||||||
|
- Workardound VirtioFS bug when running Docker Desktop for Mac
|
||||||
|
- ... and many others
|
||||||
|
|
||||||
The underlying spirit of this project is to allow "repeatable deployments", and all pull requests in this direction will be merged post-haste.
|
The underlying spirit of this project is to allow "repeatable deployments", and all pull requests in this direction will be merged post-haste.
|
||||||
|
|
||||||
|
@ -42,6 +40,8 @@ The underlying spirit of this project is to allow "repeatable deployments", and
|
||||||
- User: `admin@admin.test`
|
- User: `admin@admin.test`
|
||||||
- Password: `admin`
|
- Password: `admin`
|
||||||
|
|
||||||
|
Keeping the image up-to-date with upstream should be as simple as running `docker-compose pull`.
|
||||||
|
|
||||||
### Configuration
|
### Configuration
|
||||||
|
|
||||||
The `docker-compose.yml` file allows further configuration settings:
|
The `docker-compose.yml` file allows further configuration settings:
|
||||||
|
@ -62,14 +62,9 @@ The `docker-compose.yml` file allows further configuration settings:
|
||||||
|
|
||||||
New options are added on a regular basis.
|
New options are added on a regular basis.
|
||||||
|
|
||||||
### Updating
|
|
||||||
|
|
||||||
Updating the images should be as simple as `docker-compose pull` which, unless changed in the `docker-compose.yml` file, will pull the latest built images.
|
|
||||||
|
|
||||||
### Production
|
### Production
|
||||||
|
|
||||||
- It is recommended to specify which build you want to be running, and modify that version number when you would like to upgrade
|
- It is recommended to specify the build you want run by editing `docker-compose.yml` (see here for the list of available tags https://github.com/MISP/misp-docker/pkgs/container/misp-docker/misp-docker)
|
||||||
- Use docker-compose, or some other config management tool
|
|
||||||
- Directory volume mount SSL Certs `./ssl`: `/etc/ssl/certs`
|
- Directory volume mount SSL Certs `./ssl`: `/etc/ssl/certs`
|
||||||
- Certificate File: `cert.pem`
|
- Certificate File: `cert.pem`
|
||||||
- Certificate Key File: `key.pem`
|
- Certificate Key File: `key.pem`
|
||||||
|
@ -81,16 +76,14 @@ Updating the images should be as simple as `docker-compose pull` which, unless c
|
||||||
- `./gnupg`: `/var/www/MISP/.gnupg/`
|
- `./gnupg`: `/var/www/MISP/.gnupg/`
|
||||||
- If you need to automatically run additional steps each time the container starts, create a new file `files/customize_misp.sh`, and replace the variable `${CUSTOM_PATH}` inside `docker-compose.yml` with its parent path.
|
- If you need to automatically run additional steps each time the container starts, create a new file `files/customize_misp.sh`, and replace the variable `${CUSTOM_PATH}` inside `docker-compose.yml` with its parent path.
|
||||||
|
|
||||||
|
## Troubleshooting
|
||||||
|
|
||||||
|
- Make sure you run a fairly recent version of Docker and Docker Compose (if in doubt, update following the steps outlined in https://docs.docker.com/engine/install/ubuntu/)
|
||||||
|
- Make sure you are not running an old image or container; when in doubt run `docker system prune --volumes` and clone this repository into an empty directory
|
||||||
|
|
||||||
## Versioning
|
## Versioning
|
||||||
|
|
||||||
GitHub builds the images automatically and pushes them to [Docker hub](https://hub.docker.com/r/ostefano/misp-docker). We do not use tags and versioning works as follows:
|
A GitHub Action builds both `core` and `modules` images automatically and pushes them to the [GitHub Package registry](https://github.com/MISP/misp-docker/pkgs/container/misp-docker/misp-docker). We do not use tags inside the repository; instead we tag images as they are pushed to the registry. For each build, `core` and `modules` images are tagged as follows:
|
||||||
|
- `core-${commit-sha1}[0:7]` and `modules-${commit-sha1}[0:7]` where `${commit-sha1}` is the commit hash triggering the build
|
||||||
- MISP (and modules) version specified inside the `template.env` file
|
- `core-latest` and `modules-latest` in order to track the latest build available
|
||||||
- Docker images are tagged based on the commit hash
|
- `core-${MISP_TAG}` and `modules-${MODULES_TAG}` reflecting the underlying version of MISP and MISP modules (as specified inside the `template.env` file at build time)
|
||||||
- Core and modules are tagged as core-commit-sha1[0:7] and modules-commit-sha1[0:7] respectively
|
|
||||||
- The latest images have additional tags core-latest and modules-latest
|
|
||||||
|
|
||||||
## Image file sizes
|
|
||||||
|
|
||||||
- Core server: 260MB
|
|
||||||
- Modules: 470MB
|
|
||||||
|
|
Loading…
Reference in New Issue