mirror of https://github.com/MISP/misp-docker
- Clean up repository
- Don't run redis as daemon as it does not work in container
Steven
parent
c13eec4a73
commit
6cc2cc3d2d
|
|
@ -1,44 +0,0 @@
|
|||
version: '2'
|
||||
|
||||
services:
|
||||
proxy:
|
||||
build:
|
||||
context: proxy
|
||||
container_name: misp_proxy
|
||||
restart: unless-stopped
|
||||
image: misp-proxy:latest
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
|
||||
web:
|
||||
build: web
|
||||
container_name: misp_web
|
||||
image: misp:latest
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /dev/urandom:/dev/random
|
||||
- ${DATA_DIR}/web:/var/www/MISP
|
||||
environment:
|
||||
- MYSQL_HOST=${MYSQL_HOST}
|
||||
- MYSQL_DATABASE=${MYSQL_DATABASE}
|
||||
- MYSQL_USER=${MYSQL_USER}
|
||||
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
||||
- MISP_ADMIN_EMAIL=${MISP_ADMIN_EMAIL}
|
||||
- MISP_ADMIN_PASSPHRASE=${MISP_ADMIN_PASSPHRASE}
|
||||
- MISP_BASEURL=${MISP_BASEURL}
|
||||
- POSTFIX_RELAY_HOST=${POSTFIX_RELAY_HOST}
|
||||
- TIMEZONE=${TIMEZONE}
|
||||
|
||||
db:
|
||||
container_name: misp_db
|
||||
image: mysql/mysql-server:5.7
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${DATA_DIR}/db:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_DATABASE=${MYSQL_DATABASE}
|
||||
- MYSQL_USER=${MYSQL_USER}
|
||||
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
||||
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
version: '2'
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
web:
|
||||
|
|
@ -10,6 +10,7 @@ services:
|
|||
restart: unless-stopped
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- /dev/urandom:/dev/random
|
||||
- ${DATA_DIR}/web:/var/www/MISP
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
FROM nginx:1.18
|
||||
|
||||
# default conf for proxy service
|
||||
COPY ./default.conf /etc/nginx/conf.d/default.conf
|
||||
|
||||
# Proxy and SSL configurations
|
||||
COPY ./includes/ /etc/nginx/includes/
|
||||
|
||||
# Proxy SSL certificates
|
||||
COPY ./ssl/ /etc/ssl/certs/nginx/
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
# plain http redirect to https
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name localhost;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
# main server, reverse proxy to 'web' container
|
||||
server {
|
||||
listen 443 ssl http2 default_server;
|
||||
listen [::]:443 ssl http2 default_server;
|
||||
server_name localhost;
|
||||
|
||||
# Path for SSL config/key/certificate
|
||||
ssl_certificate /etc/ssl/certs/nginx/misp.crt;
|
||||
ssl_certificate_key /etc/ssl/certs/nginx/misp.key;
|
||||
include /etc/nginx/includes/ssl.conf;
|
||||
|
||||
location / {
|
||||
include /etc/nginx/includes/proxy.conf;
|
||||
proxy_pass http://web;
|
||||
}
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log error;
|
||||
}
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_intercept_errors on;
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHAECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
|
@ -9,7 +9,7 @@ RUN apt-get update && \
|
|||
apt-get install -y software-properties-common && \
|
||||
apt-get install -y postfix && \
|
||||
apt-get install -y mysql-client curl gcc git gnupg-agent \
|
||||
make python openssl redis-server sudo vim zip locales wget supervisor
|
||||
make python3 openssl redis-server sudo vim zip locales wget supervisor
|
||||
|
||||
RUN locale-gen en_US.UTF-8
|
||||
ENV LANG en_US.UTF-8
|
||||
|
|
@ -28,17 +28,6 @@ RUN bash INSTALL_NODB.sh -A -u
|
|||
|
||||
USER root
|
||||
|
||||
# Install MISP Modules
|
||||
WORKDIR /opt
|
||||
RUN git clone --branch v2.4.134 https://github.com/MISP/misp-modules.git
|
||||
RUN cd misp-modules && \
|
||||
pip3 install --upgrade pip setuptools wheel && \
|
||||
pip3 install scikit-build && \
|
||||
pip3 install opencv-python && \
|
||||
pip3 install -I -r REQUIREMENTS && \
|
||||
pip3 install -I . && \
|
||||
echo "sudo -u www-data misp-modules -s -l 127.0.0.1 &" >>/etc/rc.local
|
||||
|
||||
# Supervisord Setup
|
||||
RUN ( \
|
||||
echo '[supervisord]'; \
|
||||
|
|
@ -74,7 +63,6 @@ RUN ( \
|
|||
# Trigger to perform first boot operations
|
||||
ADD run.sh /run.sh
|
||||
RUN chmod 0755 /run.sh && touch /.firstboot.tmp
|
||||
|
||||
# Make a backup of /var/www/MISP to restore it to the local moint point at first boot
|
||||
WORKDIR /var/www/MISP
|
||||
RUN tar czpf /root/MISP.tgz .
|
||||
|
|
|
|||
10
web/run.sh
10
web/run.sh
|
|
@ -2,10 +2,12 @@
|
|||
#
|
||||
# MISP docker startup script
|
||||
# Xavier Mertens <xavier@rootshell.be>
|
||||
# Steven Goossens <steven@teamg.be>
|
||||
#
|
||||
# 2017/05/17 - Created
|
||||
# 2017/05/31 - Fixed small errors
|
||||
# 2019/10/17 - Use built-in mysql docker DB creation and use std env names (dafal)
|
||||
# 2021/03/09 - Update to work with the install script provided by MISP. Includes https support, Python venv,...
|
||||
#
|
||||
|
||||
set -e
|
||||
|
|
@ -89,7 +91,7 @@ if [ -r /.firstboot.tmp ]; then
|
|||
# MISP configuration
|
||||
echo "Creating MISP configuration files"
|
||||
cd /var/www/MISP/app/Config
|
||||
cp -a database.default.php database.php
|
||||
cp -a database.default.php database.php
|
||||
sed -i "s/localhost/$MYSQL_HOST/" database.php
|
||||
sed -i "s/db\s*login/$MYSQL_USER/" database.php
|
||||
sed -i "s/8889/3306/" database.php
|
||||
|
|
@ -102,7 +104,10 @@ if [ -r /.firstboot.tmp ]; then
|
|||
echo "Fixing the MISP base URL ($MISP_BASEURL) ..."
|
||||
sed -i "s@'baseurl'[\t ]*=>[\t ]*'',@'baseurl' => '$MISP_BASEURL',@g" /var/www/MISP/app/Config/config.php
|
||||
fi
|
||||
|
||||
|
||||
#Redis should not run as a daemon
|
||||
sed -i "s/daemonize yes/daemonize no/g" /etc/redis/redis.conf
|
||||
|
||||
# Generate the admin user PGP key
|
||||
echo "Creating admin GnuPG key"
|
||||
if [ -z "$MISP_ADMIN_EMAIL" -o -z "$MISP_ADMIN_PASSPHRASE" ]; then
|
||||
|
|
@ -141,6 +146,7 @@ fi
|
|||
# non-live will make it live again if the container restarts. That seems
|
||||
# better than the default which is that MISP is non-live on container restart.
|
||||
# Ideally live/non-live would be persisted in the database.
|
||||
/var/www/MISP/app/Console/cake Admin setSetting "MISP.python_bin" "/var/www/MISP/venv/bin/python"
|
||||
/var/www/MISP/app/Console/cake live 1
|
||||
chown www-data:www-data /var/www/MISP/app/Config/config.php*
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue