mirror of https://github.com/MISP/misp-docker
- Clean up repository
- Don't run redis as daemon as it does not work in container
parent
c13eec4a73
commit
6cc2cc3d2d
|
@ -1,44 +0,0 @@
|
||||||
version: '2'
|
|
||||||
|
|
||||||
services:
|
|
||||||
proxy:
|
|
||||||
build:
|
|
||||||
context: proxy
|
|
||||||
container_name: misp_proxy
|
|
||||||
restart: unless-stopped
|
|
||||||
image: misp-proxy:latest
|
|
||||||
ports:
|
|
||||||
- 80:80
|
|
||||||
- 443:443
|
|
||||||
|
|
||||||
web:
|
|
||||||
build: web
|
|
||||||
container_name: misp_web
|
|
||||||
image: misp:latest
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- /dev/urandom:/dev/random
|
|
||||||
- ${DATA_DIR}/web:/var/www/MISP
|
|
||||||
environment:
|
|
||||||
- MYSQL_HOST=${MYSQL_HOST}
|
|
||||||
- MYSQL_DATABASE=${MYSQL_DATABASE}
|
|
||||||
- MYSQL_USER=${MYSQL_USER}
|
|
||||||
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
|
||||||
- MISP_ADMIN_EMAIL=${MISP_ADMIN_EMAIL}
|
|
||||||
- MISP_ADMIN_PASSPHRASE=${MISP_ADMIN_PASSPHRASE}
|
|
||||||
- MISP_BASEURL=${MISP_BASEURL}
|
|
||||||
- POSTFIX_RELAY_HOST=${POSTFIX_RELAY_HOST}
|
|
||||||
- TIMEZONE=${TIMEZONE}
|
|
||||||
|
|
||||||
db:
|
|
||||||
container_name: misp_db
|
|
||||||
image: mysql/mysql-server:5.7
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- ${DATA_DIR}/db:/var/lib/mysql
|
|
||||||
environment:
|
|
||||||
- MYSQL_DATABASE=${MYSQL_DATABASE}
|
|
||||||
- MYSQL_USER=${MYSQL_USER}
|
|
||||||
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
|
||||||
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
version: '2'
|
version: '3'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
web:
|
web:
|
||||||
|
@ -10,6 +10,7 @@ services:
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
volumes:
|
volumes:
|
||||||
- /dev/urandom:/dev/random
|
- /dev/urandom:/dev/random
|
||||||
- ${DATA_DIR}/web:/var/www/MISP
|
- ${DATA_DIR}/web:/var/www/MISP
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
FROM nginx:1.18
|
|
||||||
|
|
||||||
# default conf for proxy service
|
|
||||||
COPY ./default.conf /etc/nginx/conf.d/default.conf
|
|
||||||
|
|
||||||
# Proxy and SSL configurations
|
|
||||||
COPY ./includes/ /etc/nginx/includes/
|
|
||||||
|
|
||||||
# Proxy SSL certificates
|
|
||||||
COPY ./ssl/ /etc/ssl/certs/nginx/
|
|
|
@ -1,26 +0,0 @@
|
||||||
# plain http redirect to https
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name localhost;
|
|
||||||
return 301 https://$server_name$request_uri;
|
|
||||||
}
|
|
||||||
# main server, reverse proxy to 'web' container
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2 default_server;
|
|
||||||
listen [::]:443 ssl http2 default_server;
|
|
||||||
server_name localhost;
|
|
||||||
|
|
||||||
# Path for SSL config/key/certificate
|
|
||||||
ssl_certificate /etc/ssl/certs/nginx/misp.crt;
|
|
||||||
ssl_certificate_key /etc/ssl/certs/nginx/misp.key;
|
|
||||||
include /etc/nginx/includes/ssl.conf;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
include /etc/nginx/includes/proxy.conf;
|
|
||||||
proxy_pass http://web;
|
|
||||||
}
|
|
||||||
|
|
||||||
access_log off;
|
|
||||||
error_log /var/log/nginx/error.log error;
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_intercept_errors on;
|
|
|
@ -1,7 +0,0 @@
|
||||||
ssl_session_timeout 1d;
|
|
||||||
ssl_session_cache shared:SSL:50m;
|
|
||||||
ssl_session_tickets off;
|
|
||||||
|
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
||||||
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHAECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
|
@ -9,7 +9,7 @@ RUN apt-get update && \
|
||||||
apt-get install -y software-properties-common && \
|
apt-get install -y software-properties-common && \
|
||||||
apt-get install -y postfix && \
|
apt-get install -y postfix && \
|
||||||
apt-get install -y mysql-client curl gcc git gnupg-agent \
|
apt-get install -y mysql-client curl gcc git gnupg-agent \
|
||||||
make python openssl redis-server sudo vim zip locales wget supervisor
|
make python3 openssl redis-server sudo vim zip locales wget supervisor
|
||||||
|
|
||||||
RUN locale-gen en_US.UTF-8
|
RUN locale-gen en_US.UTF-8
|
||||||
ENV LANG en_US.UTF-8
|
ENV LANG en_US.UTF-8
|
||||||
|
@ -28,17 +28,6 @@ RUN bash INSTALL_NODB.sh -A -u
|
||||||
|
|
||||||
USER root
|
USER root
|
||||||
|
|
||||||
# Install MISP Modules
|
|
||||||
WORKDIR /opt
|
|
||||||
RUN git clone --branch v2.4.134 https://github.com/MISP/misp-modules.git
|
|
||||||
RUN cd misp-modules && \
|
|
||||||
pip3 install --upgrade pip setuptools wheel && \
|
|
||||||
pip3 install scikit-build && \
|
|
||||||
pip3 install opencv-python && \
|
|
||||||
pip3 install -I -r REQUIREMENTS && \
|
|
||||||
pip3 install -I . && \
|
|
||||||
echo "sudo -u www-data misp-modules -s -l 127.0.0.1 &" >>/etc/rc.local
|
|
||||||
|
|
||||||
# Supervisord Setup
|
# Supervisord Setup
|
||||||
RUN ( \
|
RUN ( \
|
||||||
echo '[supervisord]'; \
|
echo '[supervisord]'; \
|
||||||
|
@ -74,7 +63,6 @@ RUN ( \
|
||||||
# Trigger to perform first boot operations
|
# Trigger to perform first boot operations
|
||||||
ADD run.sh /run.sh
|
ADD run.sh /run.sh
|
||||||
RUN chmod 0755 /run.sh && touch /.firstboot.tmp
|
RUN chmod 0755 /run.sh && touch /.firstboot.tmp
|
||||||
|
|
||||||
# Make a backup of /var/www/MISP to restore it to the local moint point at first boot
|
# Make a backup of /var/www/MISP to restore it to the local moint point at first boot
|
||||||
WORKDIR /var/www/MISP
|
WORKDIR /var/www/MISP
|
||||||
RUN tar czpf /root/MISP.tgz .
|
RUN tar czpf /root/MISP.tgz .
|
||||||
|
|
10
web/run.sh
10
web/run.sh
|
@ -2,10 +2,12 @@
|
||||||
#
|
#
|
||||||
# MISP docker startup script
|
# MISP docker startup script
|
||||||
# Xavier Mertens <xavier@rootshell.be>
|
# Xavier Mertens <xavier@rootshell.be>
|
||||||
|
# Steven Goossens <steven@teamg.be>
|
||||||
#
|
#
|
||||||
# 2017/05/17 - Created
|
# 2017/05/17 - Created
|
||||||
# 2017/05/31 - Fixed small errors
|
# 2017/05/31 - Fixed small errors
|
||||||
# 2019/10/17 - Use built-in mysql docker DB creation and use std env names (dafal)
|
# 2019/10/17 - Use built-in mysql docker DB creation and use std env names (dafal)
|
||||||
|
# 2021/03/09 - Update to work with the install script provided by MISP. Includes https support, Python venv,...
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
@ -89,7 +91,7 @@ if [ -r /.firstboot.tmp ]; then
|
||||||
# MISP configuration
|
# MISP configuration
|
||||||
echo "Creating MISP configuration files"
|
echo "Creating MISP configuration files"
|
||||||
cd /var/www/MISP/app/Config
|
cd /var/www/MISP/app/Config
|
||||||
cp -a database.default.php database.php
|
cp -a database.default.php database.php
|
||||||
sed -i "s/localhost/$MYSQL_HOST/" database.php
|
sed -i "s/localhost/$MYSQL_HOST/" database.php
|
||||||
sed -i "s/db\s*login/$MYSQL_USER/" database.php
|
sed -i "s/db\s*login/$MYSQL_USER/" database.php
|
||||||
sed -i "s/8889/3306/" database.php
|
sed -i "s/8889/3306/" database.php
|
||||||
|
@ -102,7 +104,10 @@ if [ -r /.firstboot.tmp ]; then
|
||||||
echo "Fixing the MISP base URL ($MISP_BASEURL) ..."
|
echo "Fixing the MISP base URL ($MISP_BASEURL) ..."
|
||||||
sed -i "s@'baseurl'[\t ]*=>[\t ]*'',@'baseurl' => '$MISP_BASEURL',@g" /var/www/MISP/app/Config/config.php
|
sed -i "s@'baseurl'[\t ]*=>[\t ]*'',@'baseurl' => '$MISP_BASEURL',@g" /var/www/MISP/app/Config/config.php
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
#Redis should not run as a daemon
|
||||||
|
sed -i "s/daemonize yes/daemonize no/g" /etc/redis/redis.conf
|
||||||
|
|
||||||
# Generate the admin user PGP key
|
# Generate the admin user PGP key
|
||||||
echo "Creating admin GnuPG key"
|
echo "Creating admin GnuPG key"
|
||||||
if [ -z "$MISP_ADMIN_EMAIL" -o -z "$MISP_ADMIN_PASSPHRASE" ]; then
|
if [ -z "$MISP_ADMIN_EMAIL" -o -z "$MISP_ADMIN_PASSPHRASE" ]; then
|
||||||
|
@ -141,6 +146,7 @@ fi
|
||||||
# non-live will make it live again if the container restarts. That seems
|
# non-live will make it live again if the container restarts. That seems
|
||||||
# better than the default which is that MISP is non-live on container restart.
|
# better than the default which is that MISP is non-live on container restart.
|
||||||
# Ideally live/non-live would be persisted in the database.
|
# Ideally live/non-live would be persisted in the database.
|
||||||
|
/var/www/MISP/app/Console/cake Admin setSetting "MISP.python_bin" "/var/www/MISP/venv/bin/python"
|
||||||
/var/www/MISP/app/Console/cake live 1
|
/var/www/MISP/app/Console/cake live 1
|
||||||
chown www-data:www-data /var/www/MISP/app/Config/config.php*
|
chown www-data:www-data /var/www/MISP/app/Config/config.php*
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue