Add password to redis (#107)

core/files/entrypoint_fpm.sh

@@ -19,7 +19,7 @@ change_php_vars() {
         sed -i "s/upload_max_filesize = .*/upload_max_filesize = 50M/" "$FILE"
         sed -i "s/post_max_size = .*/post_max_size = 50M/" "$FILE"
         sed -i "s/session.save_handler = .*/session.save_handler = redis/" "$FILE"
-        sed -i "s|.*session.save_path = .*|session.save_path = '$(echo $REDIS_FQDN | grep -E '^\w+://' || echo tcp://$REDIS_FQDN):6379'|" "$FILE"
+        sed -i "s|.*session.save_path = .*|session.save_path = '$(echo $REDIS_FQDN | grep -E '^\w+://' || echo tcp://$REDIS_FQDN):6379${REDIS_PASSWORD:+?auth=${REDIS_PASSWORD}}'|" "$FILE"
         sed -i "s/session.sid_length = .*/session.sid_length = 64/" "$FILE"
         sed -i "s/session.use_strict_mode = .*/session.use_strict_mode = 1/" "$FILE"
     done

core/files/entrypoint_nginx.sh

@@ -14,6 +14,7 @@ trap term_proc SIGTERM
 [ -z "$MYSQL_PASSWORD" ] && MYSQL_PASSWORD=example
 [ -z "$MYSQL_DATABASE" ] && MYSQL_DATABASE=misp
 [ -z "$MYSQLCMD" ] && export MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE"
+[ -z "$REDIS_PASSWORD" ] && REDIS_PASSWORD=redispassword
 [ -z "$CRON_USER_ID" ] && export CRON_USER_ID="1"
 [ -z "$BASE_URL" ] && export BASE_URL="https://localhost"
 [ -z "$DISABLE_IPV6" ] && export DISABLE_IPV6=false

core/files/etc/misp-docker/initialisation.envars.json

@@ -15,6 +15,9 @@
   "Plugin.ZeroMQ_redis_host": {
     "default_value": "${REDIS_FQDN}"
   },
+  "Plugin.ZeroMQ_redis_password": {
+    "default_value": "${REDIS_PASSWORD}"
+  },
   "Plugin.Enrichment_services_url": {
     "default_value": "${MISP_MODULES_FQDN}"
   },

core/files/etc/misp-docker/minimum_config.envars.json

@@ -5,10 +5,16 @@
   "MISP.redis_host": {
     "default_value": "${REDIS_FQDN}"
   },
+  "MISP.redis_password": {
+    "default_value": "${REDIS_PASSWORD}"
+  },
   "GnuPG.binary": {
     "default_value": "${GPG_BINARY}"
   },
   "SimpleBackgroundJobs.redis_host": {
     "default_value": "${REDIS_FQDN}"
+  },
+  "SimpleBackgroundJobs.redis_password": {
+    "default_value": "${REDIS_PASSWORD}"
   }
 }

docker-compose.yml

@@ -13,8 +13,9 @@ services:
 
   redis:
     image: valkey/valkey:7.2
+    command: "--requirepass ${REDIS_PASSWORD:-redispassword}"
     healthcheck:
-      test: valkey-cli ping || exit 1
+      test: "valkey-cli -a ${REDIS_PASSWORD:-redispassword} ping || exit 1"
       interval: 2s
       timeout: 1s
       retries: 3
@@ -158,6 +159,8 @@ services:
       - "MYSQL_USER=${MYSQL_USER:-misp}"
       - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"
       - "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}"
+      # redis settings
+      - "REDIS_PASSWORD=${REDIS_PASSWORD:-redispassword}"
       # Debug setting 
       - "DEBUG=${DEBUG}"
       # SMTP setting
@@ -173,6 +176,7 @@ services:
         - LIBFAUP_COMMIT=${LIBFAUP_COMMIT:?Missing .env file, see README.md for instructions}
     environment:
       - "REDIS_BACKEND=redis"
+      - "REDIS_PW=${REDIS_PASSWORD:-redispassword}"
     depends_on:
       redis:
         condition: service_healthy

template.env

@@ -78,6 +78,9 @@ SYNCSERVERS_1_PULL_RULES=
 # MYSQL_ROOT_PASSWORD=
 # MYSQL_DATABASE=
 
+# optional and used to set redis password
+# REDIS_PASSWORD=
+
 # These variables allows overriding some MISP email values.
 # They all default to ADMIN_EMAIL.