mirror of https://github.com/MISP/misp-docker
Merge pull request #1 from arnydo/misp-proxy
Add NGINX Reverse Proxy option
commit
8491df05d8
23
README.md
23
README.md
|
@ -15,6 +15,17 @@ The build is based on Ubuntu and will install all the required components. The f
|
|||
* Creation of the MySQL database
|
||||
* Generation of the admin PGP key
|
||||
|
||||
|
||||
# Optional NGINX config
|
||||
|
||||
Included is an optional Docker Compose file 'docker-compose-nginx.yml' to spin up a reverse proxy to sit in front of MISP.
|
||||
|
||||
## Config
|
||||
* add your "*.crt" and "*.key" files to the ./misp-proxy/ssl folder
|
||||
If not implementing SSL (not recommended) then simply comment out the appropriate lines in the "./misp-proxy/default.conf" file.
|
||||
* Update "server_name" in default.conf file (will implement ENVIRONMENT VARIABLE in the future)
|
||||
|
||||
|
||||
# Building your image
|
||||
|
||||
## Fetch files
|
||||
|
@ -33,4 +44,16 @@ Edit the docker-compose.yml and change the following environment variables:
|
|||
## Build the containers
|
||||
```
|
||||
# docker-compose build
|
||||
or
|
||||
# docker-compose -f docker-compose-nginx.yml build
|
||||
```
|
||||
|
||||
## Run containers
|
||||
```
|
||||
# docker-compose up
|
||||
or
|
||||
# docker-compose -f docker-compose-nginx.yml up
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,61 @@
|
|||
version: '2'
|
||||
|
||||
services:
|
||||
proxy:
|
||||
build:
|
||||
context: misp-proxy
|
||||
container_name: misp-proxy
|
||||
depends_on:
|
||||
- misp-web
|
||||
hostname: misp-proxy
|
||||
image: misp-proxy:latest
|
||||
networks:
|
||||
- misp-network
|
||||
ports:
|
||||
- 81:80
|
||||
- 4443:443
|
||||
|
||||
misp-web:
|
||||
build: misp-web
|
||||
depends_on:
|
||||
- misp-db
|
||||
container_name: misp-web
|
||||
hostname: misp-web
|
||||
image: misp-web:latest
|
||||
restart: always
|
||||
networks:
|
||||
- misp-network
|
||||
links:
|
||||
- misp-db
|
||||
volumes:
|
||||
- /dev/urandom:/dev/random
|
||||
- /data/misp:/var/www/MISP
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=xxxxxxxx
|
||||
- MYSQL_MISP_PASSWORD=xxxxxxxx
|
||||
- MYSQL_HOST=misp-db
|
||||
- MISP_ADMIN_EMAIL=admin@admin.test
|
||||
- MISP_ADMIN_PASSPHRASE=xxxxxxxxx
|
||||
- MISP_BASEURL=http:\/\/misp\.test
|
||||
- POSTFIX_RELAY_HOST=relay.fqdn
|
||||
- TIMEZONE=Europe/Brussels
|
||||
|
||||
misp-db:
|
||||
build:
|
||||
context: misp-db
|
||||
args:
|
||||
MYSQL_MISP_PASSWORD: xxxxxxxx
|
||||
container_name: misp-db
|
||||
hostname: misp-db
|
||||
image: misp-db:latest
|
||||
restart: always
|
||||
networks:
|
||||
- misp-network
|
||||
volumes:
|
||||
- /data/mysql:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=xxxxxxxx
|
||||
|
||||
networks:
|
||||
misp-network:
|
||||
driver: bridge
|
|
@ -0,0 +1,13 @@
|
|||
FROM nginx:1.9
|
||||
|
||||
# default conf for proxy service
|
||||
COPY ./default.conf /etc/nginx/conf.d/default.conf
|
||||
|
||||
# NOT FOUND response
|
||||
COPY ./backend-not-found.html /var/www/html/backend-not-found.html
|
||||
|
||||
# Proxy and SSL configurations
|
||||
COPY ./includes/ /etc/nginx/includes/
|
||||
|
||||
# Proxy SSL certificates
|
||||
COPY ./ssl/ /etc/ssl/certs/nginx/
|
|
@ -0,0 +1,6 @@
|
|||
<html>
|
||||
<head><title>Proxy Backend Not Found</title></head>
|
||||
<body >
|
||||
<h2>Proxy Backend Not Found</h2>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,45 @@
|
|||
# web service1 config.
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl http2;
|
||||
server_name misp.test;
|
||||
|
||||
if ($scheme != "https") {
|
||||
rewrite ^ https://$host$uri permanent;
|
||||
}
|
||||
|
||||
# Path for SSL config/key/certificate
|
||||
ssl_certificate /etc/ssl/certs/nginx/misp.crt;
|
||||
ssl_certificate_key /etc/ssl/certs/nginx/misp.key;
|
||||
include /etc/nginx/includes/ssl.conf;
|
||||
|
||||
location / {
|
||||
include /etc/nginx/includes/proxy.conf;
|
||||
proxy_pass http://misp-web;
|
||||
}
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log error;
|
||||
}
|
||||
|
||||
# Default
|
||||
server {
|
||||
listen 80 default_server;
|
||||
|
||||
server_name _;
|
||||
root /var/www/html;
|
||||
|
||||
charset UTF-8;
|
||||
|
||||
error_page 404 /backend-not-found.html;
|
||||
location = /backend-not-found.html {
|
||||
allow all;
|
||||
}
|
||||
location / {
|
||||
return 404;
|
||||
}
|
||||
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
error_log /var/log/nginx/error.log error;
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_intercept_errors on;
|
|
@ -0,0 +1,7 @@
|
|||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHAECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||
ssl_prefer_server_ciphers on;
|
Loading…
Reference in New Issue