mirror of https://github.com/MISP/misp-docker
Copy Apache2 configuration inside container
parent
f41a184e36
commit
9fde19bcaf
|
@ -62,6 +62,8 @@ RUN ( \
|
|||
# Add run script
|
||||
# Trigger to perform first boot operations
|
||||
ADD run.sh /run.sh
|
||||
RUN mv /etc/apache2/sites-available/misp-ssl.conf /etc/apache2/sites-available/misp-ssl.conf.bak
|
||||
ADD misp-ssl.conf /etc/apache2/sites-available/misp-ssl.conf
|
||||
RUN chmod 0755 /run.sh && touch /.firstboot.tmp
|
||||
# Make a backup of /var/www/MISP to restore it to the local moint point at first boot
|
||||
WORKDIR /var/www/MISP
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
<VirtualHost *:80>
|
||||
ServerAdmin serveradmin@misp.local
|
||||
ServerName misp.local
|
||||
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_p80_error.log
|
||||
CustomLog /var/log/apache2/misp.local_p80_access.log combined
|
||||
|
||||
Header always unset "X-Powered-By"
|
||||
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:443>
|
||||
ServerAdmin serveradmin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
# The line below disable unsecure Ciphers, might be enabled by default
|
||||
# SSLCipherSuite HIGH:!aNULL:!MD5
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
|
||||
ServerSignature Off
|
||||
|
||||
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
|
||||
Header always set X-Content-Type-Options nosniff
|
||||
Header always set X-Frame-Options SAMEORIGIN
|
||||
Header always unset "X-Powered-By"
|
||||
|
||||
# TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy
|
||||
## Example:
|
||||
# Header always set X-XSS-Protection "1; mode=block"
|
||||
# Header always set Content-Security-Policy "default-src 'none'; style-src 'self' ... script-src/font-src/img-src/connect-src
|
||||
# Header always set Referrer-Policy "strict-origin-when-cross-origin"
|
||||
# Header always set Feature-Policy "geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self'; microphone 'none'; camera 'self'; magnometer 'self'; gyroscope 'self'; speake 'none'; vibrate 'self'; fullscreen 'none'"
|
||||
</VirtualHost>
|
Loading…
Reference in New Issue