From 9fde19bcafe08a3caec18ea9f54d22e2c440b36f Mon Sep 17 00:00:00 2001
From: Steven <steven@teamg.be>
Date: Tue, 23 Mar 2021 10:21:25 +0100
Subject: [PATCH] Copy Apache2 configuration inside container

---
 web/Dockerfile    |  2 ++
 web/misp-ssl.conf | 55 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 web/misp-ssl.conf

diff --git a/web/Dockerfile b/web/Dockerfile
index 8176091..a3bc9ba 100644
--- a/web/Dockerfile
+++ b/web/Dockerfile
@@ -62,6 +62,8 @@ RUN ( \
 # Add run script
 # Trigger to perform first boot operations
 ADD run.sh /run.sh
+RUN mv /etc/apache2/sites-available/misp-ssl.conf /etc/apache2/sites-available/misp-ssl.conf.bak
+ADD misp-ssl.conf /etc/apache2/sites-available/misp-ssl.conf
 RUN chmod 0755 /run.sh && touch /.firstboot.tmp
 # Make a backup of /var/www/MISP to restore it to the local moint point at first boot
 WORKDIR /var/www/MISP
diff --git a/web/misp-ssl.conf b/web/misp-ssl.conf
new file mode 100644
index 0000000..157c370
--- /dev/null
+++ b/web/misp-ssl.conf
@@ -0,0 +1,55 @@
+<VirtualHost *:80>
+    ServerAdmin serveradmin@misp.local
+    ServerName misp.local
+
+	DocumentRoot /var/www/MISP/app/webroot
+    <Directory /var/www/MISP/app/webroot>
+        Options -Indexes
+        AllowOverride all
+        Require all granted
+    </Directory>
+	
+    LogLevel warn
+    ErrorLog /var/log/apache2/misp.local_p80_error.log
+    CustomLog /var/log/apache2/misp.local_p80_access.log combined
+
+    Header always unset "X-Powered-By"
+
+    ServerSignature Off
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerAdmin serveradmin@misp.local
+    ServerName misp.local
+    DocumentRoot /var/www/MISP/app/webroot
+    <Directory /var/www/MISP/app/webroot>
+        Options -Indexes
+        AllowOverride all
+        Require all granted
+    </Directory>
+
+    SSLEngine On
+# The line below disable unsecure Ciphers, might be enabled by default
+#         SSLCipherSuite HIGH:!aNULL:!MD5
+    SSLCertificateFile /etc/ssl/private/misp.local.crt
+    SSLCertificateKeyFile /etc/ssl/private/misp.local.key
+#    SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
+
+    LogLevel warn
+    ErrorLog /var/log/apache2/misp.local_error.log
+    CustomLog /var/log/apache2/misp.local_access.log combined
+
+    ServerSignature Off
+
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
+    Header always set X-Content-Type-Options nosniff
+    Header always set X-Frame-Options SAMEORIGIN
+    Header always unset "X-Powered-By"
+
+    # TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy
+    ## Example:
+    # Header always set X-XSS-Protection "1; mode=block"
+    # Header always set Content-Security-Policy "default-src 'none'; style-src 'self' ... script-src/font-src/img-src/connect-src
+    # Header always set Referrer-Policy "strict-origin-when-cross-origin"
+    # Header always set Feature-Policy "geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self'; microphone 'none'; camera 'self'; magnometer 'self'; gyroscope 'self'; speake 'none'; vibrate 'self'; fullscreen 'none'"
+</VirtualHost>