MISP
/
misp-docker
mirror of https://github.com/MISP/misp-docker
2
0
Fork 0
Code Issues Releases Wiki Activity

Add "PHP_MAX_FILE_UPLOADS" and "NGINX_CLIENT_MAX_BODY_SIZE" environment variables (#207)

pull/212/head
m5050 2025-01-12 13:53:57 +03:00 committed by GitHub
parent 654ac748f3
commit abec006996
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/files/entrypoint.sh
View File

@ -50,6 +50,7 @@ export PHP_MAX_EXECUTION_TIME=${PHP_MAX_EXECUTION_TIME:-300}
export PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M} export PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}
export PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M} export PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}
export PHP_MAX_INPUT_TIME=${PHP_MAX_INPUT_TIME:-300} export PHP_MAX_INPUT_TIME=${PHP_MAX_INPUT_TIME:-300}
export PHP_MAX_FILE_UPLOADS=${PHP_MAX_FILE_UPLOADS:-50}
export PHP_FCGI_CHILDREN=${PHP_FCGI_CHILDREN:-5} export PHP_FCGI_CHILDREN=${PHP_FCGI_CHILDREN:-5}
export PHP_FCGI_START_SERVERS=${PHP_FCGI_START_SERVERS:-2} export PHP_FCGI_START_SERVERS=${PHP_FCGI_START_SERVERS:-2}
@ -67,6 +68,7 @@ export PHP_SESSION_COOKIE_SAMESITE=${PHP_SESSION_COOKIE_SAMESITE:-Lax}
export NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR:-false} export NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR:-false}
export NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM} export NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM}
export NGINX_CLIENT_MAX_BODY_SIZE=${NGINX_CLIENT_MAX_BODY_SIZE:-50M}
# start supervisord using the main configuration file so we have a socket interface # start supervisord using the main configuration file so we have a socket interface
/usr/bin/supervisord -c /etc/supervisor/supervisord.conf /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

2
core/files/entrypoint_fpm.sh
View File

@ -19,6 +19,8 @@ change_php_vars() {
sed -i "s/max_execution_time = .*/max_execution_time = ${PHP_MAX_EXECUTION_TIME}/" "$FILE" sed -i "s/max_execution_time = .*/max_execution_time = ${PHP_MAX_EXECUTION_TIME}/" "$FILE"
echo "Configure PHP | Setting 'upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE}'" echo "Configure PHP | Setting 'upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE}'"
sed -i "s/upload_max_filesize = .*/upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE}/" "$FILE" sed -i "s/upload_max_filesize = .*/upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE}/" "$FILE"
echo "Configure PHP | Setting 'max_file_uploads = ${PHP_MAX_FILE_UPLOADS}'"
sed -i "s/max_file_uploads = .*/max_file_uploads = ${PHP_MAX_FILE_UPLOADS}/" "$FILE"
echo "Configure PHP | Setting 'post_max_size = ${PHP_POST_MAX_SIZE}'" echo "Configure PHP | Setting 'post_max_size = ${PHP_POST_MAX_SIZE}'"
sed -i "s/post_max_size = .*/post_max_size = ${PHP_POST_MAX_SIZE}/" "$FILE" sed -i "s/post_max_size = .*/post_max_size = ${PHP_POST_MAX_SIZE}/" "$FILE"
echo "Configure PHP | Setting 'max_input_time = ${PHP_MAX_INPUT_TIME}'" echo "Configure PHP | Setting 'max_input_time = ${PHP_MAX_INPUT_TIME}'"

4
core/files/entrypoint_nginx.sh
View File

@ -225,6 +225,10 @@ init_nginx() {
echo "... adjusting 'fastcgi_connect_timeout' to ${FASTCGI_CONNECT_TIMEOUT}" echo "... adjusting 'fastcgi_connect_timeout' to ${FASTCGI_CONNECT_TIMEOUT}"
sed -i "s/fastcgi_connect_timeout .*;/fastcgi_connect_timeout ${FASTCGI_CONNECT_TIMEOUT};/" /etc/nginx/includes/misp sed -i "s/fastcgi_connect_timeout .*;/fastcgi_connect_timeout ${FASTCGI_CONNECT_TIMEOUT};/" /etc/nginx/includes/misp
# Adjust maximum allowed size of the client request body
echo "... adjusting 'client_max_body_size' to ${NGINX_CLIENT_MAX_BODY_SIZE}"
sed -i "s/client_max_body_size .*;/client_max_body_size ${NGINX_CLIENT_MAX_BODY_SIZE};/" /etc/nginx/includes/misp
# Adjust forwarding header settings (clean up first) # Adjust forwarding header settings (clean up first)
sed -i '/real_ip_header/d' /etc/nginx/includes/misp sed -i '/real_ip_header/d' /etc/nginx/includes/misp
sed -i '/real_ip_recursive/d' /etc/nginx/includes/misp sed -i '/real_ip_recursive/d' /etc/nginx/includes/misp

2
docker-compose.yml
View File

@ -157,6 +157,7 @@ services:
# Nginx settings # Nginx settings
- "NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR}" - "NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR}"
- "NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM}" - "NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM}"
- "NGINX_CLIENT_MAX_BODY_SIZE=${NGINX_CLIENT_MAX_BODY_SIZE:-50M}"
# Proxy settings # Proxy settings
- "PROXY_ENABLE=${PROXY_ENABLE}" - "PROXY_ENABLE=${PROXY_ENABLE}"
- "PROXY_HOST=${PROXY_HOST}" - "PROXY_HOST=${PROXY_HOST}"
@ -201,6 +202,7 @@ services:
- "PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}" - "PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}"
- "PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}" - "PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}"
- "PHP_MAX_INPUT_TIME:${PHP_MAX_INPUT_TIME:-300}" - "PHP_MAX_INPUT_TIME:${PHP_MAX_INPUT_TIME:-300}"
- "PHP_MAX_FILE_UPLOADS=${PHP_MAX_FILE_UPLOADS:-50}"
# PHP FPM pool setup # PHP FPM pool setup
- "PHP_FCGI_CHILDREN=${PHP_FCGI_CHILDREN:-5}" - "PHP_FCGI_CHILDREN=${PHP_FCGI_CHILDREN:-5}"
- "PHP_FCGI_START_SERVERS=${PHP_FCGI_START_SERVERS:-2}" - "PHP_FCGI_START_SERVERS=${PHP_FCGI_START_SERVERS:-2}"

5
template.env
View File

@ -200,6 +200,8 @@ SYNCSERVERS_1_PULL_RULES=
# PHP_POST_MAX_SIZE=50M # PHP_POST_MAX_SIZE=50M
# Maximum time PHP spends parsing input data in seconds. # Maximum time PHP spends parsing input data in seconds.
# PHP_MAX_INPUT_TIME=300 # PHP_MAX_INPUT_TIME=300
# Maximum number of file to upload per request.
# PHP_MAX_FILE_UPLOADS=50
## PHP FPM pool setup ## PHP FPM pool setup
# Maximum number of php-fpm processes, limits the number of simultaneous requests. # Maximum number of php-fpm processes, limits the number of simultaneous requests.
@ -252,6 +254,9 @@ SYNCSERVERS_1_PULL_RULES=
# Options: DENY, SAMEORIGIN, ALLOW-FROM <URL> Default: SAMEORIGIN # Options: DENY, SAMEORIGIN, ALLOW-FROM <URL> Default: SAMEORIGIN
# X_FRAME_OPTIONS= # X_FRAME_OPTIONS=
# NGINX maximum allowed size of the client request body.
# NGINX_CLIENT_MAX_BODY_SIZE=50M
# Content-Security-Policy (CSP) configuration: defines allowed resources and prevents attacks like XSS. # Content-Security-Policy (CSP) configuration: defines allowed resources and prevents attacks like XSS.
# Example: "frame-src 'self' https://*.example.com; frame-ancestors 'self' https://*.example.com; object-src 'none'; report-uri https://example.com/cspReport" # Example: "frame-src 'self' https://*.example.com; frame-ancestors 'self' https://*.example.com; object-src 'none'; report-uri https://example.com/cspReport"
# CONTENT_SECURITY_POLICY= # CONTENT_SECURITY_POLICY=