MISP
/
misp-docker
mirror of https://github.com/MISP/misp-docker
2
0
Fork 0
Code Issues Releases Wiki Activity

ENV to disable port 80 redirect - fixes #34

pull/1/head
Jason Kendall 2020-02-27 15:28:21 -05:00
parent 2b31e5f50b
commit c57f2669ec
5 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.env
View File

@ -1,2 +1,2 @@
MISP_TAG=v2.4.122
MISP_TAG=v2.4.121
PHP_VER=20180731

1
docker-compose.yml
View File

@ -42,6 +42,7 @@ services:
- "MYSQL_PASSWORD=example"
- "HOSTNAME=https://localhost"
- "INIT=true" # Initialze MISP, things includes, attempting to import SQL and the Files DIR
# - "NOREDIR=true" #Do not redirect port 80
misp-modules:
image: coolacid/misp-docker:modules-latest

3
server/Dockerfile
View File

@ -121,7 +121,8 @@ ARG PHP_VER
# nginx
RUN rm /etc/nginx/sites-enabled/*; mkdir /run/php
COPY files/etc/nginx/misp /etc/nginx/sites-enabled/misp
COPY files/etc/nginx/misp80 /etc/nginx/sites-enabled/misp80
COPY files/etc/nginx/misp80 /etc/nginx/sites-available/misp80
COPY files/etc/nginx/misp80-noredir /etc/nginx/sites-available/misp80-noredir
# Make a copy of the file store, so we can sync from it
RUN cp -R /var/www/MISP/app/files /var/www/MISP/app/files.dist

6
server/files/entrypoint_nginx.sh
View File

@ -112,5 +112,11 @@ if [[ ! -f /var/www/MISP/PyMISP/pymisp/data/describeTypes.json ]]; then
ln -s /usr/local/lib/python3.7/dist-packages/pymisp/data/describeTypes.json /var/www/MISP/PyMISP/pymisp/data/describeTypes.json
fi
if [[ "$NOREDIR" == true ]]; then
ln -s /etc/nginx/sites-available/misp80-noredir /etc/nginx/sites-enabled/misp80
else
ln -s /etc/nginx/sites-available/misp80 /etc/nginx/sites-enabled/misp80
fi
# Start NGINX
nginx -g 'daemon off;'

32
server/files/etc/nginx/misp80-noredir Normal file
View File

@ -0,0 +1,32 @@
server {
listen 80;
listen [::]:80;
root /var/www/MISP/app/webroot;
index index.php;
# Disable access logs
access_log off;
log_not_found off;
error_log /dev/stderr error;
# Aded headers for hardening browser security
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
}
}