MISP
/
misp-docker
mirror of https://github.com/MISP/misp-docker
2
0
Fork 0
Code Issues Releases Wiki Activity

Bump modules plus many other changes

pull/137/head
Stefano Ortolani 2024-08-24 13:50:19 +01:00
parent 05f73f6c4c
commit e131f85e55
7 changed files with 63 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
core/files/entrypoint.sh
View File

@ -33,5 +33,15 @@ export ENABLE_DB_SETTINGS=${ENABLE_DB_SETTINGS:-false}
export PROXY_ENABLE=${PROXY_ENABLE:-false} export PROXY_ENABLE=${PROXY_ENABLE:-false}
export DEBUG=${DEBUG:-0} export DEBUG=${DEBUG:-0}
export FASTCGI_READ_TIMEOUT=${FASTCGI_READ_TIMEOUT:-300s}
export FASTCGI_SEND_TIMEOUT=${FASTCGI_SEND_TIMEOUT:-300s}
export FASTCGI_CONNECT_TIMEOUT=${FASTCGI_CONNECT_TIMEOUT:-300s}
export PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-2048M}
export PHP_MAX_EXECUTION_TIME=${PHP_MAX_EXECUTION_TIME:-300}
export PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}
export PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}
export PHP_MAX_INPUT_TIME:${PHP_MAX_INPUT_TIME:-300}
# start supervisord using the main configuration file so we have a socket interface # start supervisord using the main configuration file so we have a socket interface
/usr/bin/supervisord -c /etc/supervisor/supervisord.conf /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

9
core/files/entrypoint_fpm.sh
View File

@ -12,10 +12,11 @@ change_php_vars() {
for FILE in /etc/php/*/fpm/php.ini for FILE in /etc/php/*/fpm/php.ini
do do
[[ -e $FILE ]] || break [[ -e $FILE ]] || break
sed -i "s/memory_limit = .*/memory_limit = 2048M/" "$FILE" sed -i "s/memory_limit = .*/memory_limit = ${PHP_MEMORY_LIMIT}/" "$FILE"
sed -i "s/max_execution_time = .*/max_execution_time = 300/" "$FILE" sed -i "s/max_execution_time = .*/max_execution_time = ${PHP_MAX_EXECUTION_TIME}/" "$FILE"
sed -i "s/upload_max_filesize = .*/upload_max_filesize = 50M/" "$FILE" sed -i "s/upload_max_filesize = .*/upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE}/" "$FILE"
sed -i "s/post_max_size = .*/post_max_size = 50M/" "$FILE" sed -i "s/post_max_size = .*/post_max_size = ${PHP_POST_MAX_SIZE}/" "$FILE"
sed -i "s/max_input_time = .*/max_input_time = ${PHP_MAX_INPUT_TIME}|" "$FILE"
sed -i "s/session.save_handler = .*/session.save_handler = redis/" "$FILE" sed -i "s/session.save_handler = .*/session.save_handler = redis/" "$FILE"
sed -i "s|.*session.save_path = .*|session.save_path = '$(echo $REDIS_HOST | grep -E '^\w+://' || echo tcp://$REDIS_HOST):6379?auth=${REDIS_PASSWORD}'|" "$FILE" sed -i "s|.*session.save_path = .*|session.save_path = '$(echo $REDIS_HOST | grep -E '^\w+://' || echo tcp://$REDIS_HOST):6379?auth=${REDIS_PASSWORD}'|" "$FILE"
sed -i "s/session.sid_length = .*/session.sid_length = 64/" "$FILE" sed -i "s/session.sid_length = .*/session.sid_length = 64/" "$FILE"

8
core/files/entrypoint_nginx.sh
View File

@ -199,6 +199,14 @@ flip_nginx() {
} }
init_nginx() { init_nginx() {
# Adjust timeouts
echo "... adjusting 'fastcgi_read_timeout' to ${FASTCGI_READ_TIMEOUT}"
sed -i "s/fastcgi_read_timeout .*;/fastcgi_read_timeout ${FASTCGI_READ_TIMEOUT};/" /etc/nginx/includes/misp
echo "... adjusting 'fastcgi_send_timeout' to ${FASTCGI_SEND_TIMEOUT}"
sed -i "s/fastcgi_send_timeout .*;/fastcgi_send_timeout ${FASTCGI_SEND_TIMEOUT};/" /etc/nginx/includes/misp
echo "... adjusting 'fastcgi_connect_timeout' to ${FASTCGI_CONNECT_TIMEOUT}"
sed -i "s/fastcgi_connect_timeout .*;/fastcgi_connect_timeout ${FASTCGI_CONNECT_TIMEOUT};/" /etc/nginx/includes/misp
# Testing for files also test for links, and generalize better to mounted files # Testing for files also test for links, and generalize better to mounted files
if [[ ! -f "/etc/nginx/sites-enabled/misp80" ]]; then if [[ ! -f "/etc/nginx/sites-enabled/misp80" ]]; then
echo "... enabling port 80 redirect" echo "... enabling port 80 redirect"

4
core/files/etc/nginx/includes/misp
View File

@ -25,7 +25,9 @@ location / {
location ~ ^/[^/]+\.php(/|$) { location ~ ^/[^/]+\.php(/|$) {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_read_timeout 300; fastcgi_read_timeout 300s;
fastcgi_send_timeout 300s;
fastcgi_connect_timeout 300s;
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
set $path_info $fastcgi_path_info; set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info; fastcgi_param PATH_INFO $path_info;

16
docker-compose.yml
View File

@ -42,7 +42,9 @@ services:
start_period: 30s start_period: 30s
misp-core: misp-core:
image: ghcr.io/misp/misp-docker/misp-core:latest image: ghcr.io/misp/misp-docker/misp-core:${CORE_RUNNING_TAG:-latest}
cap_add:
- CAP_AUDIT_WRITE
build: build:
context: core/. context: core/.
args: args:
@ -167,9 +169,19 @@ services:
- "DEBUG=${DEBUG}" - "DEBUG=${DEBUG}"
# SMTP setting # SMTP setting
- "SMTP_FQDN=${SMTP_FQDN}" - "SMTP_FQDN=${SMTP_FQDN}"
# NGINX settings
- "FASTCGI_READ_TIMEOUT=${FASTCGI_READ_TIMEOUT:-300s}"
- "FASTCGI_SEND_TIMEOUT=${FASTCGI_SEND_TIMEOUT:-300s}"
- "FASTCGI_CONNECT_TIMEOUT=${FASTCGI_CONNECT_TIMEOUT:-300s}"
# PHP settings
- "PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-2048M}"
- "PHP_MAX_EXECUTION_TIME=${PHP_MAX_EXECUTION_TIME:-300}"
- "PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}"
- "PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}"
- "PHP_MAX_INPUT_TIME:${PHP_MAX_INPUT_TIME:-300}"
misp-modules: misp-modules:
image: ghcr.io/misp/misp-docker/misp-modules:latest image: ghcr.io/misp/misp-docker/misp-modules:${MODULES_RUNNING_TAG:-latest}
build: build:
context: modules/. context: modules/.
args: args:

9
modules/Dockerfile
View File

@ -30,9 +30,14 @@ FROM "${DOCKER_HUB_PROXY}python:3.12-slim-bookworm" AS python-build
EOF EOF
WORKDIR /srv/misp-modules WORKDIR /srv/misp-modules
RUN pip install pipenv RUN pip install poetry
RUN pipenv requirements > requirements.txt RUN sed -i "s/^python = .*/python = \"$(python -c 'import platform; print(platform.python_version())')\"/" pyproject.toml
RUN poetry lock
# RUN poetry install --with unstable
RUN poetry self add poetry-plugin-export
RUN poetry export --with unstable --without-hashes -f requirements.txt -o requirements.txt
RUN pip wheel -r requirements.txt --no-cache-dir -w /wheels/ RUN pip wheel -r requirements.txt --no-cache-dir -w /wheels/
RUN poetry build --output /wheels/
WORKDIR /srv/ WORKDIR /srv/
RUN rm -rf /srv/misp-modules RUN rm -rf /srv/misp-modules

17
template.env
View File

@ -3,7 +3,7 @@
## ##
CORE_TAG=v2.4.196 CORE_TAG=v2.4.196
MODULES_TAG=v2.4.195 MODULES_TAG=v2.4.196
PHP_VER=20190902 PHP_VER=20190902
LIBFAUP_COMMIT=3a26d0a LIBFAUP_COMMIT=3a26d0a
@ -28,6 +28,9 @@ LIBFAUP_COMMIT=3a26d0a
# Run-time variables # Run-time variables
## ##
# CORE_RUNNING_TAG=latest
# MODULES_RUNNING_TAG=latest
# Email/username for user #1, defaults to MISP's default (admin@admin.test) # Email/username for user #1, defaults to MISP's default (admin@admin.test)
ADMIN_EMAIL= ADMIN_EMAIL=
# name of org #1, default to MISP's default (ORGNAME) # name of org #1, default to MISP's default (ORGNAME)
@ -166,3 +169,15 @@ SYNCSERVERS_1_PULL_RULES=
# 1 - Debug on # 1 - Debug on
# 2 - Debug on + SQL dump # 2 - Debug on + SQL dump
# DEBUG= # DEBUG=
# FastCGI configuration
# FASTCGI_READ_TIMEOUT=300s
# FASTCGI_SEND_TIMEOUT=300s
# FASTCGI_CONNECT_TIMEOUT=300s
# PHP fpm configuration
# PHP_MEMORY_LIMIT=2048
# PHP_MAX_EXECUTION_TIME=300
# PHP_UPLOAD_MAX_FILESIZE=50M
# PHP_POST_MAX_SIZE=50M
# PHP_MAX_INPUT_TIME=300