MISP
/
misp-docker
mirror of https://github.com/MISP/misp-docker
2
0
Fork 0
Code Issues Releases Wiki Activity

Bump version and fix bugs 

Changes:
- Bump to version 2.4.187
- Fix error when not disabling ipv6 or ssl redirect
- Enable ztsd php extension
- Catch when .env file is not created
pull/28/head
Stefano Ortolani 2024-03-08 10:43:28 +00:00
parent 6f8dd83d9a
commit fe531d5806
4 changed files with 36 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/Dockerfile
View File

@ -55,10 +55,11 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim" as php-build
php-pear \
librdkafka-dev \
libsimdjson-dev \
libzstd-dev \
git \
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
RUN cp "/usr/lib/$(gcc -dumpmachine)"/libfuzzy.* /usr/lib; pecl channel-update pecl.php.net && pecl install ssdeep && pecl install rdkafka && pecl install simdjson
RUN cp "/usr/lib/$(gcc -dumpmachine)"/libfuzzy.* /usr/lib; pecl channel-update pecl.php.net && pecl install ssdeep && pecl install rdkafka && pecl install simdjson && pecl install zstd
RUN git clone --recursive --depth=1 https://github.com/kjdev/php-ext-brotli.git && \
cd php-ext-brotli && phpize && ./configure && make && make install
@ -174,6 +175,7 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim"
librdkafka1 \
libbrotli1 \
libsimdjson5 \
libzstd1 \
# Unsure we need these
zip unzip \
# Require for advanced an unattended configuration
@ -185,7 +187,7 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim"
RUN pip3 install --no-cache-dir /wheels/*.whl && rm -rf /wheels
# PHP: install prebuilt libraries, then install the app's PHP deps
COPY --from=php-build ["/usr/lib/php/${PHP_VER}/ssdeep.so", "/usr/lib/php/${PHP_VER}/rdkafka.so", "/usr/lib/php/${PHP_VER}/brotli.so", "/usr/lib/php/${PHP_VER}/simdjson.so", "/usr/lib/php/${PHP_VER}/"]
COPY --from=php-build ["/usr/lib/php/${PHP_VER}/ssdeep.so", "/usr/lib/php/${PHP_VER}/rdkafka.so", "/usr/lib/php/${PHP_VER}/brotli.so", "/usr/lib/php/${PHP_VER}/simdjson.so", "/usr/lib/php/${PHP_VER}/zstd.so", "/usr/lib/php/${PHP_VER}/"]
# Do an early chown to limit image size
COPY --from=python-build --chown=www-data:www-data --chmod=0550 /var/www/MISP /var/www/MISP
@ -194,7 +196,7 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim"
# Gather these in one layer, only act on actual directories under /etc/php/
RUN <<-EOF
set -- "ssdeep" "rdkafka" "brotli" "simdjson"
set -- "ssdeep" "rdkafka" "brotli" "simdjson" "zstd"
for mod in "$@"; do
for dir in /etc/php/*/; do
echo "extension=${mod}.so" > "${dir}mods-available/${mod}.ini"

44
core/files/entrypoint_nginx.sh
View File

@ -210,34 +210,40 @@ init_nginx() {
# Testing for files also test for links, and generalize better to mounted files
if [[ ! -f "/etc/nginx/sites-enabled/misp80" ]]; then
echo "... enabling port 80 redirect"
if [[ "$DISABLE_IPV6" = "true" ]]; then
sed -i "s/[^#] listen \[/ # listen \[/" /etc/nginx/sites-available/misp80
else
sed -i "s/# listen \[/listen \[" /etc/nginx/sites-available/misp80
fi
if [[ "$DISABLE_SSL_REDIRECT" = "true" ]]; then
sed -i "s/[^#] return / # return /" /etc/nginx/sites-available/misp80
sed -i "s/# include /include /" /etc/nginx/sites-available/misp80
else
sed -i "s/[^#] include / # include /" /etc/nginx/sites-available/misp80
sed -i "s/# return /return /" /etc/nginx/sites-available/misp80
fi
ln -s /etc/nginx/sites-available/misp80 /etc/nginx/sites-enabled/misp80
else
echo "... port 80 already configured"
echo "... port 80 already enabled"
fi
if [[ "$DISABLE_IPV6" = "true" ]]; then
echo "... disabling IPv6 on port 80"
sed -i "s/[^#] listen \[/ # listen \[/" /etc/nginx/sites-enabled/misp80
else
echo "... enabling IPv6 on port 80"
sed -i "s/# listen \[/listen \[/" /etc/nginx/sites-enabled/misp80
fi
if [[ "$DISABLE_SSL_REDIRECT" = "true" ]]; then
echo "... disabling SSL redirect"
sed -i "s/[^#] return / # return /" /etc/nginx/sites-enabled/misp80
sed -i "s/# include /include /" /etc/nginx/sites-enabled/misp80
else
echo "... enabling SSL redirect"
sed -i "s/[^#] include / # include /" /etc/nginx/sites-enabled/misp80
sed -i "s/# return /return /" /etc/nginx/sites-enabled/misp80
fi
# Testing for files also test for links, and generalize better to mounted files
if [[ ! -f "/etc/nginx/sites-enabled/misp443" ]]; then
echo "... enabling port 443"
if [[ "$DISABLE_IPV6" = "true" ]]; then
sed -i "s/[^#] listen \[/ # listen \[/" /etc/nginx/sites-available/misp443
else
sed -i "s/# listen \[/listen \[" /etc/nginx/sites-available/misp443
fi
ln -s /etc/nginx/sites-available/misp443 /etc/nginx/sites-enabled/misp443
else
echo "... port 443 already configured"
echo "... port 443 already enabled"
fi
if [[ "$DISABLE_IPV6" = "true" ]]; then
echo "... disabling IPv6 on port 443"
sed -i "s/[^#] listen \[/ # listen \[/" /etc/nginx/sites-enabled/misp443
else
echo "... enabling IPv6 on port 443"
sed -i "s/# listen \[/listen \[/" /etc/nginx/sites-enabled/misp443
fi
if [[ ! -f /etc/nginx/certs/cert.pem || ! -f /etc/nginx/certs/key.pem ]]; then

8
docker-compose.yml
View File

@ -33,9 +33,9 @@ services:
build:
context: core/.
args:
- CORE_TAG=${CORE_TAG}
- CORE_TAG=${CORE_TAG:?Missing .env file, see README.md for instructions}
- CORE_COMMIT=${CORE_COMMIT}
- PHP_VER=${PHP_VER}
- PHP_VER=${PHP_VER:?Missing .env file, see README.md for instructions}
- PYPI_REDIS_VERSION=${PYPI_REDIS_VERSION}
- PYPI_LIEF_VERSION=${PYPI_LIEF_VERSION}
- PYPI_PYDEEP2_VERSION=${PYPI_PYDEEP2_VERSION}
@ -120,9 +120,9 @@ services:
build:
context: modules/.
args:
- MODULES_TAG=${MODULES_TAG}
- MODULES_TAG=${MODULES_TAG:?Missing .env file, see README.md for instructions}
- MODULES_COMMIT=${MODULES_COMMIT}
- LIBFAUP_COMMIT=${LIBFAUP_COMMIT}
- LIBFAUP_COMMIT=${LIBFAUP_COMMIT:?Missing .env file, see README.md for instructions}
environment:
- "REDIS_BACKEND=redis"
depends_on:

4
template.env
View File

@ -2,8 +2,8 @@
# Build-time variables
##
CORE_TAG=v2.4.186
MODULES_TAG=v2.4.186
CORE_TAG=v2.4.187
MODULES_TAG=v2.4.187
PHP_VER=20190902
LIBFAUP_COMMIT=3a26d0a