MISP
/
misp-docker
mirror of https://github.com/MISP/misp-docker
2
0
Fork 0
Code Issues Releases Wiki Activity

Bump version and fix bugs 

Changes:
- Bump to version 2.4.187
- Fix error when not disabling ipv6 or ssl redirect
- Enable ztsd php extension
- Catch when .env file is not created
pull/28/head
Stefano Ortolani 2024-03-08 10:43:28 +00:00
parent 6f8dd83d9a
commit fe531d5806
4 changed files with 36 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/Dockerfile
View File

@ -55,10 +55,11 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim" as php-build
php-pear \ php-pear \
librdkafka-dev \ librdkafka-dev \
libsimdjson-dev \ libsimdjson-dev \
libzstd-dev \
git \ git \
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
RUN cp "/usr/lib/$(gcc -dumpmachine)"/libfuzzy.* /usr/lib; pecl channel-update pecl.php.net && pecl install ssdeep && pecl install rdkafka && pecl install simdjson RUN cp "/usr/lib/$(gcc -dumpmachine)"/libfuzzy.* /usr/lib; pecl channel-update pecl.php.net && pecl install ssdeep && pecl install rdkafka && pecl install simdjson && pecl install zstd
RUN git clone --recursive --depth=1 https://github.com/kjdev/php-ext-brotli.git && \ RUN git clone --recursive --depth=1 https://github.com/kjdev/php-ext-brotli.git && \
cd php-ext-brotli && phpize && ./configure && make && make install cd php-ext-brotli && phpize && ./configure && make && make install
@ -174,6 +175,7 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim"
librdkafka1 \ librdkafka1 \
libbrotli1 \ libbrotli1 \
libsimdjson5 \ libsimdjson5 \
libzstd1 \
# Unsure we need these # Unsure we need these
zip unzip \ zip unzip \
# Require for advanced an unattended configuration # Require for advanced an unattended configuration
@ -185,7 +187,7 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim"
RUN pip3 install --no-cache-dir /wheels/*.whl && rm -rf /wheels RUN pip3 install --no-cache-dir /wheels/*.whl && rm -rf /wheels
# PHP: install prebuilt libraries, then install the app's PHP deps # PHP: install prebuilt libraries, then install the app's PHP deps
COPY --from=php-build ["/usr/lib/php/${PHP_VER}/ssdeep.so", "/usr/lib/php/${PHP_VER}/rdkafka.so", "/usr/lib/php/${PHP_VER}/brotli.so", "/usr/lib/php/${PHP_VER}/simdjson.so", "/usr/lib/php/${PHP_VER}/"] COPY --from=php-build ["/usr/lib/php/${PHP_VER}/ssdeep.so", "/usr/lib/php/${PHP_VER}/rdkafka.so", "/usr/lib/php/${PHP_VER}/brotli.so", "/usr/lib/php/${PHP_VER}/simdjson.so", "/usr/lib/php/${PHP_VER}/zstd.so", "/usr/lib/php/${PHP_VER}/"]
# Do an early chown to limit image size # Do an early chown to limit image size
COPY --from=python-build --chown=www-data:www-data --chmod=0550 /var/www/MISP /var/www/MISP COPY --from=python-build --chown=www-data:www-data --chmod=0550 /var/www/MISP /var/www/MISP
@ -194,7 +196,7 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim"
# Gather these in one layer, only act on actual directories under /etc/php/ # Gather these in one layer, only act on actual directories under /etc/php/
RUN <<-EOF RUN <<-EOF
set -- "ssdeep" "rdkafka" "brotli" "simdjson" set -- "ssdeep" "rdkafka" "brotli" "simdjson" "zstd"
for mod in "$@"; do for mod in "$@"; do
for dir in /etc/php/*/; do for dir in /etc/php/*/; do
echo "extension=${mod}.so" > "${dir}mods-available/${mod}.ini" echo "extension=${mod}.so" > "${dir}mods-available/${mod}.ini"

44
core/files/entrypoint_nginx.sh
View File

@ -210,34 +210,40 @@ init_nginx() {
# Testing for files also test for links, and generalize better to mounted files # Testing for files also test for links, and generalize better to mounted files
if [[ ! -f "/etc/nginx/sites-enabled/misp80" ]]; then if [[ ! -f "/etc/nginx/sites-enabled/misp80" ]]; then
echo "... enabling port 80 redirect" echo "... enabling port 80 redirect"
if [[ "$DISABLE_IPV6" = "true" ]]; then
sed -i "s/[^#] listen \[/ # listen \[/" /etc/nginx/sites-available/misp80
else
sed -i "s/# listen \[/listen \[" /etc/nginx/sites-available/misp80
fi
if [[ "$DISABLE_SSL_REDIRECT" = "true" ]]; then
sed -i "s/[^#] return / # return /" /etc/nginx/sites-available/misp80
sed -i "s/# include /include /" /etc/nginx/sites-available/misp80
else
sed -i "s/[^#] include / # include /" /etc/nginx/sites-available/misp80
sed -i "s/# return /return /" /etc/nginx/sites-available/misp80
fi
ln -s /etc/nginx/sites-available/misp80 /etc/nginx/sites-enabled/misp80 ln -s /etc/nginx/sites-available/misp80 /etc/nginx/sites-enabled/misp80
else else
echo "... port 80 already configured" echo "... port 80 already enabled"
fi
if [[ "$DISABLE_IPV6" = "true" ]]; then
echo "... disabling IPv6 on port 80"
sed -i "s/[^#] listen \[/ # listen \[/" /etc/nginx/sites-enabled/misp80
else
echo "... enabling IPv6 on port 80"
sed -i "s/# listen \[/listen \[/" /etc/nginx/sites-enabled/misp80
fi
if [[ "$DISABLE_SSL_REDIRECT" = "true" ]]; then
echo "... disabling SSL redirect"
sed -i "s/[^#] return / # return /" /etc/nginx/sites-enabled/misp80
sed -i "s/# include /include /" /etc/nginx/sites-enabled/misp80
else
echo "... enabling SSL redirect"
sed -i "s/[^#] include / # include /" /etc/nginx/sites-enabled/misp80
sed -i "s/# return /return /" /etc/nginx/sites-enabled/misp80
fi fi
# Testing for files also test for links, and generalize better to mounted files # Testing for files also test for links, and generalize better to mounted files
if [[ ! -f "/etc/nginx/sites-enabled/misp443" ]]; then if [[ ! -f "/etc/nginx/sites-enabled/misp443" ]]; then
echo "... enabling port 443" echo "... enabling port 443"
if [[ "$DISABLE_IPV6" = "true" ]]; then
sed -i "s/[^#] listen \[/ # listen \[/" /etc/nginx/sites-available/misp443
else
sed -i "s/# listen \[/listen \[" /etc/nginx/sites-available/misp443
fi
ln -s /etc/nginx/sites-available/misp443 /etc/nginx/sites-enabled/misp443 ln -s /etc/nginx/sites-available/misp443 /etc/nginx/sites-enabled/misp443
else else
echo "... port 443 already configured" echo "... port 443 already enabled"
fi
if [[ "$DISABLE_IPV6" = "true" ]]; then
echo "... disabling IPv6 on port 443"
sed -i "s/[^#] listen \[/ # listen \[/" /etc/nginx/sites-enabled/misp443
else
echo "... enabling IPv6 on port 443"
sed -i "s/# listen \[/listen \[/" /etc/nginx/sites-enabled/misp443
fi fi
if [[ ! -f /etc/nginx/certs/cert.pem || ! -f /etc/nginx/certs/key.pem ]]; then if [[ ! -f /etc/nginx/certs/cert.pem || ! -f /etc/nginx/certs/key.pem ]]; then

8
docker-compose.yml
View File

@ -33,9 +33,9 @@ services:
build: build:
context: core/. context: core/.
args: args:
- CORE_TAG=${CORE_TAG} - CORE_TAG=${CORE_TAG:?Missing .env file, see README.md for instructions}
- CORE_COMMIT=${CORE_COMMIT} - CORE_COMMIT=${CORE_COMMIT}
- PHP_VER=${PHP_VER} - PHP_VER=${PHP_VER:?Missing .env file, see README.md for instructions}
- PYPI_REDIS_VERSION=${PYPI_REDIS_VERSION} - PYPI_REDIS_VERSION=${PYPI_REDIS_VERSION}
- PYPI_LIEF_VERSION=${PYPI_LIEF_VERSION} - PYPI_LIEF_VERSION=${PYPI_LIEF_VERSION}
- PYPI_PYDEEP2_VERSION=${PYPI_PYDEEP2_VERSION} - PYPI_PYDEEP2_VERSION=${PYPI_PYDEEP2_VERSION}
@ -120,9 +120,9 @@ services:
build: build:
context: modules/. context: modules/.
args: args:
- MODULES_TAG=${MODULES_TAG} - MODULES_TAG=${MODULES_TAG:?Missing .env file, see README.md for instructions}
- MODULES_COMMIT=${MODULES_COMMIT} - MODULES_COMMIT=${MODULES_COMMIT}
- LIBFAUP_COMMIT=${LIBFAUP_COMMIT} - LIBFAUP_COMMIT=${LIBFAUP_COMMIT:?Missing .env file, see README.md for instructions}
environment: environment:
- "REDIS_BACKEND=redis" - "REDIS_BACKEND=redis"
depends_on: depends_on:

4
template.env
View File

@ -2,8 +2,8 @@
# Build-time variables # Build-time variables
## ##
CORE_TAG=v2.4.186 CORE_TAG=v2.4.187
MODULES_TAG=v2.4.186 MODULES_TAG=v2.4.187
PHP_VER=20190902 PHP_VER=20190902
LIBFAUP_COMMIT=3a26d0a LIBFAUP_COMMIT=3a26d0a