version: '3' services: # This is capable to relay via gmail, Amazon SES, or generic relays # See: https://hub.docker.com/r/ixdotai/smtp mail: image: ixdotai/smtp environment: - "SMARTHOST_ADDRESS=${SMARTHOST_ADDRESS}" - "SMARTHOST_PORT=${SMARTHOST_PORT}" - "SMARTHOST_USER=${SMARTHOST_USER}" - "SMARTHOST_PASSWORD=${SMARTHOST_PASSWORD}" - "SMARTHOST_ALIASES=${SMARTHOST_ALIASES}" redis: image: valkey/valkey:7.2 command: "--requirepass ${REDIS_PASSWORD:-redispassword}" healthcheck: test: "valkey-cli -a ${REDIS_PASSWORD:-redispassword} ping || exit 1" interval: 2s timeout: 1s retries: 3 start_period: 30s db: # We use MariaDB because it supports ARM and has the expected collations image: mariadb:10.11 restart: always environment: - "MYSQL_USER=${MYSQL_USER:-misp}" - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}" - "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-password}" - "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}" volumes: - mysql_data:/var/lib/mysql cap_add: - SYS_NICE # CAP_SYS_NICE Prevent runaway mysql log healthcheck: test: mysqladmin --user=$$MYSQL_USER --password=$$MYSQL_PASSWORD status interval: 2s timeout: 1s retries: 3 start_period: 30s misp-core: image: ghcr.io/misp/misp-docker/misp-core:latest build: context: core/. args: - CORE_TAG=${CORE_TAG:?Missing .env file, see README.md for instructions} - CORE_COMMIT=${CORE_COMMIT} - PHP_VER=${PHP_VER:?Missing .env file, see README.md for instructions} - PYPI_REDIS_VERSION=${PYPI_REDIS_VERSION} - PYPI_LIEF_VERSION=${PYPI_LIEF_VERSION} - PYPI_PYDEEP2_VERSION=${PYPI_PYDEEP2_VERSION} - PYPI_PYTHON_MAGIC_VERSION=${PYPI_PYTHON_MAGIC_VERSION} - PYPI_MISP_LIB_STIX2_VERSION=${PYPI_MISP_LIB_STIX2_VERSION} - PYPI_MAEC_VERSION=${PYPI_MAEC_VERSION} - PYPI_MIXBOX_VERSION=${PYPI_MIXBOX_VERSION} - PYPI_CYBOX_VERSION=${PYPI_CYBOX_VERSION} - PYPI_PYMISP_VERSION=${PYPI_PYMISP_VERSION} - PYPI_MISP_STIX_VERSION=${PYPI_MISP_STIX_VERSION} depends_on: redis: condition: service_healthy db: condition: service_healthy healthcheck: test: curl -ks https://localhost/users/heartbeat > /dev/null || exit 1 interval: 2s timeout: 1s retries: 3 start_period: 30s start_interval: 30s ports: - "80:80" - "443:443" volumes: - "./configs/:/var/www/MISP/app/Config/" - "./logs/:/var/www/MISP/app/tmp/logs/" - "./files/:/var/www/MISP/app/files/" - "./ssl/:/etc/nginx/certs/" - "./gnupg/:/var/www/MISP/.gnupg/" # customize by replacing ${CUSTOM_PATH} with a path containing 'files/customize_misp.sh' # - "${CUSTOM_PATH}/:/custom/" # mount custom ca root certificates # - "./rootca.pem:/usr/local/share/ca-certificates/rootca.crt" environment: - "BASE_URL=${BASE_URL}" - "CRON_USER_ID=${CRON_USER_ID}" - "DISABLE_IPV6=${DISABLE_IPV6}" - "DISABLE_SSL_REDIRECT=${DISABLE_SSL_REDIRECT}" - "ENABLE_DB_SETTINGS=${ENABLE_DB_SETTINGS}" - "ENCRYPTION_KEY=${ENCRYPTION_KEY}" # standard settings - "ADMIN_EMAIL=${ADMIN_EMAIL}" - "ADMIN_PASSWORD=${ADMIN_PASSWORD}" - "ADMIN_KEY=${ADMIN_KEY}" - "ADMIN_ORG=${ADMIN_ORG}" - "GPG_PASSPHRASE=${GPG_PASSPHRASE}" # OIDC authentication settings - "OIDC_ENABLE=${OIDC_ENABLE}" - "OIDC_PROVIDER_URL=${OIDC_PROVIDER_URL}" - "OIDC_CLIENT_ID=${OIDC_CLIENT_ID}" - "OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}" - "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}" - "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}" - "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}" # LDAP authentication settings - "LDAP_ENABLE=${LDAP_ENABLE}" - "LDAP_APACHE_ENV=${LDAP_APACHE_ENV}" - "LDAP_SERVER=${LDAP_SERVER}" - "LDAP_STARTTLS=${LDAP_STARTTLS}" - "LDAP_READER_USER=${LDAP_READER_USER}" - "LDAP_READER_PASSWORD=${LDAP_READER_PASSWORD}" - "LDAP_DN=${LDAP_DN}" - "LDAP_SEARCH_FILTER=${LDAP_SEARCH_FILTER}" - "LDAP_SEARCH_ATTRIBUTE=${LDAP_SEARCH_ATTRIBUTE}" - "LDAP_FILTER=${LDAP_FILTER}" - "LDAP_DEFAULT_ROLE_ID=${LDAP_DEFAULT_ROLE_ID}" - "LDAP_DEFAULT_ORG=${LDAP_DEFAULT_ORG}" - "LDAP_EMAIL_FIELD=${LDAP_EMAIL_FIELD}" - "LDAP_OPT_PROTOCOL_VERSION=${LDAP_OPT_PROTOCOL_VERSION}" - "LDAP_OPT_NETWORK_TIMEOUT=${LDAP_OPT_NETWORK_TIMEOUT}" - "LDAP_OPT_REFERRALS=${LDAP_OPT_REFERRALS}" # AAD authentication settings - "AAD_ENABLE=${AAD_ENABLE}" - "AAD_CLIENT_ID=${AAD_CLIENT_ID}" - "AAD_TENANT_ID=${AAD_TENANT_ID}" - "AAD_CLIENT_SECRET=${AAD_CLIENT_SECRET}" - "AAD_REDIRECT_URI=${AAD_REDIRECT_URI}" - "AAD_PROVIDER=${AAD_PROVIDER}" - "AAD_PROVIDER_USER=${AAD_PROVIDER_USER}" - "AAD_MISP_USER=${AAD_MISP_USER}" - "AAD_MISP_ORGADMIN=${AAD_MISP_ORGADMIN}" - "AAD_MISP_SITEADMIN=${AAD_MISP_SITEADMIN}" - "AAD_CHECK_GROUPS=${AAD_CHECK_GROUPS}" # Proxy settings - "PROXY_ENABLE=${PROXY_ENABLE}" - "PROXY_HOST=${PROXY_HOST}" - "PROXY_PORT=${PROXY_PORT}" - "PROXY_METHOD=${PROXY_METHOD}" - "PROXY_USER=${PROXY_USER}" - "PROXY_PASSWORD=${PROXY_PASSWORD}" # sync server settings (see https://www.misp-project.org/openapi/#tag/Servers for more options) - "SYNCSERVERS=${SYNCSERVERS}" - | SYNCSERVERS_1_DATA= { "remote_org_uuid": "${SYNCSERVERS_1_UUID}", "name": "${SYNCSERVERS_1_NAME}", "authkey": "${SYNCSERVERS_1_KEY}", "url": "${SYNCSERVERS_1_URL}", "pull_rules": "${SYNCSERVERS_1_PULL_RULES}", "pull": true } # mysql settings - "MYSQL_HOST=${MYSQL_HOST:-db}" - "MYSQL_PORT=${MYSQL_PORT:-3306}" - "MYSQL_USER=${MYSQL_USER:-misp}" - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}" - "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}" # redis settings - "REDIS_PASSWORD=${REDIS_PASSWORD:-redispassword}" # Debug setting - "DEBUG=${DEBUG}" # SMTP setting - "SMTP_FQDN=${SMTP_FQDN}" misp-modules: image: ghcr.io/misp/misp-docker/misp-modules:latest build: context: modules/. args: - MODULES_TAG=${MODULES_TAG:?Missing .env file, see README.md for instructions} - MODULES_COMMIT=${MODULES_COMMIT} - LIBFAUP_COMMIT=${LIBFAUP_COMMIT:?Missing .env file, see README.md for instructions} environment: - "REDIS_BACKEND=redis" - "REDIS_PW=${REDIS_PASSWORD:-redispassword}" depends_on: redis: condition: service_healthy volumes: mysql_data: