## # Build-time variables ## CORE_TAG=v2.5.1 MODULES_TAG=v2.4.198 PHP_VER=20220829 LIBFAUP_COMMIT=3a26d0a # PYPY_* vars take precedence over MISP's # PYPI_REDIS_VERSION="==5.0.*" # PYPI_LIEF_VERSION=">=0.13.1" # PYPI_PYDEEP2_VERSION="==0.5.*" # PYPI_PYTHON_MAGIC_VERSION="==0.4.*" # PYPI_MISP_LIB_STIX2_VERSION="==3.0.*" # PYPI_MAEC_VERSION="==4.1.*" # PYPI_MIXBOX_VERSION="==1.0.*" # PYPI_CYBOX_VERSION="==2.1.*" # PYPI_PYMISP_VERSION="==2.4.178" # PYPI_MISP_STIX_VERSION"==2.4.194" # CORE_COMMIT takes precedence over CORE_TAG # CORE_COMMIT=0bba3f5 # MODULES_COMMIT takes precedence over MODULES_TAG # MODULES_COMMIT=de69ae3 ## # Run-time variables ## # CORE_RUNNING_TAG=latest # MODULES_RUNNING_TAG=latest # Email/username for user #1, defaults to MISP's default (admin@admin.test) ADMIN_EMAIL= # name of org #1, default to MISP's default (ORGNAME) ADMIN_ORG= # defaults to an automatically generated one ADMIN_KEY= # defaults to MISP's default (admin) ADMIN_PASSWORD= # defaults to 'passphrase' GPG_PASSPHRASE= # defaults to 1 (the admin user) CRON_USER_ID= # defaults to 'https://localhost' BASE_URL= # store settings in db except those that must stay in config.php. true/false, defaults to false ENABLE_DB_SETTINGS= # encryption key. defaults to empty string ENCRYPTION_KEY= # enable background updates. defaults to false ENABLE_BACKGROUND_UPDATES= # defines the FQDN of the mail sub-system (defaults to 'mail') # SMTP_FQDN= # optional and used by the mail sub-system SMARTHOST_ADDRESS= SMARTHOST_PORT= SMARTHOST_USER= SMARTHOST_PASSWORD= SMARTHOST_ALIASES= # optional comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1) # For this to work ADMIN_KEY must be set, or AUTOGEN_ADMIN_KEY must be true (default) SYNCSERVERS= # note: if you have more than one syncserver, you need to update docker-compose.yml SYNCSERVERS_1_URL= SYNCSERVERS_1_NAME= SYNCSERVERS_1_UUID= SYNCSERVERS_1_KEY= # pull rules are JSON encoded (and escaped) dictionaries # Example: only pull events where the analysis is complete # SYNCSERVERS_1_PULL_RULES='{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"{\\\"searchanalysis\\\": \\\"2\\\"}\"}' SYNCSERVERS_1_PULL_RULES= # optional and used to set mysql db and credentials # MYSQL_HOST= # MYSQL_PORT= # MYSQL_USER= # MYSQL_PASSWORD= # MYSQL_ROOT_PASSWORD= # MYSQL_DATABASE= # optional and used to set redis password # REDIS_HOST= # REDIS_PORT= # REDIS_PASSWORD= # These variables allows overriding some MISP email values. # They all default to ADMIN_EMAIL. # MISP.email, used for notifications. Also used # for GnuPG.email and GPG autogeneration. # MISP_EMAIL= # MISP.contact, the e-mail address that # MISP should include as a contact address # for the instance's support team. # MISP_CONTACT= # Enable GPG autogeneration (default true) # AUTOCONF_GPG=true # Enable admin (user #1) API key autogeneration # if ADMIN_KEY is not set above (default true) # AUTOGEN_ADMIN_KEY=true # Disable IPv6 completely # DISABLE_IPV6=true # Disable SSL redirect # DISABLE_SSL_REDIRECT=true # Enable OIDC authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/README.md # OIDC_ENABLE=true # OIDC_PROVIDER_URL= # OIDC_CLIENT_ID= # OIDC_CLIENT_SECRET= # OIDC_ROLES_PROPERTY="roles" # OIDC_ROLES_MAPPING="{\"admin\": \"1\"}" # OIDC_DEFAULT_ORG= # OIDC_LOGOUT_URL= # Enable LDAP (using the ApacheSecureAuth component) authentication, according to https://github.com/MISP/MISP/issues/6189 # NOTE: Once you enable LDAP authentication with the ApacheSecureAuth component, # users should not be able to control the HTTP header configured in LDAP_APACHE_ENV # (e.g. REMOTE_USER), this means you must not allow direct access to MISP. # NOTE 2: You need to escape special characters twice, e.g., "pass\word" becomes "pass\\\\word". # LDAP_ENABLE=true # LDAP_APACHE_ENV="REMOTE_USER" # LDAP_SERVER="ldap://your_domain_controller" # LDAP_STARTTLS=true # LDAP_READER_USER="CN=service_account_name,OU=Users,DC=domain,DC=net" # LDAP_READER_PASSWORD="password" # LDAP_DN="OU=Users,DC=domain,DC=net" # LDAP_SEARCH_FILTER="" # LDAP_SEARCH_ATTRIBUTE="uid" # LDAP_FILTER="[\"mail\", \"uid\", \"cn\" ]" # LDAP_DEFAULT_ROLE_ID="3" # LDAP_DEFAULT_ORG="1" # LDAP_EMAIL_FIELD="[\"mail\"]" # LDAP_OPT_PROTOCOL_VERSION="3" # LDAP_OPT_NETWORK_TIMEOUT="-1" # LDAP_OPT_REFERRALS=false # Enable Azure AD (Entra) authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/AadAuth/README.md # AAD_ENABLE=true # AAD_CLIENT_ID= # AAD_TENANT_ID= # AAD_CLIENT_SECRET= # AAD_REDIRECT_URI="https://misp.mydomain.com/users/login" # AAD_PROVIDER="https://login.microsoftonline.com/" # AAD_PROVIDER_USER="https://graph.microsoft.com/" # AAD_MISP_USER="Misp Users" # AAD_MISP_ORGADMIN="Misp Org Admins" # AAD_MISP_SITEADMIN="Misp Site Admins" # AAD_CHECK_GROUPS=false # Enable the use of a Proxy server # PROXY_ENABLE=true # PROXY_HOST= # PROXY_PORT= # PROXY_METHOD= # PROXY_USER= # PROXY_PASSWORD= # Enable debugging # ALWAYS SET THIS TO 0 IN PRODUCTION # 0 - Debug off (default) # 1 - Debug on # 2 - Debug on + SQL dump # DEBUG= # FastCGI configuration # FASTCGI_READ_TIMEOUT=300s # FASTCGI_SEND_TIMEOUT=300s # FASTCGI_CONNECT_TIMEOUT=300s # PHP FPM configuration ## Basic PHP settings # Maximum memory a PHP script can use. # PHP_MEMORY_LIMIT=2048M # Maximum execution time for a PHP script in seconds. # PHP_MAX_EXECUTION_TIME=300 # Maximum file upload size for PHP scripts. # PHP_UPLOAD_MAX_FILESIZE=50M # Maximum size for POST data sent to PHP. # PHP_POST_MAX_SIZE=50M # Maximum time PHP spends parsing input data in seconds. # PHP_MAX_INPUT_TIME=300 ## Additional PHP settings # Timeout (in minutes) for user session inactivity before it expires. # PHP_SESSION_TIMEOUT=60 # Session cookie validity period in minutes. # PHP_SESSION_COOKIE_TIMEOUT=10080 # Default PHP configurations. # PHP_SESSION_DEFAULTS=php # Automatically regenerate session ID on each request. # PHP_SESSION_AUTO_REGENERATE=false # Check user agent on each request for security. # PHP_SESSION_CHECK_AGENT=false # Only send session cookies over HTTPS. # PHP_SESSION_COOKIE_SECURE=true # Domain for session cookie validity (leave empty for current domain). # PHP_SESSION_COOKIE_DOMAIN= # SameSite policy for cookies ("Lax" allows top-level navigation). # PHP_SESSION_COOKIE_SAMESITE=Lax # MariaSQL/MySQL (InnoDB) configuration # INNODB_BUFFER_POOL_SIZE=2048M # INNODB_CHANGE_BUFFERING=none # INNODB_IO_CAPACITY=1000 # INNODB_IO_CAPACITY_MAX=2000 # INNODB_LOG_FILE_SIZE=600M # INNODB_READ_IO_THREADS=16 # INNODB_STATS_PERSISTENT=ON # INNODB_WRITE_IO_THREADS=4 # Whether to enable processing of the X-Forwarded-For header (default to false) # NGINX_X_FORWARDED_FOR=true # Comma separated list of trusted IP addresses # NGINX_SET_REAL_IP_FROM=127.0.0.1 # Security Settings # Maximum time (in seconds) for HSTS (HTTP Strict Transport Security), ensures HTTPS is used. # HSTS_MAX_AGE= # X-Frame-Options policy configuration: controls whether the site can be embedded in frames or iframes. # Options: DENY, SAMEORIGIN, ALLOW-FROM Default: SAMEORIGIN # X_FRAME_OPTIONS= # Content-Security-Policy (CSP) configuration: defines allowed resources and prevents attacks like XSS. # Example: "frame-src 'self' https://*.example.com; frame-ancestors 'self' https://*.example.com; object-src 'none'; report-uri https://example.com/cspReport" # CONTENT_SECURITY_POLICY=