MISP
/
misp-docker
mirror of https://github.com/MISP/misp-docker
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-docker/README.md

112 lines
6.1 KiB
Markdown
Raw Permalink Blame History

# MISP Docker images
[![Build Status](https://img.shields.io/github/actions/workflow/status/MISP/misp-docker/release-latest.yml)](https://github.com/orgs/MISP/packages)
[![Gitter chat](https://badges.gitter.im/gitterHQ/gitter.png)](https://gitter.im/MISP/Docker)
A production ready Docker MISP image (formerly hosted at https://github.com/ostefano/docker-misp, now deprecated) loosely based on CoolAcid and DSCO builds, with nearly all logic rewritten and verified for correctness and portability.
Notable features:
- MISP and MISP modules are split into two different Docker images, `misp-core` and `misp-modules`
- Docker images are pushed regularly, no build required
- Lightweigth Docker images by using multiple build stages and a slim parent image
- Rely on off the shelf Docker images for Exim4, Redis, and MariaDB
- Cron jobs run updates, pushes, and pulls
- Fix supervisord process control (processes are correctly terminated upon reload)
- Fix schema update by making it completely offline (no user interaction required)
- Fix enforcement of permissions
- Fix MISP modules loading of faup library
- Fix MISP modules loading of gl library
- Add support for new background job [system](https://github.com/MISP/MISP/blob/2.4/docs/background-jobs-migration-guide.md)
- Add support for building specific MISP and MISP-modules commits
- Add automatic configuration of syncservers (see `configure_misp.sh`)
- Add automatic configuration of authentication keys (see `configure_misp.sh`)
- Add direct push of docker images to GitHub Packages
- Consolidated `docker-compose.yml` file
- Workardound VirtioFS bug when running Docker Desktop for Mac
- ... and many others
The underlying spirit of this project is to allow "repeatable deployments", and all pull requests in this direction will be merged post-haste.
## Getting Started
- Copy the `template.env` to `.env`
- Customize `.env` based on your needs (optional step)
### Run
- `docker-compose pull` if you want to use pre-built images or `docker-compose build` if you want to build your own (see the `Troubleshooting` section in case of errors)
- `docker-compose up`
- Login to `https://localhost`
- User: `admin@admin.test`
- Password: `admin`
Keeping the image up-to-date with upstream should be as simple as running `docker-compose pull`.
### Configuration
The `docker-compose.yml` file allows further configuration settings:
```
"MYSQL_HOST=db"
"MYSQL_USER=misp"
"MYSQL_PASSWORD=example" # NOTE: This should be AlphaNum with no Special Chars. Otherwise, edit config files after first run.
"MYSQL_DATABASE=misp"
"MISP_MODULES_FQDN=http://misp-modules" # Set the MISP Modules FQDN, used for Enrichment_services_url/Import_services_url/Export_services_url
"WORKERS=1" # Legacy variable controlling the number of parallel workers (use variables below instead)
"NUM_WORKERS_DEFAULT=5" # To set the number of default workers
"NUM_WORKERS_PRIO=5" # To set the number of prio workers
"NUM_WORKERS_EMAIL=5" # To set the number of email workers
"NUM_WORKERS_UPDATE=1" # To set the number of update workers
"NUM_WORKERS_CACHE=5" # To set the number of cache workers
```
New options are added on a regular basis.
### Production
- It is recommended to specify the build you want run by editing `docker-compose.yml` (see here for the list of available tags https://github.com/orgs/MISP/packages)
- Directory volume mount SSL Certs `./ssl`: `/etc/ssl/certs`
- Certificate File: `cert.pem`
- Certificate Key File: `key.pem`
- CA File for Cert Authentication (optional) `ca.pem`
- Additional directory volume mounts:
- `./configs`: `/var/www/MISP/app/Config/`
- `./logs`: `/var/www/MISP/app/tmp/logs/`
- `./files`: `/var/www/MISP/app/files/`
- `./gnupg`: `/var/www/MISP/.gnupg/`
- If you need to automatically run additional steps each time the container starts, create a new file `files/customize_misp.sh`, and replace the variable `${CUSTOM_PATH}` inside `docker-compose.yml` with its parent path.
## Installing custom root CA certificates
Custom root CA certificates can be mounted under `/usr/local/share/ca-certificates` and will be installed during the `misp-core` container start.
**Note:** It is important to have the .crt extension on the file, otherwise it will not be processed.
```yaml
misp-core:
# ...
volumes:
- "./configs/:/var/www/MISP/app/Config/"
- "./logs/:/var/www/MISP/app/tmp/logs/"
- "./files/:/var/www/MISP/app/files/"
- "./ssl/:/etc/nginx/certs/"
- "./gnupg/:/var/www/MISP/.gnupg/"
# customize by replacing ${CUSTOM_PATH} with a path containing 'files/customize_misp.sh'
# - "${CUSTOM_PATH}/:/custom/"
# mount custom ca root certificates
- "./rootca.pem:/usr/local/share/ca-certificates/rootca.crt"
```
## Troubleshooting
- Make sure you run a fairly recent version of Docker and Docker Compose (if in doubt, update following the steps outlined in https://docs.docker.com/engine/install/ubuntu/)
- Some Linux distributions provide a recent version of Docker but a legacy version of Docker Compose, so you can try running `docker compose` instead of `docker-compose`
- Make sure you are not running an old image or container; when in doubt run `docker system prune --volumes` and clone this repository into an empty directory
## Versioning
A GitHub Action builds both `misp-core` and `misp-modules` images automatically and pushes them to the [GitHub Package registry](https://github.com/orgs/MISP/packages). We do not use tags inside the repository; instead we tag images as they are pushed to the registry. For each build, `misp-core` and `misp-modules` images are tagged as follows:
- `misp-core:${commit-sha1}[0:7]` and `misp-modules:${commit-sha1}[0:7]` where `${commit-sha1}` is the commit hash triggering the build
- `misp-core:latest` and `misp-modules:latest` in order to track the latest builds available
- `misp-core:${CORE_TAG}` and `misp-modules:${MODULES_TAG}` reflecting the underlying version of MISP and MISP modules (as specified inside the `template.env` file at build time)
Reference in New Issue View Git Blame Copy Permalink