mirror of https://github.com/MISP/misp-docker
133 lines
4.9 KiB
YAML
133 lines
4.9 KiB
YAML
version: '3'
|
|
services:
|
|
# This is capable to relay via gmail, Amazon SES, or generic relays
|
|
# See: https://hub.docker.com/r/ixdotai/smtp
|
|
mail:
|
|
image: ixdotai/smtp
|
|
environment:
|
|
- "SMARTHOST_ADDRESS=${SMARTHOST_ADDRESS}"
|
|
- "SMARTHOST_PORT=${SMARTHOST_PORT}"
|
|
- "SMARTHOST_USER=${SMARTHOST_USER}"
|
|
- "SMARTHOST_PASSWORD=${SMARTHOST_PASSWORD}"
|
|
- "SMARTHOST_ALIASES=${SMARTHOST_ALIASES}"
|
|
|
|
redis:
|
|
image: redis:7.2
|
|
|
|
db:
|
|
# We use MariaDB because it supports ARM and has the expected collations
|
|
image: mariadb:10.11
|
|
restart: always
|
|
environment:
|
|
- "MYSQL_USER=${MYSQL_USER:-misp}"
|
|
- "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"
|
|
- "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-password}"
|
|
- "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}"
|
|
volumes:
|
|
- mysql_data:/var/lib/mysql
|
|
cap_add:
|
|
- SYS_NICE # CAP_SYS_NICE Prevent runaway mysql log
|
|
|
|
misp-core:
|
|
image: ghcr.io/misp/misp-docker/misp-core:latest
|
|
build:
|
|
context: core/.
|
|
args:
|
|
- CORE_TAG=${CORE_TAG:?Missing .env file, see README.md for instructions}
|
|
- CORE_COMMIT=${CORE_COMMIT}
|
|
- PHP_VER=${PHP_VER:?Missing .env file, see README.md for instructions}
|
|
- PYPI_REDIS_VERSION=${PYPI_REDIS_VERSION}
|
|
- PYPI_LIEF_VERSION=${PYPI_LIEF_VERSION}
|
|
- PYPI_PYDEEP2_VERSION=${PYPI_PYDEEP2_VERSION}
|
|
- PYPI_PYTHON_MAGIC_VERSION=${PYPI_PYTHON_MAGIC_VERSION}
|
|
- PYPI_MISP_LIB_STIX2_VERSION=${PYPI_MISP_LIB_STIX2_VERSION}
|
|
- PYPI_MAEC_VERSION=${PYPI_MAEC_VERSION}
|
|
- PYPI_MIXBOX_VERSION=${PYPI_MIXBOX_VERSION}
|
|
- PYPI_CYBOX_VERSION=${PYPI_CYBOX_VERSION}
|
|
- PYPI_PYMISP_VERSION=${PYPI_PYMISP_VERSION}
|
|
depends_on:
|
|
- redis
|
|
- db
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- "./configs/:/var/www/MISP/app/Config/"
|
|
- "./logs/:/var/www/MISP/app/tmp/logs/"
|
|
- "./files/:/var/www/MISP/app/files/"
|
|
- "./ssl/:/etc/nginx/certs/"
|
|
- "./gnupg/:/var/www/MISP/.gnupg/"
|
|
# customize by replacing ${CUSTOM_PATH} with a path containing 'files/customize_misp.sh'
|
|
# - "${CUSTOM_PATH}/:/custom/"
|
|
# mount custom ca root certificates
|
|
# - "./rootca.pem:/usr/local/share/ca-certificates/rootca.crt"
|
|
environment:
|
|
- "BASE_URL=${BASE_URL}"
|
|
- "CRON_USER_ID=${CRON_USER_ID}"
|
|
- "DISABLE_IPV6=${DISABLE_IPV6}"
|
|
- "DISABLE_SSL_REDIRECT=${DISABLE_SSL_REDIRECT}"
|
|
# standard settings
|
|
- "ADMIN_EMAIL=${ADMIN_EMAIL}"
|
|
- "ADMIN_PASSWORD=${ADMIN_PASSWORD}"
|
|
- "ADMIN_KEY=${ADMIN_KEY}"
|
|
- "ADMIN_ORG=${ADMIN_ORG}"
|
|
- "GPG_PASSPHRASE=${GPG_PASSPHRASE}"
|
|
# OIDC authentication settings
|
|
- "OIDC_ENABLE=${OIDC_ENABLE}"
|
|
- "OIDC_PROVIDER_URL=${OIDC_PROVIDER_URL}"
|
|
- "OIDC_CLIENT_ID=${OIDC_CLIENT_ID}"
|
|
- "OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}"
|
|
- "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}"
|
|
- "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}"
|
|
- "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}"
|
|
# LDAP authentication settings
|
|
- "LDAP_ENABLE=${LDAP_ENABLE}"
|
|
- "LDAP_APACHE_ENV=${LDAP_APACHE_ENV}"
|
|
- "LDAP_SERVER=${LDAP_SERVER}"
|
|
- "LDAP_STARTTLS=${LDAP_STARTTLS}"
|
|
- "LDAP_READER_USER=${LDAP_READER_USER}"
|
|
- "LDAP_READER_PASSWORD=${LDAP_READER_PASSWORD}"
|
|
- "LDAP_DN=${LDAP_DN}"
|
|
- "LDAP_SEARCH_FILTER=${LDAP_SEARCH_FILTER}"
|
|
- "LDAP_SEARCH_ATTRIBUTE=${LDAP_SEARCH_ATTRIBUTE}"
|
|
- "LDAP_FILTER=${LDAP_FILTER}"
|
|
- "LDAP_DEFAULT_ROLE_ID=${LDAP_DEFAULT_ROLE_ID}"
|
|
- "LDAP_DEFAULT_ORG=${LDAP_DEFAULT_ORG}"
|
|
- "LDAP_EMAIL_FIELD=${LDAP_EMAIL_FIELD}"
|
|
- "LDAP_OPT_PROTOCOL_VERSION=${LDAP_OPT_PROTOCOL_VERSION}"
|
|
- "LDAP_OPT_NETWORK_TIMEOUT=${LDAP_OPT_NETWORK_TIMEOUT}"
|
|
- "LDAP_OPT_REFERRALS=${LDAP_OPT_REFERRALS}"
|
|
# sync server settings (see https://www.misp-project.org/openapi/#tag/Servers for more options)
|
|
- "SYNCSERVERS=${SYNCSERVERS}"
|
|
- |
|
|
SYNCSERVERS_1_DATA=
|
|
{
|
|
"remote_org_uuid": "${SYNCSERVERS_1_UUID}",
|
|
"name": "${SYNCSERVERS_1_NAME}",
|
|
"authkey": "${SYNCSERVERS_1_KEY}",
|
|
"url": "${SYNCSERVERS_1_URL}",
|
|
"pull": true
|
|
}
|
|
# mysql settings
|
|
- "MYSQL_HOST=${MYSQL_HOST:-db}"
|
|
- "MYSQL_PORT=${MYSQL_PORT:-3306}"
|
|
- "MYSQL_USER=${MYSQL_USER:-misp}"
|
|
- "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"
|
|
- "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}"
|
|
|
|
misp-modules:
|
|
image: ghcr.io/misp/misp-docker/misp-modules:latest
|
|
build:
|
|
context: modules/.
|
|
args:
|
|
- MODULES_TAG=${MODULES_TAG:?Missing .env file, see README.md for instructions}
|
|
- MODULES_COMMIT=${MODULES_COMMIT}
|
|
- LIBFAUP_COMMIT=${LIBFAUP_COMMIT:?Missing .env file, see README.md for instructions}
|
|
environment:
|
|
- "REDIS_BACKEND=redis"
|
|
depends_on:
|
|
- redis
|
|
|
|
volumes:
|
|
mysql_data:
|