misp-docker/docker-compose.yml

133 lines
4.9 KiB
YAML

version: '3'
services:
# This is capable to relay via gmail, Amazon SES, or generic relays
# See: https://hub.docker.com/r/ixdotai/smtp
mail:
image: ixdotai/smtp
environment:
- "SMARTHOST_ADDRESS=${SMARTHOST_ADDRESS}"
- "SMARTHOST_PORT=${SMARTHOST_PORT}"
- "SMARTHOST_USER=${SMARTHOST_USER}"
- "SMARTHOST_PASSWORD=${SMARTHOST_PASSWORD}"
- "SMARTHOST_ALIASES=${SMARTHOST_ALIASES}"
redis:
image: redis:7.2
db:
# We use MariaDB because it supports ARM and has the expected collations
image: mariadb:10.11
restart: always
environment:
- "MYSQL_USER=${MYSQL_USER:-misp}"
- "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"
- "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-password}"
- "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}"
volumes:
- mysql_data:/var/lib/mysql
cap_add:
- SYS_NICE # CAP_SYS_NICE Prevent runaway mysql log
misp-core:
image: ghcr.io/misp/misp-docker/misp-core:latest
build:
context: core/.
args:
- CORE_TAG=${CORE_TAG:?Missing .env file, see README.md for instructions}
- CORE_COMMIT=${CORE_COMMIT}
- PHP_VER=${PHP_VER:?Missing .env file, see README.md for instructions}
- PYPI_REDIS_VERSION=${PYPI_REDIS_VERSION}
- PYPI_LIEF_VERSION=${PYPI_LIEF_VERSION}
- PYPI_PYDEEP2_VERSION=${PYPI_PYDEEP2_VERSION}
- PYPI_PYTHON_MAGIC_VERSION=${PYPI_PYTHON_MAGIC_VERSION}
- PYPI_MISP_LIB_STIX2_VERSION=${PYPI_MISP_LIB_STIX2_VERSION}
- PYPI_MAEC_VERSION=${PYPI_MAEC_VERSION}
- PYPI_MIXBOX_VERSION=${PYPI_MIXBOX_VERSION}
- PYPI_CYBOX_VERSION=${PYPI_CYBOX_VERSION}
- PYPI_PYMISP_VERSION=${PYPI_PYMISP_VERSION}
depends_on:
- redis
- db
ports:
- "80:80"
- "443:443"
volumes:
- "./configs/:/var/www/MISP/app/Config/"
- "./logs/:/var/www/MISP/app/tmp/logs/"
- "./files/:/var/www/MISP/app/files/"
- "./ssl/:/etc/nginx/certs/"
- "./gnupg/:/var/www/MISP/.gnupg/"
# customize by replacing ${CUSTOM_PATH} with a path containing 'files/customize_misp.sh'
# - "${CUSTOM_PATH}/:/custom/"
# mount custom ca root certificates
# - "./rootca.pem:/usr/local/share/ca-certificates/rootca.crt"
environment:
- "BASE_URL=${BASE_URL}"
- "CRON_USER_ID=${CRON_USER_ID}"
- "DISABLE_IPV6=${DISABLE_IPV6}"
- "DISABLE_SSL_REDIRECT=${DISABLE_SSL_REDIRECT}"
# standard settings
- "ADMIN_EMAIL=${ADMIN_EMAIL}"
- "ADMIN_PASSWORD=${ADMIN_PASSWORD}"
- "ADMIN_KEY=${ADMIN_KEY}"
- "ADMIN_ORG=${ADMIN_ORG}"
- "GPG_PASSPHRASE=${GPG_PASSPHRASE}"
# OIDC authentication settings
- "OIDC_ENABLE=${OIDC_ENABLE}"
- "OIDC_PROVIDER_URL=${OIDC_PROVIDER_URL}"
- "OIDC_CLIENT_ID=${OIDC_CLIENT_ID}"
- "OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}"
- "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}"
- "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}"
- "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}"
# LDAP authentication settings
- "LDAP_ENABLE=${LDAP_ENABLE}"
- "LDAP_APACHE_ENV=${LDAP_APACHE_ENV}"
- "LDAP_SERVER=${LDAP_SERVER}"
- "LDAP_STARTTLS=${LDAP_STARTTLS}"
- "LDAP_READER_USER=${LDAP_READER_USER}"
- "LDAP_READER_PASSWORD=${LDAP_READER_PASSWORD}"
- "LDAP_DN=${LDAP_DN}"
- "LDAP_SEARCH_FILTER=${LDAP_SEARCH_FILTER}"
- "LDAP_SEARCH_ATTRIBUTE=${LDAP_SEARCH_ATTRIBUTE}"
- "LDAP_FILTER=${LDAP_FILTER}"
- "LDAP_DEFAULT_ROLE_ID=${LDAP_DEFAULT_ROLE_ID}"
- "LDAP_DEFAULT_ORG=${LDAP_DEFAULT_ORG}"
- "LDAP_EMAIL_FIELD=${LDAP_EMAIL_FIELD}"
- "LDAP_OPT_PROTOCOL_VERSION=${LDAP_OPT_PROTOCOL_VERSION}"
- "LDAP_OPT_NETWORK_TIMEOUT=${LDAP_OPT_NETWORK_TIMEOUT}"
- "LDAP_OPT_REFERRALS=${LDAP_OPT_REFERRALS}"
# sync server settings (see https://www.misp-project.org/openapi/#tag/Servers for more options)
- "SYNCSERVERS=${SYNCSERVERS}"
- |
SYNCSERVERS_1_DATA=
{
"remote_org_uuid": "${SYNCSERVERS_1_UUID}",
"name": "${SYNCSERVERS_1_NAME}",
"authkey": "${SYNCSERVERS_1_KEY}",
"url": "${SYNCSERVERS_1_URL}",
"pull": true
}
# mysql settings
- "MYSQL_HOST=${MYSQL_HOST:-db}"
- "MYSQL_PORT=${MYSQL_PORT:-3306}"
- "MYSQL_USER=${MYSQL_USER:-misp}"
- "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"
- "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}"
misp-modules:
image: ghcr.io/misp/misp-docker/misp-modules:latest
build:
context: modules/.
args:
- MODULES_TAG=${MODULES_TAG:?Missing .env file, see README.md for instructions}
- MODULES_COMMIT=${MODULES_COMMIT}
- LIBFAUP_COMMIT=${LIBFAUP_COMMIT:?Missing .env file, see README.md for instructions}
environment:
- "REDIS_BACKEND=redis"
depends_on:
- redis
volumes:
mysql_data: