Merge pull request #3 from DocArmoryTech/DocArmoryTech-systemd

Systemd and nginx production setup and instructions

README.md

@@ -18,8 +18,7 @@ git submodule init
 git submodule update
 pip install -r REQUIREMENTS
 ~~~
-
-# Starting the server
+## Starting the server
 
 ~~~
 cd bin
@@ -28,6 +27,65 @@ python tai-server.py
 
 By the default, the server is listening on TCP port 8889.
 
+# Alternative Installation
+
+This method involves:
+ - installing a few dependencies
+ - creating a dedicated, unprivileged, user to run the TAI server(s)
+ - creating a python virtual environment
+ - installation of TAI
+ - systemd configuraion of (arbitrarily) four instances
+ - configuring nginx as a reverse proxy to four instances
+
+Installing a few dependencies
+~~~
+sudo apt install virtualenv git python3-pip nginx
+~~~
+
+Create a dedicated, unprivileged, user to run the TAI server(s)
+~~~
+sudo adduser tai
+~~~
+
+Create and activate a python virtual environment called _tai-env_
+~~~
+sudo su tai 
+virtualenv tai-env
+source ./tai-env/bin/activate
+~~~
+
+Installation of TAI in the home directory of the user `tai`
+~~~
+cd
+git clone https://github.com/MISP/threat-actor-intelligence-server
+cd threat-actor-intelligence-server
+git submodule init
+git submodule update
+pip install -r REQUIREMENTS
+exit
+~~~
+
+systemd configuraion for a group of four instances of TAI
+~~~
+sudo cp /home/tai/threat-actor-intelligence-server/debian/tai@.service /lib/systemd/system/
+sudo cp /home/tai/threat-actor-intelligence-server/debian/tai.target /etc/systemd/system/
+sudo systemctl daemon-reload
+~~~
+
+configuring nginx as a reverse proxy to four instances
+~~~
+sudo rm /etc/nginx/site-enabled/default
+sudo cp /home/tai/threat-actor-intelligence-server/debian/nginx-tai.conf /etc/nginx/sites-available/
+sudo ln -s /etc/nginx/sites-available/nginx-tai.conf /etc/nginx/sites-enabled/
+~~~
+
+Lastly, configure systemd to start the TAI servers and nginx automatically
+~~~
+sudo systemctl enable tai.target
+sudo systemctl enable nginx
+~~~
+
+
 # API and public API
 
 The API is simple and can be queried on the `/query` entry point by POSTing a simple query in JSON format. The query format is 

debian/nginx-tai.conf

@@ -0,0 +1,14 @@
+upstream backends {
+    server 127.0.0.1:8000;
+    server 127.0.0.1:8001;
+    server 127.0.0.1:8002;
+    server 127.0.0.1:8003;
+}
+    
+server {
+    listen 80;
+
+    location / {
+        proxy_pass http://backends;
+    }
+}

debian/tai.target

@@ -0,0 +1,6 @@
+Unit]
+Description=TAI Servers
+Requires=tai@8000.service tai@8001.service tai@8002.service tai@8003.service
+
+[Install]
+WantedBy=multi-user.target

debian/tai@.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Threat Actor Intelligence Server
+PartOf=tai.target
+
+[Service]
+WorkingDirectory=/home/tai/threat-actor-intelligence-server/bin
+ExecStart=/home/tai/tai-env/bin/python3 tai-server.py --port=%I --address='127.0.0.1'
+User=tai
+Restart=on-failure
+Type=simple
+
+[Install]
+WantedBy=multi-user.target