diff --git a/Dockerfile b/.docker/intelmq-full/Dockerfile similarity index 50% rename from Dockerfile rename to .docker/intelmq-full/Dockerfile index 69f455f..5fa0c88 100644 --- a/Dockerfile +++ b/.docker/intelmq-full/Dockerfile @@ -6,12 +6,13 @@ ARG VCS_REF ARG BUILD_VERSION LABEL maintainer="IntelMQ Team " \ - org.label-schema.schema-version="1.0" \ - org.label-schema.name="certat/intelmq-full" \ - org.label-schema.description="IntelMQ with core & manager" \ - org.label-schema.url="https://intelmq.org/" \ - org.label-schema.vcs-url="https://github.com/certat/intelmq-docker.git" \ - org.label-schema.vendor="CERT.AT" + org.opencontainers.image.authors="IntelMQ-Team " \ + org.opencontainers.image.title="intelmq-full" \ + org.opencontainers.image.description="IntelMQ with core & api" \ + org.opencontainers.image.url="https://intelmq.org/" \ + org.opencontainers.image.source="https://github.com/certtools/intelmq.git" \ + org.opencontainers.image.documentation="https://intelmq.readthedocs.io/en/latest/" \ + org.opencontainers.image.vendor="intelmq-team" RUN apt-get update \ && apt-get install -y --no-install-recommends \ @@ -26,16 +27,15 @@ RUN apt-get update \ python3-pip \ && rm -rf /var/lib/apt/lists/* -LABEL org.label-schema.build-date=$BUILD_DATE \ - org.label-schema.vcs-ref=$VCS_REF \ - org.label-schema.version=$BUILD_VERSION - - -COPY ./intelmq /opt/intelmq -COPY ./intelmq-manager /opt/intelmq-manager +LABEL org.opencontainers.image.created=$BUILD_DATE \ + org.opencontainers.image.revision=$VCS_REF \ + org.opencontainers.image.version=$BUILD_VERSION WORKDIR /opt +COPY ./intelmq /opt/intelmq +COPY ./intelmq-api /opt/intelmq-api + RUN useradd -d /opt/intelmq -U -s /bin/bash intelmq \ && adduser intelmq sudo \ && echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers \ @@ -43,17 +43,14 @@ RUN useradd -d /opt/intelmq -U -s /bin/bash intelmq \ ### Install IntelMQ RUN cd /opt/intelmq \ + && pip3 install hug \ && pip3 install --no-cache-dir -e . \ && intelmqsetup -### Install IntelMQ-Manager (python) -RUN cd /opt/intelmq-manager \ - && pip3 install hug mako \ - && pip3 install --no-cache-dir -e . - ADD entrypoint.sh /opt/entrypoint.sh -RUN chmod +x /opt/entrypoint.sh +RUN chmod +x /opt/entrypoint.sh \ + && chown intelmq:intelmq /opt/entrypoint.sh -USER intelmq +USER intelmq:intelmq ENTRYPOINT [ "/opt/entrypoint.sh" ] diff --git a/.docker/nginx/Dockerfile b/.docker/nginx/Dockerfile new file mode 100644 index 0000000..d7514ec --- /dev/null +++ b/.docker/nginx/Dockerfile @@ -0,0 +1,24 @@ +FROM nginx:1.13-alpine +ENV LANG C.UTF-8 + +ARG BUILD_DATE +ARG VCS_REF +ARG BUILD_VERSION + +LABEL maintainer="IntelMQ-Team " \ + org.opencontainers.image.authors="IntelMQ-Team " \ + org.opencontainers.image.title="intelmq-nginx" \ + org.opencontainers.image.description="Modified NGINX Server for intelmq" \ + org.opencontainers.image.url="https://github.com/certtools/intelmq/issues" \ + org.opencontainers.image.source="https://github.com/certtools/intelmq.git" \ + org.opencontainers.image.documentation="https://intelmq.readthedocs.io/en/latest/" \ + org.opencontainers.image.vendor="intelmq-team" + +LABEL org.opencontainers.image.created=$BUILD_DATE \ + org.opencontainers.image.revision=$VCS_REF \ + org.opencontainers.image.version=$BUILD_VERSION + +WORKDIR /www + +COPY .docker/nginx/config/app.conf /etc/nginx/conf.d/default.conf +COPY .docker/nginx/config/nginx.conf /etc/nginx/nginx.conf diff --git a/.docker/nginx/config/app.conf b/.docker/nginx/config/app.conf new file mode 100644 index 0000000..b8e4aaa --- /dev/null +++ b/.docker/nginx/config/app.conf @@ -0,0 +1,20 @@ +upstream intelmq_api { + server intelmq:8080; +} + +server { + listen 80 default_server; + + server_name localhost; + + root /www; + + location / { + index index.html; + try_files $uri /index.html =404; + } + + location /intelmq/ { + proxy_pass http://intelmq_api/; + } +} diff --git a/.docker/nginx/config/nginx.conf b/.docker/nginx/config/nginx.conf new file mode 100644 index 0000000..a300419 --- /dev/null +++ b/.docker/nginx/config/nginx.conf @@ -0,0 +1,27 @@ +user nginx; + +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + + keepalive_timeout 65; + + include /etc/nginx/conf.d/*.conf; +} \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..634309e --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +example_config/nginx/html +intelmq_logs/ diff --git a/README.md b/README.md index c8f4b56..4719440 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ If you do have any questions / feedback / questions, please open an issue :) 0. `git clone https://github.com/certat/intelmq-docker.git` 0. `cd intelmq-docker` 0. `sudo docker pull certat/intelmq-full:1.0` -0. `chown -R $USER:$USER example_config` +0. `sudo docker pull certat/intelmq-nginx:latest` 0. `sudo docker-compose up` 0. Open your favourite browser -> Go to `http://127.0.0.1:1337/` diff --git a/build.sh b/build.sh index fcb3c5c..8828bda 100755 --- a/build.sh +++ b/build.sh @@ -2,18 +2,34 @@ build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ') git_ref_core=$(cd ../intelmq && git rev-parse --short HEAD) git_ref_manager=$(cd ../intelmq-manager && git rev-parse --short HEAD) +git_ref_api=$(cd ../intelmq-api && git rev-parse --short HEAD) build_version="1.0" echo Building new IntelMQ-Image v$build_version echo Core : $git_ref_core echo Manager : $git_ref_manager +echo Api : $git_ref_api echo Build_date: $build_date -cp -r ../intelmq ./intelmq -cp -r ../intelmq-manager ./intelmq-manager +cp -R ../intelmq ./intelmq + +# build static html +cp -R ../intelmq-manager ./intelmq-manager +cd ./intelmq-manager \ + && python3 setup.py build \ + && cp -R ./html ../example_config/nginx/html \ + && cd .. + +cp -R ../intelmq-api ./intelmq-api docker build --build-arg BUILD_DATE=$build_date \ - --build-arg VCS_REF="IntelMQ=$git_ref_core, IntelMQ-Manager=$git_ref_manager" \ + --build-arg VCS_REF="IntelMQ-Manager=$git_ref_manager" \ --build-arg BUILD_VERSION=$build_version \ - -f Dockerfile \ + -f ./.docker/nginx/Dockerfile \ + -t intelmq-nginx:latest . + +docker build --build-arg BUILD_DATE=$build_date \ + --build-arg VCS_REF="IntelMQ=$git_ref_core, IntelMQ-API=$git_ref_api" \ + --build-arg BUILD_VERSION=$build_version \ + -f ./.docker/intelmq-full/Dockerfile \ -t intelmq-full:$build_version . diff --git a/docker-compose.yml b/docker-compose.yml index 8273972..0d2ab7a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,26 +10,26 @@ services: restart: always networks: - intelmq-network - postgres: - image: postgres:latest + nginx: + image: intelmq-nginx:latest restart: always - environment: - POSTGRES_PASSWORD: test - POSTGRES_USER: root - POSTGRES_DB: test - networks: - - intelmq-database - -# IntelMQ with IntelMQ-Manager! - intelmq-full: - image: certat/intelmq-full:1.0 + networks: + - intelmq-network + ports: + - 1337:80 volumes: - - ./example_config/intelmq/etc:/opt/intelmq/etc - - ./example_config/intelmq-manager:/opt/intelmq-manager/config + - ./example_config/nginx/html:/www + depends_on: + - intelmq + links: + - intelmq + intelmq: + image: intelmq-full:1.0 + volumes: + - ./example_config/intelmq/etc/:/opt/intelmq/etc/ + - ./example_config/intelmq-api:/opt/intelmq-api/config - ./intelmq_logs:/opt/intelmq/var/log - ./example_config/intelmq/var/lib/bot:/opt/intelmq/var/lib/bot - ports: - - 127.0.0.1:1337:8080/tcp depends_on: - redis - postgres @@ -38,14 +38,9 @@ services: INTELMQ_PIPELINE_DRIVER: "redis" INTELMQ_PIPELINE_HOST: redis INTELMQ_REDIS_CACHE_HOST: redis - INTELMQ_MANAGER_CONFIG: "/opt/intelmq-manager/config/config.json" networks: - intelmq-network - - intelmq-database networks: intelmq-network: driver: bridge - intelmq-database: - driver: bridge - \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index cecb44e..3622c83 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,7 +1,9 @@ #!/bin/bash if [[ $1 == "selftest" ]] then + INTELMQ_TEST_EXOTIC=1 nosetests3 /opt/intelmq/intelmq/tests else - hug -f /opt/intelmq-manager/intelmq_manager/serve.py -p8080 + INTELMQ_API_CONFIG=/opt/intelmq-api/config/config.json + cd intelmq-api && hug -m intelmq_api.serve -p8080 fi \ No newline at end of file diff --git a/example_config/intelmq-api/config.json b/example_config/intelmq-api/config.json new file mode 100644 index 0000000..b8872eb --- /dev/null +++ b/example_config/intelmq-api/config.json @@ -0,0 +1,7 @@ +{ + "intelmq_ctl_cmd": ["intelmqctl"], + "allowed_path": "/opt/intelmq/var/lib/bots/", + "session_duration": 86400, + "allow_origins": ["*"], + "html_dir": "" +} diff --git a/example_config/intelmq-manager/config.json b/example_config/intelmq-manager/config.json deleted file mode 100644 index 509a407..0000000 --- a/example_config/intelmq-manager/config.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "intelmq_ctl_cmd": ["/usr/local/bin/intelmqctl"], - "allowed_path": "/opt/intelmq/var/lib/" -} \ No newline at end of file diff --git a/example_config/intelmq/etc/defaults.conf b/example_config/intelmq/etc/defaults.conf index aa8add7..59e4b04 100644 --- a/example_config/intelmq/etc/defaults.conf +++ b/example_config/intelmq/etc/defaults.conf @@ -2,7 +2,7 @@ "accuracy": 100, "destination_pipeline_broker": "redis", "destination_pipeline_db": 2, - "destination_pipeline_host": "127.0.0.1", + "destination_pipeline_host": "redis", "destination_pipeline_password": null, "destination_pipeline_port": 6379, "error_dump_message": true, @@ -28,12 +28,12 @@ "rate_limit": 0, "source_pipeline_broker": "redis", "source_pipeline_db": 2, - "source_pipeline_host": "127.0.0.1", + "source_pipeline_host": "redis", "source_pipeline_password": null, "source_pipeline_port": 6379, "ssl_ca_certificate": null, "statistics_database": 3, - "statistics_host": "127.0.0.1", + "statistics_host": "redis", "statistics_password": null, "statistics_port": 6379 } \ No newline at end of file diff --git a/publish.sh b/publish.sh index 674b88c..bd63e54 100755 --- a/publish.sh +++ b/publish.sh @@ -3,6 +3,10 @@ build_version="1.0" docker login +docker tag intelmq-nginx:latest certat/intelmq-nginx:latest + +docker push certat/intelmq-nginx:latest + docker tag intelmq-full:$build_version certat/intelmq-full:$build_version docker push certat/intelmq-full:$build_version diff --git a/test.sh b/test.sh index 2c70925..06fec2e 100755 --- a/test.sh +++ b/test.sh @@ -4,13 +4,12 @@ redis_id=$(sudo docker run --rm -d -p 6379:6379 -v ~/intelmq-docker/example_conf redis_ip=$(sudo docker inspect -f '{{ range.NetworkSettings.Networks }}{{ .IPAddress }}{{ end }}' $redis_id) sudo docker run --rm -v ~/intelmq-docker/example_config/intelmq/etc:/opt/intelmq/etc \ - -v ~/intelmq-docker/example_config/intelmq-manager:/opt/intelmq-manager/config \ + -v ~/intelmq-docker/example_config/intelmq_api:/opt/intelmq_api/config \ -v ~/intelmq-docker/intelmq_logs:/opt/intelmq/var/log \ -v ~/intelmq-docker/example_config/intelmq/var/lib:/opt/intelmq/var/lib \ -e "INTELMQ_IS_DOCKER=\"true\"" \ -e "INTELMQ_PIPELINE_DRIVER=\"redis\"" \ -e "INTELMQ_PIPELINE_HOST=$redis_ip" \ -e "INTELMQ_REDIS_CACHE_HOST=$redis_ip" \ - -e "INTELMQ_MANAGER_CONFIG=\"/opt/intelmq-manager/config/config.json\"" \ intelmq-full:1.0 selftest sudo docker container stop $redis_id \ No newline at end of file diff --git a/versions.sh b/versions.sh new file mode 100755 index 0000000..c154a18 --- /dev/null +++ b/versions.sh @@ -0,0 +1,11 @@ +#!/bin/bash +intelmq_full_built=$(docker inspect --format '{{ index .Config.Labels "org.opencontainers.image.created" }}' intelmq-full:1.0) +intelmq_full_vers=$(docker inspect --format '{{ index .Config.Labels "org.opencontainers.image.version" }}' intelmq-full:1.0) +intelmq_full_rev=$(docker inspect --format '{{ index .Config.Labels "org.opencontainers.image.revision" }}' intelmq-full:1.0) + +echo IntelMQ built at \"$intelmq_full_built\" \(Version $intelmq_full_vers\) +revisions=$(echo $intelmq_full_rev | tr "," "\n") +for rev in $revisions +do + echo "> $rev" +done