Comments (2)
pasket
commented on July 20, 2024
1
Hi,
I've been analyzing this issue and for the moment I'll work with this workarround. First thing, I don't need a reverse proxy jet, I just need to allow MISP access exclusively by HTTPS. So, I decided to focus on that and to configure misp-web image/container to serve HTTPS requests.
- Create a directory for the certificates and create using openssl
$ mkdir misp-web/ssl
$ cd misp-web/ssl
$ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout misp-web.key -out misp-web.crt
- Change Apache configuration in order use only SSL. Do it in a separated file, I'll mount it later using docker-compose.
$ cd ..
$ vim misp.conf
# <VirtualHost *:80>
# ServerAdmin [email protected]
# ServerName misp.local
# DocumentRoot /var/www/MISP/app/webroot
# <Directory /var/www/MISP/app/webroot>
# Options -Indexes
# AllowOverride all
# Order allow,deny
# allow from all
# </Directory>
#
# LogLevel warn
# ErrorLog /var/log/apache2/misp.local_error.log
# CustomLog /var/log/apache2/misp.local_access.log combined
# ServerSignature Off
# Header set X-Content-Type-Options nosniff
# Header set X-Frame-Options DENY
# </VirtualHost>
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName misp.local
DocumentRoot /var/www/MISP/app/webroot
<Directory /var/www/MISP/app/webroot>
Options -Indexes
AllowOverride all
Order allow,deny
allow from all
</Directory>
LogLevel warn
ErrorLog /var/log/apache2/misp.local_error.log
CustomLog /var/log/apache2/misp.local_access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/misp-web/misp-web.crt
SSLCertificateKeyFile /etc/ssl/certs/misp-web/misp-web.key
ServerSignature Off
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options DENY
</VirtualHost>
- Modify docker-compose to share https port and mount configuration file and the certificates
$ cd ..
$ vim docker-compose.yml
...
ports:
# - "80:80"
- "443:443"
volumes:
- ./misp-web/misp.conf:/etc/apache2/sites-available/misp.conf
- ./misp-web/ssl:/etc/ssl/certs/misp-web
...
...
-
Start docker-compose, just to create the container. MISP will not work yet.
$ docker-compose up -d -
I don't really like this because it applies to the container and not to the image. We need to activate ssl and restart Apache.
$ docker exec -it misp-web a2enmod ssl
$ docker exec -it misp-web service apache2 restart
- Ready. Check https://<your_misp_ip>
from x_old_misp_docker.
guirkgumbo
commented on July 20, 2024
Hey! Reaching out since this issue is the closest one to mine.
I am attempting to setup https only traffic with an ssl and have my misp server be available at a subdomain i.e.( misp.xxxx.com).
Updated the docker.compose.yml and apache2 config and ssl certs. The browser is happy with the domain name and says the certs are valid but when I login I get
Any thoughts?
from x_old_misp_docker.
Related Issues (20)
- MISP SSL Configuration HOT 1
- DEBUG urlib3 POST request failed
- MISP to Sentinel sync failing
- Security Worst Practice: MYSQL_PASSWORD logged in cleartext
- Accessing web Interface from remote host HOT 2
- Request: Build for Apple Silicon ARM64 (M1 Ultra) HOT 2
- Web server failed on Misp Installation HOT 10
- Unable to find MISP related logs HOT 1
- Publish Docker Image to an registry HOT 2
- Import sql db? HOT 2
- An Internal Error Has Occurred. on initial install HOT 2
- misp_db --initialize specified but the data directory has files in it. Aborting.
- MISP files detected as malware backdoor trojan by Defender for endpoint HOT 2
- Feeds are not being downloaded
- Docker compose build fatal error : mkdir: cannot create directory ‘/var/www/MISP’ , could not create leading directories of '/var/www/MISP': Permission denied HOT 1
- misp_web | /usr/bin/env: ‘bash\r’: No such file or directory
- INSTALL_NODB.sh: line 73: syntax error near unexpected token
- Azure (MS EntraID) SSO
- Require Run As Non-Root User
- missing autoload.php HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from x_old_misp_docker.