Fixed NodeRED template + add TheHive+Cortex+Traefik with TLS docker-c…

…ompose template (#42)

* Fixed NodeRED template

* Created docker-compose for TheHive+Cortex+Traefik

* Fixed README.md

* Changed play cookies to secure + mod docs.

* Remove TLS-certificate and private key

* Changed play cookies to secure + mod docs.

README.md

@@ -95,8 +95,8 @@ The list bellow includes the docker-compose configurations to be done:
 - [ ] Cortex 3 + local neurons
 - [ ] Add reverse proxy
   - [ ] Caddy?
-  - [x] Nginx ?
-  - [ ] Traefik ?
+  - [x] Nginx
+  - [x] Traefik
 - [ ] Add oauth providers
   - [ ] keycloak ?
   - [ ] Fusionauth ?

docker/thehive4-cortex31-nodered/README.md

@@ -2,11 +2,16 @@
 
 This template is used to showcase the integration of TheHive and Cortex with [NodeRED](https://nodered.org)
 
+## Steps 
 - Run the docker compose template `docker-compose up -d`
 - On `http://locahost:9001`, create a Cortex organisation and a user with an API Key
 - Copy the API key and set it in `vol/thehive/application.conf` to configure Cortex module
+- Enable Node-Red webook [TheHive docs](https://docs.thehive-project.org/thehive/installation-and-configuration/configuration/webhooks/)
 - Restart the docker compose template `docker-compose down && docker-compose up -d`
+
+## Access to services
 - Access to TheHive `http://localhost:9000`
+- Access to Cortex `http://localhost:9001`
 - Access to NodeRED `http://localhost:1880`
 
 Enjoy

docker/thehive4-cortex31-nodered/vol/thehive/application.conf

@@ -42,11 +42,11 @@ cortex {
   statusCheckInterval = 30 seconds
 }
 
-# Configure webhooks
+# Configure Node-Red webhooks 
 notification.webhook.endpoints = [
   {
     name: local
-    url: "http://n8n:5678/"
+    url: "http://node-red:1880/"
     version: 0
     wsConfig: {}
     auth: {type:"none"}

docker/thehive4-cortex31-traefik-https/.gitignore

@@ -0,0 +1,4 @@
+#vol/cassandra/data
+#vol/elasticsearch
+#vol/thehive/data
+#vol/thehive/index

docker/thehive4-cortex31-traefik-https/README.md

@@ -0,0 +1,58 @@
+# thehive4-cassandra3-cortex3-traefik-https
+
+This is a docker-compose configuration to run latest TheHive4 + latest Cortex instances with a Cassandra 3.1.1 database backend for TheHive and Elasticsearch 7.8.1 backend for Cortex.   
+Traefik v2.5 act as a reverse proxy for TheHive and Cortex. Traefik is configured with the TLS-endpoints.   
+
+## Usage
+
+### Generating TLS certificates
+This stack assumes that all the services are hosted in `localtest.me` domain. So certificate CN-name should be `*.localtest.me`. Generate TLS certificate and private key with the command
+```bash
+openssl req -new -newkey rsa:4096 -x509 -sha256 -days 7300 -nodes -out ./vol/traefik/certs/server.cer -keyout ./vol/traefik/certs/private.key
+```
+
+### Starting stack for first time
+```bash
+docker-compose up -d
+```
+
+### Configuration
+After the stack is up and running navigate to [Cortex](https://cortex.localtest.me) and update database + create admin account. Login with admin account and create API-user for hive. Create API-key to that user and copy API-key to the clipboard. Replace `GET THIS FROM CORTEX` in file `./vol/thehive/application.conf` with that API-key   
+
+```bash
+play.modules.enabled += org.thp.thehive.connector.cortex.CortexModule
+cortex {
+  servers = [
+    {
+      name = local
+      url = "http://cortex:9001"
+      auth {
+        type = "bearer"
+        key = "GET THIS FROM CORTEX"
+      }
+    }
+  ]
+}
+```
+
+and restart stack.
+```bash
+docker-compose restart
+```
+
+## Volume Configuration
+
+- TheHive `application.conf` file stored in `./vol/thehive/application.conf` and it's mapped to the container as `/etc/thehive/application.conf`.   
+- Cortex `application.conf` file stored in `./vol/cortex/application.conf` and it's mapped to the container as `/etc/cortex/application.conf`.   
+- TLS certificates are stored in `./vol/traefik/certs` and mapped to the container as `/etc/certs/`.   
+- Traefik configuration files are stored in `./vol/traefik/conf/` and are mapped to the container as `/etc/traefik/dynamic/`.   
+- Data for TheHive is stored under `./vol/thehive/data` and is automatically created.   
+- Data for Elasticsearch is stored under `./vol/elasticsearch` and is automatically created, but may require folder ownership is corrected.   
+- Data for Cassandra is stored under `./vol/cassandra_data` and is automatically created.   
+
+## Service links
+> Services are located in localtest.me domain which is pointing default to 127.0.0.1 (localhost)   
+> More information about localtest can be found here: [Localtest.me](https://readme.localtest.me/)
+- [Thehive](https://thehive.localtest.me)
+- [Cortex](https://cortex.localtest.me)
+- [Traefik Dashboard](http://localtest.me:8080)

docker/thehive4-cortex31-traefik-https/docker-compose.yml

@@ -0,0 +1,140 @@
+version: "3.8"
+services:
+  traefik:
+    container_name: traefik
+    hostname: traefik
+    image: traefik:v2.5
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+    command:
+      - --api.insecure=true
+      - --api.dashboard=true
+      - --api.debug=false
+      - --log.level=DEBUG
+      - --providers.docker=true
+      - --entrypoints.web.address=:80
+      - --entrypoints.web-secure.address=:443
+      - --providers.file.directory=/etc/traefik/dynamic
+      - --providers.file.watch=true
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./vol/traefik/conf/:/etc/traefik/dynamic/
+      - ./vol/traefik/certs/:/etc/certs/
+    networks:
+      backend:
+      proxy:
+
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.api.entrypoints=web-secure"
+      - "traefik.http.routers.api.rule=Host(`traefik.localtest.me`)"
+      - "traefik.http.routers.api.service=api@internal"
+      - "traefik.http.routers.api.tls=true"
+      - "traefik.http.routers.dashboard.entrypoints=web-secure"
+      - "traefik.http.services.api.loadbalancer.server.port=8080"
+      - "traefik.http.routers.api_http.entrypoints=web"
+      - "traefik.http.routers.api_http.rule=Host(`traefik.localtest.me`)"
+      - "traefik.http.routers.api_http.middlewares=traefik-redirectscheme"
+      - "traefik.http.middlewares.traefik-redirectscheme.redirectscheme.scheme=web-secure"
+
+  cassandra:
+    container_name: cassandra
+    image: cassandra:3.11
+    restart: unless-stopped
+    hostname: cassandra
+    environment:
+      - MAX_HEAP_SIZE=1G
+      - HEAP_NEWSIZE=1G
+      - CASSANDRA_CLUSTER_NAME=thp
+    volumes:
+      - ./vol/cassandra/data:/var/lib/cassandra/data
+    networks:
+      - backend
+
+  elasticsearch:
+    container_name: elasticsearch
+    image: elasticsearch:7.11.1
+    environment:
+      - http.host=0.0.0.0
+      - discovery.type=single-node
+      - cluster.name=hive
+      - script.allowed_types=inline
+      - thread_pool.search.queue_size=100000
+      - thread_pool.write.queue_size=10000
+      - gateway.recover_after_nodes=1
+      - xpack.security.enabled=false
+      - bootstrap.memory_lock=true
+      - ES_JAVA_OPTS=-Xms256m -Xmx256m
+    ulimits:
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - ./vol/elasticsearch/data:/usr/share/elasticsearch/data
+      - ./vol/elasticsearch/logs:/usr/share/elasticsearch/logs
+    networks:
+      - backend
+
+  thehive:
+    container_name: thehive
+    image: 'thehiveproject/thehive4:latest'
+    restart: unless-stopped
+    depends_on:
+      - cassandra
+      - traefik
+    ports:
+      - '0.0.0.0:9000:9000'
+    volumes:
+      - ./vol/thehive/application.conf:/etc/thehive/application.conf
+      - ./vol/thehive/data:/opt/thp/thehive/data
+      - ./vol/thehive/index:/opt/thp/thehive/index
+    networks:
+      - proxy
+      - backend
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.thehive.entrypoints=web-secure"
+      - "traefik.http.routers.thehive.rule=Host(`thehive.localtest.me`)"
+      - "traefik.http.routers.thehive.service=thehive"
+      - "traefik.http.routers.thehive.tls=true"
+      - "traefik.http.services.thehive.loadbalancer.server.port=9000"
+      - "traefik.http.routers.thehive_http.entrypoints=web"
+      - "traefik.http.routers.thehive_http.rule=Host(`thehive.localtest.me`)"
+      - "traefik.http.routers.thehive_http.middlewares=traefik-redirectscheme"
+      - "traefik.http.middlewares.traefik-redirectscheme.redirectscheme.scheme=web-secure"
+
+  cortex:
+    container_name: cortex
+    image: thehiveproject/cortex:latest
+    depends_on:
+      - elasticsearch
+      - traefik
+    networks:
+      - proxy
+      - backend
+    command:
+      --job-directory /opt/cortex/jobs
+    environment:
+      - 'JOB_DIRECTORY=/opt/cortex/jobs'
+    volumes:
+      - '/var/run/docker.sock:/var/run/docker.sock'
+      - './vol/cortex/application.conf:/etc/cortex/application.conf'
+      - './vol/cortex/jobs:/opt/cortex/jobs'
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.cortex.entrypoints=web-secure"
+      - "traefik.http.routers.cortex.rule=Host(`cortex.localtest.me`)"
+      - "traefik.http.routers.cortex.service=cortex"
+      - "traefik.http.routers.cortex.tls=true"
+      - "traefik.http.services.cortex.loadbalancer.server.port=9001"
+      - "traefik.http.routers.cortex_http.entrypoints=web"
+      - "traefik.http.routers.cortex_http.rule=Host(`cortex.localtest.me`)"
+      - "traefik.http.routers.cortex_http.middlewares=traefik-redirectscheme"
+      - "traefik.http.middlewares.traefik-redirectscheme.redirectscheme.scheme=web-secure"
+
+networks:
+  backend:
+  proxy:

docker/thehive4-cortex31-traefik-https/vol/cortex/application.conf

@@ -0,0 +1,31 @@
+play.http.secret.key="CortexTestPassword"
+play.http.session.secure=true
+
+## ElasticSearch
+search {
+  index = cortex
+  uri = "http://elasticsearch:9200"
+}
+
+## Cache
+cache.job = 10 minutes
+
+job {
+  runner = [docker, process]
+}
+
+## ANALYZERS
+analyzer {
+  urls = [
+    "https://download.thehive-project.org/analyzers.json"
+    #"/absolute/path/of/analyzers"
+  ]
+}
+
+# RESPONDERS
+responder {
+  urls = [
+    "https://download.thehive-project.org/responders.json"
+    #"/absolute/path/of/responders"
+  ]
+}

docker/thehive4-cortex31-traefik-https/vol/thehive/application.conf

@@ -0,0 +1,60 @@
+play.http.secret.key="TheHiveSecketKey1!"
+play.http.session.secure=true
+
+# JanusGraph
+db {
+  provider: janusgraph
+  janusgraph {
+    storage {
+      backend: cql
+      hostname: ["cassandra"]
+
+      cql {
+        cluster-name: thp
+        keyspace: thehive
+        read-consistency-level: ONE
+        write-consistency-level: ONE
+      }
+    }
+    ## Index configuration
+    index {
+      search {
+        backend: lucene
+        directory: /opt/thp/thehive/index
+      }
+    }
+  }
+}
+
+play.modules.enabled += org.thp.thehive.connector.cortex.CortexModule
+cortex {
+  servers = [
+    {
+      name = local
+      url = "http://cortex:9001"
+      auth {
+        type = "bearer"
+        key = "GET THIS FROM CORTEX"
+      }
+    }
+  ]
+}
+
+storage {
+   provider: localfs
+   localfs.location: /opt/thp/thehive/data
+}
+
+play.http.parser.maxDiskBuffer: 50MB
+
+#notification.webhook.endpoints = [
+#  {
+#    name: local
+#    url: "http://thehive:5000/"
+#    version: 0
+#    wsConfig: {}
+#    auth: {type:"none"}
+#    includedTheHiveOrganisations: []
+#    excludedTheHiveOrganisations: []
+#  }
+#]

docker/thehive4-cortex31-traefik-https/vol/traefik/conf/tls-config.yml

@@ -0,0 +1,4 @@
+tls:
+  certificates:
+    - certFile: /etc/certs/server.cer
+      keyFile: /etc/certs/private.key