diff --git a/README.md b/README.md index 06175ab..084822e 100644 --- a/README.md +++ b/README.md @@ -95,8 +95,8 @@ The list bellow includes the docker-compose configurations to be done: - [ ] Cortex 3 + local neurons - [ ] Add reverse proxy - [ ] Caddy? - - [x] Nginx ? - - [ ] Traefik ? + - [x] Nginx + - [x] Traefik - [ ] Add oauth providers - [ ] keycloak ? - [ ] Fusionauth ? diff --git a/docker/thehive4-cortex31-nodered/README.md b/docker/thehive4-cortex31-nodered/README.md index 3e49402..5c36dc8 100644 --- a/docker/thehive4-cortex31-nodered/README.md +++ b/docker/thehive4-cortex31-nodered/README.md @@ -2,11 +2,16 @@ This template is used to showcase the integration of TheHive and Cortex with [NodeRED](https://nodered.org) +## Steps - Run the docker compose template `docker-compose up -d` - On `http://locahost:9001`, create a Cortex organisation and a user with an API Key - Copy the API key and set it in `vol/thehive/application.conf` to configure Cortex module +- Enable Node-Red webook [TheHive docs](https://docs.thehive-project.org/thehive/installation-and-configuration/configuration/webhooks/) - Restart the docker compose template `docker-compose down && docker-compose up -d` + +## Access to services - Access to TheHive `http://localhost:9000` +- Access to Cortex `http://localhost:9001` - Access to NodeRED `http://localhost:1880` Enjoy \ No newline at end of file diff --git a/docker/thehive4-cortex31-nodered/vol/thehive/application.conf b/docker/thehive4-cortex31-nodered/vol/thehive/application.conf index 08260fc..9e2679b 100644 --- a/docker/thehive4-cortex31-nodered/vol/thehive/application.conf +++ b/docker/thehive4-cortex31-nodered/vol/thehive/application.conf @@ -42,11 +42,11 @@ cortex { statusCheckInterval = 30 seconds } -# Configure webhooks +# Configure Node-Red webhooks notification.webhook.endpoints = [ { name: local - url: "http://n8n:5678/" + url: "http://node-red:1880/" version: 0 wsConfig: {} auth: {type:"none"} diff --git a/docker/thehive4-cortex31-traefik-https/.gitignore b/docker/thehive4-cortex31-traefik-https/.gitignore new file mode 100644 index 0000000..009c933 --- /dev/null +++ b/docker/thehive4-cortex31-traefik-https/.gitignore @@ -0,0 +1,4 @@ +#vol/cassandra/data +#vol/elasticsearch +#vol/thehive/data +#vol/thehive/index diff --git a/docker/thehive4-cortex31-traefik-https/README.md b/docker/thehive4-cortex31-traefik-https/README.md new file mode 100644 index 0000000..560f548 --- /dev/null +++ b/docker/thehive4-cortex31-traefik-https/README.md @@ -0,0 +1,58 @@ +# thehive4-cassandra3-cortex3-traefik-https + +This is a docker-compose configuration to run latest TheHive4 + latest Cortex instances with a Cassandra 3.1.1 database backend for TheHive and Elasticsearch 7.8.1 backend for Cortex. +Traefik v2.5 act as a reverse proxy for TheHive and Cortex. Traefik is configured with the TLS-endpoints. + +## Usage + +### Generating TLS certificates +This stack assumes that all the services are hosted in `localtest.me` domain. So certificate CN-name should be `*.localtest.me`. Generate TLS certificate and private key with the command +```bash +openssl req -new -newkey rsa:4096 -x509 -sha256 -days 7300 -nodes -out ./vol/traefik/certs/server.cer -keyout ./vol/traefik/certs/private.key +``` + +### Starting stack for first time +```bash +docker-compose up -d +``` + +### Configuration +After the stack is up and running navigate to [Cortex](https://cortex.localtest.me) and update database + create admin account. Login with admin account and create API-user for hive. Create API-key to that user and copy API-key to the clipboard. Replace `GET THIS FROM CORTEX` in file `./vol/thehive/application.conf` with that API-key + +```bash +play.modules.enabled += org.thp.thehive.connector.cortex.CortexModule +cortex { + servers = [ + { + name = local + url = "http://cortex:9001" + auth { + type = "bearer" + key = "GET THIS FROM CORTEX" + } + } + ] +} +``` + +and restart stack. +```bash +docker-compose restart +``` + +## Volume Configuration + +- TheHive `application.conf` file stored in `./vol/thehive/application.conf` and it's mapped to the container as `/etc/thehive/application.conf`. +- Cortex `application.conf` file stored in `./vol/cortex/application.conf` and it's mapped to the container as `/etc/cortex/application.conf`. +- TLS certificates are stored in `./vol/traefik/certs` and mapped to the container as `/etc/certs/`. +- Traefik configuration files are stored in `./vol/traefik/conf/` and are mapped to the container as `/etc/traefik/dynamic/`. +- Data for TheHive is stored under `./vol/thehive/data` and is automatically created. +- Data for Elasticsearch is stored under `./vol/elasticsearch` and is automatically created, but may require folder ownership is corrected. +- Data for Cassandra is stored under `./vol/cassandra_data` and is automatically created. + +## Service links +> Services are located in localtest.me domain which is pointing default to 127.0.0.1 (localhost) +> More information about localtest can be found here: [Localtest.me](https://readme.localtest.me/) +- [Thehive](https://thehive.localtest.me) +- [Cortex](https://cortex.localtest.me) +- [Traefik Dashboard](http://localtest.me:8080) diff --git a/docker/thehive4-cortex31-traefik-https/docker-compose.yml b/docker/thehive4-cortex31-traefik-https/docker-compose.yml new file mode 100644 index 0000000..7dcc541 --- /dev/null +++ b/docker/thehive4-cortex31-traefik-https/docker-compose.yml @@ -0,0 +1,140 @@ +version: "3.8" +services: + traefik: + container_name: traefik + hostname: traefik + image: traefik:v2.5 + restart: always + ports: + - "80:80" + - "443:443" + - "8080:8080" + command: + - --api.insecure=true + - --api.dashboard=true + - --api.debug=false + - --log.level=DEBUG + - --providers.docker=true + - --entrypoints.web.address=:80 + - --entrypoints.web-secure.address=:443 + - --providers.file.directory=/etc/traefik/dynamic + - --providers.file.watch=true + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./vol/traefik/conf/:/etc/traefik/dynamic/ + - ./vol/traefik/certs/:/etc/certs/ + networks: + backend: + proxy: + + labels: + - "traefik.enable=true" + - "traefik.http.routers.api.entrypoints=web-secure" + - "traefik.http.routers.api.rule=Host(`traefik.localtest.me`)" + - "traefik.http.routers.api.service=api@internal" + - "traefik.http.routers.api.tls=true" + - "traefik.http.routers.dashboard.entrypoints=web-secure" + - "traefik.http.services.api.loadbalancer.server.port=8080" + - "traefik.http.routers.api_http.entrypoints=web" + - "traefik.http.routers.api_http.rule=Host(`traefik.localtest.me`)" + - "traefik.http.routers.api_http.middlewares=traefik-redirectscheme" + - "traefik.http.middlewares.traefik-redirectscheme.redirectscheme.scheme=web-secure" + + cassandra: + container_name: cassandra + image: cassandra:3.11 + restart: unless-stopped + hostname: cassandra + environment: + - MAX_HEAP_SIZE=1G + - HEAP_NEWSIZE=1G + - CASSANDRA_CLUSTER_NAME=thp + volumes: + - ./vol/cassandra/data:/var/lib/cassandra/data + networks: + - backend + + elasticsearch: + container_name: elasticsearch + image: elasticsearch:7.11.1 + environment: + - http.host=0.0.0.0 + - discovery.type=single-node + - cluster.name=hive + - script.allowed_types=inline + - thread_pool.search.queue_size=100000 + - thread_pool.write.queue_size=10000 + - gateway.recover_after_nodes=1 + - xpack.security.enabled=false + - bootstrap.memory_lock=true + - ES_JAVA_OPTS=-Xms256m -Xmx256m + ulimits: + nofile: + soft: 65536 + hard: 65536 + volumes: + - ./vol/elasticsearch/data:/usr/share/elasticsearch/data + - ./vol/elasticsearch/logs:/usr/share/elasticsearch/logs + networks: + - backend + + thehive: + container_name: thehive + image: 'thehiveproject/thehive4:latest' + restart: unless-stopped + depends_on: + - cassandra + - traefik + ports: + - '0.0.0.0:9000:9000' + volumes: + - ./vol/thehive/application.conf:/etc/thehive/application.conf + - ./vol/thehive/data:/opt/thp/thehive/data + - ./vol/thehive/index:/opt/thp/thehive/index + networks: + - proxy + - backend + labels: + - "traefik.enable=true" + - "traefik.http.routers.thehive.entrypoints=web-secure" + - "traefik.http.routers.thehive.rule=Host(`thehive.localtest.me`)" + - "traefik.http.routers.thehive.service=thehive" + - "traefik.http.routers.thehive.tls=true" + - "traefik.http.services.thehive.loadbalancer.server.port=9000" + - "traefik.http.routers.thehive_http.entrypoints=web" + - "traefik.http.routers.thehive_http.rule=Host(`thehive.localtest.me`)" + - "traefik.http.routers.thehive_http.middlewares=traefik-redirectscheme" + - "traefik.http.middlewares.traefik-redirectscheme.redirectscheme.scheme=web-secure" + + cortex: + container_name: cortex + image: thehiveproject/cortex:latest + depends_on: + - elasticsearch + - traefik + networks: + - proxy + - backend + command: + --job-directory /opt/cortex/jobs + environment: + - 'JOB_DIRECTORY=/opt/cortex/jobs' + volumes: + - '/var/run/docker.sock:/var/run/docker.sock' + - './vol/cortex/application.conf:/etc/cortex/application.conf' + - './vol/cortex/jobs:/opt/cortex/jobs' + labels: + - "traefik.enable=true" + - "traefik.http.routers.cortex.entrypoints=web-secure" + - "traefik.http.routers.cortex.rule=Host(`cortex.localtest.me`)" + - "traefik.http.routers.cortex.service=cortex" + - "traefik.http.routers.cortex.tls=true" + - "traefik.http.services.cortex.loadbalancer.server.port=9001" + - "traefik.http.routers.cortex_http.entrypoints=web" + - "traefik.http.routers.cortex_http.rule=Host(`cortex.localtest.me`)" + - "traefik.http.routers.cortex_http.middlewares=traefik-redirectscheme" + - "traefik.http.middlewares.traefik-redirectscheme.redirectscheme.scheme=web-secure" + +networks: + backend: + proxy: diff --git a/docker/thehive4-cortex31-traefik-https/vol/cassandra/data/.gitkeep b/docker/thehive4-cortex31-traefik-https/vol/cassandra/data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker/thehive4-cortex31-traefik-https/vol/cortex/application.conf b/docker/thehive4-cortex31-traefik-https/vol/cortex/application.conf new file mode 100644 index 0000000..4373a9e --- /dev/null +++ b/docker/thehive4-cortex31-traefik-https/vol/cortex/application.conf @@ -0,0 +1,31 @@ +play.http.secret.key="CortexTestPassword" +play.http.session.secure=true + +## ElasticSearch +search { + index = cortex + uri = "http://elasticsearch:9200" +} + +## Cache +cache.job = 10 minutes + +job { + runner = [docker, process] +} + +## ANALYZERS +analyzer { + urls = [ + "https://download.thehive-project.org/analyzers.json" + #"/absolute/path/of/analyzers" + ] +} + +# RESPONDERS +responder { + urls = [ + "https://download.thehive-project.org/responders.json" + #"/absolute/path/of/responders" + ] +} diff --git a/docker/thehive4-cortex31-traefik-https/vol/elasticsearch/data/.gitkeep b/docker/thehive4-cortex31-traefik-https/vol/elasticsearch/data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker/thehive4-cortex31-traefik-https/vol/elasticsearch/index/.gitkeep b/docker/thehive4-cortex31-traefik-https/vol/elasticsearch/index/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker/thehive4-cortex31-traefik-https/vol/elasticsearch/logs/.gitkeep b/docker/thehive4-cortex31-traefik-https/vol/elasticsearch/logs/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker/thehive4-cortex31-traefik-https/vol/thehive/application.conf b/docker/thehive4-cortex31-traefik-https/vol/thehive/application.conf new file mode 100644 index 0000000..a0f76a1 --- /dev/null +++ b/docker/thehive4-cortex31-traefik-https/vol/thehive/application.conf @@ -0,0 +1,60 @@ +play.http.secret.key="TheHiveSecketKey1!" +play.http.session.secure=true + +# JanusGraph +db { + provider: janusgraph + janusgraph { + storage { + backend: cql + hostname: ["cassandra"] + + cql { + cluster-name: thp + keyspace: thehive + read-consistency-level: ONE + write-consistency-level: ONE + } + } + ## Index configuration + index { + search { + backend: lucene + directory: /opt/thp/thehive/index + } + } + } +} + +play.modules.enabled += org.thp.thehive.connector.cortex.CortexModule +cortex { + servers = [ + { + name = local + url = "http://cortex:9001" + auth { + type = "bearer" + key = "GET THIS FROM CORTEX" + } + } + ] +} + +storage { + provider: localfs + localfs.location: /opt/thp/thehive/data +} + +play.http.parser.maxDiskBuffer: 50MB + +#notification.webhook.endpoints = [ +# { +# name: local +# url: "http://thehive:5000/" +# version: 0 +# wsConfig: {} +# auth: {type:"none"} +# includedTheHiveOrganisations: [] +# excludedTheHiveOrganisations: [] +# } +#] diff --git a/docker/thehive4-cortex31-traefik-https/vol/thehive/data/.gitkeep b/docker/thehive4-cortex31-traefik-https/vol/thehive/data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker/thehive4-cortex31-traefik-https/vol/thehive/index/.gitkeep b/docker/thehive4-cortex31-traefik-https/vol/thehive/index/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker/thehive4-cortex31-traefik-https/vol/traefik/certs/.gitkeep b/docker/thehive4-cortex31-traefik-https/vol/traefik/certs/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker/thehive4-cortex31-traefik-https/vol/traefik/conf/tls-config.yml b/docker/thehive4-cortex31-traefik-https/vol/traefik/conf/tls-config.yml new file mode 100644 index 0000000..3322d85 --- /dev/null +++ b/docker/thehive4-cortex31-traefik-https/vol/traefik/conf/tls-config.yml @@ -0,0 +1,4 @@ +tls: + certificates: + - certFile: /etc/certs/server.cer + keyFile: /etc/certs/private.key