diff --git a/docker-compose.yml b/compose.yml similarity index 57% rename from docker-compose.yml rename to compose.yml index 8262d99..5f2a2e5 100644 --- a/docker-compose.yml +++ b/compose.yml @@ -1,110 +1,110 @@ -version: '2.4' - -services: - parsedmarc-init: - image: patschi/parsedmarc:init - restart: always - volumes: - - ./data/conf/parsedmarc/:/etc/parsedmarc/:rw - - ./data/conf/nginx/ssl/:/etc/nginx/ssl/:rw - - ./data/data/elasticsearch:/usr/share/elasticsearch/data/:rw - networks: - - parsedmarc-network - healthcheck: - test: [ "CMD", "test", "-f", "/ready" ] - interval: 10s - timeout: 5s - retries: 9999 - start_period: 10s - - parsedmarc: - image: patschi/parsedmarc:latest - volumes: - - ./data/conf/parsedmarc/:/etc/parsedmarc/ - - ./data/data/geoipupdate/:/usr/share/GeoIP:z,ro - restart: always - networks: - - parsedmarc-network - depends_on: - elasticsearch: - condition: service_healthy - - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.8.1 - environment: - - cluster.name=parsedmarc - - discovery.type=single-node - - bootstrap.memory_lock=true - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - ulimits: - memlock: - soft: -1 - hard: -1 - volumes: - - ./data/data/elasticsearch:/usr/share/elasticsearch/data/ - restart: always - networks: - - parsedmarc-network - expose: # only expose docker-internally - - 9200 - healthcheck: - test: [ "CMD", "curl","-s" ,"-f", "http://localhost:9200/_cat/health" ] - interval: 1m - timeout: 10s - retries: 3 - start_period: 30s - depends_on: - parsedmarc-init: - condition: service_started - - kibana: - image: docker.elastic.co/kibana/kibana-oss:7.8.1 - environment: - - elasticsearch.hosts=http://elasticsearch:9200 - - telemetry.enabled=false - - telemetry.optIn=false - expose: # only expose docker-internally - - 5601 - restart: always - networks: - - parsedmarc-network - depends_on: - elasticsearch: - condition: service_healthy - healthcheck: - test: [ "CMD", "curl","-s" ,"-f", "http://localhost:5601/" ] - interval: 1m - timeout: 10s - retries: 3 - start_period: 30s - - geoipupdate: - image: maxmindinc/geoipupdate - env_file: - - geoipupdate.env - environment: - - "GEOIPUPDATE_EDITION_IDS=GeoLite2-ASN GeoLite2-City GeoLite2-Country" - - GEOIPUPDATE_PRESERVE_FILE_TIMES=1 - restart: always - volumes: - - ./data/data/geoipupdate/:/usr/share/GeoIP:z,rw - - nginx: - image: nginx:alpine - restart: always - ports: - - "9999:443" - volumes: - - ./data/conf/nginx/site.conf:/etc/nginx/conf.d/default.conf:ro - - ./data/conf/nginx/ssl/:/etc/nginx/ssl/:ro - networks: - - parsedmarc-network - depends_on: - kibana: - condition: service_healthy - parsedmarc-init: - condition: service_healthy - -networks: - parsedmarc-network: - driver: bridge +services: + parsedmarc-init: + image: patschi/parsedmarc:init + container_name: parsedmarc-init + build: + context: ./data/Dockerfiles/parsedmarc-init + dockerfile: Dockerfile + restart: unless-stopped + volumes: + - ./data/conf/parsedmarc/:/etc/parsedmarc/:rw + - ./data/data/elasticsearch:/usr/share/elasticsearch/data/:rw + networks: + - parsedmarc + healthcheck: + test: [ "CMD", "test", "-f", "/ready" ] + interval: 10s + timeout: 5s + retries: 9999 + start_period: 10s + parsedmarc: + image: patschi/parsedmarc:latest + container_name: parsedmarc + build: + context: ./data/Dockerfiles/parsedmarc + dockerfile: Dockerfile + volumes: + - ./data/conf/parsedmarc/:/etc/parsedmarc/ + - ./data/data/geoipupdate:/usr/share/GeoIP:z,ro + restart: unless-stopped + networks: + - parsedmarc + depends_on: + elasticsearch: + condition: service_healthy + + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch:7.15.0 + container_name: parsedmarc-elasticsearch + environment: + - xpack.security.enabled=false + - cluster.name=parsedmarc + - discovery.type=single-node + - bootstrap.memory_lock=true + - "ES_JAVA_OPTS=-Xms256m -Xmx256m" + ulimits: + memlock: + soft: -1 + hard: -1 + volumes: + - ./data/data/elasticsearch:/usr/share/elasticsearch/data/ + restart: unless-stopped + networks: + - parsedmarc + expose: # only expose docker-internally + - 9200 + healthcheck: + test: [ "CMD", "curl","-s" ,"-f", "http://localhost:9200/_cat/health" ] + interval: 1m + timeout: 10s + retries: 3 + start_period: 30s + depends_on: + parsedmarc-init: + condition: service_started + kibana: + image: docker.elastic.co/kibana/kibana:7.15.0 + container_name: parsedmarc-kibana + environment: + - elasticsearch.hosts=http://elasticsearch:9200 + - telemetry.enabled=false + - telemetry.optIn=false + expose: # only expose docker-internally + - 5601 + ports: + - "127.0.0.1:5601:5601" + - "[::1]:5601:5601" + restart: unless-stopped + networks: + - parsedmarc + depends_on: + elasticsearch: + condition: service_healthy + healthcheck: + test: [ "CMD", "curl","-s" ,"-f", "http://localhost:5601/" ] + interval: 1m + timeout: 10s + retries: 3 + start_period: 30s + geoipupdate: + image: crazymax/geoip-updater:latest + container_name: parsedmarc-geoipupdate + volumes: + - ./data/data/geoipupdate:/data:z,rw + env_file: + - ./data/conf/geoipupdate.env + networks: + - parsedmarc + restart: unless-stopped + +networks: + parsedmarc: + name: "parsedmarc" + driver: bridge + driver_opts: + com.docker.network.bridge.name: br-parsedmarc + enable_ipv6: true + ipam: + config: + - subnet: 172.18.0.0/29 + - subnet: fd00:1720:180::/64 diff --git a/data/Dockerfiles/parsedmarc-init/Dockerfile b/data/Dockerfiles/parsedmarc-init/Dockerfile index 3b69d14..6c30892 100644 --- a/data/Dockerfiles/parsedmarc-init/Dockerfile +++ b/data/Dockerfiles/parsedmarc-init/Dockerfile @@ -1,8 +1,8 @@ -FROM alpine:latest - -ADD start.sh /start.sh - -RUN apk add --no-cache curl openssl jq bash \ - && chmod +x /start.sh - -ENTRYPOINT [ "/start.sh" ] +FROM alpine:latest + +ADD start.sh /start.sh + +RUN apk add --no-cache curl jq bash \ + && chmod +x /start.sh + +ENTRYPOINT [ "/start.sh" ] diff --git a/data/Dockerfiles/parsedmarc-init/start.sh b/data/Dockerfiles/parsedmarc-init/start.sh index 2d8783a..c9b6c52 100644 --- a/data/Dockerfiles/parsedmarc-init/start.sh +++ b/data/Dockerfiles/parsedmarc-init/start.sh @@ -8,16 +8,6 @@ echo "Setting permissions..." chmod g+rwx -R /usr/share/elasticsearch/data/ chgrp 0 -R /usr/share/elasticsearch/data/ -echo "## NGINX" -echo "Checking nginx certs..." -cd /etc/nginx/ssl/ -if [ ! -f "/etc/nginx/ssl/kibana.crt" ] || [ ! -f "/etc/nginx/ssl/kibana.key" ]; then - echo "No certs found. Generating..." - openssl req -x509 -nodes -days 365 -newkey rsa:3072 -keyout kibana.key -out kibana.crt \ - -subj "/CN=parsedmarc" -addext "subjectAltName=DNS:parsedmarc" - echo "Certs generated." -fi - echo "## KIBANA" exportFile="/etc/parsedmarc/kibana_export.ndjson" if [ ! -f "${exportFile}" ]; then diff --git a/data/conf/geoipupdate.env b/data/conf/geoipupdate.env new file mode 100644 index 0000000..6a8773c --- /dev/null +++ b/data/conf/geoipupdate.env @@ -0,0 +1,7 @@ +TZ=Europe/Berlin +EDITION_IDS="GeoLite2-ASN,GeoLite2-City,GeoLite2-Country" +LICENSE_KEY=abc1234 +DOWNLOAD_PATH="/data" +SCHEDULE="0 0 * * 0" +LOG_LEVEL=warn +LOG_JSON=false \ No newline at end of file diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf deleted file mode 100644 index 758d995..0000000 --- a/data/conf/nginx/site.conf +++ /dev/null @@ -1,39 +0,0 @@ -server { - listen 443 ssl http2; - - server_name _ default_server; - ssl_certificate /etc/nginx/ssl/kibana.crt; - ssl_certificate_key /etc/nginx/ssl/kibana.key; - - server_tokens off; - - ssl_session_timeout 1d; - ssl_session_cache shared:SSL:15m; - ssl_session_tickets off; - - # modern configuration. tweak to your needs. - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - ssl_prefer_server_ciphers off; - - add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options nosniff; - - # Uncomment this next line if you are using a signed, trusted cert - #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; - - #auth_basic "Login required"; - #auth_basic_user_file /etc/nginx/htpasswd; - - location / { - proxy_pass http://kibana:5601; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} - -server { - listen 80; - return 301 https://$host$request_uri; -} diff --git a/data/conf/parsedmarc/config.sample.ini b/data/conf/parsedmarc/config.sample.ini index 8a69866..c34e498 100644 --- a/data/conf/parsedmarc/config.sample.ini +++ b/data/conf/parsedmarc/config.sample.ini @@ -15,7 +15,7 @@ ssl = True # advanced watch = True -archive_folder = Processed +#archive_folder = Processed delete = False # advanced advanced