From 8197b9b1d00895fd7a6f3f316fd4ea731d26e482 Mon Sep 17 00:00:00 2001 From: Stefano Ortolani Date: Tue, 13 Aug 2024 14:23:45 +0100 Subject: [PATCH] Add password to redis (#107) --- core/files/entrypoint_fpm.sh | 2 +- core/files/entrypoint_nginx.sh | 1 + core/files/etc/misp-docker/initialisation.envars.json | 3 +++ core/files/etc/misp-docker/minimum_config.envars.json | 6 ++++++ docker-compose.yml | 6 +++++- template.env | 3 +++ 6 files changed, 19 insertions(+), 2 deletions(-) diff --git a/core/files/entrypoint_fpm.sh b/core/files/entrypoint_fpm.sh index 4d05167..c846f42 100755 --- a/core/files/entrypoint_fpm.sh +++ b/core/files/entrypoint_fpm.sh @@ -19,7 +19,7 @@ change_php_vars() { sed -i "s/upload_max_filesize = .*/upload_max_filesize = 50M/" "$FILE" sed -i "s/post_max_size = .*/post_max_size = 50M/" "$FILE" sed -i "s/session.save_handler = .*/session.save_handler = redis/" "$FILE" - sed -i "s|.*session.save_path = .*|session.save_path = '$(echo $REDIS_FQDN | grep -E '^\w+://' || echo tcp://$REDIS_FQDN):6379'|" "$FILE" + sed -i "s|.*session.save_path = .*|session.save_path = '$(echo $REDIS_FQDN | grep -E '^\w+://' || echo tcp://$REDIS_FQDN):6379${REDIS_PASSWORD:+?auth=${REDIS_PASSWORD}}'|" "$FILE" sed -i "s/session.sid_length = .*/session.sid_length = 64/" "$FILE" sed -i "s/session.use_strict_mode = .*/session.use_strict_mode = 1/" "$FILE" done diff --git a/core/files/entrypoint_nginx.sh b/core/files/entrypoint_nginx.sh index 60adac5..b7b2489 100755 --- a/core/files/entrypoint_nginx.sh +++ b/core/files/entrypoint_nginx.sh @@ -14,6 +14,7 @@ trap term_proc SIGTERM [ -z "$MYSQL_PASSWORD" ] && MYSQL_PASSWORD=example [ -z "$MYSQL_DATABASE" ] && MYSQL_DATABASE=misp [ -z "$MYSQLCMD" ] && export MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE" +[ -z "$REDIS_PASSWORD" ] && REDIS_PASSWORD=redispassword [ -z "$CRON_USER_ID" ] && export CRON_USER_ID="1" [ -z "$BASE_URL" ] && export BASE_URL="https://localhost" [ -z "$DISABLE_IPV6" ] && export DISABLE_IPV6=false diff --git a/core/files/etc/misp-docker/initialisation.envars.json b/core/files/etc/misp-docker/initialisation.envars.json index 4eefe62..ddd9d0e 100644 --- a/core/files/etc/misp-docker/initialisation.envars.json +++ b/core/files/etc/misp-docker/initialisation.envars.json @@ -15,6 +15,9 @@ "Plugin.ZeroMQ_redis_host": { "default_value": "${REDIS_FQDN}" }, + "Plugin.ZeroMQ_redis_password": { + "default_value": "${REDIS_PASSWORD}" + }, "Plugin.Enrichment_services_url": { "default_value": "${MISP_MODULES_FQDN}" }, diff --git a/core/files/etc/misp-docker/minimum_config.envars.json b/core/files/etc/misp-docker/minimum_config.envars.json index c22e531..00ffabb 100644 --- a/core/files/etc/misp-docker/minimum_config.envars.json +++ b/core/files/etc/misp-docker/minimum_config.envars.json @@ -5,10 +5,16 @@ "MISP.redis_host": { "default_value": "${REDIS_FQDN}" }, + "MISP.redis_password": { + "default_value": "${REDIS_PASSWORD}" + }, "GnuPG.binary": { "default_value": "${GPG_BINARY}" }, "SimpleBackgroundJobs.redis_host": { "default_value": "${REDIS_FQDN}" + }, + "SimpleBackgroundJobs.redis_password": { + "default_value": "${REDIS_PASSWORD}" } } diff --git a/docker-compose.yml b/docker-compose.yml index 836f184..4cff8a9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,8 +13,9 @@ services: redis: image: valkey/valkey:7.2 + command: "--requirepass ${REDIS_PASSWORD:-redispassword}" healthcheck: - test: valkey-cli ping || exit 1 + test: "valkey-cli -a ${REDIS_PASSWORD:-redispassword} ping || exit 1" interval: 2s timeout: 1s retries: 3 @@ -158,6 +159,8 @@ services: - "MYSQL_USER=${MYSQL_USER:-misp}" - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}" - "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}" + # redis settings + - "REDIS_PASSWORD=${REDIS_PASSWORD:-redispassword}" # Debug setting - "DEBUG=${DEBUG}" # SMTP setting @@ -173,6 +176,7 @@ services: - LIBFAUP_COMMIT=${LIBFAUP_COMMIT:?Missing .env file, see README.md for instructions} environment: - "REDIS_BACKEND=redis" + - "REDIS_PW=${REDIS_PASSWORD:-redispassword}" depends_on: redis: condition: service_healthy diff --git a/template.env b/template.env index b0bd268..98f1a95 100644 --- a/template.env +++ b/template.env @@ -78,6 +78,9 @@ SYNCSERVERS_1_PULL_RULES= # MYSQL_ROOT_PASSWORD= # MYSQL_DATABASE= +# optional and used to set redis password +# REDIS_PASSWORD= + # These variables allows overriding some MISP email values. # They all default to ADMIN_EMAIL.