Bump modules plus many other changes

Author: ostefano

core/files/entrypoint.sh

@@ -33,5 +33,15 @@ export ENABLE_DB_SETTINGS=${ENABLE_DB_SETTINGS:-false}
 export PROXY_ENABLE=${PROXY_ENABLE:-false}
 export DEBUG=${DEBUG:-0}
 
+export FASTCGI_READ_TIMEOUT=${FASTCGI_READ_TIMEOUT:-300s}
+export FASTCGI_SEND_TIMEOUT=${FASTCGI_SEND_TIMEOUT:-300s}
+export FASTCGI_CONNECT_TIMEOUT=${FASTCGI_CONNECT_TIMEOUT:-300s}
+
+export PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-2048M}
+export PHP_MAX_EXECUTION_TIME=${PHP_MAX_EXECUTION_TIME:-300}
+export PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}
+export PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}
+export PHP_MAX_INPUT_TIME:${PHP_MAX_INPUT_TIME:-300}
+
 # start supervisord using the main configuration file so we have a socket interface
 /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

core/files/entrypoint_fpm.sh

@@ -12,10 +12,11 @@ change_php_vars() {
     for FILE in /etc/php/*/fpm/php.ini
     do
         [[ -e $FILE ]] || break
-        sed -i "s/memory_limit = .*/memory_limit = 2048M/" "$FILE"
-        sed -i "s/max_execution_time = .*/max_execution_time = 300/" "$FILE"
-        sed -i "s/upload_max_filesize = .*/upload_max_filesize = 50M/" "$FILE"
-        sed -i "s/post_max_size = .*/post_max_size = 50M/" "$FILE"
+        sed -i "s/memory_limit = .*/memory_limit = ${PHP_MEMORY_LIMIT}/" "$FILE"
+        sed -i "s/max_execution_time = .*/max_execution_time = ${PHP_MAX_EXECUTION_TIME}/" "$FILE"
+        sed -i "s/upload_max_filesize = .*/upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE}/" "$FILE"
+        sed -i "s/post_max_size = .*/post_max_size = ${PHP_POST_MAX_SIZE}/" "$FILE"
+        sed -i "s/max_input_time = .*/max_input_time = ${PHP_MAX_INPUT_TIME}|" "$FILE"
         sed -i "s/session.save_handler = .*/session.save_handler = redis/" "$FILE"
         sed -i "s|.*session.save_path = .*|session.save_path = '$(echo $REDIS_HOST | grep -E '^\w+://' || echo tcp://$REDIS_HOST):6379?auth=${REDIS_PASSWORD}'|" "$FILE"
         sed -i "s/session.sid_length = .*/session.sid_length = 64/" "$FILE"

core/files/entrypoint_nginx.sh

@@ -199,6 +199,14 @@ flip_nginx() {
 }
 
 init_nginx() {
+    # Adjust timeouts
+    echo "... adjusting 'fastcgi_read_timeout' to ${FASTCGI_READ_TIMEOUT}"
+    sed -i "s/fastcgi_read_timeout .*;/fastcgi_read_timeout ${FASTCGI_READ_TIMEOUT};/" /etc/nginx/includes/misp
+    echo "... adjusting 'fastcgi_send_timeout' to ${FASTCGI_SEND_TIMEOUT}"
+    sed -i "s/fastcgi_send_timeout .*;/fastcgi_send_timeout ${FASTCGI_SEND_TIMEOUT};/" /etc/nginx/includes/misp
+    echo "... adjusting 'fastcgi_connect_timeout' to ${FASTCGI_CONNECT_TIMEOUT}"
+    sed -i "s/fastcgi_connect_timeout .*;/fastcgi_connect_timeout ${FASTCGI_CONNECT_TIMEOUT};/" /etc/nginx/includes/misp
+
     # Testing for files also test for links, and generalize better to mounted files
     if [[ ! -f "/etc/nginx/sites-enabled/misp80" ]]; then
         echo "... enabling port 80 redirect"

core/files/etc/nginx/includes/misp

@@ -25,7 +25,9 @@ location / {
 location ~ ^/[^/]+\.php(/|$) {
     include snippets/fastcgi-php.conf;
     fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
-    fastcgi_read_timeout 300;
+    fastcgi_read_timeout 300s;
+    fastcgi_send_timeout 300s;
+    fastcgi_connect_timeout 300s;
     fastcgi_split_path_info ^(.+\.php)(/.+)$;
     set $path_info $fastcgi_path_info;
     fastcgi_param PATH_INFO $path_info;

docker-compose.yml

@@ -42,7 +42,9 @@ services:
       start_period: 30s
 
   misp-core:
-    image: ghcr.io/misp/misp-docker/misp-core:latest
+    image: ghcr.io/misp/misp-docker/misp-core:${CORE_RUNNING_TAG:-latest}
+    cap_add:
+      - CAP_AUDIT_WRITE
     build:
       context: core/.
       args:
@@ -167,9 +169,19 @@ services:
       - "DEBUG=${DEBUG}"
       # SMTP setting
       - "SMTP_FQDN=${SMTP_FQDN}"
+      # NGINX settings
+      - "FASTCGI_READ_TIMEOUT=${FASTCGI_READ_TIMEOUT:-300s}"
+      - "FASTCGI_SEND_TIMEOUT=${FASTCGI_SEND_TIMEOUT:-300s}"
+      - "FASTCGI_CONNECT_TIMEOUT=${FASTCGI_CONNECT_TIMEOUT:-300s}"
+      # PHP settings
+      - "PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-2048M}"
+      - "PHP_MAX_EXECUTION_TIME=${PHP_MAX_EXECUTION_TIME:-300}"
+      - "PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}"
+      - "PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}"
+      - "PHP_MAX_INPUT_TIME:${PHP_MAX_INPUT_TIME:-300}"
 
   misp-modules:
-    image: ghcr.io/misp/misp-docker/misp-modules:latest
+    image: ghcr.io/misp/misp-docker/misp-modules:${MODULES_RUNNING_TAG:-latest}
     build:
       context: modules/.
       args:

modules/Dockerfile

@@ -30,9 +30,14 @@ FROM "${DOCKER_HUB_PROXY}python:3.12-slim-bookworm" AS python-build
 EOF
 
     WORKDIR /srv/misp-modules
-    RUN pip install pipenv
-    RUN pipenv requirements > requirements.txt
+    RUN pip install poetry
+    RUN sed -i "s/^python = .*/python = \"$(python -c 'import platform; print(platform.python_version())')\"/" pyproject.toml
+    RUN poetry lock
+    # RUN poetry install --with unstable
+    RUN poetry self add poetry-plugin-export
+    RUN poetry export --with unstable --without-hashes -f requirements.txt -o requirements.txt
     RUN pip wheel -r requirements.txt --no-cache-dir -w /wheels/
+    RUN poetry build --output /wheels/
 
     WORKDIR /srv/
     RUN rm -rf /srv/misp-modules

template.env

@@ -3,7 +3,7 @@
 ##
 
 CORE_TAG=v2.4.196
-MODULES_TAG=v2.4.195
+MODULES_TAG=v2.4.196
 PHP_VER=20190902
 LIBFAUP_COMMIT=3a26d0a
 
@@ -28,6 +28,9 @@ LIBFAUP_COMMIT=3a26d0a
 # Run-time variables
 ##
 
+# CORE_RUNNING_TAG=latest
+# MODULES_RUNNING_TAG=latest
+
 # Email/username for user #1, defaults to MISP's default ([email protected])
 ADMIN_EMAIL=
 # name of org #1, default to MISP's default (ORGNAME)
@@ -166,3 +169,15 @@ SYNCSERVERS_1_PULL_RULES=
 # 1 - Debug on
 # 2 - Debug on + SQL dump
 # DEBUG=
+
+# FastCGI configuration
+# FASTCGI_READ_TIMEOUT=300s
+# FASTCGI_SEND_TIMEOUT=300s
+# FASTCGI_CONNECT_TIMEOUT=300s
+
+# PHP fpm configuration
+# PHP_MEMORY_LIMIT=2048
+# PHP_MAX_EXECUTION_TIME=300
+# PHP_UPLOAD_MAX_FILESIZE=50M
+# PHP_POST_MAX_SIZE=50M
+# PHP_MAX_INPUT_TIME=300