tweaking for nginx, cyberchef, elasticvue

create builder for cyberchef and elasticvue based on respective masters
builders will build webapps and copy output to nginx html folder as tgz
some tweaking for elasticvue to properly load original favicon
with cyberchef now run as nginx webapp we gain another 40MB of RAM
while webapps will be built on AMD64 all final docker images can now be built as multi arch images for AMD64 and ARM64

docker/docker-compose.yml

@@ -158,11 +158,6 @@ services:
 #### Tools
 ##################
 
-# Cyberchef service
-  cyberchef:
-    build: cyberchef/.
-    image: "dtagdevsec/cyberchef:2203"
-
 #### ELK
 ## Elasticsearch service
   elasticsearch:
@@ -186,7 +181,7 @@ services:
 
 # Nginx service
   nginx:
-    build: heimdall/.
+    build: nginx/.
     image: "dtagdevsec/nginx:2203"
 
 # Spiderfoot service

docker/nginx/Dockerfile

@@ -9,14 +9,18 @@ RUN apk -U --no-cache add \
       nginx-mod-http-headers-more \
       && \
 #
-## Setup T-Pot Landing Page, Eleasticvue 
+## Setup T-Pot Landing Page, Eleasticvue, Cyberchef 
     cp -R /root/dist/html/* /var/lib/nginx/html/ && \
     cd /var/lib/nginx/html/esvue && \
     tar xvfz esvue.tgz && \
     rm esvue.tgz && \
+    cd /var/lib/nginx/html/cyberchef && \
+    tar xvfz cyberchef.tgz && \
+    rm cyberchef.tgz && \
 #
 ## Change ownership, permissions
     chown root:www-data -R /var/lib/nginx/html && \
+    chmod 755 -R /var/lib/nginx/html && \
 #
 ## Add Nginx / T-Pot specific configs
     rm -rf /etc/nginx/conf.d/* /usr/share/nginx/html/* && \

docker/nginx/builder/cyberchef/Dockerfile

@@ -0,0 +1,17 @@
+FROM node:10.24.1-alpine3.11 as builder
+#
+# Prep and build Cyberchef 
+RUN apk -U --no-cache add git && \
+    chown -R node:node /srv && \
+    npm install -g grunt-cli
+WORKDIR /srv
+USER node
+RUN git clone https://github.com/gchq/cyberchef -b v9.32.3 . && \
+    NODE_OPTIONS=--max_old_space_size=2048 && \
+    npm install && \
+    grunt prod && \
+    cd build/prod && \
+    tar cvfz cyberchef.tgz *
+#    
+FROM scratch AS exporter
+COPY --from=builder /srv/build/prod/cyberchef.tgz /

docker/nginx/builder/cyberchef/build.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+# Needs buildx to build. Run tpotce/bin/setup-builder.sh first
+docker buildx build --output ../../dist/html/cyberchef/ .

docker/nginx/builder/esvue/Dockerfile

@@ -0,0 +1,21 @@
+FROM node:14.18-alpine AS builder
+#
+# Prep and build Elasticvue 
+RUN apk -U --no-cache add git && \
+    git clone https://github.com/cars10/elasticvue /opt/src && \
+# We need to adjust consts.js so the user has connection suggestion for reverse proxied ES
+    sed -i "s#export const DEFAULT_HOST = 'http://localhost:9200'#export const DEFAULT_HOST = window.location.origin + '/es'#g" /opt/src/src/consts.js && \
+    sed -i 's#href="/images/logo/favicon.ico"#href="images/logo/favicon.ico"#g' /opt/src/public/index.html && \
+    mkdir /opt/app && \
+    cd /opt/app && \
+    cp /opt/src/package.json . && \
+    cp /opt/src/yarn.lock . && \
+    yarn install && \
+    cp -R /opt/src/* . && \
+# We need to set this ENV so we can run Elasticvue in its own location rather than /
+    VUE_APP_PUBLIC_PATH=/elasticvue/ yarn build && \
+    cd dist && \
+    tar cvfz esvue.tgz *
+#    
+FROM scratch AS exporter
+COPY --from=builder /opt/app/dist/esvue.tgz /

docker/nginx/builder/esvue/build.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+# Needs buildx to build. Run tpotce/bin/setup-builder.sh first
+docker buildx build --output ../../dist/html/esvue/ .

docker/nginx/dist/conf/tpotweb.conf

@@ -95,6 +95,12 @@ server {
         try_files $uri $uri/ /index.html?$args;
     }
 
+    location ^~ /cyberchef {
+        index index.html;
+        alias /var/lib/nginx/html/cyberchef;
+        try_files $uri $uri/ /index.html?$args;
+    }
+
     location ^~ /elasticvue {
         index index.html;
         alias /var/lib/nginx/html/esvue;
@@ -118,12 +124,6 @@ server {
         rewrite /es/(.*)$ /$1 break;
     }
 
-    ### CyberChef
-    location /cyberchef {
-        proxy_pass http://127.0.0.1:64299;
-        rewrite ^/cyberchef(.*)$ /$1 break;
-    }
-
     ### spiderfoot
     location /spiderfoot {
         proxy_pass http://127.0.0.1:64303;

etc/compose/collector.yml

@@ -3,7 +3,6 @@
 version: '2.3'
 
 networks:
-  cyberchef_local:
   heralding_local:
   ewsposter_local:
   spiderfoot_local:
@@ -111,17 +110,6 @@ services:
 #### Tools
 ##################
 
-# Cyberchef service
-  cyberchef:
-    container_name: cyberchef
-    restart: always
-    networks:
-     - cyberchef_local
-    ports:
-     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2203"
-    read_only: true
-
 #### ELK
 ## Elasticsearch service
   elasticsearch:

etc/compose/hive.yml

@@ -3,7 +3,6 @@
 version: '2.3'
 
 networks:
-  cyberchef_local:
   spiderfoot_local:
 
 services:
@@ -12,17 +11,6 @@ services:
 #### Tools
 ##################
 
-# Cyberchef service
-  cyberchef:
-    container_name: cyberchef
-    restart: always
-    networks:
-     - cyberchef_local
-    ports:
-     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2203"
-    read_only: true
-
 #### ELK
 ## Elasticsearch service
   elasticsearch:

etc/compose/industrial.yml

@@ -9,7 +9,6 @@ networks:
   conpot_local_ipmi:
   conpot_local_kamstrup_382:
   cowrie_local:
-  cyberchef_local:
   dicompot_local:
   heralding_local:
   honeysap_local:
@@ -318,17 +317,6 @@ services:
 #### Tools
 ##################
 
-# Cyberchef service
-  cyberchef:
-    container_name: cyberchef
-    restart: always
-    networks:
-     - cyberchef_local
-    ports:
-     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2203"
-    read_only: true
-
 #### ELK
 ## Elasticsearch service
   elasticsearch:

etc/compose/log4j.yml

@@ -3,7 +3,6 @@
 version: '2.3'
 
 networks:
-  cyberchef_local:
   log4pot_local:
   ewsposter_local:
   spiderfoot_local:
@@ -101,17 +100,6 @@ services:
 #### Tools
 ##################
 
-# Cyberchef service
-  cyberchef:
-    container_name: cyberchef
-    restart: always
-    networks:
-     - cyberchef_local
-    ports:
-     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2203"
-    read_only: true
-
 #### ELK
 ## Elasticsearch service
   elasticsearch:

etc/compose/medical.yml

@@ -3,7 +3,6 @@
 version: '2.3'
 
 networks:
-  cyberchef_local:
   dicompot_local:
   medpot_local:
   ewsposter_local:
@@ -95,17 +94,6 @@ services:
 #### Tools
 ##################
 
-# Cyberchef service
-  cyberchef:
-    container_name: cyberchef
-    restart: always
-    networks:
-     - cyberchef_local
-    ports:
-     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2203"
-    read_only: true
-
 #### ELK
 ## Elasticsearch service
   elasticsearch:

etc/compose/mini.yml

@@ -3,7 +3,6 @@
 version: '2.3'
 
 networks:
-  cyberchef_local:
   honeypots_local:
   ewsposter_local:
   spiderfoot_local:
@@ -120,17 +119,6 @@ services:
 #### Tools
 ##################
 
-# Cyberchef service
-  cyberchef:
-    container_name: cyberchef
-    restart: always
-    networks:
-     - cyberchef_local
-    ports:
-     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2203"
-    read_only: true
-
 #### ELK
 ## Elasticsearch service
   elasticsearch:

etc/compose/nextgen.yml

@@ -10,7 +10,6 @@ networks:
   conpot_local_guardian_ast:
   conpot_local_ipmi:
   conpot_local_kamstrup_382:
-  cyberchef_local:
   dicompot_local:
   dionaea_local:
   ddospot_local:
@@ -461,17 +460,6 @@ services:
 #### Tools
 ##################
 
-# Cyberchef service
-  cyberchef:
-    container_name: cyberchef
-    restart: always
-    networks:
-     - cyberchef_local
-    ports:
-     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2203"
-    read_only: true
-
 #### ELK
 ## Elasticsearch service
   elasticsearch:

etc/compose/standard.yml

@@ -10,7 +10,6 @@ networks:
   conpot_local_ipmi:
   conpot_local_kamstrup_382:
   cowrie_local:
-  cyberchef_local:
   dicompot_local:
   dionaea_local:
   elasticpot_local:
@@ -494,17 +493,6 @@ services:
 #### Tools
 ##################
 
-# Cyberchef service
-  cyberchef:
-    container_name: cyberchef
-    restart: always
-    networks:
-     - cyberchef_local
-    ports:
-     - "127.0.0.1:64299:8000"
-    image: "dtagdevsec/cyberchef:2203"
-    read_only: true
-
 #### ELK
 ## Elasticsearch service
   elasticsearch: