diff --git a/.gitignore b/.gitignore index 14b8fa50..82626785 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,9 @@ # Ignore data folder data/ _data/ +data_backup/ **/.DS_Store .idea install_tpot.log +.env +AGENTS.md \ No newline at end of file diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile index 6051fcdb..206464b1 100644 --- a/docker/nginx/Dockerfile +++ b/docker/nginx/Dockerfile @@ -1,7 +1,29 @@ -FROM alpine:3.23 +ARG ALPINE_VERSION=3.23 + +FROM alpine:${ALPINE_VERSION} AS assets # -# Include dist -COPY dist/ /root/dist/ +# Include dist and prepare final assets +COPY dist/ /work/dist/ +RUN mkdir -p /out/var/lib/nginx/html /out/etc/nginx/conf.d && \ + cd /work/dist/html/esvue && \ + sha256sum -c esvue.tgz.sha256 && \ + cd /work/dist/html/cyberchef && \ + sha256sum -c cyberchef.tgz.sha256 && \ + cp -R /work/dist/html/* /out/var/lib/nginx/html/ && \ + cd /out/var/lib/nginx/html/esvue && \ + tar xvfz esvue.tgz && \ + rm -f esvue.tgz && \ + cd /out/var/lib/nginx/html/cyberchef && \ + tar xvfz cyberchef.tgz && \ + rm -f cyberchef.tgz && \ + find /out/var/lib/nginx/html -type d -exec chmod 755 {} \; && \ + find /out/var/lib/nginx/html -type f -exec chmod 644 {} \; && \ + cp /work/dist/conf/nginx.conf /out/etc/nginx/ && \ + cp -R /work/dist/conf/ssl /out/etc/nginx/ && \ + cp /work/dist/conf/tpotweb.conf /out/etc/nginx/conf.d/ && \ + cp /work/dist/conf/lsweb.conf /out/etc/nginx/conf.d/ + +FROM alpine:${ALPINE_VERSION} # # Install packages RUN apk --no-cache -U upgrade && \ @@ -9,32 +31,15 @@ RUN apk --no-cache -U upgrade && \ nginx \ nginx-mod-http-brotli \ nginx-mod-http-headers-more \ - nginx-mod-http-lua && \ + nginx-mod-http-lua && \ + rm -rf /etc/nginx/conf.d/* /usr/share/nginx/html/* # -## Setup T-Pot Landing Page, Eleasticvue, Cyberchef - cp -R /root/dist/html/* /var/lib/nginx/html/ && \ - cd /var/lib/nginx/html/esvue && \ - tar xvfz esvue.tgz && \ - rm esvue.tgz && \ - cd /var/lib/nginx/html/cyberchef && \ - tar xvfz cyberchef.tgz && \ - rm cyberchef.tgz && \ -# -## Change ownership, permissions - chown root:www-data -R /var/lib/nginx/html && \ - chmod 755 -R /var/lib/nginx/html && \ -# -## Add Nginx / T-Pot specific configs - rm -rf /etc/nginx/conf.d/* /usr/share/nginx/html/* && \ - mkdir -p /etc/nginx/conf.d && \ - cp /root/dist/conf/nginx.conf /etc/nginx/ && \ - cp -R /root/dist/conf/ssl /etc/nginx/ && \ - cp /root/dist/conf/tpotweb.conf /etc/nginx/conf.d/ && \ - cp /root/dist/conf/lsweb.conf /etc/nginx/conf.d/ && \ -# -# Clean up - rm -rf /root/* \ - /var/cache/apk/* +## Add prepared web assets and Nginx / T-Pot specific configs +COPY --from=assets --chown=root:www-data /out/var/lib/nginx/html/ /var/lib/nginx/html/ +COPY --from=assets /out/etc/nginx/nginx.conf /etc/nginx/nginx.conf +COPY --from=assets /out/etc/nginx/ssl/ /etc/nginx/ssl/ +COPY --from=assets /out/etc/nginx/conf.d/tpotweb.conf /etc/nginx/conf.d/tpotweb.conf +COPY --from=assets /out/etc/nginx/conf.d/lsweb.conf /etc/nginx/conf.d/lsweb.conf # # Start nginx CMD ["nginx", "-g", "daemon off;"] diff --git a/docker/nginx/builder/cyberchef/Dockerfile b/docker/nginx/builder/cyberchef/Dockerfile index a62ca049..5c85cbef 100644 --- a/docker/nginx/builder/cyberchef/Dockerfile +++ b/docker/nginx/builder/cyberchef/Dockerfile @@ -1,7 +1,7 @@ -FROM node:18-alpine as builder +FROM node:24-alpine AS builder # # Prep and build Cyberchef -ENV CY_VER=v10.19.4 +ENV CY_VER=v11.0.0 RUN apk -U --no-cache add build-base git python3 && \ chown -R node:node /srv && \ npm install -g grunt-cli diff --git a/docker/nginx/builder/cyberchef/build.sh b/docker/nginx/builder/cyberchef/build.sh index ccf3660b..38fc782a 100755 --- a/docker/nginx/builder/cyberchef/build.sh +++ b/docker/nginx/builder/cyberchef/build.sh @@ -1,3 +1,11 @@ #!/bin/bash # Needs buildx to build. Run tpotce/bin/setup-builder.sh first -docker buildx build --output ../../dist/html/cyberchef/ . +set -euo pipefail + +cd "$(dirname "$0")" +OUT_DIR="../../dist/html/cyberchef" + +docker buildx build --output "${OUT_DIR}/" . + +cd "${OUT_DIR}" +sha256sum cyberchef.tgz > cyberchef.tgz.sha256 diff --git a/docker/nginx/builder/esvue/Dockerfile b/docker/nginx/builder/esvue/Dockerfile index abbde152..2ebbe3fd 100644 --- a/docker/nginx/builder/esvue/Dockerfile +++ b/docker/nginx/builder/esvue/Dockerfile @@ -1,10 +1,10 @@ ### elasticvue build is currently broken, issue has been opened https://github.com/cars10/elasticvue/issues/215 ### in the meantime we are using the older dist, if not resolved we need to find a different solution -FROM node:22.21.1-alpine AS builder +FROM node:24.15.0-alpine AS builder # # Prep and build Elasticvue RUN apk -U --no-cache add git && \ - git clone https://github.com/cars10/elasticvue -b v1.11.1 /opt/src && \ + git clone https://github.com/cars10/elasticvue -b v1.15.0 /opt/src && \ # We need to adjust consts.ts so the user has connection suggestion for reverse proxied ES sed -i "s#export const DEFAULT_CLUSTER_URI = 'http://localhost:9200'#export const DEFAULT_CLUSTER_URI = window.location.origin + '/es'#g" /opt/src/src/consts.ts && \ sed -i 's#href="/images/logo/favicon.ico"#href="images/logo/favicon.ico"#g' /opt/src/index.html && \ diff --git a/docker/nginx/builder/esvue/build.sh b/docker/nginx/builder/esvue/build.sh index c79afe0e..97723d54 100755 --- a/docker/nginx/builder/esvue/build.sh +++ b/docker/nginx/builder/esvue/build.sh @@ -1,3 +1,11 @@ #!/bin/bash # Needs buildx to build. Run tpotce/bin/setup-builder.sh first -docker buildx build --no-cache --progress plain --output ../../dist/html/esvue/ . +set -euo pipefail + +cd "$(dirname "$0")" +OUT_DIR="../../dist/html/esvue" + +docker buildx build --no-cache --progress plain --output "${OUT_DIR}/" . + +cd "${OUT_DIR}" +sha256sum esvue.tgz > esvue.tgz.sha256 diff --git a/docker/nginx/dist/html/cyberchef/cyberchef.tgz b/docker/nginx/dist/html/cyberchef/cyberchef.tgz index 4b225e0d..50f7cea5 100644 Binary files a/docker/nginx/dist/html/cyberchef/cyberchef.tgz and b/docker/nginx/dist/html/cyberchef/cyberchef.tgz differ diff --git a/docker/nginx/dist/html/cyberchef/cyberchef.tgz.sha256 b/docker/nginx/dist/html/cyberchef/cyberchef.tgz.sha256 new file mode 100644 index 00000000..02a9a972 --- /dev/null +++ b/docker/nginx/dist/html/cyberchef/cyberchef.tgz.sha256 @@ -0,0 +1 @@ +085e5012fd3514f8b72652f1e4b784d9121e562e8a2968bff2a293cd70a24e51 cyberchef.tgz diff --git a/docker/nginx/dist/html/esvue/esvue.tgz b/docker/nginx/dist/html/esvue/esvue.tgz index 94184101..f48df832 100644 Binary files a/docker/nginx/dist/html/esvue/esvue.tgz and b/docker/nginx/dist/html/esvue/esvue.tgz differ diff --git a/docker/nginx/dist/html/esvue/esvue.tgz.sha256 b/docker/nginx/dist/html/esvue/esvue.tgz.sha256 new file mode 100644 index 00000000..fd447ed0 --- /dev/null +++ b/docker/nginx/dist/html/esvue/esvue.tgz.sha256 @@ -0,0 +1 @@ +c97d67259f3ef0bdcbd316cbda606df4db220f398f3a2c21ca4cce81e0fd287d esvue.tgz