Prep update for Nginx Image:

- Bump Nginx to latest version
- Bump Cyberchef to 11.0
- Bump Elasticvue to 1.15.0

.gitignore

@@ -1,6 +1,9 @@
 # Ignore data folder
 data/
 _data/
+data_backup/
 **/.DS_Store
 .idea
 install_tpot.log
+.env
+AGENTS.md

docker/nginx/Dockerfile

@@ -1,7 +1,29 @@
-FROM alpine:3.23
+ARG ALPINE_VERSION=3.23
+
+FROM alpine:${ALPINE_VERSION} AS assets
 #
-# Include dist
-COPY dist/ /root/dist/
+# Include dist and prepare final assets
+COPY dist/ /work/dist/
+RUN mkdir -p /out/var/lib/nginx/html /out/etc/nginx/conf.d && \
+    cd /work/dist/html/esvue && \
+    sha256sum -c esvue.tgz.sha256 && \
+    cd /work/dist/html/cyberchef && \
+    sha256sum -c cyberchef.tgz.sha256 && \
+    cp -R /work/dist/html/* /out/var/lib/nginx/html/ && \
+    cd /out/var/lib/nginx/html/esvue && \
+    tar xvfz esvue.tgz && \
+    rm -f esvue.tgz && \
+    cd /out/var/lib/nginx/html/cyberchef && \
+    tar xvfz cyberchef.tgz && \
+    rm -f cyberchef.tgz && \
+    find /out/var/lib/nginx/html -type d -exec chmod 755 {} \; && \
+    find /out/var/lib/nginx/html -type f -exec chmod 644 {} \; && \
+    cp /work/dist/conf/nginx.conf /out/etc/nginx/ && \
+    cp -R /work/dist/conf/ssl /out/etc/nginx/ && \
+    cp /work/dist/conf/tpotweb.conf /out/etc/nginx/conf.d/ && \
+    cp /work/dist/conf/lsweb.conf /out/etc/nginx/conf.d/
+
+FROM alpine:${ALPINE_VERSION}
 #
 # Install packages
 RUN apk --no-cache -U upgrade && \
@@ -10,31 +32,14 @@ RUN apk --no-cache -U upgrade && \
       nginx-mod-http-brotli \
       nginx-mod-http-headers-more \
       nginx-mod-http-lua && \
+    rm -rf /etc/nginx/conf.d/* /usr/share/nginx/html/*
 #
-## Setup T-Pot Landing Page, Eleasticvue, Cyberchef 
-    cp -R /root/dist/html/* /var/lib/nginx/html/ && \
-    cd /var/lib/nginx/html/esvue && \
-    tar xvfz esvue.tgz && \
-    rm esvue.tgz && \
-    cd /var/lib/nginx/html/cyberchef && \
-    tar xvfz cyberchef.tgz && \
-    rm cyberchef.tgz && \
-#
-## Change ownership, permissions
-    chown root:www-data -R /var/lib/nginx/html && \
-    chmod 755 -R /var/lib/nginx/html && \
-#
-## Add Nginx / T-Pot specific configs
-    rm -rf /etc/nginx/conf.d/* /usr/share/nginx/html/* && \
-    mkdir -p /etc/nginx/conf.d && \
-    cp /root/dist/conf/nginx.conf /etc/nginx/ && \
-    cp -R /root/dist/conf/ssl /etc/nginx/ && \
-    cp /root/dist/conf/tpotweb.conf /etc/nginx/conf.d/ && \
-    cp /root/dist/conf/lsweb.conf /etc/nginx/conf.d/ && \
-#
-# Clean up
-    rm -rf /root/* \
-           /var/cache/apk/*
+## Add prepared web assets and Nginx / T-Pot specific configs
+COPY --from=assets --chown=root:www-data /out/var/lib/nginx/html/ /var/lib/nginx/html/
+COPY --from=assets /out/etc/nginx/nginx.conf /etc/nginx/nginx.conf
+COPY --from=assets /out/etc/nginx/ssl/ /etc/nginx/ssl/
+COPY --from=assets /out/etc/nginx/conf.d/tpotweb.conf /etc/nginx/conf.d/tpotweb.conf
+COPY --from=assets /out/etc/nginx/conf.d/lsweb.conf /etc/nginx/conf.d/lsweb.conf
 #
 # Start nginx
 CMD ["nginx", "-g", "daemon off;"]

docker/nginx/builder/cyberchef/Dockerfile

@@ -1,7 +1,7 @@
-FROM node:18-alpine as builder
+FROM node:24-alpine AS builder
 #
 # Prep and build Cyberchef
-ENV CY_VER=v10.19.4
+ENV CY_VER=v11.0.0
 RUN apk -U --no-cache add build-base git python3 && \
     chown -R node:node /srv && \
     npm install -g grunt-cli

docker/nginx/builder/cyberchef/build.sh

@@ -1,3 +1,11 @@
 #!/bin/bash
 # Needs buildx to build. Run tpotce/bin/setup-builder.sh first
-docker buildx build --output ../../dist/html/cyberchef/ .
+set -euo pipefail
+
+cd "$(dirname "$0")"
+OUT_DIR="../../dist/html/cyberchef"
+
+docker buildx build --output "${OUT_DIR}/" .
+
+cd "${OUT_DIR}"
+sha256sum cyberchef.tgz > cyberchef.tgz.sha256

docker/nginx/builder/esvue/Dockerfile

@@ -1,10 +1,10 @@
 ### elasticvue build is currently broken, issue has been opened https://github.com/cars10/elasticvue/issues/215
 ### in the meantime we are using the older dist, if not resolved we need to find a different solution
-FROM node:22.21.1-alpine AS builder
+FROM node:24.15.0-alpine AS builder
 #
 # Prep and build Elasticvue 
 RUN apk -U --no-cache add git && \
-    git clone https://github.com/cars10/elasticvue -b v1.11.1 /opt/src && \
+    git clone https://github.com/cars10/elasticvue -b v1.15.0 /opt/src && \
 # We need to adjust consts.ts so the user has connection suggestion for reverse proxied ES
     sed -i "s#export const DEFAULT_CLUSTER_URI = 'http://localhost:9200'#export const DEFAULT_CLUSTER_URI = window.location.origin + '/es'#g" /opt/src/src/consts.ts && \
     sed -i 's#href="/images/logo/favicon.ico"#href="images/logo/favicon.ico"#g' /opt/src/index.html && \

docker/nginx/builder/esvue/build.sh

@@ -1,3 +1,11 @@
 #!/bin/bash
 # Needs buildx to build. Run tpotce/bin/setup-builder.sh first
-docker buildx build --no-cache --progress plain --output ../../dist/html/esvue/ .
+set -euo pipefail
+
+cd "$(dirname "$0")"
+OUT_DIR="../../dist/html/esvue"
+
+docker buildx build --no-cache --progress plain --output "${OUT_DIR}/" .
+
+cd "${OUT_DIR}"
+sha256sum esvue.tgz > esvue.tgz.sha256

docker/nginx/dist/html/cyberchef/cyberchef.tgz.sha256

@@ -0,0 +1 @@
+085e5012fd3514f8b72652f1e4b784d9121e562e8a2968bff2a293cd70a24e51  cyberchef.tgz

docker/nginx/dist/html/esvue/esvue.tgz.sha256

@@ -0,0 +1 @@
+c97d67259f3ef0bdcbd316cbda606df4db220f398f3a2c21ca4cce81e0fd287d  esvue.tgz