Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: OpenCTI-Platform/docker
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: CodeForAfrica/cfa-opencti-docker
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Can’t automatically merge. Don’t worry, you can still create the pull request.

Commits on Mar 28, 2024

  1. updates for deployment

    thepsalmist committed Mar 28, 2024
    Copy the full SHA
    cf48b26 View commit details
  2. lint

    thepsalmist committed Mar 28, 2024
    Copy the full SHA
    3730b9e View commit details
  3. update deployment doc

    thepsalmist committed Mar 28, 2024
    Copy the full SHA
    e0d858d View commit details
  4. update deployment doc

    thepsalmist committed Mar 28, 2024
    Copy the full SHA
    2c0eef1 View commit details
  5. cleanup import connector

    thepsalmist committed Mar 28, 2024
    Copy the full SHA
    fe9aef2 View commit details
  6. add MINIO s3 settings

    thepsalmist committed Mar 28, 2024
    Copy the full SHA
    d06d38a View commit details

Commits on Apr 2, 2024

  1. update node roles

    thepsalmist committed Apr 2, 2024
    Copy the full SHA
    b088858 View commit details
  2. update node roles

    thepsalmist committed Apr 2, 2024
    Copy the full SHA
    56d2279 View commit details

Commits on Apr 3, 2024

  1. fix docker swarm deploy

    thepsalmist committed Apr 3, 2024
    Copy the full SHA
    a4589de View commit details
  2. update Makefile

    thepsalmist committed Apr 3, 2024
    Copy the full SHA
    e220c2e View commit details
  3. update Makefile

    thepsalmist committed Apr 3, 2024
    Copy the full SHA
    bf360d6 View commit details
  4. Copy the full SHA
    64da00b View commit details
  5. merge main

    thepsalmist committed Apr 3, 2024
    Copy the full SHA
    d2904d8 View commit details
  6. fix lint

    thepsalmist committed Apr 3, 2024
    Copy the full SHA
    3165e8f View commit details

Commits on Apr 4, 2024

  1. Copy the full SHA
    321e890 View commit details
  2. update: lint

    thepsalmist committed Apr 4, 2024
    Copy the full SHA
    87e283d View commit details

Commits on Apr 30, 2024

  1. Copy the full SHA
    dfa0ea7 View commit details

Commits on May 6, 2024

  1. Copy the full SHA
    04b25fa View commit details

Commits on May 7, 2024

  1. Copy the full SHA
    5dc7905 View commit details
  2. Copy the full SHA
    1cb06cd View commit details

Commits on May 8, 2024

  1. update Makefile

    thepsalmist committed May 8, 2024
    Copy the full SHA
    6c07287 View commit details
  2. Copy the full SHA
    6cd0535 View commit details
  3. bump opencti to 6.0.10

    thepsalmist committed May 8, 2024
    Copy the full SHA
    53fad71 View commit details
  4. Copy the full SHA
    1f10a2c View commit details
  5. apply feedback

    thepsalmist committed May 8, 2024
    Copy the full SHA
    33605f9 View commit details
  6. chore: update .env file

    VinneyJ committed May 8, 2024
    Copy the full SHA
    f751de1 View commit details
  7. fix: docs typo

    VinneyJ committed May 8, 2024
    Copy the full SHA
    d982945 View commit details

Commits on May 13, 2024

  1. Update Makefile

    Co-authored-by: Clemence Kyara <kilemensi@users.noreply.github.com>
    thepsalmist and kilemensi authored May 13, 2024
    Copy the full SHA
    d29a3ad View commit details
  2. Copy the full SHA
    312c724 View commit details
  3. Merge branch 'ft/deployment-setup' of github.com:CodeForAfrica/cfa-op…

    …encti-docker into ft/deployment-setup
    thepsalmist committed May 13, 2024
    Copy the full SHA
    e2b2513 View commit details

Commits on May 16, 2024

  1. update Makefile

    thepsalmist committed May 16, 2024
    Copy the full SHA
    53aca68 View commit details
  2. rm minio

    thepsalmist committed May 16, 2024
    Copy the full SHA
    34efe1f View commit details
  3. Copy the full SHA
    e29d143 View commit details
  4. bump to 6.1.1 release

    thepsalmist committed May 16, 2024
    Copy the full SHA
    eff91d1 View commit details
  5. bump to 6.1.1 release

    thepsalmist committed May 16, 2024
    Copy the full SHA
    ee29abc View commit details

Commits on Jul 22, 2024

  1. Copy the full SHA
    e5684ba View commit details
  2. Copy the full SHA
    8c7722c View commit details
  3. chore: add YML anchor tags

    VinneyJ committed Jul 22, 2024
    Copy the full SHA
    7aa2bb4 View commit details
  4. Copy the full SHA
    09f2b5f View commit details
  5. Copy the full SHA
    4195d41 View commit details
  6. fix: nginx variables

    thepsalmist committed Jul 22, 2024
    Copy the full SHA
    2a0e8ba View commit details
  7. updates

    thepsalmist committed Jul 22, 2024
    Copy the full SHA
    87228d9 View commit details

Commits on Jul 23, 2024

  1. update nginx port mapping

    thepsalmist committed Jul 23, 2024
    Copy the full SHA
    8036381 View commit details
  2. nginx bugfix

    thepsalmist committed Jul 23, 2024
    Copy the full SHA
    42df969 View commit details
  3. Merge pull request #1 from CodeForAfrica/ft/deployment-setup

    Ft/deployment setup
    thepsalmist authored Jul 23, 2024
    Copy the full SHA
    86a482e View commit details

Commits on Jul 25, 2024

  1. Copy the full SHA
    b14f869 View commit details
  2. fix: remove extra line

    VinneyJ committed Jul 25, 2024
    Copy the full SHA
    dc5d51d View commit details
  3. Merge pull request #3 from CodeForAfrica/opencti-docs

    chore: add install config docs, add install scripts, service restart policy
    VinneyJ authored Jul 25, 2024
    Copy the full SHA
    9a4e61a View commit details
16 changes: 15 additions & 1 deletion .env.sample
Original file line number Diff line number Diff line change
@@ -2,14 +2,28 @@ OPENCTI_ADMIN_EMAIL=admin@opencti.io
OPENCTI_ADMIN_PASSWORD=changeme
OPENCTI_ADMIN_TOKEN=ChangeMe_UUIDv4
OPENCTI_BASE_URL=http://localhost:8080
OPENCTI_VERSION=6.2.6
MINIO_ROOT_USER=opencti
MINIO_ROOT_PASSWORD=changeme
MINIO__ENDPOINT=
MINIO__ACCESS_KEY=
MINIO__SECRET_KEY=
MINIO__BUCKET_NAME=
MINIO__BUCKET_REGION=
RABBITMQ_DEFAULT_USER=opencti
RABBITMQ_DEFAULT_PASS=changeme
ELASTIC_USER=
ELASTIC_PASSWORD=
ELASTIC_IP_1=
ELASTIC_IP_2=
ELASTIC_IP_3=
ELASTIC_PORT=
CONNECTOR_EXPORT_FILE_STIX_ID=dd817c8b-abae-460a-9ebc-97b1551e70e6
CONNECTOR_EXPORT_FILE_CSV_ID=7ba187fb-fde8-4063-92b5-c3da34060dd7
CONNECTOR_EXPORT_FILE_TXT_ID=ca715d9c-bd64-4351-91db-33a8d728a58b
CONNECTOR_IMPORT_FILE_STIX_ID=72327164-0b35-482b-b5d6-a5a3f76b845f
CONNECTOR_IMPORT_DOCUMENT_ID=c3970f8a-ce4b-4497-a381-20b7256f56f0
DISARM_CONNECTOR_ID=815330ab-ec11-4388-a30b-62a213cdbebb
SMTP_HOSTNAME=localhost
ELASTIC_MEMORY_SIZE=4G
ELASTIC_MEMORY_SIZE=4G

18 changes: 18 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
.PHONY: deploy remove build

STACK_NAME ?= cfa_opencti
COMPOSE_FILE?= docker-compose.yml
NGINX_VERSION?=1.26.0 #based off Nginx docker version

# build Nginx image & push to dockerhub
build:
docker buildx build --platform linux/amd64 -t codeforafrica/cfa-opencti-nginx:$(NGINX_VERSION) --file nginx/Dockerfile nginx/ --push

# deploy openCTI stack
deploy:
@export $$(cat .env | xargs) && \
docker stack deploy -c $(COMPOSE_FILE) $(STACK_NAME)

# remove stack
remove:
docker stack rm $(STACK_NAME)
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -18,4 +18,4 @@ If you need support or you wish to engage a discussion about the OpenCTI platfor

OpenCTI is a product designed and developed by the company [Filigran](https://filigran.io).

<a href="https://filigran.io" alt="Filigran"><img src="https://github.com/OpenCTI-Platform/opencti/raw/master/.github/img/logo_filigran.png" width="300" /></a>
<a href="https://filigran.io" alt="Filigran"><img src="https://github.com/OpenCTI-Platform/opencti/raw/master/.github/img/logo_filigran.png" width="300" /></a>
114 changes: 114 additions & 0 deletions doc/deploying.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@

### Docker swarm setup

The guide below highlights the steps to deploy the OpenCTI services using a Swarm stack.

### Prerequisites

Download and install Docker as described in [Get Docker](https://docs.docker.com/get-docker/)

### Node Labels



### Swarm Configuration

Hosts that participate in the same Docker swarm should be able to connect **to each other** using the [following protocols and ports](https://docs.docker.com/engine/swarm/swarm-tutorial/#open-protocols-and-ports-between-the-hosts):

* TCP:
* 2376
* 2377
* 7946
* UDP:
* 4789
* 7946
* ESP (IP protocol 50)

### Deploying with Portainer

#### Deploy Portainer itself

To be able to manage applications running on Docker Swarm using Portainer's web UI, you have to deploy Portainer itself.

To deploy Portainer:

1. Copy `docker-compose.portainer.yml` to the swarm managers.

2. Deploy the Portainer's stack in the swarm:

```bash
docker stack deploy -c docker-compose.portainer.yml portainer
```

3. Assuming that you have SSH port forwarding set up as per example below, you should be able to connect to Portainer's web UI by opening the following URL:

<http://localhost:9000/>

and logging in with the following credentials:

* username: `admin`
* password: `temppassword`

#### Deploy CFA Open CTI using Portainer

To deploy CfA's Open CTI services using Portainer's web UI:

1. Go to Portainer's web UI, select the `primary` endpoint, open a list of *Stacks* in the menu on the left, and click on *Add stack*;
2. Name the stack `cfa-opencti`, and either:
* paste the contents of production's `docker-compose.yml` in the *Web editor* section, or
* upload the prepared `docker-compose.yml` from your computer in the *Upload* section, or
* make Portainer read production's `docker-compose.yml` from a private, authenticated Git repository in the *Repository* section;
3. Set any *Environment variables* as defined in the `docker-compose.yml`
4. Click *Deploy the stack* and wait for the stack to deploy.

#### Portainer's tips and gochas

* To update a running stack with a newer production `docker-compose.yml`, open the *Editor* tab in the `cfa-opencti` stack page, update the Compose configuration, and click *Update the stack*;
* Feel free to use Portainer's features to scale the services, update their configuration via environment variables, update resource limits, etc., using the web UI, just make sure to reflect the changes that you've made in the private authenticated Git repository with production `docker-compose.yml`.

# Hash the password:

1. Run:

`htpasswd -nb -B <username> <password> | cut -d ":" -f 2`

2. Manually escape every '$' in hash by replacing it with '$$'.


### Deploying manually

To deploy services, change the current directory to the one with production's `docker-compose.yml` and then run:

```bash
docker stack deploy -c docker-compose.yml cfa-opencti
```

To update services (e.g. after updating configuration in `docker-compose.yml` or pushing new container images), run the same command again.

To stop all services by stopping and removing all the containers, run:

```bash
docker stack rm cfa-opencti
```

PS: Docker stack deploy doesn't load environment variables from a `.env` file (or any environment variable source). Therefore a workaround would be to `export` the environment variables to be available for the stack deploy command.
To execute this

```bash
make deploy-stack STACK_NAME=<stack-name> COMPOSE_FILE=<compose-file>
```

To remove the stack

```bash
make remove-stack STACK_NAME=<stack_name>
```

Building Nginx image

To build our custom nginx container, tag and push to Dockerhub, run the command
Note: We set the Nginx version to track the docker nginx versions [here](https://hub.docker.com/_/nginx)

```bash
make build NGINX_TAG=<latest_tag>
```
Empty file added doc/elasticsearch.md
Empty file.
7 changes: 5 additions & 2 deletions docker-compose.dev.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
version: '3'
version: '3.8'

services:
opencti-dev-redis:
container_name: opencti-dev-redis
@@ -13,7 +14,7 @@ services:
- discovery.type=single-node
- xpack.ml.enabled=false
- xpack.security.enabled=false
- "ES_JAVA_OPTS=-Xms8G -Xmx8G"
- "ES_JAVA_OPTS=-Xms1G -Xmx1G"
restart: unless-stopped
ulimits:
memlock:
@@ -35,6 +36,7 @@ services:
- "5601:5601"
depends_on:
- opencti-dev-elasticsearch

opencti-dev-minio:
container_name: opencti-dev-minio
image: minio/minio:RELEASE.2024-01-16T16-07-38Z
@@ -46,6 +48,7 @@ services:
MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
command: server /data --console-address ":9001"
restart: unless-stopped

opencti-dev-rabbitmq:
container_name: opencti-dev-rabbitmq
image: rabbitmq:3.13-management
Loading