Open AntoninHL opened 2 years ago
Hey @AntoninHL
I am using the jwilder nginx docker container for this purpose which works flawlessly. Here's the config the setup generates automatically.
# opencti.local
upstream opencti.local-upstream {
# opencti4_opencti_1
server 172.X.X.X:80;
}
server {
server_name opencti.local;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name opencti.local;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/local.crt;
ssl_certificate_key /etc/nginx/certs/local.key;
add_header Strict-Transport-Security "max-age=31536000" always;
location / {
proxy_pass http://opencti.local-upstream;
}
}
Regards
Hi @nor3th
Many thanks for the time you took to help me. I'm not sure about what to do with what you provide me with. I'm not a developer or a Docker specialist. I'm a CTI expert... But I will try to do something.
Thanks.
Do you have a specific requirement to use NGINX for the reverse proxy? If not, you could try to use Caddy to solve your requirement.
This has been already documented in their site if you want to take a look. https://www.notion.so/Using-Docker-03d5c0592b9d4547800cc9f4ff7be2b8#9f4f3285f51d4c4cb212764a3d9304ba
To take things a little futher you can integrate the docker-compose.yml of Caddy into the opencti file to generate the reverse proxy in the moment opencti is getting started. If you need more help, let me know.
Hi @dank07
Many thanks for your help.
So I installed Caddy and create the Caddyfile
config file:
opencti.mydomain.com {
root * /usr/share/caddy
file_server
reverse_proxy http://xx.xx.xx.xx:8080
}
And I added some lines in my OpenCTI docker-compose.yml
file:
version: '3.8'
services:
caddy:
image: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_config:/config
redis:
image: redis:6.2.6
...
...
networks:
default:
external: true
name: opencti
volumes:
...
caddy_data:
caddy_config:
I restarted but I have this error:
root@opencti:/opt/opencti/docker# docker-compose up -d
[+] Running 6/6
⠿ caddy Pulled 6.5s
⠿ 97518928ae5f Already exists 0.0s
⠿ 23ccae726125 Pull complete 0.9s
⠿ 3de6a61c89ac Pull complete 1.4s
⠿ 39ed957bdc00 Pull complete 2.0s
⠿ 0ae44c2d42dd Pull complete 2.3s
network opencti declared as external, but could not be found
In fact, I'm sure that the conf in network
section is wrong, but I don't really understand the
name: <your OpenCTI network name>
So I changed the conf in docker-compose.yml
to adapt with the exisiting docker networks:
networks:
default:
external: true
name: host
I restarted.
And new error:
Error response from daemon: network-scoped alias is supported only for containers in user defined networks
I'm a little bit "lost"...
Many thanks again for your help
try removing all the declared values from the original Caddy docker-compose file related to network from the modified version of the docker-compose file you're going to use.
As you are using the same .yml the caddy docker-compose network will be added to the opencti network by default. The result should be something like this:
services:
caddy:
image: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_config:/config
redis:
image: redis:6.2.6
...
...
volumes:
...
caddy_data:
caddy_config:
Best Regards
Thanks @dank07
Now, I have this:
Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: rootfs_linux.go:76: mounting "/opt/opencti/docker/Caddyfile" to rootfs at "/etc/caddy/Caddyfile" caused: mount through procfd: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
Do you have a specific requirement to use NGINX for the reverse proxy? If not, you could try to use Caddy to solve your requirement.
This has been already documented in their site if you want to take a look. https://www.notion.so/Using-Docker-03d5c0592b9d4547800cc9f4ff7be2b8#9f4f3285f51d4c4cb212764a3d9304ba
To take things a little futher you can integrate the docker-compose.yml of Caddy into the opencti file to generate the reverse proxy in the moment opencti is getting started. If you need more help, let me know.
Dead link.
Hello
as many of us, I want to setup SSL connectivity for my OpenCTI platform.
I use NGINX to do it. But it's not working. Seems the redirection to /dashboard is working... but I have a blank and empty (nothing in the source code) page.
Here is the reverse-proxy.conf file that I have created.
Do you have any idea about "why"?
Environment
Many thanks for your help