search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.1k stars 906 forks source link

TypeError at OpenCTI docker platfom when usind SSL on Redis #7953

Closed dionisimus closed 1 week ago

dionisimus commented 1 month ago

Description

When I try to encrypt connection with Redis database with self-signed certificate I provide path of the CA certificate to the OpenCTI docker-compose file environment as:

opencti:
  image: opencti/platform:6.2.8
    environment:
      ...
      - REDIS__CA=/ca.crt #I also tied to sanitize variable value like this [\"\/ca.crt\"] - same result
      ...

Platform gives an error:

TypeError: xt.get(...).map is not a function
at Object.<anonymous> (/opt/opencti/build/src/database/redis.ts:31:39)
at Module._compile (node:internal/modules/cjs/loader:1358:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1416:10)
at Module.load (node:internal/modules/cjs/loader:1208:32)
at Function.Module._load (node:internal/modules/cjs/loader:1024:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:174:12)
at node:internal/main/run_main_module:28:49

I suppose that this is a platform side error, because I don't see any network connection on the Redis side, worth mentioned that Platform can access CA certificate file (docker-compose files and its volume settings are correct as well as file permissions).

Environment

  1. Ubuntu 22.04.2 LTS
  2. opencti/platform:6.2.8 - Docker
  3. -
  4. Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Create CA certificate, create Server certificate for Redis and apply it (in my case using HaProxy).
  2. In the docker-compose file where you platform instance creates set need environment variable for Redis hostname, port, ssl, ca certificate.

Expected Output

standard output log

Actual Output

TypeError: xt.get(...).map is not a function
at Object.<anonymous> (/opt/opencti/build/src/database/redis.ts:31:39)
at Module._compile (node:internal/modules/cjs/loader:1358:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1416:10)
at Module.load (node:internal/modules/cjs/loader:1208:32)
at Function.Module._load (node:internal/modules/cjs/loader:1024:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:174:12)
at node:internal/main/run_main_module:28:49

Additional information

Docker-compose setting of volumes, files permissions, network connection and Redis instance are correct.

Screenshots (optional)

pierremahot commented 1 month ago

Hi @dionisimus, have you try like this : 

  opencti:
    image: opencti/platform:6.2.8
    environment:
      ...
      - REDIS__USE_SSL=true
      - REDIS__CA=["/ca.crt"]

I have just create a test lab that is working fine without any issue the redis is started like this:

redis-server --tls-port 6379 --port 0 --tls-cert-file /tmp/ssl/redis.crt --tls-key-file /tmp/ssl/redis.key --tls-auth-clients no

I used this script here to generate my certificate (modifiying the generate_cert redis "Generic-cert" => generate_cert redis "redis" )