Closed raghumannn closed 2 weeks ago
Looks like the problem is related to generation certificates via letsencrypt. You can provide private key and certificate via CLI option after mounting them into the Container
@raghumannn is it the same issue as https://github.com/projectdiscovery/interactsh/issues/346?
@raghumannn make sure you expose ports in the container. I ended up using --network host
to allow the container to have access to all the ports. I'm not sure what is default in the Dockerfile, but I noticed I needed this for interactions to register; otherwise I would get a connection refused. You could also try more specific ports with -p 80:80 -p 389:389
.
For certs, I am using certbot for the container and map a volume to my host with -v /etc/letsencrypt/live/<domain>:/root
. I then have a cronjob to check for updates with certbot renew
daily. Here are some examples from my Ansible playbook:
This will provide a statement that you use to create a new TXT record for your DNS. Certbot will verity your domain via DNS essentially. I then create an A record to wildcard all subdomains *.mydomain.com
.
certbot --manual -d '*.mydomain.com' --agree-tos certonly --register-unsafely-without-email
Another option is to use the standalone feature. Certbot will bring up a standalone web server for domain verification. This is probably better for quick deployments and could be built into the Dockerfile, but you would still need the wildcard A record.
certbot --standalone -d '*.mydomain.com' --agree-tos certonly --register-unsafely-without-email
I prefer to map a path on my host to share certs, payloads, and a custom index file with the container. In the example below, {{ tool_directory }}
is the path you want to share with the container. All files will be available to the container in the root directory. The other important thing here was the --network host
flag to expose all host ports.
docker run --network host -v {{ tool_directory }}:/root projectdiscovery/interactsh-server:latest -d {{ interactsh_domain }} -sa -cert /root/fullchain.pem -privkey /root/privkey.pem -http-index /root/index.html -http-directory /root/payloads --wildcard
Hope this helps someone!
Closing as completed
I am able to run the interactsh-server on a local ubuntu machine using the domain as mentioned below. But when I try to run the same as docker container or a kubernetes pod I am hitting an issue.
Need instructions to run the interactsh-server as a pod on a k8s env.
On a local machine:
On a docker container
On a Kubernetes pod
Do we have to do some any other additional configurations for running interactsh-server on a kubernetes? Is there is any instructions for that? If so Could you please share those