Need help configuring my CitrixHoneypot Docker File to include my SSL lets encrypt Certificate

[FloppyDucks]

• What OS are you T-Pot running on? Debian 12 - bookworm
• What is the version of the OS lsb_release -a and uname -a? _Linux blackwaters.org 6.1.0-21-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) x8664 GNU/Linux
• What T-Pot version are you currently using (only T-Pot 24.04.x is currently supported)? TPOT 24.04.x
• What architecture are you running on (i.e. hardware, cloud, VM, etc.)? cloud provider is linode, and Im 99% sure its running on a VM , so both cloud and VM
• Review the ~/install_tpot.log, attach the log and highlight the errors. no errors, it installs fine and runs fine. **2024-05-29 14:39:30,354 p=1253 u=TPOT n=ansible | PLAY RECAP ***>2024-05-29 14:39:30,354 p=1253 u=TPOT n=ansible | 127.0.0.1 : ok=36 changed=18 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0**
• How long has your installation been running? I start and stop it alot but about a day now.
  • If it is a fresh install consult the documentation first. I have consulted the documentation and the online issues and have not found any thing related to Citrixhoneypot, only nginx (which i was able to configure)
  • Most likely it is a port conflict or a remote dependency was unavailable. The service runs just fine, it just that the Citrixhoney pot docker doesnt recognize the certificate and priv key file that I gave it in the docker file, and yml
  • Retry a fresh installation and only open the issue if the error keeps coming up and is not resolved using the documentation as described here.
    I did this and it did not fix my issue sadly
• Did you install upgrades, packages or use the update script? yes I have changed configuration scripts and yml scripts will attach below
• Did you modify any scripts or configs? If yes, please attach the changes. yes I have changed configuration scripts and yml scripts will attach below
• Please provide a screenshot of htop and docker stats. attached below
• How much free disk space is available (df -h)? plenty of room
• What is the current container status (dps)? fine, tbh not sure and have no idea where to find this dps
• On Linux: What is the status of the T-Pot service (systemctl status tpot)? active, running, working just fine
• What ports are being occupied? Stop T-Pot systemctl stop tpot and run grc netstat -tulpen attached below
  • Stop T-Pot systemctl stop tpot I do this AT least once an hour :) for testing and debugging
  • Run grc netstat -tulpen same ports pop up all is fine
  • Run T-Pot manually with docker compose -f ~/tpotce/docker-compose.yml up and check for errors yep works like a charm
  • Stop execution with CTRL-C and docker compose -f ~/tpotce/docker-compose.yml down -v
• If a single container shows as DOWN you can run docker logs <container-name> for the latest log entries no issues

_**Now for the meat and potatoes my real issue is my inability to set up my ssl certificate for the citrixhoneypot over 443. I was able to set up my ssl cert for 64297 for the nginx. So I set up the ssl cert for the nginx management portal using a letsencrypt ssl cert. So I figured when I went to go and set up an ssl cert for 443 it would be a similar process. I added in the Citrixdocker file a few extra lines to copy my ssl cert to /opt/citrixhoneypot/cert/ I also figured because I am using letsencrypts cert I wont need the self singed cert in the docker file , so I removed that. I made sure to add the paths in the volume area in the docker-compose-yml. Im not sure if the way the honey pot is set for citrix its not supposed to have an ssl cert? or if it is?

trouble shoot steps: I have tried to a lot of systemctl daemon-reload (tbh i dont think it does anything i do it for good luck) I also stop tpot when i make changes when to the configs/ yaml/ docker files. then when I am finished with my modifications I run the daemon reload, docker compose up -d , then systemctl status tpot (make sure its actually down), systemctl start tpot. Then I load up a incognito tab and check to see if port 443 for my website has a valid ssl cert. and it doesn't. Then I will change the file permissions to give the certificate 777 file permission, because maybe the user citrixhoneypot cant read the cert and priv key, but that cant be it, because in my Docker file, as you will see I made sure (unless I did it wrong) to 1) give user citrixhoneypot ownership over /opt/citrixhoneypot (the path the cert lives in) and JUST IN CASE, I also made the path /opt/citrixhoneypot 774 file perm ....even tho there is no reason to overwrite a privkey and cert...any who. If you know what I am missing or what I am doing wrong any help would be MUCH appreciated!

if I missed anything or forgot to add any files or need to add/clarify anything just let me know I check this documentation daily so I should see any msg's figured it was allowed to, because the python code said that http server is wrapping the socket in the ssl/tls layer. **_

df -h.txt docker stats.txt FULL-modded-docker-compose-yml.txt install_tpot_yaml.txt modded-citrixhoneypot-docker-compose-yml.txt Modded-DockerFile.txt netstat.txt

[FloppyDucks]

also If you want me to point out exactly where and what part of the code/script I changed I can do that, I neglected to do that in my first post, wasnt sure how long/ much you needed? I can go more in detail depending on how much you need?

[t3chn0m4g3]

You are modifying the wrong files. Identify the Dockerfile in docker/citrixhoneypot, you will find all the necessary files / folder names to adjust citrixhoneypot service in docker-compose.yml in tpotce/ folder (not in the docker/citrixhoneypot/ folder) with volumes for the certificate. Examples how to handle docker volumes are available in the Wiki.

[FloppyDucks]

wow your fast, thanks ! ok so from what I understood. use the DockerFile from ~/docker/citrixhoneypot/ and then the only .yml file i should modify should be the main one in ~/tpotce thats really long. let me check out the wiki