mirror of
https://github.com/gophish/gophish
synced 2024-11-14 16:27:23 +00:00
Improved Dockerfile and run script (#1579)
The Dockerfile has also been rebuilt to use an unprivileged user instead of root. The run script adds more options and changes the method the configuration is overwritten, which may help in situations where the configuration is not owned by the unprivileged user.
This commit is contained in:
quelsan
Jordan Wright
parent
c3e90183c8
commit
3227437f52
2 changed files with 47 additions and 26 deletions
47
Dockerfile
47
Dockerfile
|
|
@ -1,30 +1,43 @@
|
||||||
# setup build image
|
# Minify client side assets (JavaScript)
|
||||||
FROM golang:1.11 AS build
|
FROM node:latest AS build-js
|
||||||
|
|
||||||
# build Gophish binary
|
RUN npm install gulp gulp-cli -g
|
||||||
WORKDIR /build/gophish
|
|
||||||
|
WORKDIR /build
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN go get -d -v ./...
|
RUN npm install --only=dev
|
||||||
RUN go build
|
RUN gulp
|
||||||
|
|
||||||
|
|
||||||
# setup run image
|
# Build Golang binary
|
||||||
|
FROM golang:1.11 AS build-golang
|
||||||
|
|
||||||
|
WORKDIR /go/src/github.com/gophish/gophish
|
||||||
|
COPY . .
|
||||||
|
RUN go get -v && go build -v
|
||||||
|
|
||||||
|
|
||||||
|
# Runtime container
|
||||||
FROM debian:stable-slim
|
FROM debian:stable-slim
|
||||||
|
|
||||||
|
RUN useradd -m -d /opt/gophish -s /bin/bash app
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install --no-install-recommends -y \
|
apt-get install --no-install-recommends -y jq && \
|
||||||
jq && \
|
apt-get clean && \
|
||||||
apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||||
|
|
||||||
# copy Gophish assets from the build image
|
WORKDIR /opt/gophish
|
||||||
WORKDIR /gophish
|
COPY --from=build-golang /go/src/github.com/gophish/gophish/ ./
|
||||||
COPY --from=build /build/gophish/ /gophish/
|
COPY --from=build-js /build/static/js/dist/ ./static/js/dist/
|
||||||
RUN chmod +x gophish
|
COPY --from=build-js /build/static/css/dist/ ./static/css/dist/
|
||||||
|
COPY --from=build-golang /go/src/github.com/gophish/gophish/config.json ./
|
||||||
|
RUN chown app. config.json
|
||||||
|
|
||||||
# expose the admin port to the host
|
USER app
|
||||||
RUN sed -i 's/127.0.0.1/0.0.0.0/g' config.json
|
RUN sed -i 's/127.0.0.1/0.0.0.0/g' config.json
|
||||||
|
RUN touch config.json.tmp
|
||||||
|
|
||||||
# expose default ports
|
EXPOSE 3333 8080 8443
|
||||||
EXPOSE 80 443 3333
|
|
||||||
|
|
||||||
CMD ["./docker/run.sh"]
|
CMD ["./docker/run.sh"]
|
||||||
|
|
|
||||||
|
|
@ -5,25 +5,25 @@ if [ -n "${ADMIN_LISTEN_URL+set}" ] ; then
|
||||||
jq -r \
|
jq -r \
|
||||||
--arg ADMIN_LISTEN_URL "${ADMIN_LISTEN_URL}" \
|
--arg ADMIN_LISTEN_URL "${ADMIN_LISTEN_URL}" \
|
||||||
'.admin_server.listen_url = $ADMIN_LISTEN_URL' config.json > config.json.tmp && \
|
'.admin_server.listen_url = $ADMIN_LISTEN_URL' config.json > config.json.tmp && \
|
||||||
mv config.json.tmp config.json
|
cat config.json.tmp > config.json
|
||||||
fi
|
fi
|
||||||
if [ -n "${ADMIN_USE_TLS+set}" ] ; then
|
if [ -n "${ADMIN_USE_TLS+set}" ] ; then
|
||||||
jq -r \
|
jq -r \
|
||||||
--argjson ADMIN_USE_TLS "${ADMIN_USE_TLS}" \
|
--argjson ADMIN_USE_TLS "${ADMIN_USE_TLS}" \
|
||||||
'.admin_server.use_tls = $ADMIN_USE_TLS' config.json > config.json.tmp && \
|
'.admin_server.use_tls = $ADMIN_USE_TLS' config.json > config.json.tmp && \
|
||||||
mv config.json.tmp config.json
|
cat config.json.tmp > config.json
|
||||||
fi
|
fi
|
||||||
if [ -n "${ADMIN_CERT_PATH+set}" ] ; then
|
if [ -n "${ADMIN_CERT_PATH+set}" ] ; then
|
||||||
jq -r \
|
jq -r \
|
||||||
--arg ADMIN_CERT_PATH "${ADMIN_CERT_PATH}" \
|
--arg ADMIN_CERT_PATH "${ADMIN_CERT_PATH}" \
|
||||||
'.admin_server.cert_path = $ADMIN_CERT_PATH' config.json > config.json.tmp && \
|
'.admin_server.cert_path = $ADMIN_CERT_PATH' config.json > config.json.tmp && \
|
||||||
mv config.json.tmp config.json
|
cat config.json.tmp > config.json
|
||||||
fi
|
fi
|
||||||
if [ -n "${ADMIN_KEY_PATH+set}" ] ; then
|
if [ -n "${ADMIN_KEY_PATH+set}" ] ; then
|
||||||
jq -r \
|
jq -r \
|
||||||
--arg ADMIN_KEY_PATH "${ADMIN_KEY_PATH}" \
|
--arg ADMIN_KEY_PATH "${ADMIN_KEY_PATH}" \
|
||||||
'.admin_server.key_path = $ADMIN_KEY_PATH' config.json > config.json.tmp && \
|
'.admin_server.key_path = $ADMIN_KEY_PATH' config.json > config.json.tmp && \
|
||||||
mv config.json.tmp config.json
|
cat config.json.tmp > config.json
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# set config for phish_server
|
# set config for phish_server
|
||||||
|
|
@ -31,25 +31,25 @@ if [ -n "${PHISH_LISTEN_URL+set}" ] ; then
|
||||||
jq -r \
|
jq -r \
|
||||||
--arg PHISH_LISTEN_URL "${PHISH_LISTEN_URL}" \
|
--arg PHISH_LISTEN_URL "${PHISH_LISTEN_URL}" \
|
||||||
'.phish_server.listen_url = $PHISH_LISTEN_URL' config.json > config.json.tmp && \
|
'.phish_server.listen_url = $PHISH_LISTEN_URL' config.json > config.json.tmp && \
|
||||||
mv config.json.tmp config.json
|
cat config.json.tmp > config.json
|
||||||
fi
|
fi
|
||||||
if [ -n "${PHISH_USE_TLS+set}" ] ; then
|
if [ -n "${PHISH_USE_TLS+set}" ] ; then
|
||||||
jq -r \
|
jq -r \
|
||||||
--argjson PHISH_USE_TLS "${PHISH_USE_TLS}" \
|
--argjson PHISH_USE_TLS "${PHISH_USE_TLS}" \
|
||||||
'.phish_server.use_tls = $PHISH_USE_TLS' config.json > config.json.tmp && \
|
'.phish_server.use_tls = $PHISH_USE_TLS' config.json > config.json.tmp && \
|
||||||
mv config.json.tmp config.json
|
cat config.json.tmp > config.json
|
||||||
fi
|
fi
|
||||||
if [ -n "${PHISH_CERT_PATH+set}" ] ; then
|
if [ -n "${PHISH_CERT_PATH+set}" ] ; then
|
||||||
jq -r \
|
jq -r \
|
||||||
--arg PHISH_CERT_PATH "${PHISH_CERT_PATH}" \
|
--arg PHISH_CERT_PATH "${PHISH_CERT_PATH}" \
|
||||||
'.phish_server.cert_path = $PHISH_CERT_PATH' config.json > config.json.tmp && \
|
'.phish_server.cert_path = $PHISH_CERT_PATH' config.json > config.json.tmp && \
|
||||||
mv config.json.tmp config.json
|
cat config.json.tmp > config.json
|
||||||
fi
|
fi
|
||||||
if [ -n "${PHISH_KEY_PATH+set}" ] ; then
|
if [ -n "${PHISH_KEY_PATH+set}" ] ; then
|
||||||
jq -r \
|
jq -r \
|
||||||
--arg PHISH_KEY_PATH "${PHISH_KEY_PATH}" \
|
--arg PHISH_KEY_PATH "${PHISH_KEY_PATH}" \
|
||||||
'.phish_server.key_path = $PHISH_KEY_PATH' config.json > config.json.tmp && \
|
'.phish_server.key_path = $PHISH_KEY_PATH' config.json > config.json.tmp && \
|
||||||
mv config.json.tmp config.json
|
cat config.json.tmp > config.json
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# set contact_address
|
# set contact_address
|
||||||
|
|
@ -57,9 +57,17 @@ if [ -n "${CONTACT_ADDRESS+set}" ] ; then
|
||||||
jq -r \
|
jq -r \
|
||||||
--arg CONTACT_ADDRESS "${CONTACT_ADDRESS}" \
|
--arg CONTACT_ADDRESS "${CONTACT_ADDRESS}" \
|
||||||
'.contact_address = $CONTACT_ADDRESS' config.json > config.json.tmp && \
|
'.contact_address = $CONTACT_ADDRESS' config.json > config.json.tmp && \
|
||||||
mv config.json.tmp config.json
|
cat config.json.tmp > config.json
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -n "${DB_FILE_PATH+set}" ] ; then
|
||||||
|
jq -r \
|
||||||
|
--arg DB_FILE_PATH "${DB_FILE_PATH}" \
|
||||||
|
'.db_path = $DB_FILE_PATH' config.json > config.json.tmp && \
|
||||||
|
cat config.json.tmp > config.json
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Runtime configuration: "
|
||||||
cat config.json
|
cat config.json
|
||||||
|
|
||||||
# start gophish
|
# start gophish
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue