From 02a46d9956a6c0b16127a156fb85a350a10e4568 Mon Sep 17 00:00:00 2001 From: Jay <51702743+jayjb@users.noreply.github.com> Date: Mon, 11 Dec 2023 10:45:02 +0200 Subject: [PATCH 1/3] Make v3 standard operation (#160) * Make v3 standard operation * Update README.md Co-authored-by: W. Leighton Dawson --------- Co-authored-by: W. Leighton Dawson --- README.md | 10 ++--- docker-compose-letsencrypt.yml | 45 ++++++++++++---------- docker-compose-v3-letsencrypt.yml | 63 ------------------------------- docker-compose-v3.yml | 60 ----------------------------- docker-compose.yml | 44 +++++++++++---------- 5 files changed, 55 insertions(+), 167 deletions(-) delete mode 100644 docker-compose-v3-letsencrypt.yml delete mode 100644 docker-compose-v3.yml diff --git a/README.md b/README.md index ea630e8..edfc9ae 100644 --- a/README.md +++ b/README.md @@ -33,15 +33,15 @@ to github@thinkst.com. ## Migrating to v3 +* Depending on whether you're using letsencrypt: `docker compose -f docker-compose.yml down` + or `docker compose -f docker-compose-letsencrypt.yml down` * If running on an older version of Docker, you will need to [upgrade](https://docs.docker.com/engine/install/). * `docker-compose` no longer works, and you will need to run `docker network prune` before bringing up your Canarytokens instance with `docker compose`. Canarytokens v2 will still work. * Pull the latest version of the `canarytokens-docker` repo. -* Depending on whether you're using letsencrypt: `docker compose -f docker-compose.yml down` - or `docker compose -f docker-compose-letsencrypt.yml down` -* And correspondingly: `docker compose -f docker-compose-v3.yml up -d` - or `docker compose -f docker-compose-v3-letsencrypt.yml up -d` +* And correspondingly: `docker compose -f docker-compose.yml up -d` + or `docker compose -f docker-compose-letsencrypt.yml up -d` -NB: The updated `canarytokens-docker` repo no longer has the Dockerfile for Canarytokens v2, so running that requires using the tagged image `thinkst/canarytokens:v2_latest`. +NB: The updated `canarytokens-docker` repo no longer has the Dockerfile for Canarytokens v2, so running that requires using the tagged image `thinkst/canarytokens:v2_latest`. We highly recommend moving to v3. Please contact us if you're battling with the migration. ## Setup (in Ubuntu) diff --git a/docker-compose-letsencrypt.yml b/docker-compose-letsencrypt.yml index 6548d27..512ce4c 100644 --- a/docker-compose-letsencrypt.yml +++ b/docker-compose-letsencrypt.yml @@ -1,44 +1,48 @@ -version: '2' +version: '3' services: redis: restart: always image: redis:7.0.10 volumes: - - ./data:/data/ + - ./data:/data/ container_name: redis command: redis-server --appendonly yes --protected-mode no --save 60 1 frontend: restart: always - image: thinkst/canarytokens:v2_latest + image: thinkst/canarytokens build: ./canarytokens - links: - - redis + ports: + - "8082:8082" env_file: - frontend.env volumes: - - ./uploads:/uploads/ - - log-volume:/logs + - ./frontend.env:/srv/frontend/frontend.env:ro + - ./switchboard.env:/srv/switchboard/switchboard.env:ro + - ./uploads:/uploads/ + - log-volume:/logs container_name: frontend - command: bash -c "rm -f frontend.pid; twistd -noy frontend.tac --pidfile=frontend.pid" + command: bash -c "cd frontend; poetry run python -m uvicorn app:app --host 0.0.0.0 --port 8082" switchboard: restart: always - image: thinkst/canarytokens:v2_latest + image: thinkst/canarytokens build: ./canarytokens ports: - - "53:53" - - "53:53/udp" - - "25:25" + - "25:2500" - "3306:3306" + - "53:5354" + - "53:5354/udp" - "6443:6443" + - "8083:8083" - "51820:51820/udp" - links: - - redis env_file: - switchboard.env - volumes_from: - - frontend + volumes: + - ./frontend.env:/srv/frontend/frontend.env:ro + - ./switchboard.env:/srv/switchboard/switchboard.env:ro + - ./uploads:/uploads/ + - log-volume:/logs container_name: switchboard - command: bash -c "rm -f switchboard.pid; twistd -noy switchboard.tac --pidfile=switchboard.pid" + command: bash -c "cd switchboard; rm -f switchboard.pid; poetry run twistd -noy switchboard.tac --pidfile=switchboard.pid" nginx: restart: always image: thinkst/certbot-nginx @@ -46,13 +50,14 @@ services: ports: - "80:80" - "443:443" - links: - - frontend - - switchboard + depends_on: + - "frontend" + - "switchboard" container_name: nginx env_file: - certbot.env volumes: - /etc/letsencrypt/:/etc/letsencrypt/ + - ./nginx/conf.d:/etc/nginx/conf.d/ volumes: log-volume: diff --git a/docker-compose-v3-letsencrypt.yml b/docker-compose-v3-letsencrypt.yml deleted file mode 100644 index 512ce4c..0000000 --- a/docker-compose-v3-letsencrypt.yml +++ /dev/null @@ -1,63 +0,0 @@ -version: '3' -services: - redis: - restart: always - image: redis:7.0.10 - volumes: - - ./data:/data/ - container_name: redis - command: redis-server --appendonly yes --protected-mode no --save 60 1 - frontend: - restart: always - image: thinkst/canarytokens - build: ./canarytokens - ports: - - "8082:8082" - env_file: - - frontend.env - volumes: - - ./frontend.env:/srv/frontend/frontend.env:ro - - ./switchboard.env:/srv/switchboard/switchboard.env:ro - - ./uploads:/uploads/ - - log-volume:/logs - container_name: frontend - command: bash -c "cd frontend; poetry run python -m uvicorn app:app --host 0.0.0.0 --port 8082" - switchboard: - restart: always - image: thinkst/canarytokens - build: ./canarytokens - ports: - - "25:2500" - - "3306:3306" - - "53:5354" - - "53:5354/udp" - - "6443:6443" - - "8083:8083" - - "51820:51820/udp" - env_file: - - switchboard.env - volumes: - - ./frontend.env:/srv/frontend/frontend.env:ro - - ./switchboard.env:/srv/switchboard/switchboard.env:ro - - ./uploads:/uploads/ - - log-volume:/logs - container_name: switchboard - command: bash -c "cd switchboard; rm -f switchboard.pid; poetry run twistd -noy switchboard.tac --pidfile=switchboard.pid" - nginx: - restart: always - image: thinkst/certbot-nginx - build: ./certbot-nginx - ports: - - "80:80" - - "443:443" - depends_on: - - "frontend" - - "switchboard" - container_name: nginx - env_file: - - certbot.env - volumes: - - /etc/letsencrypt/:/etc/letsencrypt/ - - ./nginx/conf.d:/etc/nginx/conf.d/ -volumes: - log-volume: diff --git a/docker-compose-v3.yml b/docker-compose-v3.yml deleted file mode 100644 index 55346a1..0000000 --- a/docker-compose-v3.yml +++ /dev/null @@ -1,60 +0,0 @@ -version: '3' -services: - redis: - restart: always - image: redis:7.0.10 - volumes: - - ./data:/data/ - container_name: redis - command: redis-server --appendonly yes --protected-mode no --save 60 1 - frontend: - restart: always - image: thinkst/canarytokens - build: ./canarytokens - ports: - - "8082:8082" - env_file: - - frontend.env - volumes: - - ./frontend.env:/srv/frontend/frontend.env:ro - - ./switchboard.env:/srv/switchboard/switchboard.env:ro - - ./uploads:/uploads/ - - log-volume:/logs - container_name: frontend - command: bash -c "cd frontend; poetry run python -m uvicorn app:app --host 0.0.0.0 --port 8082 --log-config log.ini" - switchboard: - restart: always - image: thinkst/canarytokens - build: ./canarytokens - ports: - - "25:25" - - "3306:3306" - - "53:5354" - - "53:5354/udp" - - "6443:6443" - - "8083:8083" - - "51820:51820/udp" - env_file: - - switchboard.env - volumes: - - ./frontend.env:/srv/frontend/frontend.env:ro - - ./switchboard.env:/srv/switchboard/switchboard.env:ro - - ./uploads:/uploads/ - - log-volume:/logs - container_name: switchboard - command: bash -c "cd switchboard; rm -f switchboard.pid; poetry run twistd -noy switchboard.tac --pidfile=switchboard.pid" - nginx: - restart: always - image: thinkst/canarytokens_nginx - build: ./nginx - ports: - - "80:80" - depends_on: - - "frontend" - - "switchboard" - volumes: - - ./nginx/conf.d:/etc/nginx/conf.d/ - container_name: nginx - command: /usr/sbin/nginx -c /etc/nginx/nginx.conf -g "daemon off;" -volumes: - log-volume: diff --git a/docker-compose.yml b/docker-compose.yml index ea1e315..55346a1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,53 +1,59 @@ -version: '2' +version: '3' services: redis: restart: always image: redis:7.0.10 volumes: - - ./data:/data/ + - ./data:/data/ container_name: redis command: redis-server --appendonly yes --protected-mode no --save 60 1 frontend: restart: always - image: thinkst/canarytokens:v2_latest + image: thinkst/canarytokens build: ./canarytokens - links: - - redis + ports: + - "8082:8082" env_file: - frontend.env volumes: - - ./uploads:/uploads/ - - log-volume:/logs + - ./frontend.env:/srv/frontend/frontend.env:ro + - ./switchboard.env:/srv/switchboard/switchboard.env:ro + - ./uploads:/uploads/ + - log-volume:/logs container_name: frontend - command: bash -c "rm -f frontend.pid; twistd -noy frontend.tac --pidfile=frontend.pid" + command: bash -c "cd frontend; poetry run python -m uvicorn app:app --host 0.0.0.0 --port 8082 --log-config log.ini" switchboard: restart: always - image: thinkst/canarytokens:v2_latest + image: thinkst/canarytokens build: ./canarytokens ports: - - "53:53" - - "53:53/udp" - "25:25" - "3306:3306" + - "53:5354" + - "53:5354/udp" - "6443:6443" + - "8083:8083" - "51820:51820/udp" - links: - - redis env_file: - switchboard.env - volumes_from: - - frontend + volumes: + - ./frontend.env:/srv/frontend/frontend.env:ro + - ./switchboard.env:/srv/switchboard/switchboard.env:ro + - ./uploads:/uploads/ + - log-volume:/logs container_name: switchboard - command: bash -c "rm -f switchboard.pid; twistd -noy switchboard.tac --pidfile=switchboard.pid" + command: bash -c "cd switchboard; rm -f switchboard.pid; poetry run twistd -noy switchboard.tac --pidfile=switchboard.pid" nginx: restart: always image: thinkst/canarytokens_nginx build: ./nginx ports: - "80:80" - links: - - frontend - - switchboard + depends_on: + - "frontend" + - "switchboard" + volumes: + - ./nginx/conf.d:/etc/nginx/conf.d/ container_name: nginx command: /usr/sbin/nginx -c /etc/nginx/nginx.conf -g "daemon off;" volumes: From c265a56aeb8114d88ec37dfd2f05f0aeab34ff85 Mon Sep 17 00:00:00 2001 From: ADimeo Date: Mon, 11 Dec 2023 09:45:47 +0100 Subject: [PATCH 2/3] Fix documentation reference to nonexistant package (#105) Trying to install python-pip and python-dev on Ubuntu 20.04 results in "Package python-pip is not available", and "selecting 'python-dev-is-python2' instead of 'python-dev'" respectively. Adding the explicit python3 reference fixes the issue --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index edfc9ae..d0240ff 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ $ cd canarytokens-docker ``` * Install Docker compose (if not already present): ``` -$ sudo apt-get install python-pip python-dev +$ sudo apt-get install python3-pip python3-dev $ sudo pip install -U docker-compose #if this breaks with PyYAML errors, install the libyaml development package # sudo apt-get install libyaml-dev From 2ff2c6af536303a50759f2344c837904655cfda1 Mon Sep 17 00:00:00 2001 From: gjcthinkst <135841050+gjcthinkst@users.noreply.github.com> Date: Mon, 11 Dec 2023 15:16:15 +0200 Subject: [PATCH 3/3] Remove CI action PR trigger (#162) --- .github/workflows/precommit_tests.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/precommit_tests.yml b/.github/workflows/precommit_tests.yml index c0bb092..9fbcd35 100644 --- a/.github/workflows/precommit_tests.yml +++ b/.github/workflows/precommit_tests.yml @@ -2,7 +2,6 @@ name: Canarytokens Docker Pre-commit Tests on: - "push" - - "pull_request" jobs: precommit_tests: