mirror of https://github.com/gophish/gophish
Improved Dockerfile and run script (#1579)
The Dockerfile has also been rebuilt to use an unprivileged user instead of root. The run script adds more options and changes the method the configuration is overwritten, which may help in situations where the configuration is not owned by the unprivileged user.1602-webhook
parent
c3e90183c8
commit
3227437f52
47
Dockerfile
47
Dockerfile
|
@ -1,30 +1,43 @@
|
|||
# setup build image
|
||||
FROM golang:1.11 AS build
|
||||
# Minify client side assets (JavaScript)
|
||||
FROM node:latest AS build-js
|
||||
|
||||
# build Gophish binary
|
||||
WORKDIR /build/gophish
|
||||
RUN npm install gulp gulp-cli -g
|
||||
|
||||
WORKDIR /build
|
||||
COPY . .
|
||||
RUN go get -d -v ./...
|
||||
RUN go build
|
||||
RUN npm install --only=dev
|
||||
RUN gulp
|
||||
|
||||
|
||||
# setup run image
|
||||
# Build Golang binary
|
||||
FROM golang:1.11 AS build-golang
|
||||
|
||||
WORKDIR /go/src/github.com/gophish/gophish
|
||||
COPY . .
|
||||
RUN go get -v && go build -v
|
||||
|
||||
|
||||
# Runtime container
|
||||
FROM debian:stable-slim
|
||||
|
||||
RUN useradd -m -d /opt/gophish -s /bin/bash app
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install --no-install-recommends -y \
|
||||
jq && \
|
||||
apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||
apt-get install --no-install-recommends -y jq && \
|
||||
apt-get clean && \
|
||||
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||
|
||||
# copy Gophish assets from the build image
|
||||
WORKDIR /gophish
|
||||
COPY --from=build /build/gophish/ /gophish/
|
||||
RUN chmod +x gophish
|
||||
WORKDIR /opt/gophish
|
||||
COPY --from=build-golang /go/src/github.com/gophish/gophish/ ./
|
||||
COPY --from=build-js /build/static/js/dist/ ./static/js/dist/
|
||||
COPY --from=build-js /build/static/css/dist/ ./static/css/dist/
|
||||
COPY --from=build-golang /go/src/github.com/gophish/gophish/config.json ./
|
||||
RUN chown app. config.json
|
||||
|
||||
# expose the admin port to the host
|
||||
USER app
|
||||
RUN sed -i 's/127.0.0.1/0.0.0.0/g' config.json
|
||||
RUN touch config.json.tmp
|
||||
|
||||
# expose default ports
|
||||
EXPOSE 80 443 3333
|
||||
EXPOSE 3333 8080 8443
|
||||
|
||||
CMD ["./docker/run.sh"]
|
||||
|
|
|
@ -5,25 +5,25 @@ if [ -n "${ADMIN_LISTEN_URL+set}" ] ; then
|
|||
jq -r \
|
||||
--arg ADMIN_LISTEN_URL "${ADMIN_LISTEN_URL}" \
|
||||
'.admin_server.listen_url = $ADMIN_LISTEN_URL' config.json > config.json.tmp && \
|
||||
mv config.json.tmp config.json
|
||||
cat config.json.tmp > config.json
|
||||
fi
|
||||
if [ -n "${ADMIN_USE_TLS+set}" ] ; then
|
||||
jq -r \
|
||||
--argjson ADMIN_USE_TLS "${ADMIN_USE_TLS}" \
|
||||
'.admin_server.use_tls = $ADMIN_USE_TLS' config.json > config.json.tmp && \
|
||||
mv config.json.tmp config.json
|
||||
cat config.json.tmp > config.json
|
||||
fi
|
||||
if [ -n "${ADMIN_CERT_PATH+set}" ] ; then
|
||||
jq -r \
|
||||
--arg ADMIN_CERT_PATH "${ADMIN_CERT_PATH}" \
|
||||
'.admin_server.cert_path = $ADMIN_CERT_PATH' config.json > config.json.tmp && \
|
||||
mv config.json.tmp config.json
|
||||
cat config.json.tmp > config.json
|
||||
fi
|
||||
if [ -n "${ADMIN_KEY_PATH+set}" ] ; then
|
||||
jq -r \
|
||||
--arg ADMIN_KEY_PATH "${ADMIN_KEY_PATH}" \
|
||||
'.admin_server.key_path = $ADMIN_KEY_PATH' config.json > config.json.tmp && \
|
||||
mv config.json.tmp config.json
|
||||
cat config.json.tmp > config.json
|
||||
fi
|
||||
|
||||
# set config for phish_server
|
||||
|
@ -31,25 +31,25 @@ if [ -n "${PHISH_LISTEN_URL+set}" ] ; then
|
|||
jq -r \
|
||||
--arg PHISH_LISTEN_URL "${PHISH_LISTEN_URL}" \
|
||||
'.phish_server.listen_url = $PHISH_LISTEN_URL' config.json > config.json.tmp && \
|
||||
mv config.json.tmp config.json
|
||||
cat config.json.tmp > config.json
|
||||
fi
|
||||
if [ -n "${PHISH_USE_TLS+set}" ] ; then
|
||||
jq -r \
|
||||
--argjson PHISH_USE_TLS "${PHISH_USE_TLS}" \
|
||||
'.phish_server.use_tls = $PHISH_USE_TLS' config.json > config.json.tmp && \
|
||||
mv config.json.tmp config.json
|
||||
cat config.json.tmp > config.json
|
||||
fi
|
||||
if [ -n "${PHISH_CERT_PATH+set}" ] ; then
|
||||
jq -r \
|
||||
--arg PHISH_CERT_PATH "${PHISH_CERT_PATH}" \
|
||||
'.phish_server.cert_path = $PHISH_CERT_PATH' config.json > config.json.tmp && \
|
||||
mv config.json.tmp config.json
|
||||
cat config.json.tmp > config.json
|
||||
fi
|
||||
if [ -n "${PHISH_KEY_PATH+set}" ] ; then
|
||||
jq -r \
|
||||
--arg PHISH_KEY_PATH "${PHISH_KEY_PATH}" \
|
||||
'.phish_server.key_path = $PHISH_KEY_PATH' config.json > config.json.tmp && \
|
||||
mv config.json.tmp config.json
|
||||
cat config.json.tmp > config.json
|
||||
fi
|
||||
|
||||
# set contact_address
|
||||
|
@ -57,9 +57,17 @@ if [ -n "${CONTACT_ADDRESS+set}" ] ; then
|
|||
jq -r \
|
||||
--arg CONTACT_ADDRESS "${CONTACT_ADDRESS}" \
|
||||
'.contact_address = $CONTACT_ADDRESS' config.json > config.json.tmp && \
|
||||
mv config.json.tmp config.json
|
||||
cat config.json.tmp > config.json
|
||||
fi
|
||||
|
||||
if [ -n "${DB_FILE_PATH+set}" ] ; then
|
||||
jq -r \
|
||||
--arg DB_FILE_PATH "${DB_FILE_PATH}" \
|
||||
'.db_path = $DB_FILE_PATH' config.json > config.json.tmp && \
|
||||
cat config.json.tmp > config.json
|
||||
fi
|
||||
|
||||
echo "Runtime configuration: "
|
||||
cat config.json
|
||||
|
||||
# start gophish
|
||||
|
|
Loading…
Reference in New Issue