Browse Source

Improved Dockerfile and run script (#1579)

The Dockerfile has also been rebuilt to use an unprivileged user instead
of root.

The run script adds more options and changes the method the
configuration is overwritten, which may help in situations where the
configuration is not owned by the unprivileged user.
1602-webhook
quelsan 2 years ago
committed by Jordan Wright
parent
commit
3227437f52
2 changed files with 49 additions and 28 deletions
  1. +32
    -19
      Dockerfile
  2. +17
    -9
      docker/run.sh

+ 32
- 19
Dockerfile View File

@ -1,30 +1,43 @@
# setup build image
FROM golang:1.11 AS build
# Minify client side assets (JavaScript)
FROM node:latest AS build-js
# build Gophish binary
WORKDIR /build/gophish
RUN npm install gulp gulp-cli -g
WORKDIR /build
COPY . .
RUN go get -d -v ./...
RUN go build
RUN npm install --only=dev
RUN gulp
# setup run image
FROM debian:stable-slim
# Build Golang binary
FROM golang:1.11 AS build-golang
RUN apt-get update && \
apt-get install --no-install-recommends -y \
jq && \
apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
WORKDIR /go/src/github.com/gophish/gophish
COPY . .
RUN go get -v && go build -v
# copy Gophish assets from the build image
WORKDIR /gophish
COPY --from=build /build/gophish/ /gophish/
RUN chmod +x gophish
# expose the admin port to the host
# Runtime container
FROM debian:stable-slim
RUN useradd -m -d /opt/gophish -s /bin/bash app
RUN apt-get update && \
apt-get install --no-install-recommends -y jq && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
WORKDIR /opt/gophish
COPY --from=build-golang /go/src/github.com/gophish/gophish/ ./
COPY --from=build-js /build/static/js/dist/ ./static/js/dist/
COPY --from=build-js /build/static/css/dist/ ./static/css/dist/
COPY --from=build-golang /go/src/github.com/gophish/gophish/config.json ./
RUN chown app. config.json
USER app
RUN sed -i 's/127.0.0.1/0.0.0.0/g' config.json
RUN touch config.json.tmp
# expose default ports
EXPOSE 80 443 3333
EXPOSE 3333 8080 8443
CMD ["./docker/run.sh"]

+ 17
- 9
docker/run.sh View File

@ -5,25 +5,25 @@ if [ -n "${ADMIN_LISTEN_URL+set}" ] ; then
jq -r \
--arg ADMIN_LISTEN_URL "${ADMIN_LISTEN_URL}" \
'.admin_server.listen_url = $ADMIN_LISTEN_URL' config.json > config.json.tmp && \
mv config.json.tmp config.json
cat config.json.tmp > config.json
fi
if [ -n "${ADMIN_USE_TLS+set}" ] ; then
jq -r \
--argjson ADMIN_USE_TLS "${ADMIN_USE_TLS}" \
'.admin_server.use_tls = $ADMIN_USE_TLS' config.json > config.json.tmp && \
mv config.json.tmp config.json
cat config.json.tmp > config.json
fi
if [ -n "${ADMIN_CERT_PATH+set}" ] ; then
jq -r \
--arg ADMIN_CERT_PATH "${ADMIN_CERT_PATH}" \
'.admin_server.cert_path = $ADMIN_CERT_PATH' config.json > config.json.tmp && \
mv config.json.tmp config.json
cat config.json.tmp > config.json
fi
if [ -n "${ADMIN_KEY_PATH+set}" ] ; then
jq -r \
--arg ADMIN_KEY_PATH "${ADMIN_KEY_PATH}" \
'.admin_server.key_path = $ADMIN_KEY_PATH' config.json > config.json.tmp && \
mv config.json.tmp config.json
cat config.json.tmp > config.json
fi
# set config for phish_server
@ -31,25 +31,25 @@ if [ -n "${PHISH_LISTEN_URL+set}" ] ; then
jq -r \
--arg PHISH_LISTEN_URL "${PHISH_LISTEN_URL}" \
'.phish_server.listen_url = $PHISH_LISTEN_URL' config.json > config.json.tmp && \
mv config.json.tmp config.json
cat config.json.tmp > config.json
fi
if [ -n "${PHISH_USE_TLS+set}" ] ; then
jq -r \
--argjson PHISH_USE_TLS "${PHISH_USE_TLS}" \
'.phish_server.use_tls = $PHISH_USE_TLS' config.json > config.json.tmp && \
mv config.json.tmp config.json
cat config.json.tmp > config.json
fi
if [ -n "${PHISH_CERT_PATH+set}" ] ; then
jq -r \
--arg PHISH_CERT_PATH "${PHISH_CERT_PATH}" \
'.phish_server.cert_path = $PHISH_CERT_PATH' config.json > config.json.tmp && \
mv config.json.tmp config.json
cat config.json.tmp > config.json
fi
if [ -n "${PHISH_KEY_PATH+set}" ] ; then
jq -r \
--arg PHISH_KEY_PATH "${PHISH_KEY_PATH}" \
'.phish_server.key_path = $PHISH_KEY_PATH' config.json > config.json.tmp && \
mv config.json.tmp config.json
cat config.json.tmp > config.json
fi
# set contact_address
@ -57,9 +57,17 @@ if [ -n "${CONTACT_ADDRESS+set}" ] ; then
jq -r \
--arg CONTACT_ADDRESS "${CONTACT_ADDRESS}" \
'.contact_address = $CONTACT_ADDRESS' config.json > config.json.tmp && \
mv config.json.tmp config.json
cat config.json.tmp > config.json
fi
if [ -n "${DB_FILE_PATH+set}" ] ; then
jq -r \
--arg DB_FILE_PATH "${DB_FILE_PATH}" \
'.db_path = $DB_FILE_PATH' config.json > config.json.tmp && \
cat config.json.tmp > config.json
fi
echo "Runtime configuration: "
cat config.json
# start gophish

Loading…
Cancel
Save