Publish container file on docker/ghcr.io

[7677865466]

Have recently stumbled upon Cyberbro and am enjoying it so far. I saw you have published a Kasm container image but there doesn't seem to be a container image for the vanilla application. Are you also able to publish this through docker or the Github container registry?

[stanfrbd]

Hey @7677865466

Thanks for bringing that up. Actually I thought about it but if I publish an image, it will be only with "free" engines without API keys (just like the KASM version).

Do you have limitations or a specific environment where you need a Docker image instead of using Docker Compose?

It's all about config (secrets.json).
KASM is good for testing purposes.

I am open to discussion about this :)

[7677865466]

The main reason for me is that it is easier to deploy and update the image to a newer version whenever a new version of Cyberbro is released. You can also consider using environment variables to make deployment even more easier as there is no config file needed. By doing so, you can add all the third-party secrets to the compose file.

I am using podman quadlet (opposed to docker-compose) and they have a built-in updater that checks and updates the image if a new container image has been published.

[stanfrbd]

That makes sense! I will think about it :)
I'll reach out when I have something ready!

[stanfrbd]

Hello @7677865466

I'm planning to release the docker image soon (probably today)

Advanced options for deployment

All variables from secrets.json can be converted to environment variables (uppercase):

Note

You can add these environment variables in a custom docker-compose.yml. If you don't specify proxy, no proxy will be used.

export PROXY_URL="http://127.0.0.1:9000"
export VIRUSTOTAL="api_key_here"
export ABUSEIPDB="api_key_here"
export IPINFO="api_key_here"
export GOOGLE_SAFE_BROWSING="api_key_here"
export MDE_TENANT_ID="api_key_here"
export MDE_CLIENT_ID="api_key_here"
export MDE_CLIENT_SECRET="api_key_here"
export SHODAN="api_key_here"
export OPENCTI_API_KEY="api_key_here"
export OPENCTI_URL="https://demo.opencti.io"

Supervisord options (for docker only)

This options will be applied only if the script prod/advanced_config.py is run (automatic in docker)

In secrets.json:

• Adding "supervisord_workers_count": 1 in secrets.json will set -w 1 in supervisord.conf
• Adding "supervisord_threads_count": 1 in secrets.json will set -t 1 in supervisord.conf
• Adding "supervisord_timeout": 200 in secrets.json will set --timeout 200 in supervisord.conf

Or using environment variables:

export SUPERVISORD_WORKERS_COUNT=1
export SUPERVISORD_THREADS_COUNT=1
export SUPERVISORD_TIMEOUT=200

Note

These variables are optional, so if they don't exist in secrets.json, the original config (in prod/supervisord.conf) will be applied by default.

API prefix in app.py and index.html options

In secrets.json:

• Adding "api_prefix": "my_api" in secrets.json will set all the original prefix /api/ endpoints to be renamed by prefix /my_api/ endpoints in the files app.py and index.html

Or using environment variables:

export API_PREFIX="my_api"

Note

This variable is optional, so if it doesn't exist in secrets.json, the API will be accessible at /api/ by default.

Selected engines in the GUI (index.html only)

In secrets.json:

• Adding "gui_enabled_engines": ["reverse_dns", "rdap"] in secrets.json will restrict usage of these two engines in the GUI.

Or using environment variables:

export GUI_ENABLED_ENGINES="reverse_dns,rdap"

Note

This variable is optional, so if it doesn't exist in secrets.json, all engines will be displayed in the GUI.

Tip

Example: for the demo instance of cyberbro, only these engines are used:
"gui_enabled_engines": ["reverse_dns", "rdap", "ipquery", "abuseipdb", "virustotal", "spur", "google_safe_browsing", "shodan", "phishtank", "threatfox", "urlscan", "google", "github", "opencti", "abusix", "hudsonrock"]
With environment variable: GUI_ENABLED_ENGINES="reverse_dns,rdap,ipquery,abuseipdb,virustotal,spur,google_safe_browsing,shodan,phishtank,threatfox,urlscan,google,github,opencti,abusix,hudsonrock"

Config page in the GUI (config.html) http://cyberbro.local:5000/config

Caution

This is unsecure so it is disabled by default.

You can add it using the following:

In secrets.json:

Adding "config_page_enabled": true in secrets.json will enable the config page in the GUI at http://cyberbro.local:5000/config

Or using environment variables:

export CONFIG_PAGE_ENABLED="true"

Note

This variable is optional, so if it doesn't exist in secrets.json, it will be disabled by default.

[stanfrbd]

@7677865466 you will be able to use the image ghcr.io/stanfrbd/cyberbro:latest

Example of docker-compose-custom.yml (note: no " in environment variables)

services:
  web:
    image: ghcr.io/stanfrbd/cyberbro:latest
    container_name: cyberbro
    ports:
      - "5000:5000"
    environment:
      - FLASK_ENV=production
      - VIRUSTOTAL=api_key_here
      - ABUSEIPDB=api_key_here
      - GUI_ENABLED_ENGINES=reverse_dns,rdap,ipquery,abuseipdb,virustotal,spur,google_safe_browsing,phishtank
    restart: always
    volumes:
      - ./data:/app/data
      - ./logs:/var/log/cyberbro