Docker¶
OpenTAXII can also be run using docker. This guide assumes that you have access to a local or remote docker server, and won’t go into the setup of docker.
To get a default (development) instance using docker
$ docker run -d -p 9000:9000 eclecticiq/opentaxii
Note
OpenTAXII is now accessible through port 9000, with data stored locally in a SQLite database.
Configuration¶
Configuration is done through environment variables.
Common configuration parameters are:
OPENTAXII_DOMAIN
: (optional)- This specifies under which domain the OpenTAXII server is available, default:
localhost:9000
Setting up authentication is done with the following two variables:
OPENTAXII_USER
: (optional)- If the OpenTAXII user and password are not set, no authentication is required
OPENTAXII_PASS
: (optional)- If you don’t want to specify the password on the command line, it is possible to leave the definition empty, and Docker will pick up the value from the environment.
OPENTAXII_SECRET
: (optional)- This is the secret with which the generated token is encoded.
$ export OPENTAXII_PASS="SomePassword"
$ docker -d -p 9000:9000 -e OPENTAXII_USER=myuser -e OPENTAXII_PASS eclecticiq/opentaxii
If you want to use a PostgreSQL database, instead of the included SQLite database, you can use the following environment variables for configuration:
DATABASE_HOST
: (required)- This is the database host to connect to
DATABASE_PORT
: (optional)- Default is
5432
DATABASE_USER
: (optional)- If not set, the default
postgres
is used. DATABASE_PASS
: (optional)- If not set, the database can be accessed by all containers on the same host!
DATABASE_NAME
: (optional)- The database to use, by default uses
postgres
If you would like to use a different Database for authentication, you can also set the following variables (any variable not set, will use it’s regular DB counterpart):
AUTH_DATABASE_HOST
: (required)- This is the database host to connect to
AUTH_DATABASE_PORT
: (optional)- Default is
5432
AUTH_DATABASE_USER
: (optional)- If not set, the default
postgres
is used. AUTH_DATABASE_PASS
: (optional)- If not set, the database can be accessed by all containers on the same host!
AUTH_DATABASE_NAME
: (optional)- The database to use, by default uses
postgres
Volumes¶
This docker container exposes two volumes, which can be attached to a running instance:
/data
- This volume will contain the SQLite databases used by the default instance.
/input
- If you want to pre-load the running instance with services.yml, collections.yml or have your own opentaxii.yml configuration used for the running system, create a folder with these documents present.
$ pwd
/some/path/examples
$ ls /some/path/examples
collections.yml services.yml
$ docker run -d -p 9000:9000 -v /some/path/examples:/input eclecticiq/opentaxii
Note
Make sure your naming is correct. It will only execute actions when any of the files with names: services.yml
, collections.yml
, or opentaxii.yml
are present.
Extending¶
If you need custom configuration, and installation of extra/custom code, it is better to extend the OpenTAXII docker image. For example, adding mysql (instead of PostgreSQL), and adding custom code, which is configured in a custom opentaxii.yml. The Dockerfile used will then look something like:
FROM eclecticiq/opentaxii:latest
MAINTAINER EclecticIQ <opentaxii@eclecticiq.com>
RUN pip install mysql-python \
&& pip install custom-package
COPY opentaxii.yml /input/opentaxii.yml
And building the image is then done using:
$ docker build -t eclecticiq/opentaxii-mysql .
Full Example with Compose¶
To see a full example of running OpenTAXII against a “real” database, using the docker-compose tool, checkout the configuration at: examples/docker-compose.yml
db:
image: postgres:9.4
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: password
POSTGRES_DB: opentaxii
opentaxii:
image: eclecticiq/opentaxii
environment:
OPENTAXII_AUTH_SECRET: secret
OPENTAXII_DOMAIN: 192.168.59.103:9000
OPENTAXII_USER: user1
OPENTAXII_PASS: pass1
DATABASE_HOST: db
DATABASE_NAME: opentaxii
DATABASE_USER: user
DATABASE_PASS: password
volumes:
- ./:/input:ro
ports:
- 9000:9000
links:
- db:db
This configuration starts two containers: opentaxii
and db
, creates the given collections and services, and adds a user for authentication.
Next steps
Continue to Authentication page to learn how OpenTAXII authentication process works.