|
1 | | -## Requirements ## |
| 1 | +<p align="center"> |
| 2 | + <img alt="OpenCVE" src="https://raw.githubusercontent.com/opencve/opencve/master/logo.png"> |
| 3 | +</p> |
2 | 4 |
|
3 | | -<ul> |
4 | | -<li>Docker-compose 1.21.0+</li> |
5 | | -<li>Docker 20.10.1+</li> |
6 | | -<li>5 GB RAM</li> |
7 | | -</ul> |
8 | | - |
9 | | -The following procedure has been tested on Debian 10 and Ubuntu LTS 20.04. |
10 | | - |
11 | | -## Configuration ## |
12 | | - |
13 | | -Get the OpenCVE docker repository: |
14 | | - |
15 | | -``` |
16 | | -$ git clone https://github.com/opencve/opencve-docker.git |
17 | | -``` |
18 | | - |
19 | | -Prepare and copy the configuration file from the conf directory: |
20 | | - |
21 | | -``` |
22 | | -$ cd opencve-docker && cp ./conf/opencve.cfg.example ./conf/opencve.cfg |
23 | | -``` |
24 | | - |
25 | | -**Note:** In opencve.cfg, update the following keys: |
26 | | -- server_name (use the same port if you changed it in the .env file) |
27 | | -- secret_key (see the Flask [recommandations](https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY)) |
28 | | -- smtp_server |
29 | | -- smtp_user & smtp_password if any or leave empty |
30 | | - |
31 | | -**Note:** If you want to change the default postgresql password (strongly advised), you can add it in the .env file before the docker-compose build: |
32 | | - |
33 | | -``` |
34 | | -POSTGRES_PASSWORD=MyStrongPassword42 |
35 | | -``` |
36 | | - |
37 | | -Then don't forget to change it in the opencve.cfg file. |
38 | | - |
39 | | -**Note:** You will need a SMTP server to send the notification emails. Its configuration is out of scope of this procedure. |
40 | | - |
41 | | -## Initialize the stack ## |
42 | | - |
43 | | -Build the OpenCVE image: |
44 | | - |
45 | | -``` |
46 | | -$ docker-compose build |
47 | | -``` |
48 | | - |
49 | | -Start everything except the beat: |
50 | | - |
51 | | -``` |
52 | | -$ docker-compose up -d postgres redis webserver celery_worker |
53 | | -``` |
54 | | - |
55 | | -We will initialize and import the data inside the database first, before starting the beat to avoid change during the initialization. |
56 | | - |
57 | | -The initial import can reach until 3.5 GB RAM, so you need to have 4.5 GB or 5 GB to be safe compare to the OS you use. Afterwards, the worker use very small memory as only the diff is used with the NVD. |
58 | | - |
59 | | -In case you don't have 5 GB RAM available and you have disk space, you can use a swap file to do the initial import of CVEs: |
60 | | - |
61 | | -``` |
62 | | -$ fallocate -l 5G /swapfile |
63 | | -$ chmod 600 /swapfile |
64 | | -$ mkswap /swapfile |
65 | | -$ swapon /swapfile |
66 | | -``` |
67 | | - |
68 | | -## Initialize the database ## |
69 | | - |
70 | | -``` |
71 | | -$ docker exec -it webserver opencve upgrade-db |
72 | | -``` |
73 | | - |
74 | | -## Import the data ## |
75 | | - |
76 | | -``` |
77 | | -$ docker exec -it webserver opencve import-data |
78 | | -``` |
79 | | - |
80 | | -When the import is done, you can clean the swapfile if you used it: |
81 | | -``` |
82 | | -$ swapoff /swapfile |
83 | | -$ rm /swapfile |
84 | | -``` |
85 | | - |
86 | | -## Start the beat ## |
87 | | - |
88 | | -``` |
89 | | -$ docker-compose up -d celery_beat |
90 | | -``` |
91 | | - |
92 | | -## Create an admin ## |
93 | | - |
94 | | -``` |
95 | | -$ docker exec -it webserver opencve create-user john john.doe@example.com --admin |
96 | | -Password: |
97 | | -Repeat for confirmation: |
98 | | -[*] User john created. |
99 | | -``` |
| 5 | +## OpenCVE Docker |
100 | 6 |
|
| 7 | +This repository contains the files to install and run OpenCVE with Docker, feel free to contribute. |
101 | 8 |
|
| 9 | +We provide a [documentation](https://docs.opencve.io/installation/docker/) with the details of each step. |
0 commit comments