Skip to content

Commit

Permalink
Nits in the README
Browse files Browse the repository at this point in the history
  • Loading branch information
javuto committed Dec 12, 2023
1 parent 755ec3d commit 49245ae
Showing 1 changed file with 21 additions and 21 deletions.
42 changes: 21 additions & 21 deletions deploy/docker/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,51 +10,51 @@ This directory contains all the necessary configs to setup the osctrl Docker dev
Follow these steps to generate a self-signed certificate that is going to be used for the osctrl deployment:

1. `cp conf/tls/openssl.cnf.example conf/tls/openssl.cnf`
1. `BASE_DOMAIN=<DOMAIN> openssl req -x509 -new -nodes -days <X - ex: 365) -keyout conf/tls/osctrl.key -out conf/tls/osctrl.crt -config conf/tls/openssl.cnf`
2. `BASE_DOMAIN=<DOMAIN> openssl req -x509 -new -nodes -days <X - ex: 365) -keyout conf/tls/osctrl.key -out conf/tls/osctrl.crt -config conf/tls/openssl.cnf`
1. Replace `<DOMAIN>` with an a domain like `osctrl.example.com`
1. ![docker_openssl_generate](../../.img/docker_openssl_generate.png)
2. ![docker_openssl_generate](../../.img/docker_openssl_generate.png)

## Generate JWT secret

You can generate a random enough JWT secret to be used with the `osctrl-api` and `osctrl-admin` components using one of the following commands:

1. `uuidgen | shasum -a 256 | awk '{print $1}'`
1. ![docker_uuid_gen](../../.img/docker_uuid_gen.png)
1. `vim .env` and set `JWT_SECRET`
2. `vim .env` and set `JWT_SECRET`

## Set .env

1. `cp .env.example .env`
1. `vim .env` and set:
2. `vim .env` and set:
1. osctrl
1. `OSCTRL_VERSION` - define the version of osctrl to use
1. `JWT_SECRET` - define the JWT secret (see instructions above)
1. `OSCTRL_USER` - define username for osctrl admin user
1. `OSCTRL_PASS` - define password for osctrl admin user
1. osquery
2. `JWT_SECRET` - define the JWT secret (see instructions above)
3. `OSCTRL_USER` - define username for osctrl admin user
4. `OSCTRL_PASS` - define password for osctrl admin user
2. osquery
1. `OSQUERY_VERSION` - define the version of Osquery for test instance
1. NGINX
3. NGINX
1. `NGINX_VERSION` - define the version of NGINX to use
1. Postgres
4. Postgres
1. `POSTGRES_VERSION` - define the version of Postgres to use
1. `POSTGRES_DB_NAME` - define the name of the database for osctrl
1. `POSTGRES_DB_USERNAME` - define the username to conenct to osctrl database
1. `POSTGRES_DB_PASSWORD` - define the password to conenct to osctrl database
1.
1. Save and exit
1. `docker-compose build`
2. `POSTGRES_DB_NAME` - define the name of the database for osctrl
3. `POSTGRES_DB_USERNAME` - define the username to conenct to osctrl database
4. `POSTGRES_DB_PASSWORD` - define the password to conenct to osctrl database
5. Save and exit
3. `docker-compose build`
1. Build Docker images
1. `docker-compose up`
1. Spin up Osctrl Docker stack
4. `docker-compose up`
1. Spin up osctrl Docker stack

## Login into osctrl

1. Open a browser to `https://127.0.0.1:8443/login`
1. Login
2. Login
1. Enter `<OSCTRL_USER>` for username
1. Enter `<OSCTRL_PASS>` for password
2. Enter `<OSCTRL_PASS>` for password

## References

* [What is osctrl?](https://osctrl.net/)
* [osctrl-api](https://app.swaggerhub.com/apis-docs/jmpsec/osctrl-api/0.3.4#/)

Expand All @@ -67,5 +67,5 @@ You can generate a random enough JWT secret to be used with the `osctrl-api` and
* [Interactive shell using Docker Compose](https://stackoverflow.com/questions/36249744/interactive-shell-using-docker-compose)
* [Advanced Dockerfiles: Faster Builds and Smaller Images Using BuildKit and Multistage Builds](https://www.docker.com/blog/advanced-dockerfiles-faster-builds-and-smaller-images-using-buildkit-and-multistage-builds/)
* [Using openssl to get the certificate from a server](https://stackoverflow.com/questions/7885785/using-openssl-to-get-the-certificate-from-a-server)
* [Osquery flags](https://osquery.readthedocs.io/en/stable/installation/cli-flags/)
* [osquery flags](https://osquery.readthedocs.io/en/stable/installation/cli-flags/)
* [mkcert is a simple tool for making locally-trusted development certificates](https://github.com/FiloSottile/mkcert)

0 comments on commit 49245ae

Please sign in to comment.