move all used ports on haproxy and remove all unused ports

ce63eea7 · root · a8e585ba · ce63eea7 · ce63eea7 · ce63eea7
Commit ce63eea7 authored 3 years ago by root
--- a/roles/build/templates/cassandra/Dockerfile.j2
+++ b/roles/build/templates/cassandra/Dockerfile.j2
@@ -16,5 +16,4 @@ RUN echo "[cassandra]" > /etc/yum.repos.d/cassandra.repo && \
    sed -i -e 's,/etc/cassandra,/usr/share/cassandra,g' /usr/share/cassandra/cassandra.in.sh && \
    yum -y clean all
 COPY cassandrasupervisord.conf /etc/supervisord.conf
-EXPOSE 7000 9042
 ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
--- a/roles/build/templates/cortex/Dockerfile.j2
+++ b/roles/build/templates/cortex/Dockerfile.j2
@@ -23,6 +23,5 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
    for I in analyzers/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
    for I in responders/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
    yum -y clean all
-EXPOSE 9001
 COPY cortexsupervisord.conf /etc/supervisord.conf
 ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
--- a/roles/build/templates/elasticsearch/Dockerfile.j2
+++ b/roles/build/templates/elasticsearch/Dockerfile.j2
@@ -17,6 +17,5 @@ RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \

 RUN echo 'elasticsearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers

-EXPOSE 9200 9300
 ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]

--- a/roles/build/templates/keycloak/Dockerfile.j2
+++ b/roles/build/templates/keycloak/Dockerfile.j2
@@ -34,9 +34,6 @@ ENV PATH="/opt/jboss/keycloak/bin:${PATH}"

 WORKDIR /opt/jboss/keycloak

-EXPOSE 8080
-EXPOSE 8443
-
 RUN echo 'jboss ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers

 COPY keycloaksupervisord.conf /etc/supervisord.conf

--- a/roles/build/templates/kibana/Dockerfile.j2
+++ b/roles/build/templates/kibana/Dockerfile.j2
@@ -17,7 +17,6 @@ RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \

 RUN echo 'kibana ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers

-EXPOSE 5601
 COPY kibanasupervisord.conf /etc/supervisord.conf
 ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]

--- a/roles/build/templates/misp/Dockerfile.j2
+++ b/roles/build/templates/misp/Dockerfile.j2
@@ -80,9 +80,6 @@ RUN chown -R apache:apache /var/www/MISP ; \

 COPY misp_rh-php72-php-fpm /etc/logrotate.d/rh-php72-php-fpm

-# 80/443 - MISP web server, 3306 - mysql, 6379 - redis, 6666 - MISP modules, 50000 - MISP ZeroMQ
-EXPOSE 80 443 6443 6379 6666 50000
-
 ENV PATH "$PATH:/opt/rh/rh-php72/root/bin/"

 COPY mispsupervisord.conf /etc/supervisord.conf

--- a/roles/build/templates/mysql/Dockerfile.j2
+++ b/roles/build/templates/mysql/Dockerfile.j2
@@ -6,7 +6,6 @@ RUN yum -y update && yum install -y epel-release centos-release-scl scl-utils &&
    /usr/bin/scl enable rh-mariadb103 -- /opt/rh/rh-mariadb103/root/usr/libexec/mysql-prepare-db-dir /var/opt/rh/rh-mariadb103/lib/mysql 
 RUN yum clean all

-EXPOSE 3306
 COPY mysqlsupervisord.conf /etc/supervisord.conf

 ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]

--- a/roles/build/templates/nifi/Dockerfile.j2
+++ b/roles/build/templates/nifi/Dockerfile.j2
@@ -83,7 +83,6 @@ RUN curl -fSL ${MIRROR_BASE_URL}/${NIFI_BINARY_PATH} -o ${NIFI_BASE_DIR}/nifi-${
 RUN echo "#!/bin/sh\n" > $NIFI_HOME/bin/nifi-env.sh

 # Web HTTP(s) & Socket Site-to-Site Ports
-EXPOSE 8080 8443 10000 8000

 WORKDIR ${NIFI_HOME}


--- a/roles/build/templates/odfekibana/Dockerfile-kibana.j2
+++ b/roles/build/templates/odfekibana/Dockerfile-kibana.j2
@@ -17,7 +17,6 @@ RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \

 RUN echo 'kibana ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers

-EXPOSE 5601
 COPY kibanasupervisord.conf /etc/supervisord.conf
 ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]

--- a/roles/build/templates/thehive/Dockerfile.j2
+++ b/roles/build/templates/thehive/Dockerfile.j2
@@ -15,6 +15,5 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
    mkdir -p /home/thehive && \
    chown -R thehive:thehive /home/thehive /etc/thehive && \
    yum -y clean all
-EXPOSE 9000
 COPY thehivesupervisord.conf /etc/supervisord.conf
 ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
--- a/roles/build/templates/zookeeper/Dockerfile.j2
+++ b/roles/build/templates/zookeeper/Dockerfile.j2
@@ -25,7 +25,7 @@ RUN curl -fSL ${MIRROR_BASE_URL}/${ZOOKEEPER_BINARY_PATH} -o ${ZOOKEEPER_BASE_DI
    && cp ${ZOOKEEPER_BASE_DIR}/zookeeper/conf/zoo_sample.cfg ${ZOOKEEPER_BASE_DIR}/zookeeper/conf/zoo.cfg

 # Web HTTP(s) & Socket Site-to-Site Ports
-EXPOSE 2181 2888 3888
+#EXPOSE 2181 2888 3888

 WORKDIR ${ZOOKEEPER_BASE_DIR}/zookeeper


--- a/roles/docker/tasks/haproxy.yml
+++ b/roles/docker/tasks/haproxy.yml
@@ -9,16 +9,17 @@
      - name: "{{ soctools_netname}}"
    networks_cli_compatible: yes
    published_ports:
-      - "443:443"
      - "8888:8888"
-      - "8443:8443"
      - "9443:9443"
      - "9200:9200"
      - "7750:7750"
-      - "5000-5099:5000-5099"
-      - "6000-6099:6000-6099"
      - "9000:9000"
      - "9001:9001"
+      - "12443:12443"
+      - "5601:5601"
+      - "6443:6443"
+      - "5000-5099:5000-5099"
+      - "6000-6099:6000-6099"
    interactive: "yes"
  tags:
    - start-docker-containers

--- a/roles/docker/tasks/keycloak.yml
+++ b/roles/docker/tasks/keycloak.yml
@@ -8,8 +8,6 @@
    networks:
      - name: "{{ soctools_netname }}"
    networks_cli_compatible: yes
-    published_ports:
-      - "12443:8443"
    interactive: "yes"
  with_items: "{{ groups['keycloakcontainers'] }}"
  tags:

--- a/roles/docker/tasks/misp.yml
+++ b/roles/docker/tasks/misp.yml
@@ -9,8 +9,6 @@
      - name: "{{ soctools_netname}}"
    interactive: "yes"
    networks_cli_compatible: yes
-    published_ports:
-      - "6443:6443"
  tags:
    - start-docker-containers


--- a/roles/docker/tasks/odfekibana.yml
+++ b/roles/docker/tasks/odfekibana.yml
@@ -8,8 +8,6 @@
    networks:
      - name: "{{ soctools_netname }}"
    networks_cli_compatible: yes
-    published_ports:
-      - "5601:5601"
    interactive: "yes"
  with_items: "{{ groups['odfekibanacontainers'] }}"
  tags:

--- a/roles/haproxy/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -49,7 +49,7 @@ listen odfeserv
 {% endfor %}
 	
 listen keycloakserv
-        bind *:10443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
+        bind *:12443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
        mode http
        maxconn 5000
        fullconn 5000
@@ -86,36 +86,30 @@ listen cortexserv
 	server {{cortexhost}} {{cortexhost}}:9001 check verify none
 {% endfor %}

-{% for port in range(50, 60) %}
-listen nifiservtcp77{{port}}
-	bind *:77{{port}}
-	mode tcp
+listen kibanaserv
+        bind *:5601 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
+        mode http
        maxconn 5000
        fullconn 5000
        balance source
        option tcpka
-	option tcp-check
-        option tcplog
-	tcp-check connect port 77{{port}}
-{% for nifihost in groups['nificontainers'] %}
-   	server {{nifihost}} {{nifihost}}:77{{port}} check
-
-{% endfor %}
+        option forwardfor
+        option httplog
+{% for kibanahost in groups['odfekibanacontainers'] %}
+        server {{kibanahost}} {{kibanahost}}:5601 ssl check verify none
 {% endfor %}

-
-listen nifiservtcp7771
-	bind *:7771
-	mode tcp
+listen mispserv
+        bind *:6443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
+        mode http
        maxconn 5000
        fullconn 5000
        balance source
        option tcpka
-	option tcp-check
-        option tcplog
-	tcp-check connect port 7771
-{% for nifihost in groups['nificontainers'] %}
-   	server {{nifihost}} {{nifihost}}:7771 check
+        option forwardfor
+        option httplog
+{% for misphost in groups['mispcontainers'] %}
+        server {{misphost}} {{misphost}}:6443 ssl check verify none
 {% endfor %}