This Docker project serves as the vessel for certificate transparency scanning performed by the admiral Python library.
-
Change the credentials in
secrets
-
Choose configuration options for
admiral.yml
-
Start the container and detach:
docker compose up --detach
The following web services are started for monitoring the underlying components:
- Celery Flower: http://localhost:5555
- Mongo Express: http://localhost:8083
- Redis Commander: http://localhost:8082
This composistion passes credentials and configuration options via Docker
secrets. You need to modify
the files listed in the secrets section below. To prevent yourself
from inadvertently committing sensitive values to the repository, run
git update-index --assume-unchanged src/secrets/*
.
-
Pull the new image from Docker Hub:
docker compose pull
-
Recreate the running container by following the previous instructions:
docker compose up --detach
The images of this container are tagged with semantic
versions of the admiral
Python library that they containerize. It is recommended that most users
use a version tag (e.g. :1.4.0
).
Image:tag | Description |
---|---|
cisagov/admiral:1.4.0 |
An exact release version. |
cisagov/admiral:1.3 |
The most recent release matching the major and minor version numbers. |
cisagov/admiral:1 |
The most recent release matching the major version number. |
cisagov/admiral:edge |
The most recent image built from a merge into the develop branch of this repository. |
cisagov/admiral:nightly |
A nightly build of the develop branch of this repository. |
cisagov/admiral:latest |
The most recent release image pushed to a container registry. Pulling an image using the :latest tag should be avoided. |
See the tags tab on Docker Hub for a list of all the supported tags.
Mount point | Purpose |
---|---|
mongo-init.js |
Stores the initialization script for MongoDB |
The following ports are exposed by this container:
Port | Purpose |
---|---|
5555 | Celery Flower |
6379 | Redis |
8081 | Redis Commander |
8083 | Mongo Express |
There are no required environment variables.
Name | Purpose | Default |
---|---|---|
ADMIRAL_CONFIG_FILE |
Celery configuration | admiral.yml |
ADMIRAL_CONFIG_SECTION |
Configuration section to use | dev-mode |
ADMIRAL_WORKER_NAME |
Worker names | dev |
CISA_HOME |
Home folder | /home/cisa |
CISA_GROUP |
Group identifier | cisa |
Filename | Purpose |
---|---|
admiral.yml |
Celery configuration |
mongo.yml |
MongoDB configuration |
mongo-root-passwd.txt |
MongoDB root password |
redis.conf |
Redis configuration |
sslmate-api-key.txt |
API key for SSLMate's Certificate Transparency Search API |
Build the image locally using this git repository as the build context:
docker build \
--build-arg VERSION=0.0.1 \
--tag cisagov/admiral:1.4.0 \
https://github.com/cisagov/admiral-docker.git#develop
To create images that are compatible with other platforms, you can use the
buildx
feature of
Docker:
-
Copy the project to your machine using the
Code
button above or the command line:git clone https://github.com/cisagov/admiral-docker.git cd example
-
Create the
Dockerfile-x
file withbuildx
platform support:./buildx-dockerfile.sh
-
Build the image using
buildx
:docker buildx build \ --file Dockerfile-x \ --platform linux/amd64 \ --build-arg VERSION=0.0.1 \ --output type=docker \ --tag cisagov/admiral:1.4.0 .
We welcome contributions! Please see CONTRIBUTING.md
for
details.
This project is in the worldwide public domain.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.