Merge pull request #6 from khast3x/dev - Traefik

Traefik now replaces NGINX

docker-compose.yml

@@ -1,51 +1,85 @@
-version: '2'
+version: "3"
 
 services:
   cert_gen:
-    image: paulczar/omgwtfssl
-    volumes:
-    - /tmp/certs:/certs
-
-  proxy:
-    build: nginx/
-    container_name: "portainer-proxy"
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes_from:
-      - cert_gen
-    volumes:
-      - files:/etc/nginx/html/files
-    restart: on-failure
+      container_name: "cert-gen"
+      image: paulczar/omgwtfssl
+      volumes:
+      - certs:/certs
+      labels:
+        - "traefik.enable=false"
 
-  templates:
-      build : nginx-templates/
-      container_name: "nginx-templates"
+  traefik:
+      build: traefik/
+      container_name: "traefik"
+      networks:
+        - default
+        - inside
       ports:
-        - "8080:80"
+      - 80:80
+      - 443:443
+      volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - certs:/certs
+      - logs:/logs
+      labels:
+      - "traefik.frontend.rule=PathPrefixStrip:/api"
+      - "traefik.frontend.auth.basic.usersFile=/etc/traefik/.htpasswd"
+      - "traefik.port=8081"
+
+
+
+
+  templates:
+      build : templates/
+      container_name: "templates"
       networks: 
         - inside
+      labels:
+        - "traefik.enable=false"
 
+  public-files:
+      image: aikain/simplehttpserver:0.1
+      container_name: "public-files"
+      volumes:
+        - files:/var/www/
+        - logs:/var/www/logs
+      networks:
+        - inside
+      labels:
+        - "traefik.sec.frontend.rule=PathPrefixStrip:/files/logs"
+        - "traefik.sec.port=80"
+        - "traefik.sec.frontend.auth.basic.users=admin:$$apr1$$JWufnu2u$$jK16K8EczmfIBDk5p3xw6/"
+        - "traefik.nosec.frontend.rule=PathPrefixStrip:/files"
+        - "traefik.nosec.port=80"
+
+
   portainer:
-    image: portainer/portainer
-    container_name: "portainer-app"
-    command:  --host=unix:///var/run/docker.sock --logo "https://i.imgur.com/lwVlWt2.jpg" --templates "http://nginx-templates/templates.yml"
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /opt/portainer/data:/data
-    networks:
-      - default
-      - inside
-
-  # tester:
-  #   image: nginx:latest
-  #   container_name: "tester"
-  #   networks:
-  #     - default
-  #     - inside
+      image: portainer/portainer
+      container_name: "portainer-app"
+      networks:
+        - inside
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+        - /opt/portainer/data:/data
+      command:  --host=unix:///var/run/docker.sock --logo "https://i.imgur.com/lwVlWt2.jpg" --templates "http://templates/templates.yml"
+
+      labels:
+        - "traefik.frontend.rule=PathPrefixStrip:/portainer"
+        - "traefik.port=9000"
+        - "traefik.passHostHeader=true"
+        - "traefik.docker.network=redcloud_inside"
+        - "traefik.backend.loadbalancer.swarm=true"
+        - "traefik.backend.loadbalancer.method=drr"
+        # https://github.com/containous/traefik/issues/563#issuecomment-421360934
+        - "traefik.frontend.redirect.regex=^(.*)/portainer$$"
+        - "traefik.frontend.redirect.replacement=$$1/portainer/"
+        - "traefik.frontend.rule=PathPrefix:/portainer;ReplacePathRegex: ^/portainer/(.*) /$$1"
 
 volumes:
+  certs:
+  logs:
   files:
-
 networks:
-  inside: 
+  inside:
+    external: false

redcloud.py

@@ -10,7 +10,7 @@
 REDCLOUD_INSTALL_GIT = "git clone https://github.com/khast3x/redcloud.git"
 REDCLOUD_INSTALL_SCP = "scp -r ../redcloud {target}:~/"
 SSH_OR = " || echo \"error\""
-GET_IP = "curl -4 icanhazip.com"
+GET_IP = "curl -4 -s icanhazip.com"
 
 
 def print_banner(arg = ""):
@@ -79,7 +79,7 @@ def list_available():
     '''
     import yaml
 
-    with open("nginx-templates/templates.yml", 'r') as stream:
+    with open("templates/templates.yml", 'r') as stream:
         try:
             data = yaml.load(stream)
             for templ in data:
@@ -96,6 +96,8 @@ def install_docker(prefix = ""):
     Runs the command to install docker. Can run with the SSH prefix to install remotly
     Keep both seperated for later debugging
     '''
+    c.info_news(c, "This might take a few minutes... Hang in there!")
+
     if len(prefix) != 0:
         output = run_cmd_output(prefix + DOCKER_INSTALL)
     else:
@@ -144,6 +146,7 @@ def deploy_local():
         c.bad_news(c, "docker-compose installation not found")
         c.question_news(c, "Install docker-compose? [Y/n]")
         dockerq = input(">> ")
+        print(dockerq)
         if dockerq == "n":
             c.info_news(c, "Skipping...")
         else:
@@ -163,11 +166,14 @@ def deploy_local():
 
     # Start deploy
     c.good_news(c, "Deploying redcloud")
-    run_cmd_output(DOCKER_DEPLOY)
+    output = run_cmd_output(DOCKER_DEPLOY)
+    print(output)
     c.good_news(c, "Done")
     ip = run_cmd_output(GET_IP)
     print(c.bold + c.fg.green + "\n" + "=========================================================================" + c.reset)
     c.good_news(c, "Please find your running instance at https://" + ip +"/portainer")
+    c.info_news(c, "Files are available at https://" + ip + "/files")
+    c.info_news(c, "Live Reverse Proxy data is available at https://" + ip + "/api")
     print(c.bold + c.fg.green + "=========================================================================" + c.reset)
     print(c.bg.orange + "\n" + c.reset)
     input("\n- Press Enter to continue -")
@@ -248,6 +254,8 @@ def deploy_remote_ssh():
     ip = run_cmd_output(SSH_CMD + GET_IP)
     print(c.bold + c.fg.green + "\n" + "=========================================================================" + c.reset)
     c.good_news(c, "Please find your running instance at https://" + ip +"/portainer")
+    c.info_news(c, "Files are available at https://" + ip + "/files")
+    c.info_news(c, "Live reverse proxy data is available at https://" + ip + "/api")
     print(c.bold + c.fg.green + "=========================================================================" + c.reset)
     print(c.bg.purple + "\n" + c.reset)
     input("\n- Press Enter to continue -")
@@ -314,6 +322,8 @@ def deploy_dockermachine():
         ip = os.environ['DOCKER_HOST']
         print(c.bold + c.fg.green + "\n" + "=========================================================================" + c.reset)
         c.good_news(c, "Please find your running instance at https:" + ip.split(":")[1] +"/portainer")
+        c.info_news(c, "Files are available at https:" + ip.split(":")[1] + "/files")
+        c.info_news(c, "Live reverse proxy data is available at https:" + ip.split(":")[1] + "/api")
         print(c.bold + c.fg.green + "=========================================================================" + c.reset)
     print(c.bg.cyan + "\n" + c.reset)
     input("\n- Press Enter to continue -")

templates/Dockerfile

@@ -0,0 +1,4 @@
+FROM aikain/simplehttpserver:0.1
+COPY templates.yml /var/www/
+
+CMD python3 -m http.server 80

nginx-templates/templates.yml → templates/templates.yml

@@ -27,6 +27,10 @@
     "image": "phocean/msf",
     "restart_policy": "unless-stopped",
     "categories": ["offensive", "database", "stack"],
+    "labels": [
+    { "name": "traefik.frontend.rule", "value": "PathPrefixStrip:/msf" },
+    { "name": "traefik.port", "value": "4444" }
+      ],
     "ports": [
       "4444:4444/tcp"
       ]
@@ -46,7 +50,12 @@
     "categories": ["offensive"],
     "ports": [
       "5555:5555/tcp"      
+      ],
+    "labels": [
+    { "name": "traefik.frontend.rule", "value": "PathPrefixStrip:/empire" },
+    { "name": "traefik.port", "value": "5555" }
       ]
+
   },
   {
     "type": 1,
@@ -105,7 +114,7 @@
       ]
   },
   {
-    "type": 1,
+    "type": 1,  
     "platform": "linux",
     "network": "redcloud_default",
     "title": "Kali - Full",
@@ -161,14 +170,14 @@
     "description": "Open-Source Phishing Toolkit",
     "name": "red_gophish",
     "logo": "https://i.imgur.com/l21Rn2v.png",
-    "note": "In your browser, head over to https://your-docker-machine-ip:3333. Don't forget the S in https",
+    "note": "In your browser, head over to https://your-docker-machine-ip:3333. Don't forget the S in https. Default credentials: admin/gophish",
     "image": "matteoggl/gophish",
     "restart_policy": "unless-stopped",
     "categories": ["offensive", "phishing"],
     "ports": [
       "3333:3333/tcp",
       "8083:80/tcp"
-      ]
+      ]    
   },
   {  
     "type": 1,
@@ -236,7 +245,7 @@
     "ports": [
       "5901:5901/tcp",
       "6901:6901/tcp"
-      ]
+      ]    
   },
   {
     "type": 1,
@@ -252,7 +261,7 @@
     "categories": ["vulnerable", "webserver"],
     "ports": [
       "8082:80/tcp"
-    ]
+    ]    
   },
   {   
     "type": 1,
@@ -268,7 +277,7 @@
     "categories": ["vulnerable", "webserver"],
     "ports": [
       "8084:3000/tcp"
-    ]
+    ]    
   },
   {   
     "type": 1,

traefik/.htpasswd

@@ -0,0 +1,2 @@
+
+admin:$apr1$4YJyomU4$FdUTOixMsICBBBz9PHJLH0

traefik/Dockerfile

@@ -0,0 +1,6 @@
+FROM traefik:alpine
+
+COPY traefik.toml /etc/traefik/traefik.toml
+# admin:Redcloud
+COPY .htpasswd /etc/traefik/.htpasswd
+CMD ["traefik"]

traefik/traefik.toml

@@ -0,0 +1,37 @@
+defaultEntryPoints = ["http", "https"]
+logLevel = "DEBUG"
+
+[traefikLog]
+  filePath = "/logs/traefik.log"
+
+[accessLog]
+  filePath = "/logs/access.log"
+
+[entryPoints.api]
+  address = ":8081"
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+    rule = "Path:/portainer,/files,/api"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+      [[entryPoints.https.tls.certificates]]
+      ca = "/certs/ca.pem"
+      caOptional = true
+      certFile = "/certs/cert.pem"
+      keyFile = "/certs/key.pem"
+      insecureSkipVerify = true
+
+
+[docker]
+endpoint = "unix:///var/run/docker.sock"
+domain = "docker.localhost"
+exposedByDefault = true
+
+[api]
+  entryPoint = "api"
+
+