Tweaking

Finalize qhoneypots config, thanks to @giga-a for native JSON logging! Completely rework T-Pot Landing Page based on Bento (https://github.com/migueravila/Bento). New NGINX image is down by 100MB and only uses 3.3 MB of RAM at runtime. Keep legacy Sensor option (without logstash).
2025-07-02 01:27:27 -04:00 · 2022-01-29 00:00:29 +00:00
parent 12a413b4cb
commit e6f392a098
45 changed files with 2401 additions and 344 deletions
--- a/docker/nginx/dist/conf/tpotweb.conf
+++ b/docker/nginx/dist/conf/tpotweb.conf
@ -0,0 +1,148 @@
+############################################
+### NGINX T-Pot configuration file by mo ###
+############################################
+
+server {
+
+    #########################
+    ### Basic server settings
+    #########################
+    listen 64297 ssl http2;
+    index index.html;
+    ssl_protocols TLSv1.3;
+    server_name example.com;
+    error_page 300 301 302 400 401 402 403 404 500 501 502 503 504 /error.html;
+    root /var/lib/nginx/html;
+
+
+    ##############################################
+    ### Remove version number add different header
+    ##############################################
+    server_tokens off;
+    more_set_headers 'Server: apache';
+
+
+    ##############################################
+    ### SSL settings and Cipher Suites
+    ##############################################
+    ssl_certificate /etc/nginx/cert/nginx.crt;
+    ssl_certificate_key /etc/nginx/cert/nginx.key;
+    
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!DHE:!SHA:!SHA256';
+    ssl_ecdh_curve secp384r1;
+    ssl_dhparam /etc/nginx/ssl/dhparam4096.pem;
+
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+
+
+    ####################################
+    ### OWASP recommendations / settings
+    ####################################
+
+    ### Size Limits & Buffer Overflows 
+    ### the size may be configured based on the needs. 
+    client_body_buffer_size  128k;
+    client_header_buffer_size 1k;
+    client_max_body_size 2M;
+    large_client_header_buffers 2 1k;
+
+    ### Mitigate Slow HHTP DoS Attack
+    ### Timeouts definition ##
+    client_body_timeout   10;
+    client_header_timeout 10;
+    keepalive_timeout     5 5;
+    send_timeout          10;
+
+    ### X-Frame-Options is to prevent from clickJacking attack
+    add_header X-Frame-Options SAMEORIGIN;
+
+    ### disable content-type sniffing on some browsers.
+    add_header X-Content-Type-Options nosniff;
+
+    ### This header enables the Cross-site scripting (XSS) filter
+    add_header X-XSS-Protection "1; mode=block";
+
+    ### This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
+
+
+    ##################################
+    ### Restrict access and basic auth
+    ##################################
+
+    # satisfy all;
+    satisfy any;
+
+    # allow 10.0.0.0/8;
+    # allow 172.16.0.0/12;
+    # allow 192.168.0.0/16;
+    allow 127.0.0.1;
+    allow ::1;
+    deny  all;
+
+    auth_basic           "closed site";
+    auth_basic_user_file /etc/nginx/nginxpasswd;
+
+
+    #############################
+    ### T-Pot Landing Page & Apps
+    #############################
+
+    location / {
+        auth_basic           "closed site";
+        auth_basic_user_file /etc/nginx/nginxpasswd;
+        try_files $uri $uri/ /index.html?$args;
+    }
+
+    location ^~ /elasticvue {
+        index index.html;
+        alias /var/lib/nginx/html/esvue;
+        try_files $uri $uri/ /index.html?$args;
+    }
+
+
+    #################
+    ### Proxied sites
+    #################
+
+    ### Kibana
+    location /kibana/ {
+        proxy_pass http://127.0.0.1:64296;
+        rewrite /kibana/(.*)$ /$1 break;
+    }
+
+    ### ES 
+    location /es/ {
+        proxy_pass http://127.0.0.1:64298/;
+        rewrite /es/(.*)$ /$1 break;
+    }
+
+    ### CyberChef
+    location /cyberchef {
+        proxy_pass http://127.0.0.1:64299;
+        rewrite ^/cyberchef(.*)$ /$1 break;
+    }
+
+    ### spiderfoot
+    location /spiderfoot {
+        proxy_pass http://127.0.0.1:64303;
+    }
+
+        location /static {
+            proxy_pass http://127.0.0.1:64303/spiderfoot/static;
+        }
+
+        location /scanviz {
+            proxy_pass http://127.0.0.1:64303/spiderfoot/scanviz;
+        }
+        
+        location /scandelete {
+            proxy_pass http://127.0.0.1:64303/spiderfoot/scandelete;
+        }
+
+        location /scaninfo {
+            proxy_pass http://127.0.0.1:64303/spiderfoot/scaninfo;
+        }
+
+}