Caution
Please read all this documentation before starting.
Hardware requirements:
- At least 8 vCPUs dedicated to containers
- At least 32GB of RAM
Software requirements:
- Docker engine
v23.0.15and later (install instructions) - Docker Compose plugin
v2.20.2and later (install instructions)
To verify that everything is properly installed, you can do the following commands:
# Check Docker engine version
docker version
# Check that the current user can run Docker commands
# Else (for Linux) check out https://docs.docker.com/engine/install/linux-postinstall/
docker run hello-world
# Check Docker Compose plugin version
docker compose versionThis production Docker Compose file deploys the following components:
- Cassandra: The database used by TheHive
- Elasticsearch: Serves as the database for the indexing engine for TheHive
- TheHive: Main application
- Nginx: Deployed as an HTTPS reverse proxy
Each container has as dedicated folder for configuration, data and log files.
.
├── cassandra
├── certificates
├── docker-compose.yml
├── dot.env.template
├── elasticsearch
├── nginx
├── README.md
├── scripts
└── thehivecassandra
├── data
└── logs- ./cassandra/data: the database files
- ./cassandra/logs: the log files
Note
These folders should not be manually modified
elasticsearch
├── data
└── logs- ./elasticsearch/data: the database files
- ./elasticsearch/logs: the log files
Note
These folders should not be manually modified
thehive
├── config
│ ├── application.conf
│ ├── logback.xml
│ └── secret.conf.template
├── data
│ └── files
└── logs- ./thehive/config: configuration files.
secret.confis generated automatically when using our init script. - ./thehive/data/files: file storage for TheHive
- ./thehive/logs: TheHive log files
Note
These folders should not be manually modified, except in config if you know what you are doing.
nginx
├── certs
└── templates
└── default.conf.template- ./nginx/templates/default.conf.template: this file is used to initiate the configuration of Nginx when the container is initialised.
Note
These folders should not be manually modified.
This foler is empty. By default, the application stack is initialised with self-signed certificates.
If you want to use your own certificates, like one signed by an internal authority, create following files - ensure to use the filenames written - :
certificates
├── server.crt ## Server certificate
├── server.key ## Server private key
└── ca.pem ## Certificate Authorityscripts
├── check_permissions.sh
├── generate_certs.sh
├── init.sh
├── output.sh
└── reset.shThe application stack includes several utility scripts:
- check_permissions.sh: Ensures proper permissions are set on files and folders
- generate_certs.sh: Generates a self-signed certificate for Nginx.
- init.sh: Initializes the application stack.
- output.sh: Displays output messages, called by other scripts.
- reset.sh: Resets the testing environmenent. WARNING Running this script deletes all data.
The application will run under the user account and group that executes the init script.
Run the init.sh script:
bash ./scripts/init.shThis script wil perform following actions:
- Prompts for a service name to include in the Nginx server certificate.
- Initializes the
secret.conffiles for TheHive. - Generates self-signed certificate none is found in
./certificates - Creates a
.envfile will user/group information and other application settings - Verifies file and folder permissions.
docker compose upor
docker compose up -dOpen your browser, and navigate to:
https://HOSTNAME_OR_IP/to connect to TheHive
Multiple scripts are also provided to help managing and testing the applications:
Run the following script to delete all data in the testing environment:
bash ./scripts/reset.shCaution
This scripts deletes all data and containers.
Run the init.sh script to reload a new production instance.
This profile includes two utility scripts to assist with performing cold backups and restores. You can find these scripts here: ./scripts/backup.sh and ./scripts/restore.sh For detailed information about backup and restore strategies and processes, please refer to the dedicated documentation.