Deploying with Docker (original) (raw)

Docker Setup

You will need the latest version of Docker. Tested on Mac with Docker Desktop 18.09.2.

Basic Setup Instructions

You can use the docker-compose.yml file included with the project to spin up a basic installation of the project in a few easy steps.

export DATA_DIR="/YOUR_DATA_DIR"

Starting the services automatically

For starting the services automatically simply update the docker-compose.yml file to set a restart policy of always like this:

...
  insecureinc:
    image: securecodingdojo/insecure.inc
    restart: "always" #change to always if you want the image to auto start
...
 trainingportal:
    image: securecodingdojo/trainingportal
    restart: "always" #change to always if you want the image to auto start
...

Configuring Public URLs

Your dojo will be running on localhost out of a default configuration file. There are two containers:

Next steps are to configure public access.

If you're in the AWS cloud you just need two different ALBs that will forward 443 traffic to 8081 and 8080 respectively.

You can also install nginx and forward traffic to the localhost port. You can find detailed information about nginx setup at this link.

Once you got that setup you want to configure DNS to point to the load balancer(s).

When that is done tell the dojo what are the URLs by creating a config.json file in the docker volume, the $DATA_DIR env variable that you have configured earlier:

Example $DATA_DIR/config.json file

{
    "dojoUrl" : "https://YOUR_PORTAL_HOST",
    "moduleUrls" : {
        "blackBelt":"https://YOUR_INSECURE_INC_HOST/insecureinc",
        "securityCodeReviewMaster":"https://trendmicro.github.io/SecureCodingDojo/codereview101/?fromPortal"
    },

    "disabledModules":["secondDegreeBlackBelt"],

    "playLinks" : {},

    "localUsersPath" : "localUsers.json"
}

Explanations:

The "securityCodeReviewMaster" is a static training module running directly from the Github repo

The "secondDegreeBlackBelt" requires an AWS deployment with API gateway and Lambda which is not currently available as code. So you should disable it for now.

Configuring CHALLENGE_MASTER_SALT

If you want to prevent participants from tricking the system and generate challenge verification codes based on the logic that is publicly available here, you must configure a secret CHALLENGE_MASTER_SALT environment variable.

export CHALLENGE_MASTER_SALT="put something random here"

Configuring a MYSQL database

For large scale environments the local SQLite database included in the image will not be sufficient. You will need a full MYSQL server. The dojo will also work with MariaDB.

Once you have the server and the database created you can configure the credentials to that server in config.json

{

...

    "dbHost" : "YOUR_DB_HOST",
    "dbName" : "securecodingdojodb",
    "dbUser" : "securecodingdojo",
    "encDbPass":"YOUR_ENCRYPTED_DB_PASS",

...

}

Generating the Encrypted DB Password.

You can generate YOUR_ENCRYPTED_DB_PASS with a script included in the /tools folder. But first you must create some environment variables to hold your encryption key seeds.

export ENC_KEY="put something random here"
export ENC_KEY_IV="put something random here"

var dbPass="YOUR_PASSWORD";//DELETE ME WHEN DONE

trainingportal (= node tools/encryptConfigs.js 
======= config.json ==========
"encDbPass":BAnkTgXIcshrVzSanByLOw==",

....

Other Settings and Integrations.

See the wiki pages for more information on how to integrate with Google, Slack. LDAP and ADFS options are also available. See config.json.sample for more settings.