Skip to content

Docker Installation

The Docker installation is the method to choose if you want to quickly deploy OpenCVE without managing the dependencies (like PostgreSQL, Redis or Celery).

Requirements

The current documentation has been tested on Debian 10 and Ubuntu LTS 20.04 with the following requirements :

  • Docker-compose 1.21.0+
  • Docker 20.10.1+
  • 5 GB RAM

Configuration

Get the OpenCVE docker repository:

$ git clone https://github.com/opencve/opencve-docker.git

Prepare and copy the configuration file from the conf directory:

$ cd opencve-docker && cp ./conf/opencve.cfg.example ./conf/opencve.cfg

Update the following keys in the opencve.cfg file:

  • server_name (use the same port if you changed it in the .env file)
  • secret_key (see the Flask recommandations)
  • smtp_server
  • smtp_user & smtp_password if any or leave empty

Tip

If you want to change the default postgresql password (strongly advised), you can add it in the .env file before the docker-compose build:

POSTGRES_PASSWORD=MyStrongPassword42

Then don't forget to change it in the opencve.cfg file.

Info

You will need a SMTP server to send the notification emails. Its configuration is out of scope of this procedure.

Initialize the stack

You can now build the OpenCVE image:

$ docker-compose build

Then start everything except the beat:

$ docker-compose up -d postgres redis webserver celery_worker

Initialize the database

The database can be initialized with the following command:

$ docker exec -it webserver opencve upgrade-db

Import the data

The tables are created, you can now populate them using the import-data command :

$ docker exec -it webserver opencve import-data

This command download the list of CPE, the list of CWE and each CVE's year (from 2002 until now), so it can take several minutes. Don't worry you will only do it once.

Warning

The NVD data are downloaded, extracted and then parsed in-memory before being inserted in the database. For that the import-data command needs 5GB at least to correctly do its job. Afterwards, the worker use very small memory as only the diff is used with the NVD.

If you launch opencve import-data without this memory space the command will be killed (OOM) by your operating system and your data will be incompletes.

We wrote a documentation to handle this problem using a SWAP file.

Create an admin

You can now create the admin :

$ docker exec -it webserver opencve create-user john john.doe@example.com --admin
Password:
Repeat for confirmation:
[*] User john created.

Tip

This command is required for the first admin, then you will be able to manage the users with the admin pages.

Start the beat

The last step is to start the scheduler :

$ docker-compose up -d celery_beat

You can now use OpenCVE with your own dockerized instance of it.