Docker Installation
The Docker installation is the method to choose if you want to quickly deploy OpenCVE without managing the dependencies (like PostgreSQL, Redis or Celery).
Requirements
The current documentation has been tested on Debian 10 and Ubuntu LTS 20.04 with the following requirements :
- Docker-compose 1.21.0+
- Docker 20.10.1+
- 5 GB RAM
Configuration
Get the OpenCVE docker repository:
$ git clone https://github.com/opencve/opencve-docker.git
Prepare and copy the configuration file from the conf directory:
$ cd opencve-docker && cp ./conf/opencve.cfg.example ./conf/opencve.cfg
Update the following keys in the opencve.cfg
file:
- server_name (use the same port if you changed it in the .env file)
- secret_key (see the Flask recommendations)
- smtp_server
- smtp_user & smtp_password if any or leave empty
Tip
If you want to change the default postgresql password (strongly advised), you can add it in the .env
file before the docker-compose build:
POSTGRES_PASSWORD=MyStrongPassword42
Then don't forget to change it in the opencve.cfg file.
Info
You will need a SMTP server to send the notification emails. Its configuration is out of scope of this procedure.
Initialize the stack
You can now build the OpenCVE image:
$ docker-compose build
Then start everything except the beat:
$ docker-compose up -d postgres redis webserver celery_worker
Initialize the database
The database can be initialized with the following command:
$ docker exec -it webserver opencve upgrade-db
Import the data
The tables are created, you can now populate them using the import-data
command :
$ docker exec -it webserver opencve import-data
This command download the list of CPE, the list of CWE and each CVE's year (from 2002 until now), so it can take several minutes. Don't worry you will only do it once.
Warning
The NVD data are downloaded, extracted and then parsed in-memory before being inserted in the database. For that the import-data
command needs 5GB at least to correctly do its job. Afterwards, the worker use very small memory as only the diff is used with the NVD.
If you launch opencve import-data
without this memory space the command will be killed (OOM) by your operating system and your data will be incomplete.
We wrote a documentation to handle this problem using a SWAP file.
Create an admin
You can now create the admin :
$ docker exec -it webserver opencve create-user john john.doe@example.com --admin
Password:
Repeat for confirmation:
[*] User john created.
Tip
This command is required for the first admin, then you will be able to manage the users with the admin pages.
Start the beat
The last step is to start the scheduler :
$ docker-compose up -d celery_beat
You can now use OpenCVE with your own dockerized instance of it.