code_public/ja4-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6d02f21c1e85f5c55f01254d6824408376ee9a88
ja4-platform/tests/integration/platform/Dockerfile
toto d4e7e674d8 feat: full-stack Docker Compose integration tests 
- 4-container stack: ClickHouse, platform (Rocky 9), bot-detector, dashboard
- Platform builds sentinel on Rocky (CGO+libpcap native), correlator static
- mod-reqin-log compiled with apxs on Rocky (matching RPM build target)
- ClickHouse init script patches credentials for test env (sed-based)
- 8-phase test runner: schema, traffic gen, pipeline, dashboard API, bot-detector, sentinel
- All 13 checks pass, 3 non-blocking warnings (empty dicts, log paths)

SQL schema fixes discovered during integration:
- 02_dictionaries: IPv6CIDR → String (not a valid ClickHouse type)
- 03_anubis_tables: dict_anubis_ua missing has_ip/rule_id/category attrs
- 03_anubis_tables: dict_anubis_country FLAT() → COMPLEX_KEY_HASHED() (String key)
- 09_audit_table: CODEC before DEFAULT → DEFAULT before CODEC

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-07 20:33:25 +02:00

98 lines
4.1 KiB
Docker
Raw Blame History

# =============================================================================
# Platform container — Rocky Linux 9
# Runs: Apache (HTTPS) + mod-reqin-log + sentinel + correlator
#
# Multi-stage:
# 1. go-builder — compile correlator (static, no CGO) on golang image
# 2. platform — Rocky Linux 9: builds sentinel (CGO+libpcap), mod-reqin-log,
# installs Apache, runs everything
#
# sentinel is compiled on Rocky so it links against the same libpcap as runtime.
# This mirrors RPM packaging where build and target are the same distro.
# =============================================================================
# ---------------------------------------------------------------------------
# Stage 1: Build correlator (static binary, no CGO — distro-independent)
# ---------------------------------------------------------------------------
FROM golang:1.24 AS go-builder
WORKDIR /src
COPY go.work go.work.sum* ./
COPY shared/go/ja4common/ shared/go/ja4common/
COPY services/correlator/ services/correlator/
COPY services/sentinel/ services/sentinel/
RUN cd services/correlator && \
CGO_ENABLED=0 go build -ldflags="-s -w" -o /out/correlator ./cmd/logcorrelator
# ---------------------------------------------------------------------------
# Stage 2: Rocky Linux 9 — build sentinel + mod-reqin-log, then run everything
# ---------------------------------------------------------------------------
FROM rockylinux:9
# Install build deps + runtime deps
RUN dnf install -y --allowerasing \
httpd httpd-devel mod_ssl \
apr-devel apr-util-devel \
gcc make redhat-rpm-config \
libpcap \
golang \
procps-ng curl \
&& dnf install -y --enablerepo=crb libpcap-devel \
&& dnf clean all
# -- Build sentinel on Rocky (CGO + libpcap from Rocky repos) ---------------
COPY go.work go.work.sum* /tmp/sentinel-build/
COPY shared/go/ja4common/ /tmp/sentinel-build/shared/go/ja4common/
COPY services/sentinel/ /tmp/sentinel-build/services/sentinel/
COPY services/correlator/ /tmp/sentinel-build/services/correlator/
RUN cd /tmp/sentinel-build/services/sentinel && \
CGO_ENABLED=1 go build -ldflags="-s -w" -o /usr/local/bin/sentinel ./cmd/ja4sentinel && \
rm -rf /tmp/sentinel-build /root/go
# -- Build mod-reqin-log from source -----------------------------------------
COPY services/mod-reqin-log/src/ /tmp/mod-reqin-log/src/
COPY services/mod-reqin-log/Makefile /tmp/mod-reqin-log/Makefile
RUN cd /tmp/mod-reqin-log && make all && \
cp modules/mod_reqin_log.so /usr/lib64/httpd/modules/ 2>/dev/null || \
cp build/.libs/mod_reqin_log.so /usr/lib64/httpd/modules/ && \
rm -rf /tmp/mod-reqin-log
# -- Copy correlator from builder (static binary, no deps) -------------------
COPY --from=go-builder /out/correlator /usr/local/bin/correlator
# -- Create runtime directories ----------------------------------------------
RUN mkdir -p /var/run/logcorrelator \
/var/log/logcorrelator \
/var/log/ja4sentinel \
/etc/logcorrelator \
/etc/ja4sentinel
# -- Correlator config -------------------------------------------------------
COPY tests/integration/platform/correlator.yml /etc/logcorrelator/correlator.yml
# -- Sentinel config ----------------------------------------------------------
COPY tests/integration/platform/sentinel.yml /etc/ja4sentinel/config.yml
# -- Apache config (HTTPS + mod-reqin-log) ------------------------------------
COPY tests/integration/platform/httpd-integration.conf /etc/httpd/conf.d/integration.conf
# -- Generate self-signed TLS certificate -------------------------------------
RUN openssl req -x509 -nodes -days 365 \
-subj "/CN=platform.test" \
-newkey rsa:2048 \
-keyout /etc/pki/tls/private/localhost.key \
-out /etc/pki/tls/certs/localhost.crt
# -- Simple health endpoint for Apache ---------------------------------------
RUN mkdir -p /var/www/html && \
echo '{"status":"ok"}' > /var/www/html/health
# -- Entrypoint (manages all processes) --------------------------------------
COPY tests/integration/platform/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
EXPOSE 80 443
CMD ["/entrypoint.sh"]
Reference in New Issue View Git Blame Copy Permalink