kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: production deployment setup and hardcoded URL fixes

Browse Source 
- Fix hardcoded localhost:8000 URLs in frontend to use relative /api/v1
  path (works with Nginx proxy in prod and VITE_API_URL in dev)
- Create production entrypoint (entrypoint.prod.sh) that runs migrations,
  seeds, and starts uvicorn with 4 workers (no --reload)
- Create comprehensive install.sh script for production deployment that
  generates secure .env, builds containers, waits for health, and
  optionally triggers initial MITRE sync
- Update docker-compose.prod.yml to use production entrypoint
- Update Dockerfile to make both entrypoints executable
- Remove init.ps1 (production will always be Linux)
- Update README with production deployment instructions
This commit is contained in:
Kitos
2026-02-10 16:04:16 +01:00
parent a3f83c316a
commit 8aec3581a0
9 changed files with 310 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
README.md
View File

@@ -95,38 +95,40 @@ Both Red Lead and Blue Lead must independently vote:
- Docker and Docker Compose
- Git
- Linux / macOS (or WSL on Windows)
### Installation
### Production Deployment
The recommended way to deploy Aegis in production:
1. Clone the repository:
```bash
git clone <repository-url>
cd Aegis
chmod +x scripts/install.sh
./scripts/install.sh
```
2. Start all services:
The install script will automatically:
- Generate a `.env` file with secure random secrets
- Build and start all containers (PostgreSQL, MinIO, Backend, Frontend)
- Run database migrations
- Seed the admin user and data sources
- Optionally run the initial MITRE ATT&CK sync
Access the application at **http://your-server:80**.
### Development Setup
For local development with hot-reload:
```bash
git clone <repository-url>
cd Aegis
docker-compose up -d
./scripts/init.sh
```
3. Run database migrations:
```bash
docker exec aegis-backend alembic upgrade head
```
4. Seed the admin user:
```bash
docker exec aegis-backend python -m app.seed
```
5. Access the application:
```bash
# API health check
curl http://localhost:8000/health
# Expected: {"status":"ok"}
# Open http://localhost:5173 — Aegis login page
```
Access at **http://localhost:5173** (frontend dev server) and **http://localhost:8000/docs** (API docs).
### Authentication
@@ -137,27 +139,32 @@ Username: admin
Password: admin123
```
> **Important:** Change the default `admin123` password and `SECRET_KEY` in production.
> **Important:** Change the default `admin123` password immediately after first login.
### Importing Data Sources
After initial setup, the entrypoint script automatically seeds the initial data sources (Atomic Red Team, SigmaHQ, CALDERA, LOLBAS, GTFOBins, D3FEND). You can then sync each source from the UI:
On startup, the backend automatically seeds the initial data sources (Atomic Red Team, SigmaHQ, CALDERA, LOLBAS, GTFOBins, D3FEND). You can then sync each source from the UI:
1. Navigate to **System > Data Sources** in the admin panel
1. Navigate to **Data Sources** in the sidebar
2. Click **Sync** on each data source to import its content
3. Trigger a **MITRE ATT&CK Sync** from the **System > MITRE Sync** page
3. Trigger a **MITRE ATT&CK Sync** from the **System** page
Alternatively, use the API:
```bash
# Sync MITRE ATT&CK techniques
curl -X POST http://localhost:8000/api/v1/system/sync-mitre -H "Authorization: Bearer $TOKEN"
curl -X POST http://your-server/api/v1/system/sync-mitre -H "Authorization: Bearer $TOKEN"
# Sync all data sources at once
curl -X POST http://localhost:8000/api/v1/data-sources/sync-all -H "Authorization: Bearer $TOKEN"
curl -X POST http://your-server/api/v1/data-sources/sync-all -H "Authorization: Bearer $TOKEN"
```
See [docs/DATA_SOURCES.md](docs/DATA_SOURCES.md) for detailed instructions on all data sources.
### Production Considerations
- **HTTPS/TLS:** For internet-facing deployments, place a reverse proxy with TLS in front (e.g., Traefik, Caddy, or Nginx with Let's Encrypt).
- **Backups:** Set up regular PostgreSQL backups: `docker exec aegis-postgres pg_dump -U postgres attackdb > backup.sql`
- **Updates:** To update, pull the latest code and run: `docker compose -f docker-compose.prod.yml up -d --build`
- **Firewall:** Only expose port 80/443. All other services (DB, MinIO, backend) are internal only.
### Configuring Scoring Weights