Installation
All components of OpenCTI are shipped both as Docker images and manual installation packages.
Production deployment
For production deployment, we recommend to deploy all components in containers, including dependencies, using native cloud services or orchestration systems such as Kubernetes.
To have more details about deploying OpenCTI and its dependencies in cluster mode, please read the dedicated section.
-
Use Docker
Deploy OpenCTI using Docker and the default
docker-compose.yml
provided in the docker. -
Manual installation
Deploy dependencies and launch the platform manually using the packages released in the GitHub releases.
Using Docker
Introduction
OpenCTI can be deployed using the docker-compose command.
Pre-requisites
Linux
Windows and MacOS
Just download the appropriate Docker for Desktop version for your operating system.
Clone the repository
Docker helpers are available in the Docker GitHub repository.
$ mkdir -p /path/to/your/app && cd /path/to/your/app
$ git clone https://github.com/OpenCTI-Platform/docker.git
$ cd docker
Configure the environment
Before running the docker-compose
command, the docker-compose.yml
file should be configured. By default, the docker-compose.yml
file is using environment variables available in the file .env.sample
.
You can either rename the file .env.sample
in .env
and put the expected values or just fill directly the docker-compose.yml
with the values corresponding to your environment.
Configuration static parameters
The complete list of available static parameters is available in the configuration section.
Here is an example to quickly generate the .env
file under Linux, especially all the default UUIDv4:
$ sudo apt install -y jq
$ cd ~/docker
$ (cat << EOF
OPENCTI_ADMIN_EMAIL=admin@opencti.io
OPENCTI_ADMIN_PASSWORD=ChangeMePlease
OPENCTI_ADMIN_TOKEN=$(cat /proc/sys/kernel/random/uuid)
MINIO_ROOT_USER=$(cat /proc/sys/kernel/random/uuid)
MINIO_ROOT_PASSWORD=$(cat /proc/sys/kernel/random/uuid)
RABBITMQ_DEFAULT_USER=guest
RABBITMQ_DEFAULT_PASS=guest
ELASTIC_MEMORY_SIZE=4G
CONNECTOR_HISTORY_ID=$(cat /proc/sys/kernel/random/uuid)
CONNECTOR_EXPORT_FILE_STIX_ID=$(cat /proc/sys/kernel/random/uuid)
CONNECTOR_EXPORT_FILE_CSV_ID=$(cat /proc/sys/kernel/random/uuid)
CONNECTOR_IMPORT_FILE_STIX_ID=$(cat /proc/sys/kernel/random/uuid)
CONNECTOR_IMPORT_REPORT_ID=$(cat /proc/sys/kernel/random/uuid)
EOF
) > .env
If your docker-compose
deployment does not support .env
files, just export all environment variables before launching the platform:
Memory management settings
As OpenCTI has a dependency on ElasticSearch, you have to set the vm.max_map_count
before running the containers, as mentioned in the ElasticSearch documentation.
To make this parameter persistent, add the following to the end of your /etc/sysctl.conf
:
Persist data
The default for OpenCTI data is to be persistent.
In the docker-compose.yml
, you will find at the end the list of necessary persitent volumes for the dependencies:
volumes:
esdata: # ElasticSearch data
s3data: # S3 bucket data
redisdata: # Redis data
amqpdata: # RabbitMQ data
Run OpenCTI
Using single node Docker
After changing your .env
file run docker-compose
in detached (-d) mode:
Using Docker swarm
In order to have the best experience with Docker, we recommend using the Docker stack feature. In this mode you will have the capacity to easily scale your deployment.
Put your environment variables in /etc/environment
:
# If you already exported your variables to .env from above:
$ sudo cat .env >> /etc/environment
$ sudo bash -c 'cat .env >> /etc/environment’
$ sudo docker stack deploy --compose-file docker-compose.yml opencti
Installation done
You can now go to http://localhost:8080 and log in with the credentials configured in your environment variables.
Manual installation
Prerequisites
Prepare the installation
Installation of dependencies
You have to install all the needed dependencies for the main application and the workers. The example below is for Debian-based systems:
Download the application files
First, you have to download and extract the latest release file. Then select the version to install depending of your operating system:
For Linux:
- If your OS supports libc (Ubuntu, Debian, ...) you have to install the
opencti-release_{RELEASE_VERSION}.tar.gz
version. - If your OS uses musl (Alpine, ...) you have to install the
opencti-release-{RELEASE_VERSION}_musl.tar.gz
version.
For Windows:
We don't provide any Windows release for now. However it is still possible to check the code out, manually install the dependencies and build the software.
$ mkdir /path/to/your/app && cd /path/to/your/app
$ wget <https://github.com/OpenCTI-Platform/opencti/releases/download/{RELEASE_VERSION}/opencti-release-{RELEASE_VERSION}.tar.gz>
$ tar xvfz opencti-release-{RELEASE_VERSION}.tar.gz
Install the main platform
Configure the application
The main application has just one JSON configuration file to change and a few Python modules to install
Change the config/production.json file according to your configuration of ElasticSearch, Redis, RabbitMQ and S3 bucket as well as default credentials (the ADMIN_TOKEN
must be a valid UUID).
Install the Python modules
Start the application
The application is just a NodeJS process, the creation of the database schema and the migration will be done at starting.
The default username and password are those you have put in the config/production.json
file.
Install the worker
The OpenCTI worker is used to write the data coming from the RabbitMQ messages broker.
Configure the worker
Change the config.yml file according to your OpenCTI token.
Start as many workers as you need
Installation done
You can now go to http://localhost:4000 and log in with the credentials configured in your production.json
file.
Appendix
Community contributions
Terraform
-
Multi-clouds Terraform scripts
This repository is here to provide you with a quick and easy way to deploy an OpenCTI instance in the cloud (AWS, Azure, or GCP).
-
AWS Advanced Terraform scripts
A Terraform deployment of OpenCTI designed to make use of native AWS Resources (where feasible). This includes AWS ECS Fargate, AWS OpenSearch, etc.
Helm Charts
-
Kubernetes Helm Charts
OpenCTI Helm Charts (may be out of date) for Kubernetes with a global configuration file.
Deploy behind a reverse proxy
If you want to use OpenCTI behind a reverse proxy with a context path, like https://domain.com/opencti
, please change the base_path
static parameter.
APP__BASE_PATH=/opencti
By default OpenCTI use websockets so don't forget to configure your proxy for this usage, an example with Nginx
:
location / {
proxy_cache off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
chunked_transfer_encoding off;
proxy_pass http://YOUR_UPSTREAM_BACKEND;
}
Additional memory information
Platform
OpenCTI platform is based on a NodeJS runtime, with a memory limit of 8GB by default. If you encounter OutOfMemory
exceptions, this limit could be changed:
Workers and connectors
OpenCTI workers and connectors are Python processes. If you want to limit the memory of the process, we recommend to directly use Docker to do that. You can find more information in the official Docker documentation.
ElasticSearch
ElasticSearch is also a JAVA process. In order to setup the JAVA memory allocation, you can use the environment variable ES_JAVA_OPTS
. You can find more information in the official ElasticSearch documentation.
Redis
Redis has a very small footprint on keys but will consume memory for the stream. By default the size of the stream is limited to 2 millions which represents a memory footprint around 8 GB
. You can find more information in the Redis docker hub.
MinIO / S3 Bucket
MinIO is a small process and does not require a high amount of memory. More information are available for Linux here on the Kernel tuning guide.
RabbitMQ
The RabbitMQ memory configuration can be find in the RabbitMQ official documentation. RabbitMQ will consumed memory until a specific threshold, therefore it should be configure along with the Docker memory limitation.