Monitor and log website traffic #10
Assignees
Labels
enhancement
New feature or request
idle
issue/PR waiting for another one to be solved/merged
Priority: High
The Issue must be addressed as soon as possible
Security issue
A potential security issue
Severity: Major
The bug or Issue prevent a feature from working or present a possible security issue
Milestone
Comments
ctmbl
added
help wanted
|
great idea! will probably not have time to help, but looking forward to it 👍 |
|
That's an amazing idea. I didn't implemented any logs at the moment for the backend, and I don't think node does it automatically. |
|
Some useful links:
|
|
Great! I can look at these subject, I have a (little) bit of logging experience since my internship of the past summer so even if it's a new language and framework I can look into it 😉 |
|
Thank you! Don't hesitate if you have questions about the framework! |
ctmbl
added
Severity: Major
|
I just discovered that see |
ctmbl
added a commit
to ctmbl/iscsc.fr
that referenced
this issue
Apr 20, 2023
git addugit addu I keep these lines commented because I want to add logging withb it iScsc#10
|
https://www.digitalocean.com/community/tutorials/nginx-access-logs-error-logs should help regarding this issue |
ctmbl
added
idle
ctmbl
added a commit
to ctmbl/iscsc.fr
that referenced
this issue
May 16, 2023
Remove env-cmd call in npm 'start' script --> handle by docker compose Add nginx dev config (see commit body) Took the one before [https](8087def) was introduced It was introduced with [dev and prod mode](f20a338) Add backend dev Dockerfile Add frontend dev Dockerfile Add dev docker compose Separate dev and prod mode for the nginx template created 2 separate template conf and pass an env var MODE from .env to docker to run.sh for the nginx config Update shared volumes in docker compose dev to only share source code Fix nginx container error because targets not found name of react and not containers was wrong Remove commented dead config from nginx conf dev template Add explicit logging config to nginx conf dev template Adapt docker-compose-dev.yml to local containerized DB Refactor docker-compose-dev.yml to be easier to understand I simply refactor each service config attributes order the order I chose is arbitrary but seems logical - [A|B] means A OR B, because they are mutually exclusive ```yml services: <service name>: depends_on: [build|image]: networks: restart: env_file: ports: volumes: ``` Remove a useless tabulation in docker-compose-dev.yml Refactor docker-compose.yml the same way than docker-compose-dev.yml I simply refactor each service config attributes order the order I chose is arbitrary but seems logical - [A|B] means A OR B, because they are mutually exclusive ```yml services: <service name>: depends_on: [build|image]: networks: restart: env_file: ports: volumes: ``` Set the frontend's `proxy` with env var instead of hardcoded value remove the hardcoded value of `proxy` in package.json the frontend fails to reach the backend in container because thanks to docker networks the backend exists at `node-app[-dev]:$NODE_PORT` from the frontend container, not at `localhost:$NODE_PORT` add http-proxy-middleware to package.json and create a ./frontend/src/setupProxy.js to configure the proxy following [react tutorial](https://create-react-app.dev/docs/proxying-api-requests-in-development/#configuring-the-proxy-manually) PS: the changes in `package-lock.json` seems to come from the fact that the newly installed package shares dependencies with other and they ahve different needs over these shared dependencies Update .env.example Fix nginx container crash because it can't access to logs folder git addugit addu I keep these lines commented because I want to add logging withb it iScsc#10 Configure MongoDB port through additional flags to pass to mongod in conatiner Fix non persistent DB by mounting the right volume in the container Run prettier Specify read-write permissions on mounted volumes Remove containers restart option in dev mode Fix database container (iScsc#95) * Fix non persistent DB by mounting the right volume in the container * Configure MongoDB port through additional flags to pass to mongod in conatiner * Run prettier * Add mongodb folder to gitignore * Set bitnami/mongodb version tag to latest pros and cons have been discussed here: iScsc#95 (comment) Improve DB_PORT passing to MongoDB I just better read the doc https://hub.docker.com/r/bitnami/mongodb/ search for MONGODB_PORT_NUMBER Write a first version of README about dev mode containerized Add setup-db-folder.sh script Update README with DB folder setup and clean it Add an important waning about mongodb folder permissions to README Fix setup-db-folder.sh script Update bitnami mongoDB used image to latest Remove restart attribute in docker compose dev, useless in dev mode Update GH Action to exclude mongodb folder from prettier checking Run prettier Try a prettier GH Action fix Armor nginx run script against unexpected MODE value leading to conf template not found Fix variables wrongly substituted in nginx dev conf and comment logs format This log_format named 'main' isn't used anyway so it is useless, I keep those lines commented anyway for a later PR where I'll properly set the logging in dev and prod mode Improve setup database script
ctmbl
added a commit
that referenced
this issue
May 19, 2023
* Add Node development environment (#86 still not merged) Remove env-cmd call in npm 'start' script --> handle by docker compose Add nginx dev config (see commit body) Took the one before [https](8087def) was introduced It was introduced with [dev and prod mode](f20a338) Add backend dev Dockerfile Add frontend dev Dockerfile Add dev docker compose Separate dev and prod mode for the nginx template created 2 separate template conf and pass an env var MODE from .env to docker to run.sh for the nginx config Update shared volumes in docker compose dev to only share source code Fix nginx container error because targets not found name of react and not containers was wrong Remove commented dead config from nginx conf dev template Add explicit logging config to nginx conf dev template Adapt docker-compose-dev.yml to local containerized DB Refactor docker-compose-dev.yml to be easier to understand I simply refactor each service config attributes order the order I chose is arbitrary but seems logical - [A|B] means A OR B, because they are mutually exclusive ```yml services: <service name>: depends_on: [build|image]: networks: restart: env_file: ports: volumes: ``` Remove a useless tabulation in docker-compose-dev.yml Refactor docker-compose.yml the same way than docker-compose-dev.yml I simply refactor each service config attributes order the order I chose is arbitrary but seems logical - [A|B] means A OR B, because they are mutually exclusive ```yml services: <service name>: depends_on: [build|image]: networks: restart: env_file: ports: volumes: ``` Set the frontend's `proxy` with env var instead of hardcoded value remove the hardcoded value of `proxy` in package.json the frontend fails to reach the backend in container because thanks to docker networks the backend exists at `node-app[-dev]:$NODE_PORT` from the frontend container, not at `localhost:$NODE_PORT` add http-proxy-middleware to package.json and create a ./frontend/src/setupProxy.js to configure the proxy following [react tutorial](https://create-react-app.dev/docs/proxying-api-requests-in-development/#configuring-the-proxy-manually) PS: the changes in `package-lock.json` seems to come from the fact that the newly installed package shares dependencies with other and they ahve different needs over these shared dependencies Update .env.example Fix nginx container crash because it can't access to logs folder git addugit addu I keep these lines commented because I want to add logging withb it #10 Configure MongoDB port through additional flags to pass to mongod in conatiner Fix non persistent DB by mounting the right volume in the container Run prettier Specify read-write permissions on mounted volumes Remove containers restart option in dev mode Fix database container (#95) * Fix non persistent DB by mounting the right volume in the container * Configure MongoDB port through additional flags to pass to mongod in conatiner * Run prettier * Add mongodb folder to gitignore * Set bitnami/mongodb version tag to latest pros and cons have been discussed here: #95 (comment) Improve DB_PORT passing to MongoDB I just better read the doc https://hub.docker.com/r/bitnami/mongodb/ search for MONGODB_PORT_NUMBER Write a first version of README about dev mode containerized Add setup-db-folder.sh script Update README with DB folder setup and clean it Add an important waning about mongodb folder permissions to README Fix setup-db-folder.sh script Update bitnami mongoDB used image to latest Remove restart attribute in docker compose dev, useless in dev mode Update GH Action to exclude mongodb folder from prettier checking Run prettier Try a prettier GH Action fix Armor nginx run script against unexpected MODE value leading to conf template not found Fix variables wrongly substituted in nginx dev conf and comment logs format This log_format named 'main' isn't used anyway so it is useless, I keep those lines commented anyway for a later PR where I'll properly set the logging in dev and prod mode Improve setup database script * Update docker-compose-dev.yml for a flask backend * Update backend/Dockerfile.dev to a python image running flask * Fix FLASK_RUN_PORT env var name * Update nginx conf to proxy to the flask app * Fix flaks container not accessible from outside the container * Update lasting wrong NODE_PORT var in .env.example Co-authored-by: Alexandre Tullot <[email protected]> --------- Co-authored-by: Alexandre Tullot <[email protected]>
ctmbl
added a commit
that referenced
this issue
May 22, 2023
* Complete .env.example with missing stuff * Remove env-cmd call in npm 'start' script --> handle by docker compose * Add nginx dev config (see commit body) Took the one before [https](8087def) was introduced It was introduced with [dev and prod mode](f20a338) * Add backend dev Dockerfile * Add frontend dev Dockerfile * Add dev docker compose * Separate dev and prod mode for the nginx template created 2 separate template conf and pass an env var MODE from .env to docker to run.sh for the nginx config * Update shared volumes in docker compose dev to only share source code * Fix nginx container error because targets not found name of react and not containers was wrong * Remove commented dead config from nginx conf dev template * Add explicit logging config to nginx conf dev template * Adapt docker-compose-dev.yml to local containerized DB * Refactor docker-compose-dev.yml to be easier to understand I simply refactor each service config attributes order the order I chose is arbitrary but seems logical - [A|B] means A OR B, because they are mutually exclusive ```yml services: <service name>: depends_on: [build|image]: networks: restart: env_file: ports: volumes: ``` * Remove a useless tabulation in docker-compose-dev.yml * Refactor docker-compose.yml the same way than docker-compose-dev.yml I simply refactor each service config attributes order the order I chose is arbitrary but seems logical - [A|B] means A OR B, because they are mutually exclusive ```yml services: <service name>: depends_on: [build|image]: networks: restart: env_file: ports: volumes: ``` * Set the frontend's `proxy` with env var instead of hardcoded value remove the hardcoded value of `proxy` in package.json the frontend fails to reach the backend in container because thanks to docker networks the backend exists at `node-app[-dev]:$NODE_PORT` from the frontend container, not at `localhost:$NODE_PORT` add http-proxy-middleware to package.json and create a ./frontend/src/setupProxy.js to configure the proxy following [react tutorial](https://create-react-app.dev/docs/proxying-api-requests-in-development/#configuring-the-proxy-manually) PS: the changes in `package-lock.json` seems to come from the fact that the newly installed package shares dependencies with other and they ahve different needs over these shared dependencies Update .env.example * Fix nginx container crash because it can't access to logs folder git addugit addu I keep these lines commented because I want to add logging withb it #10 * Configure MongoDB port through additional flags to pass to mongod in conatiner * Fix non persistent DB by mounting the right volume in the container * Run prettier * Specify read-write permissions on mounted volumes * Remove containers restart option in dev mode * Improve DB_PORT passing to MongoDB I just better read the doc https://hub.docker.com/r/bitnami/mongodb/ search for MONGODB_PORT_NUMBER * Write a first version of README about dev mode containerized * Add setup-db-folder.sh script * Update README with DB folder setup and clean it * Add an important waning about mongodb folder permissions to README * Fix setup-db-folder.sh script * Update bitnami mongoDB used image to latest * Remove restart attribute in docker compose dev, useless in dev mode * Update GH Action to exclude mongodb folder from prettier checking * Run prettier * Try a prettier GH Action fix * Armor nginx run script against unexpected MODE value leading to conf template not found * Fix variables wrongly substituted in nginx dev conf and comment logs format This log_format named 'main' isn't used anyway so it is useless, I keep those lines commented anyway for a later PR where I'll properly set the logging in dev and prod mode * Improve setup database script * Add command to check docker deamon status in README --------- Co-authored-by: Alexandre Tullot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Context:
The #2 PR from @atxr has introduced User Authentication to our website: a mandatory feature to develop other services around the website. However this PR also brought many security concerns.. and we, as students, aren't fully capable of designing an entirely safe website, even a small one, despite all our interest towards cyber-security. At least that's what I think.
Problem:
Even with our best effort we can't design a safe website.
Solution:
I then want to propose a complementary solution, that I think is also widely used in the industry and is quite an interesting challenge.
Because we can't guarantee that the website is safe we could monitor the traffic and log it. That would allow to detect as early as possible breaking-in attempts.
I don't know what kind of security and monitoring the current website and framework offers (defense against brute-forcing, automatic log to a file etc) but I'm interested in looking deeper into the subject!
The text was updated successfully, but these errors were encountered: