First version of fork

.env

@@ -0,0 +1,10 @@
+DB=/db/c2.db
+HOSTNAME=c2.example.com
+HTTPS=True
+KEYFILE=/cert/cert.key
+CERTFILE=/cert/cert.crt
+LISTENIP=0.0.0.0
+LISTENPORT=8080
+REVERSEPROXY=
+REVERSEPROXYPORT=
+SSHPORT=2022

README.md

@@ -1,76 +1,47 @@
-![Docker Pulls](https://img.shields.io/docker/pulls/lindezagrey/hak5c2?style=plastic)
+# Alpine based hak5c² container
 
-# 🐋 Alpine based hak5c² container
+This image packs the amazing Hak5C² software into a secure and light weight alpine-linux based docker container. It is a fork based on https://github.com/LindezaGrey/hak5c2 using more strict docker-compose style and the ability to work with self-signed certs.
 
-This image packs the amazing Hak5C² software into a secure and light weight alpine-linux based docker container.
-
-Quick start for local tests (assuming your local ip is 192.168.1.1):
+## Quick Start
+Create _.env_ file in the same directory with the following content and modify values as needed:
 
 ```sh
-docker volume create c2DB
-docker run -d -p 8080:8080 -p 2022:2022 -e db=/home/c2.db -v c2DB:/home --name hak5c2 --hostname=192.168.1.1 lindezagrey/hak5c2
+DB=/db/c2.db
+HTTPS=True
+KEYFILE=/cert/cert.key
+CERTFILE=/cert/cert.crt
+# change what's needed after this line
+HOSTNAME=c2.example.com
+LISTENIP=0.0.0.0
+LISTENPORT=8080
+SSHPORT=2022
+# If set, Cloud C2 will work behind a reverse proxy like nginx proxy-companion
+REVERSEPROXY=
+REVERSEPROXYPORT=
 ```
 
-## Build options
-
-You can build the image by yourself with any of the provided docker compose files or with the docker build command. This will download the software and build the image.
-
-* Clone or download this repository
-* either build the image with ```docker build --rm -f "Dockerfile" -t hak5c2 .```
-* or if you use docker compose ```docker-compose -f "docker-compose.yml" up -d --build```
-
-Or for a quickstart you can use a prepared image from [Dockerhub](https://hub.docker.com/r/lindezagrey/hak5c2) which is based on this repository.
-
-## Deployment options
-
-You can run the image directly with docker or with docker-compose (check the [examples](/examples) folder). It is possible to run the container without a volume, which means everything that is stored in C² is lost when the container is removed (including loot and licensing). On the other hand you can create a volume and map it so that the c2.db is persistent.
-
-The easiest way to run a container locally (assuming you build it yourself) would be:
+Run using docker-compose
 
 ```sh
-docker run -d --name hak5c2 hak5c2
+docker-compose up
 ```
 
-Then you will be able to access the webinterface by navigating to localhost:8080.
-To get the setup token you can run:
+Copy the Setup token which is displayed during setup, otherwise, if startet with _-d_ grep it later:
 
 ```sh
 docker logs hak5c2 | grep "token"
 ```
 
-If you want to run it externally accessible (e.g. on a VPS) you have to publish the ports 8080 and 2022 as well.
-The application will take the hostname of the container as the hostname argument. So if you made a DNS entry use the FQDN as hostname, if not then the public IP of your server.
+Now you will be able to access the webinterface by navigating to <IP/Hostname>:443.
 
-```sh
-docker run -d -p 8080:8080 -p 2022:2022 --name hak5c2 --hostname=test.test.com hak5c2
-```
+In case you want to start over fresh remove the files in the _c2DB_ and the _certs_ folder and restart the container. The files will be regenerated now.  
 
-## Environment variables
 
-You can pass all parameters you would normally pass to the application to the container by adding them as an environment variable (except the hostname which is set by the docker "hostname" command):
+## Deployment options
 
-```sh
-docker run -d -e reverseProxy=True -e reverseProxyPort=443 --name hak5c2 hak5c2
-```
+There are three TLS Options:
+* Self signed cert using the cetificate files predefined through the _.env_ files
+* Reverseproxy using the _.env_ config Options
+* LetsEncrypt cert by deleting the predefined _KEYFILE_ and _CERTFILE_ values. -> Keep in Mind that port 80/tcp and 443/tcp need to be reachable (mind NAT and firewalls) for the certificate generation by the LetsEncrypt bot. Also a valid domain is needed.
 
-```sh
-Usage of ./c2_community-linux-64:
- -certFile string
-    Custom SSL Certificate file (disabled letsencrypt)
- -db string
-    Path to the c2 database (default "c2.db")
- -https True/False
-    Enable https (requires ports 80 and 443)
- -keyFile string
-    Custom SSL Key file (disables letsencrypt)
- -listenip string
-    IP address to listen on (default "0.0.0.0")
- -listenport string
-    Port of the HTTP server (default "8080")
- -reverseProxy True/False
-    If set, Cloud C2 will work behind a reverse proxy
- -reverseProxyPort string
-    If set, this will be the internet facing port from which Cloud C2 will be available
- -sshport string
-    Port of the SSH server (default "2022")
-```
+Of course an unencrypted deployment is possible by removing the _HTTP_ variable.

app/Dockerfile

@@ -0,0 +1,19 @@
+FROM alpine:latest
+
+ARG version=2.2.0
+
+# Prepare
+RUN apk add ca-certificates wget unzip libc6-compat openssl\
+    && wget https://downloads.hak5.org/api/devices/cloudc2-community/firmwares/${version} --no-cache \
+    && unzip ${version} \
+    && mkdir /app /db /cert \
+    && mv c2_community-linux-64 /app \
+    && rm c2* ${version} \
+    && chmod +x /app/* \
+    && apk del wget unzip
+
+COPY ./app/scripts/run.sh /app
+
+EXPOSE 2022 443 80
+
+CMD /bin/ash /app/run.sh

app/scripts/run.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+
+
+# ugly but readable lel
+# if variable is not empty
+if ! [ -z "$CERTFILE" ]; then
+    certFile="-certFile $CERTFILE"
+fi
+
+if ! [ -z "$DB" ]; then
+    db="-db $DB"
+fi
+
+if ! [ -z "$HTTPS" ]; then
+    https="-https"
+fi
+
+if ! [ -z "$KEYFILE" ]; then
+    keyFile="-keyFile $KEYFILE"
+fi
+
+if ! [ -z "$LISTENIP" ]; then
+    listenip="-listenip $LISTENIP"
+fi
+
+if ! [ -z "$LISTENPORT" ]; then
+    listenport="-listenport $LISTENPORT"
+fi
+
+if ! [ -z "$REVERSEPROXY" ]; then
+    reverseProxy="-reverseProxy"
+fi
+
+if ! [ -z "$REVERSEPROXYPORT" ]; then
+    reverseProxyPort="-reverseProxyPort $REVERSEPROXYPORT"
+fi
+
+if ! [ -z "$SSHPORT" ]; then
+    sshport="-sshport $SSHPORT"
+fi
+
+hostname="-hostname $(hostname -f)"
+
+if [ -z "$(ls -A /cert)" ]; then
+  echo "[*] Creating fresh certificate"
+  openssl req -newkey rsa:2048 -x509 -sha256 -days 365 -nodes -out /cert/cert.crt -keyout /cert/cert.key -subj "/C=US/ST=HackHack/L=HackHack/O=HackHack/CN=www.example.com" >/dev/null 2>&1
+else
+  echo "[*] Cert exists"
+fi
+
+echo [*] "using following settings: "$hostname $https $keyFile $certFile $db $listenip $listenport $reverseProxy $reverseProxyPort $sshport
+/app/c2_community-linux-64 $hostname $https $keyFile $certFile $db $listenip $listenport $reverseProxy $reverseProxyPort $sshport

docker-compose.yml

@@ -0,0 +1,28 @@
+version: "2"
+
+services:
+  c2:
+    build:
+      dockerfile: $PWD/app/Dockerfile
+      context: $PWD
+    ports:
+      - "2022:2022"
+      - "443:443"
+      - "80:80"
+    hostname: ${HOSTNAME}
+    network_mode: bridge
+    restart: always
+    volumes:
+      - ./cert:/cert
+      - ./c2DB:/db
+    environment:
+      DB: ${DB}
+      HOSTNAME: ${HOSTNAME}
+      HTTPS: ${HTTPS}
+      KEYFILE: ${KEYFILE}
+      CERTFILE: ${CERTFILE}
+      LISTENIP: ${LISTENIP}
+      LISTENPORT: ${LISTENPORT}
+      REVERSEPROXY: ${REVERSEPROXY}
+      REVERSEPROXYPORT: ${REVERSEPROXYPORT}
+      SSHPORT: ${SSHPORT}