Updating the documentation (#3057)

* Update install documentation on a SSL/TLS setup with a docker deployment. * Update to the changelog --------- Co-authored-by: Johan Berggren <[email protected]>
google · Mar 28, 2024 · e90bbdb · e90bbdb
1 parent fbff0a4
commit e90bbdb
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 30 deletions.
diff --git a/docs/changelog/index.md b/docs/changelog/index.md
@@ -7,6 +7,31 @@ hide:
 
 # Changelog
 
+
+## Version 20240328
+Released: 2024-03-28
+
+### ⚠️ Note
+Upgrading to this Timesketch version requires a database upgrade!
+
+See https://timesketch.org/guides/admin/upgrade/ for more details.
+
+### What's Changed
+#### ✨ Features
+
+* DFIQ new UI and navigation by @berggren in [#3041](https://github.com/google/timesketch/pull/3041)
+* User profile and settings support by @berggren in [3048](https://github.com/google/timesketch/pull/3048)
+* Enhancements to Yeti indicators by @tomchop in [3038](https://github.com/google/timesketch/pull/3038)
+
+#### 🐞 Fixes
+
+* Improvements to the sigma handling by @tomchop in [3050](https://github.com/google/timesketch/pull/3050)
+* Update run_analyzers in the api client by @jkppr in [3037](https://github.com/google/timesketch/pull/3037)
+* Fix a bug in the feature_extraction analyzer by @jkppr in [3047](https://github.com/google/timesketch/pull/3047)
+
+
+**Full Changelog**: [20240207...20240328](https://github.com/google/timesketch/compare/20240207...20240328)
+
 ## Version 20240207
 Released: 2024-02-07
 

diff --git a/docs/guides/admin/install.md b/docs/guides/admin/install.md
@@ -78,16 +78,44 @@ sudo docker compose exec timesketch-web tsctl create-user <USERNAME>
 
 ### 4. Enable TLS (optional)
 
-It is out of scope for the deployment script to setup certificates but here are pointers on how to use Let's Encrypt.
-
-1. You need to configure a DNS name for the server. Use your DNS provider instructions.
-2. Make sure your webserver is reachable on port 80.
-3. Follow the official guide to install and run Let's Encrypt on Ubuntu:
-   https://certbot.eff.org/lets-encrypt/ubuntufocal-other
-
-When Let's Encrypt has been installed and you have generated certificates (located in /etc/letsencrypt) it is time to reconfigure Nginx.
-
-Edit timesketch/etc/nginx.conf (HOSTNAME is the DNS name of your server):
+It is out of scope for the deployment script to setup certificates but here are
+pointers on how to use Let's Encrypt in a docker deployment.
+
+1. You need to configure a DNS name for the server. Use your DNS providers
+instructions.
+2. Update your `timesketch/docker-compose.yaml` file. Update the nginx service
+and add the certbot service with the following config:
+  ```
+    nginx:
+      container_name: nginx
+      image: nginx:${NGINX_VERSION}
+      restart: always
+      ports:
+        - ${NGINX_HTTP_PORT}:80
+        - ${NGINX_HTTPS_PORT}:443
+      volumes:
+        - ${NGINX_CONFIG_PATH}:/etc/nginx/nginx.conf
+        - ./etc/certbot/www/:/var/www/certbot/:ro
+        - ./etc/certbot/conf/:/etc/letsencrypt/:ro
+
+    certbot:
+      image: certbot/certbot:latest
+      volumes:
+        - ./etc/certbot/www/:/var/www/certbot/:rw
+        - ./etc/certbot/conf/:/etc/letsencrypt/:rw
+  ```
+3. Add the following location to your `timesketch/etc/nginx.conf`:
+```
+location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+```
+4. Run certbot with `--dry-run` first. If all goes well, run it again without
+the `--dry-run` flag.
+```
+docker-compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ --dry-run -d <HOSTNAME>
+```
+5. Edit `timesketch/etc/nginx.conf` (HOSTNAME is the DNS name of your server):
 
 ```
 events {
@@ -99,8 +127,8 @@ http {
       listen 80;
       listen [::]:80;
       listen 443 ssl;
-      ssl_certificate /etc/letsencrypt/live/<HOSTNAME>>/fullchain.pem;
-      ssl_certificate_key /etc/letsencrypt/live/<HOSTNAME>>/privkey.pem;
+      ssl_certificate /etc/letsencrypt/live/<HOSTNAME>/fullchain.pem;
+      ssl_certificate_key /etc/letsencrypt/live/<HOSTNAME>/privkey.pem;
       client_max_body_size 0m;
 
       location / {
@@ -118,24 +146,8 @@ http {
     }
 }
 ```
-**If you need to use a non-standard port** you can change the `proxy_set_header Host $host;` to `proxy_set_header Host $http_host;` instead.
-
-
-Make the certificate and key available to the Nginx Docker container. Edit timesketch/docker-compose.yml and mount /etc/letsencrypt:
-
-```
-...
-
-nginx:
-  image: nginx:${NGINX_VERSION}
-  restart: always
-  ports:
-    - "80:80"
-    - "443:443"
-  volumes:
-    - ./etc/nginx.conf:/etc/nginx/nginx.conf
-    - /etc/letsencrypt:/etc/letsencrypt/
-```
+**If you need to use a non-standard port** you can change the
+`proxy_set_header Host $host;` to `proxy_set_header Host $http_host;` instead.
 
 Restart the system: