Skip to content
This repository has been archived by the owner on May 27, 2024. It is now read-only.

Latest commit

 

History

History
73 lines (47 loc) · 2.55 KB

README.md

File metadata and controls

73 lines (47 loc) · 2.55 KB
Raw

CSP Server and Elasticsearch Feeder

CSP violation report endpoint using Elasticsearch as storage. Basically a https://report-uri.io/ alternative.

It is a Node.js application designed to receive CSP (Content Security Policy) reports and inject them in Elasticsearch for analysis.

  • Node application uses http://restify.com/ framework
  • The application has been tested in Ubuntu 14.04 LTS and 16.04 LTS (both 64-bit).

Components

  • bash : (optional) Scripts to rotate old indexes (indices) in Elasticsearch
  • example : (optional) Example of a CSP Report this server is meant to receive
  • infrastructure : (optional) Scripts to create the server and services using AWS PowerShell CLI
  • nginx : Configuration file for Nginx
  • nodejs : Node.js application that gets the CSP Reports and sends them to Elasticsearch

Infrastructure

This project was implemented and tested using Amazon AWS services in the following way:

AWS EC2 (Linux) running Nginx and Node.js -> AWS Elasticsearch Service

Install

TLDR;

  • Checkout this project in your server
git clone git@github.com:seek-oss/csp-server.git
  • Edit nodejs/config.js and set the Elasticsearch URL, port and version
  • Start nodejs application with nodejs/server.js
node ./nodejs/server.js

This way the Node.js appliation will listen in the configured port and process POST requests containing CSP reports. Each POST will be sent to Elasticsearch into indices named cspdata-YYYYMMDD

Endpoints:

For details on how to configure a server to support https (SSL) using Nginx, Node as service using PM2 manager, log rotation and setting up Elasticsearch in AWS continue reading:

1. Create infrastructure

In this project we create the AWS resources using AWS CLI.

2. Configure server

  • Install Nginx - Instructions here: nginx

  • Install Node - Instructions here: nodejs

  • Configure Elasticsearch - Instructions here: elasticsearch

  • Configure rotation scripts - Instructions here: bash

3. Get the CSP reports

Get your customers to start sending CSP reports to your server

README2.md

Sceenshots