dfir-iris
[FR] Allow Use of Subpath
Is your feature request related to a problem? Please describe.
Currently, iris-web does not work properly when used with a subpath (ex. /iris) behind a proxy like nginx.
Describe the solution you'd like
I would like to be able to specify a subpath for iris-web (ex. /iris), so that I can more easily host it on a single domain/IP along with other services.
I just wanted to check in and see if this was something that could be considered for a future release? I'm maintaining a project that integrates DFIR-IRIS with some other platforms/tools, and this would be ideal to have as a configuration option. Let me know how I can help. Thanks!
Hi @weslambert Yes absolutely! There is probably quite a good amount of work to do on the JS side for the API calls, as well as some references in the HTML templates pages server side. We're still trying to move on the roadmap and close some long pending issues, but we added it in the features to implement. Unfortunately we don't have any ETA to give atm :/
Hi, I just wanted to follow up on this item to see if it is on the roadmap. Let me know how I can help. Thanks!
Hi @weslambert
We're really sorry we didn't even had the time to look into it yet :( This is definitely still on the roadmap, tho we still didn't put an ETA. We're quite struggling resources wise atm.
I guess identifying which resources are requesting the root could help us move forward. We are already aware of all the resources in /static. It is also the case for some JS API calls. A simple traces of the requests failing could really help 👍
Hi, how about this solution. In the meantime, you can use a workaround by setting up an additional nginx location block that rewrites the subpath to the root path. For example:
location /iris { rewrite ^/iris(.*)$ /$1 break; proxy_pass http://localhost:8080; }
hello,
i'm running iris on a subpath ("/dfiriris"). i'm achieving this by patching "source/app" before doing a "docker-compose build". it took me a huge amount of time identifying all related resources and i struggled a lot as my subpath is behind keycloak (oidc).
all necessary changes are within a script.
if you're interested just let me know.
bye, dsek
Hi, how about this solution. In the meantime, you can use a workaround by setting up an additional nginx location block that rewrites the subpath to the root path. For example:
location /iris { rewrite ^/iris(.*)$ /$1 break; proxy_pass http://localhost:8080; }
your mentioned rewrite is part of the solution. but there are other changes too ...
Yeah, the rewrite alone didn't work for me. I would be interested in what else is needed. Thanks!
here we go:
assuming your git checkout is located under /tmp/dfiriris
just drop the two attached files to /tmp/dfiriris and execute "./enable_subpathing_for_dfiriris.sh"
enable_subpathing_for_dfiriris.sh.tpl.txt enable_subpathing_for_dfiriris.sh.txt
do not forget to remove the .txt file extension from both files and chmod +x the .sh script
bye, dsek
Hey, for anyone still wondering how to implement DFIR-IRIS in a Subpath, this was how I was able to do it.
I implemented DFIR in subpath dfir. I am using an external Nginx, installed directly in the host machine.
I cloned the rep and followed the Quick Start documentation.
git clone https://github.com/dfir-iris/iris-web.git
cd iris-web
git checkout v2.3.7
cp .env.model .env
Then I edited the .env. I also removed the Nginx container from the docker-compose.yml file.
In source/requirements.txt make sure to update packaging from version 21.3 to 22.0.
packaging==22.0
I then created a script named path.sh and gave it execution permissions.
The content of the script is as follows:.
#!/bin/bash
cd source/app
for d in `grep -irsl "href=\"/"`; do
sed 's,href="/,href="/dfir/,' -i $d
done
for d in `grep -irsl "href='/"`; do
sed "s,href='/,href='/dfir/," -i $d
done
for d in `grep -irsl ".route(\"/"`; do
sed 's,route("/,route("/dfir/,' -i $d
done
for d in `grep -irsl ".route('/"`; do
sed "s,route('/,route('/dfir/," -i $d
done
for d in `grep -irsl "src=\"/"`; do
sed 's,src="/,src="/dfir/,' -i $d
done
for d in `grep -irsl "src='/"`; do
sed "s,src='/,src='/dfir/," -i $d
done
for d in `grep -irsl "url: \""`; do
sed 's,url: "/,url: "/dfir/,' -i $d
done
for d in `grep -irsl "url: '/"`; do
sed "s,url: '/,url: '/dfir/," -i $d
done
for d in `grep -irsl "urls: \['"`; do
sed "s,urls: \[',urls: \['/dfir/," -i $d
done
for d in `grep -irsl "window.location.replace(\"/"`; do
sed 's,window.location.replace("/,window.location.replace("/dfir/,' -i $d
done
for d in `grep -irsl "window.location.href = '/"`; do
sed "s,window.location.href = '/,window.location.href = '/dfir/," -i $d
done
for d in `grep -irsl "window.location = '/"`; do
sed "s,window.location = '/,window.location = '/dfir/," -i $d
done
for d in `grep -irsl "_api(\"/"`; do
sed 's,_api("/,_api("/dfir/,' -i $d
done
for d in `grep -irsl "_api('/"`; do
sed "s,_api('/,_api('/dfir/," -i $d
done
for d in $(grep -irsl "_api(\`/"); do
sed -i 's,_api(`/,_api(`/dfir/,' "$d"
done
for d in $(grep -irsl "window.open(\`/"); do
sed -i 's,window.open(\`/,window.open(\`/dfir/,' "$d"
done
for d in `grep -irsl "window.open(\"/"`; do
sed 's,window.open("/,window.open("/dfir/,' -i $d
done
for d in `grep -irsl "url = '/"`; do
sed "s,url = '/,url = '/dfir/," -i $d
done
for d in `grep -irsl "url = \"/"`; do
sed 's,url = "/,url = "/dfir/,' -i $d
done
for d in `grep -irsl "url: '/"`; do
sed "s,url: '/,url: '/dfir/," -i $d
done
for d in `grep -irsl "\"url\": \"/"`; do
sed 's,"url": "/,"url": "/dfir/,' -i $d
done
for d in `grep -irsl "cid = '"`; do
sed "s,cid = ',cid = '/dfir/," -i $d
done
for d in `grep -irsl "case?cid="`; do
sed "s,case?cid=,/dfir/case?cid=," -i $d
done
for d in `grep -irsl "link = '/"`; do
sed "s,link = '/,link = '/dfir/," -i $d
done
for d in `grep -irsl "uri = '/"`; do
sed "s,uri = '/,uri = '/dfir/," -i $d
done
for d in `grep -irsl "load('/"`; do
sed "s,load('/,load('/dfir/," -i $d
done
for d in `grep -irsl "xhr, '/"`; do
sed "s|xhr, '/|xhr, '/dfir/|" -i $d
done
for d in `grep -irsl "/dfir/dfir/"`; do
sed "s,/dfir/dfir/,/dfir/," -i $d
done
for d in `grep -irsl "/dfir//dfir/"`; do
sed "s,/dfir//dfir/,/dfir/," -i $d
done
for d in `grep -irsl "//dfir/"`; do
sed "s,//dfir/,/dfir/," -i $d
done
for d in `grep -irsl "/dfir//static/"`; do
sed "s,/dfir//static/,/dfir/static/," -i $d
done
for d in `grep -irsl "/dfir/?cid="`; do
sed "s,/dfir/?cid=,?cid=," -i $d
done
sed "s,?cid=,/dfir/?cid=," -i blueprints/login/login_routes.py
cd ../../
After executing the script, I created a directory in /var/ with the name of the subpath, and copied the contents of the source/app/static into it, and changed the owner and group of the directory to www-data.
sudo mkdir -p /var/dfir
sudo cp -r source/app/static /var/dfir/static
sudo chown -R www-data:www-data /var/dfir
Then I proceeded to build and start the containers.
sudo docker compose build
sudo docker compose pull
sudo docker compose up -d
In Nginx, I pasted the following code inside the server block.
location /dfir/ {
proxy_pass http://127.0.0.1:8000;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_read_timeout 3600;
}
location /dfir/static/ {
alias /var/dfir/static/;
}
Lastly I restarted the Nginx service.
This configuration has been tested with SSL encryption, in version 2.3.7. Everything appears to be working, including the API.
