├── README.md
├── build.sh
├── clean.sh
├── config-remote-docker.sh
├── display-jenkins-pass.sh
├── docker-compose.yml
├── jenkins
    └── Dockerfile
├── postgres
    └── Dockerfile
└── sonarqube
    └── Dockerfile


/README.md:
--------------------------------------------------------------------------------
 1 | ## CI-CD-Secure-Pipeline
 2 | You can download this and easily get sonarqube and jenkins up and running within minutes!  
 3 | 
 4 | ### Dependencies
 5 |   * Git
 6 |   * docker
 7 |   * docker-compose
 8 | 
 9 | ### Procedure
10 |   0. You must have your own DNS entry and reachable from the internet.  You can use afraid DNS for free, and tell your firewall to forward ports to your docker containers.
11 |   1. git clone "https://github.com/so87/CI-CD-Secure-Pipeline.git"
12 |   2. cd CI-CD-Secure-Pipeline/
13 |   3. ./build.sh
14 |   4. follow my builds [here](https://github.com/so87/Home-Lab/blob/master/Configuration%20Guides.md) to configuring Jenkins and Sonarqube
15 | 
16 | ### Archicture
17 | Below is my high level process how I use this stack.  I have a CI build and a nightly build to deploy production.
18 | <p align="center">
19 |   <img width="1000" height="500" src="https://github.com/so87/Security-Lab-Manager/blob/dev/documentation/dev-deploy-process.PNG">
20 | </p>
21 | 
22 | ### Lets encrypt and proxy architecture
23 | You could spin up other services behind this proxy easy and have the proxy companions request certs for you.
24 | <p align="center">
25 |   <img width="1500" height="500" src="https://github.com/evertramos/images/raw/master/webproxy.jpg">
26 | </p>
27 | 


--------------------------------------------------------------------------------
/build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | echo WARNING! Need docker and docker compose to work. This script will attempt to isntall and configure it if it doesnt exist. This is for Centos7
 4 | 
 5 | read -p "Press enter to continue"
 6 | 
 7 | 
 8 | echo "installing docker"
 9 | yum install curl -y
10 | yum install docker -y
11 | systemctl start docker 
12 | systemctl status docker
13 | systemctl enable docker
14 | sudo curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
15 | sudo chmod +x /usr/local/bin/docker-compose
16 | 
17 | echo "installing wget"
18 | yum install wget -y
19 | 
20 | echo Creating the necessary directories for jenkins and sonarqube
21 | mkdir -p /docker/data/sonarqube/
22 | mkdir /docker/data/sonarqube/sonarqube_conf
23 | mkdir /docker/data/sonarqube/sonarqube_data
24 | mkdir /docker/data/sonarqube/sonarqube_extensions
25 | mkdir /docker/data/sonarqube/sonarqube_bundled-plugins
26 | mkdir -p /docker/data/postgres/postgresql
27 | mkdir /docker/data/postgres/postgresql_data
28 | mkdir /docker/data/jenkins/
29 | mkdir -p /nginx/data/
30 | 
31 | echo Move over files there
32 | mv * /docker/
33 | cd /docker/
34 | wget https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.2.0.1227-linux.zip
35 | 
36 | echo "Open firewall"
37 | firewall-cmd --zone=public --add-port=80/tcp --permanent
38 | firewall-cmd --zone=public --add-port=443/tcp --permanent
39 | firewall-cmd --reload
40 | 
41 | echo Start the docker containers
42 | docker-compose up -d
43 | 
44 | echo Getting nginx companion containers
45 | git clone https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion.git
46 | cd docker-compose-letsencrypt-nginx-proxy-companion/
47 | cp .env.sample .env
48 | mkdir -p /nginx/data
49 | 
50 | echo Please follow the below config to start up all of the containers with their ssl certs
51 | echo Change the nginx data path
52 | echo Remove the logging stuff in the docker compose file
53 | echo Put privileged: true by all containers
54 | echo Run ./start to start and wait a minutechange the nginx data path
55 | 
56 | 


--------------------------------------------------------------------------------
/clean.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | read -p "WARNING... THIS DELETES /DOCKER/ directory"
4 | rm -rf /docker/
5 | 


--------------------------------------------------------------------------------
/config-remote-docker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | echo expose ports
 4 | firewall-cmd --zone=public --add-port=2375/tcp --permanent
 5 | firewall-cmd --reload
 6 | 
 7 | echo add config
 8 | mkdir /etc/systemd/system/docker.service.d
 9 | echo [Service] > /etc/systemd/system/docker.service.d/docker-external.conf
10 | echo ExecStart= >> /etc/systemd/system/docker.service.d/docker-external.conf
11 | echo ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock >> /etc/systemd/system/docker.service.d/docker-external.conf
12 | 
13 | echo restart
14 | systemctl daemon-reload
15 | systemctl restart docker
16 | 
17 | 


--------------------------------------------------------------------------------
/display-jenkins-pass.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | cat /docker/data/jenkins/secrets/initialAdminPassword
4 | 


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '3.2'
 2 | services:
 3 |   sonarqube:
 4 |     build:
 5 |       context: sonarqube/
 6 |     privileged: true
 7 |     container_name: sonarqube
 8 |     environment: 
 9 |       - SONARQUBE_JDBC_URL=jdbc:postgresql://db:5432/sonar
10 |       - VIRTUAL_HOST=sonarqube.owens-netsec.com
11 |       - LETSENCRYPT_HOST=sonarqube.owens-netsec.com
12 |       - LETSENCRYPT_EMAIL=simonowens157@gmail.com
13 |       - VIRTUAL_PORT=9000
14 |     volumes:
15 |       - /docker/data/sonarqube/sonarqube_conf:/opt/sonarqube/conf
16 |       - /docker/data/sonarqube/sonarqube_data:/opt/sonarqube/data
17 |       - /docker/data/sonarqube/sonarqube_extensions:/opt/sonarqube/extensions
18 |       - /docker/data/sonarqube/sonarqube_bundled-plugins:/opt/sonarqube/lib/bundled-plugins
19 |   
20 |   db:
21 |     image: postgres
22 |     build: /docker/postgres/
23 |     privileged: true
24 |     environment:
25 |       - POSTGRES_USER=sonar
26 |       - POSTGRES_PASSWORD=sonar
27 |     volumes:
28 |       - /docker/data/postgres/postgresql:/var/lib/postgresql
29 |       - /docker/data/postgres/postgresql_data:/var/lib/postgresql/data
30 | 
31 |   jenkins:
32 |     build:
33 |       context: jenkins/
34 |     privileged: true
35 |     user: root
36 |     container_name: jenkins
37 |     environment: 
38 |       - VIRTUAL_HOST=jenkins.owens-netsec.com
39 |       - LETSENCRYPT_HOST=jenkins.owens-netsec.com
40 |       - LETSENCRYPT_EMAIL=simonowens157@gmail.com
41 |       - VIRTUAL_PORT=8080
42 |     volumes:
43 |       - /docker/data/jenkins:/var/jenkins_home
44 |       - /var/run/docker.sock:/var/run/docker.sock
45 |     depends_on:
46 |       - sonarqube
47 | 
48 | networks:
49 |   default:
50 |     external:
51 |       name: webproxy
52 | 


--------------------------------------------------------------------------------
/jenkins/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM jenkins/jenkins:lts
2 | 


--------------------------------------------------------------------------------
/postgres/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM postgres:latest
2 | RUN apt-get update && apt-get upgrade -y && apt-get autoremove && apt-get autoclean
3 | 
4 | 


--------------------------------------------------------------------------------
/sonarqube/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM sonarqube:latest
2 | 


--------------------------------------------------------------------------------