improve gunicorn doc

2026-05-22 06:05:33 -06:00 · 2016-05-19 10:44:28 +02:00 · 2016-05-19 10:44:28 +02:00 · 52fa30c638
commit 52fa30c638
parent 396d2ae615
1 changed files with 56 additions and 13 deletions
--- a/docs/gunicorn.rst
+++ b/docs/gunicorn.rst
@ -18,17 +18,20 @@ You will then be able to launch `Burp-UI`_ this way:

 ::

-    gunicorn -k gevent -w 4 'burpui:init(conf="/path/to/burpui.cfg")'
+    SERVER_SOFTWARE=gunicorn gunicorn -k gevent -w 4 'burpui:init(conf="/path/to/burpui.cfg")'
+
+
+.. note:: The ``SERVER_SOFTWARE=gunicorn`` is mandatory

 When using ``gunicorn``, the command line options are not available. Instead,
 run the `Burp-UI`_ ``init`` method directly. Here are the parameters you can
 play with:

 - conf: Path to the `Burp-UI`_ configuration file
- debug: Whether to run `Burp-UI`_ in debug mode or not to get some extra logging
+- verbose: Verbosity level between 0 and 4
 - logfile: Path to a logfile in order to log `Burp-UI`_ internal messages

-.. warning:: You need **MUST** set the *appsecret* option in your configuration
+.. warning:: You **MUST** set the *appsecret* option in your configuration
             file when using gunicorn.
             The default *magic* value 'random' cannot be used. If you
             don't change the settings the default value will be 'none' and your
@ -50,7 +53,7 @@ There is a sample configuration file available
 `here <https://git.ziirish.me/ziirish/burp-ui/blob/master/contrib/gunicorn.d/burp-ui>`__.

 If you are using this sample configuration file, make sure to create the
-*burpui* user with the appropriate permissions first:
+*backup* user with the appropriate permissions first:

 ::

@ -58,13 +61,13 @@ If you are using this sample configuration file, make sure to create the
    apt-get install gunicorn
    # copy the gunicorn sample configuration
    cp /usr/local/share/burpui/contrib/gunicorn/burp-ui /etc/gunicorn.d/
-    # create the burpui user
-    useradd -r -d /var/lib/burpui -c 'Burp-UI daemon user' burpui
+    # create the backup user
+    useradd -r -d /var/lib/backup -c 'Backup daemon user' backup
    mkdir /etc/burp
    # copy the burp-ui sample configuration file
    cp /usr/local/share/burpui/etc/burpui.sample.cfg /etc/burp/burpui.cfg
    mkdir -p /var/log/gunicorn
-    chown -R burpui: /var/log/gunicorn
+    chown -R backup: /var/log/gunicorn


 You will also need a custom client configuration and you will have to create the
@ -80,7 +83,7 @@ certificates accordingly:
    server = 127.0.0.1
    password = abcdefgh
    cname = bui-agent1
-    pidfile = /var/lib/burpui/bui-agent1.client.pid
+    pidfile = /var/lib/backup/bui-agent1.client.pid
    syslog = 0
    stdout = 1
    progress_counter = 1
@ -93,10 +96,10 @@ certificates accordingly:
    EOF
    # generate the certificates
    burp_ca --name bui-agent1 --ca burpCA --key --request --sign --batch
-    cp /etc/burp/ssl_cert_ca.pem /var/lib/burpui/
-    cp -a /etc/burp/CA/bui-agent1.crt /var/lib/burpui/ssl_cert-client.pem
-    cp -a /etc/burp/CA/bui-agent1.key /var/lib/burpui/ssl_cert-client.key
-    chown -R burpui: /var/lib/burpui/
+    cp /etc/burp/ssl_cert_ca.pem /var/lib/backup/
+    cp -a /etc/burp/CA/bui-agent1.crt /var/lib/backup/ssl_cert-client.pem
+    cp -a /etc/burp/CA/bui-agent1.key /var/lib/backup/ssl_cert-client.key
+    chown -R backup: /var/lib/backup/


 Now you need to add the *bui-agent1* client to the authorized clients:
@ -107,7 +110,7 @@ Now you need to add the *bui-agent1* client to the authorized clients:
    echo "restore_client = bui-agent1" >>/etc/burp/burp-server.conf


-Finally, make sure you set ``bconfcli: /var/lib/burpui/burp.conf`` in your 
+Finally, make sure you set ``bconfcli: /var/lib/backup/burp.conf`` in your 
 `Burp-UI`_ configuration filei (*/etc/burp/burpui.cfg*), and then you can
 restart `Gunicorn`_:

@ -116,6 +119,32 @@ restart `Gunicorn`_:
    service gunicorn restart


+If you want to take advantage of *advanced* features such as client add/removal
+and configuration files edition, you should set the permissions accordingly
+Burp-side.
+
+First of all, add the following lines in your */etc/burp/burp-server.conf*:
+
+::
+
+    user = backup
+    group = backup
+
+
+Then you need to fix some permissions:
+
+::
+
+    chown -R backup: /etc/burp/{burp-server.conf,burpui.cfg,CA,CA.cnf,clientconfdir,dhfile.pem,ssl_cert_ca.pem,ssl_cert-server.key,ssl_cert-server.pem} /var/spool/burp
+    chgrp backup /etc/burp
+    chmod g+rwx /etc/burp
+
+
+Finally you can restart your ``burp-server``.
+
+.. note:: The above commands are meant for *default* setup, you may need to
+          adapt the paths.
+
 Reverse-Proxy
 -------------

@ -187,6 +216,20 @@ Here is a sample configuration for Nginx:
    }


+Apache sample:
+
+::
+
+    ProxyPass /burp/ http://localhost:5000/burp/
+    ProxyPassReverse /burp/ http://localhost:5000/burp/
+    <Location /burp/>
+        SetOutputFilter proxy-html
+        ProxyPassReverse /burp/
+        ProxyHTMLURLMap  http://localhost:5000/     /
+        Require all granted
+    </Location>
+
+
 .. warning:: If your *prefix* does not start with a '/', it will be ignored.

 Production