Ghostwriter
Ghostwriter
Learn More
Get the Code
SpecterOps Blog
Welcome to Ghostwriter
Getting Started
Installation
Switch to Production
Configuring Global Settings
Introduction to Command Center
Personalizing Company Information
Configuring Global Report Options
Configuring APIs
Features
Findings Library
Infrastructure Management
Operation Logs
Reporting
Background Tasks
Workflow & Usage
The Workflow
Coding Style Guide
Basic Formatting
Form Layouts & Design
Development
Stack Overview
Modifying Code
Database Models
Behind the Scenes
Known Issues & FAQ
Your Background Tasks Are Not Running
Change Logs
13 April 2021, v2.2.0-rc1
Powered by GitBook

Switch to Production

Moving Ghostwriter into production with Nginx and HTTPS

Moving to Production

Eventually, you will want to move Ghostwriter from a development server to a production server.

Even though Ghostwriter could be run in developer mode forever, it is much better to use HTTPS and take some of the workload off of Django when it comes to hosting files.

Adjusting Production setting

Start your move to production by opening .envs/.production/.django. The SECRET_KEY variable is set to changeme. Generate a new value and drop in the new key. It is usually something like:

cg#p$g+j9tax!#[email protected]$8obt2_+&k3q+pmu)5%asj6yjpkag.

The default configuration will host Ghostwriter on 0.0.0.0:443 with HTTPS.

If you would like to modify the listening port or anything else within the Nginx configuration, open compose/production/nginx/nginx.conf. You can make changes to this configuration file like you would for any Nginx configuration.

Production deployments use separate settings from local deployments, so make changes to .envs/.production/.django and .../.postgres as desired.

You can keep separate settings for your local/development and production deployments.

Using a Domain Name

You may wish to use a domain name instead of an IP address once you move Ghostwriter into production. By default, Ghostwriter's production deployment only allows the server to be accessed using ghostwriter.local and localhost.

Open your .envs/.production/.django file and uncomment the ALLOWED_HOSTS line to make modifications.

If you see 400 BAD REQUEST errors in your web browser, check the Ghostwriter console output. Chances are good you will see mention of your domain name not matching anything in ALLOWED_HOSTS.

Using HTTPS

Before running in production, it is necessary to set up an SSL certificate. A self-signed certificate can be created using the following commands. Other options include purchasing a certificate or using LetsEncrypt for a free certificate.

Certificates should be placed in the ssl/ folder. The files referenced in compose/production/nginx/nginx.conf use the following files names:

  • ghostwriter.crt

  • ghostwriter.key

  • dhparam.pem

If different filenames are used, update the nginx.conf to reflect the correct filenames.

Creating a Self-Signed SSL Certificate

With Prompts

openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout ghostwriter.key -out ghostwriter.crt

Without Prompts

openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=/ST=/L=/O=Ghostwriter/CN=ghostwriter.local" -keyout ghostwriter.key -out ghostwriter.crt

Creating the dhparam.pem

openssl dhparam -out dhparam.pem 4096

Deploy to Production

Deploy Ghostwriter in production mode using Docker Compose and the production.yml file.

docker-compose -f production.yml stop; docker-compose -f production.yml rm -f; docker-compose -f production.yml build; docker-compose -f production.yml up -d

Previous
First Server Run
Next - Configuring Global Settings
Introduction to Command Center
Last updated 1 month ago
Contents
Moving to Production
Adjusting Production setting
Using a Domain Name
Using HTTPS
Deploy to Production