Added mitm proxy to the repo

Makefile

@@ -26,10 +26,11 @@ run:
 	@make run-core
 	@make setup-mattermost
 	@make echo-logins
+	@docker exec -it -u root cs-repro-mattermost /bin/bash update-ca-certificates
 
 run-core:
 	@echo "Starting the core services... hang in there."
-	@docker-compose up -d postgres openldap prometheus grafana elasticsearch mattermost keycloak
+	@docker-compose up -d postgres openldap prometheus grafana elasticsearch mattermost keycloak mitmproxy
 
 run-db-replicas:
 	@echo "Starting with replicas. Hang in there..."
@@ -37,12 +38,14 @@ run-db-replicas:
 	@docker exec -it cs-repro-mattermost mmctl config patch /mattermost/config/replicaConfig.json --local
 	@echo "Should be up and running. Go crazy."
 
+
 ## Need a way to modify the 
 run-mm-replicas:
 	@echo "Starting Mattermost replicas. Hang in there..."
 	@docker exec -it cs-repro-mattermost mmctl config set ClusterSettings.Enable true --local
 	@docker-compose down mattermost
 	@docker-compose up -d mattermost mattermost-2
+	@docker exec -it -u root cs-repro-mattermost-2 /bin/bash update-ca-certificates
 	@echo "Should be up and running. Go crazy."
 
 run-rtcd:

README.md

@@ -8,6 +8,7 @@ This is designed to be used as a reproduction of a standard customer production
 - [Commands](#commands)
 - [Accounts](#accounts)
 - [Grafana](#grafana)
+- [mitmproxy](#mitmproxy)
 - [Guides](#guides)
   - [How to upgrade](#how-to-upgrade)
   - [How to Downgrade](#how-to-downgrade)
@@ -299,4 +300,10 @@ docker exec -it cs-repro-openldap ldapmodify \
 
 ## Calls
 
-By default this is setup to run on the built in Mattermost calls. You can enable the `rtcd` service by running `make run-rtcd`, which will start up `rtcd` and adjust the settings within Mattermost to work. 
+By default this is setup to run on the built in Mattermost calls. You can enable the `rtcd` service by running `make run-rtcd`, which will start up `rtcd` and adjust the settings within Mattermost to work. 
+
+## mitmproxy
+
+All traffic is routed through the mitmproxy for monitoring. You can access this with `localhost:8181` in your browser.
+
+To disable this you can comment out the `HTTP_PROXY` and `HTTPS_PROXY` env vars on the Mattermost objects.

docker-compose.yml

@@ -66,6 +66,8 @@ services:
     depends_on:
       postgres:
         condition: service_healthy
+      mitmproxy:
+        condition: service_started
     image: mattermost/mattermost-enterprise-edition:release-9.6
     restart: unless-stopped
     security_opt:
@@ -90,15 +92,24 @@ services:
       - ./files/mattermost/defaultConfig.json:/mattermost/config/defaultConfig.json:ro
       - ./files/mattermost/replicaConfig.json:/mattermost/config/replicaConfig.json:ro
       - ./files/mattermost/rtcdConfig.json:/mattermost/config/rtcdConfig.json:ro
+
+      ## Files are required for the mitmproxy on the box
+      - ./files/mitmproxy/mitmproxy-ca.pem:/etc/ssl/certs/mitmproxy-ca.pem
+      - ./files/mitmproxy/mitmproxy-dhparam.pem:/etc/ssl/certs/mitmproxy-dhparam.pem
     environment:
+      - HTTP_PROXY=http://cs-repro-mitmproxy:8080
+      - HTTPS_PROXY=http://cs-repro-mitmproxy:8080
       - MM_SqlSettings_DriverName=postgres
       - MM_SqlSettings_DataSource=postgres://mmuser:mmuser_password@cs-repro-postgres:5432/mattermost?sslmode=disable&connect_timeout=10&binary_parameters=yes
       - MM_SAMLSETTINGS_IDPCERTIFICATEFILE=/mattermost/config/saml-cert.crt
-      # - MM_SqlSettings_DriverName=mysql
-      # - MM_SqlSettings_DataSource=mmuser:mmuser_password@tcp(mysql:3306)/mattermost?charset=utf8mb4,utf8&writeTimeout=30s
       - MM_ServiceSettings_EnableLocalMode=true
       - MM_ServiceSettings_LocalModeSocketLocation=/var/tmp/mattermost_local.socket
       - MM_ServiceSettings_LicenseFileLocation=/mattermost/config/license.mattermost-enterprise
+
+      ## mysql Settings
+      # - MM_SqlSettings_DriverName=mysql
+      # - MM_SqlSettings_DataSource=mmuser:mmuser_password@tcp(mysql:3306)/mattermost?charset=utf8mb4,utf8&writeTimeout=30s
+
       ## Disable this to migrate your config to the database
 #      - MM_CONFIG=postgres://mmuser:mmuser_password@cs-repro-postgres:5432/mattermost?sslmode=disable&connect_timeout=10&binary_parameters=yes
   keycloak:
@@ -194,6 +205,8 @@ services:
       depends_on:
         postgres:
           condition: service_healthy
+        mitmproxy:
+          condition: service_started
       image: mattermost/mattermost-enterprise-edition:release-9.6
       restart: unless-stopped
       security_opt:
@@ -217,7 +230,13 @@ services:
         - ./files/mattermost/advancedLogging.json:/mattermost/config/advancedLogging.json:ro
         - ./files/mattermost/defaultConfig.json:/mattermost/config/defaultConfig.json:ro
         - ./files/mattermost/replicaConfig.json:/mattermost/config/replicaConfig.json:ro
+
+        ## Files are required for the mitmproxy on the box
+        - ./files/mitmproxy/mitmproxy-ca.pem:/etc/ssl/certs/mitmproxy-ca.pem
+        - ./files/mitmproxy/mitmproxy-dhparam.pem:/etc/ssl/certs/mitmproxy-dhparam.pem
       environment:
+        - HTTP_PROXY=http://cs-repro-mitmproxy:8080
+        - HTTPS_PROXY=http://cs-repro-mitmproxy:8080
         - MM_SqlSettings_DriverName=postgres
         - MM_SqlSettings_DataSource=postgres://mmuser:mmuser_password@cs-repro-postgres:5432/mattermost?sslmode=disable&connect_timeout=10&binary_parameters=yes
         - MM_SAMLSETTINGS_IDPCERTIFICATEFILE=/mattermost/config/saml-cert.crt
@@ -241,7 +260,16 @@ services:
       - "8443:8443/udp"
       - "8443:8443/tcp"
       - "8045:8045"
-
+  mitmproxy:
+    container_name: cs-repro-mitmproxy
+    image: mitmproxy/mitmproxy
+    command: mitmweb --web-host 0.0.0.0 --set confdir=/certs
+    volumes:
+      - ./files/mitmproxy:/certs
+    ports:
+      - "8180:8080"
+      - "8181:8081"
+    restart: unless-stopped
 # mysql:
   #   container_name: cs-repro-mysql
   #   image: mysql:8
@@ -256,7 +284,7 @@ services:
   #     MYSQL_ROOT_PASSWORD: "mmuser_password"
   #   healthcheck:
   #     test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
-  #     timeout: 20s
+  #     timeout: 20supdat
   #     retries: 10
   #   ports:
   #     # <Port exposed> : <MySQL Port running inside container>

files/mattermost/defaultConfig.json

@@ -1,7 +1,7 @@
 {
   "ServiceSettings": {
       "LicenseFileLocation": "config/license.mattermost-enterprise",
-      "AllowedUntrustedInternalConnections": "cs-repro-keycloak:8080 cs-repro-keycloak"
+      "AllowedUntrustedInternalConnections": "cs-repro-keycloak:8080 cs-repro-keycloak cs-repro-mitmproxy:8180 cs-repro-mitmproxy"
   },
   "LogSettings": {
       "EnableConsole": true,

files/mitmproxy/ca.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmOgAwIBAgIUQt5fv3mCSFaR2lg2mdvpCtvP0vgwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA1MDExODMwNDlaFw0yNDA1
+MzExODMwNDlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDgJGkKHfrKwon6mJceG3TteghBkytk+RJ2RmWhUrv5
+WKpHfAUaQFAw8dLXgxxBNyqnGTtx4JcvsqycPFgosvtOo/F/2oKrPYzrhiCVaGjx
+Ig0DGx+y55eH/JQoJVIgvxIncLlTMvmAgncrGJ3fod9CT5UJwwLgpgpNjI4P7JgC
+MZNGJ7VQLLVdvRxrnbW6K874pxDxJeedzgjDnNvkJnNYLIVuY5x0hcbNxOeu9Xa2
+Li29QAOhSVO//SU41dXa4kQMvglmgdc5URc/q97UYjOk0LNgSvazMPZEo45yG5Gu
+sLdypS6plG+Y70FBk6JklkcWjOd3RySjw8vhAIAXFcFPAgMBAAGjYzBhMB0GA1Ud
+DgQWBBR4Unu0x+H3uRUUay5mloWxOqyOajAfBgNVHSMEGDAWgBR4Unu0x+H3uRUU
+ay5mloWxOqyOajAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkq
+hkiG9w0BAQsFAAOCAQEABOnS5z5QWjiepyD5OvikaE3k3iBSvbuy2hV8bZH1lpQM
+zS7pw9I5jPHcdI3ToMImlN3hDKywOwiYMUHdAfH0L1wUO9okUYvjiZDCkziYpxg1
+Fq0sG39FydswjbMLHHf5pU5JAIFyqoQb4TT7FvuMCLhaFwuUGk7AXo/RdpFc4EbL
+lpgDrrXqp30ch/wp8GLqJnnqgSDWBx7YjwbmR3v1HZXq3aWE6Q4Fcb01DsR2yxF/
+ru4ff6LjylLbVNDge8nbOaPS+hU1mBDCfXWcGuAGcJZPkzmxjYenWmCHULu1/Bzo
+cHqQqXNX8z1Xd9gRHtRIPHq81kwr2264F6AzcnsnNg==
+-----END CERTIFICATE-----

files/mitmproxy/ca.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgJGkKHfrKwon6
+mJceG3TteghBkytk+RJ2RmWhUrv5WKpHfAUaQFAw8dLXgxxBNyqnGTtx4Jcvsqyc
+PFgosvtOo/F/2oKrPYzrhiCVaGjxIg0DGx+y55eH/JQoJVIgvxIncLlTMvmAgncr
+GJ3fod9CT5UJwwLgpgpNjI4P7JgCMZNGJ7VQLLVdvRxrnbW6K874pxDxJeedzgjD
+nNvkJnNYLIVuY5x0hcbNxOeu9Xa2Li29QAOhSVO//SU41dXa4kQMvglmgdc5URc/
+q97UYjOk0LNgSvazMPZEo45yG5GusLdypS6plG+Y70FBk6JklkcWjOd3RySjw8vh
+AIAXFcFPAgMBAAECggEAT1Xz7AXSiEQ1jILIMnrrd0cTdwp9eJ8EnuKqBGEBce+l
+Teoi8DjFaZ2e0HNy486ABWdT+CnTualXmXFujvFTLHGxAF06lRwTLiZqkBfF1VwF
+GQ1Xuf5pT1PiqRcUq8yVw2oN3toTIB6Nya5L6yUjnhgHG85vzU5YJTzT5+UJpPR3
+pYS8XNT/N9ZErx20auB8lYqMjB0qpYLoCZrpoh1nB2qjNE5V41+GQ9RiYZ6uZ39t
+8XiNSCUGPRE+n56RonpUVosLGN7YxM8/PLF7mho9KQ92HXQNHJpMPe/FT4b9PekP
+40fDYMp6UiSBNRq6vybeyaze6YWkoExwBPSl46KHiQKBgQDw0LCqtL4v65qdy+zA
+YheypVwfz2/X2SqpFUxOh0AxReYDdNV9zVlIkV5GjEUT5MG0IGYUu0cIAF41arAp
+gTFB9Px40E1ovvIuUQxh1GJhxb1ZMRfOvFNOgb4hMLt/GNqVM4HpcA+7xO7+awpM
+xIAz95I1WEdabw2wHTh378AQ8wKBgQDuRpSKrwQ5C8sbRjgFX3DI/i6tkAHZC2qZ
+VoCiDg76oHzixXtVoEhoK9cBepyFZxKPhSQFHfrPL2jGobyNq4XqPAyL9rFAbc/L
+stsI6CQzyiquJYIqv8rJHsrFt0eWImtoYEV8Sapd5UvUxSqot0yJnlwJfPEWoVZN
+Xemdp2yFNQKBgDGN4CzgkJpv0xtRkWBtTw8V9AUfvJYgPCUbGt61+kGpbpGbgysm
+DI9gSpQd3UEgu7ODTz5I428EFF7Nm36O9UHrVeDOjH9Xe6KITxH6kFwqQrKN5aZH
+HqVzEVrnGk4nISO+u6b7xmEPP1bfU/lEHlWTRmTvy48SdzCccrhLf6x9AoGBAMjL
+ecoVCv33zkVBu1vrvePjL/rbbHM3h7GIkAYAyuax8Aw6V2ElHV+L8jgw104kOiPw
+Exas2PtX/HfHPFo2vTdTO0+HqH+fComiQ6sR1dA/AhCXU0YrMfyikkZj2VPP1auz
+1VqTyZou7OR08yoSrdEbPnxQaeqkM1InXgOZX34xAoGANN27KoqWI0SSL0n16oxc
+UHsrcpxSykMG2/hseZuFyoiMRnwMC6nhK4vvF1XkEYKq7Rdw2dzNLLOnAT+3VYpV
+beNnHAvYvneDYTpgAiF+rRBZfAxiysZznqmBe0eMTAAbESPjr18OprzXDD/wRt9c
+SSeoYlIHJT2Mdy54zl60VZk=
+-----END PRIVATE KEY-----

files/mitmproxy/mitmproxy-ca.pem

@@ -0,0 +1,49 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgJGkKHfrKwon6
+mJceG3TteghBkytk+RJ2RmWhUrv5WKpHfAUaQFAw8dLXgxxBNyqnGTtx4Jcvsqyc
+PFgosvtOo/F/2oKrPYzrhiCVaGjxIg0DGx+y55eH/JQoJVIgvxIncLlTMvmAgncr
+GJ3fod9CT5UJwwLgpgpNjI4P7JgCMZNGJ7VQLLVdvRxrnbW6K874pxDxJeedzgjD
+nNvkJnNYLIVuY5x0hcbNxOeu9Xa2Li29QAOhSVO//SU41dXa4kQMvglmgdc5URc/
+q97UYjOk0LNgSvazMPZEo45yG5GusLdypS6plG+Y70FBk6JklkcWjOd3RySjw8vh
+AIAXFcFPAgMBAAECggEAT1Xz7AXSiEQ1jILIMnrrd0cTdwp9eJ8EnuKqBGEBce+l
+Teoi8DjFaZ2e0HNy486ABWdT+CnTualXmXFujvFTLHGxAF06lRwTLiZqkBfF1VwF
+GQ1Xuf5pT1PiqRcUq8yVw2oN3toTIB6Nya5L6yUjnhgHG85vzU5YJTzT5+UJpPR3
+pYS8XNT/N9ZErx20auB8lYqMjB0qpYLoCZrpoh1nB2qjNE5V41+GQ9RiYZ6uZ39t
+8XiNSCUGPRE+n56RonpUVosLGN7YxM8/PLF7mho9KQ92HXQNHJpMPe/FT4b9PekP
+40fDYMp6UiSBNRq6vybeyaze6YWkoExwBPSl46KHiQKBgQDw0LCqtL4v65qdy+zA
+YheypVwfz2/X2SqpFUxOh0AxReYDdNV9zVlIkV5GjEUT5MG0IGYUu0cIAF41arAp
+gTFB9Px40E1ovvIuUQxh1GJhxb1ZMRfOvFNOgb4hMLt/GNqVM4HpcA+7xO7+awpM
+xIAz95I1WEdabw2wHTh378AQ8wKBgQDuRpSKrwQ5C8sbRjgFX3DI/i6tkAHZC2qZ
+VoCiDg76oHzixXtVoEhoK9cBepyFZxKPhSQFHfrPL2jGobyNq4XqPAyL9rFAbc/L
+stsI6CQzyiquJYIqv8rJHsrFt0eWImtoYEV8Sapd5UvUxSqot0yJnlwJfPEWoVZN
+Xemdp2yFNQKBgDGN4CzgkJpv0xtRkWBtTw8V9AUfvJYgPCUbGt61+kGpbpGbgysm
+DI9gSpQd3UEgu7ODTz5I428EFF7Nm36O9UHrVeDOjH9Xe6KITxH6kFwqQrKN5aZH
+HqVzEVrnGk4nISO+u6b7xmEPP1bfU/lEHlWTRmTvy48SdzCccrhLf6x9AoGBAMjL
+ecoVCv33zkVBu1vrvePjL/rbbHM3h7GIkAYAyuax8Aw6V2ElHV+L8jgw104kOiPw
+Exas2PtX/HfHPFo2vTdTO0+HqH+fComiQ6sR1dA/AhCXU0YrMfyikkZj2VPP1auz
+1VqTyZou7OR08yoSrdEbPnxQaeqkM1InXgOZX34xAoGANN27KoqWI0SSL0n16oxc
+UHsrcpxSykMG2/hseZuFyoiMRnwMC6nhK4vvF1XkEYKq7Rdw2dzNLLOnAT+3VYpV
+beNnHAvYvneDYTpgAiF+rRBZfAxiysZznqmBe0eMTAAbESPjr18OprzXDD/wRt9c
+SSeoYlIHJT2Mdy54zl60VZk=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmOgAwIBAgIUQt5fv3mCSFaR2lg2mdvpCtvP0vgwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA1MDExODMwNDlaFw0yNDA1
+MzExODMwNDlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDgJGkKHfrKwon6mJceG3TteghBkytk+RJ2RmWhUrv5
+WKpHfAUaQFAw8dLXgxxBNyqnGTtx4JcvsqycPFgosvtOo/F/2oKrPYzrhiCVaGjx
+Ig0DGx+y55eH/JQoJVIgvxIncLlTMvmAgncrGJ3fod9CT5UJwwLgpgpNjI4P7JgC
+MZNGJ7VQLLVdvRxrnbW6K874pxDxJeedzgjDnNvkJnNYLIVuY5x0hcbNxOeu9Xa2
+Li29QAOhSVO//SU41dXa4kQMvglmgdc5URc/q97UYjOk0LNgSvazMPZEo45yG5Gu
+sLdypS6plG+Y70FBk6JklkcWjOd3RySjw8vhAIAXFcFPAgMBAAGjYzBhMB0GA1Ud
+DgQWBBR4Unu0x+H3uRUUay5mloWxOqyOajAfBgNVHSMEGDAWgBR4Unu0x+H3uRUU
+ay5mloWxOqyOajAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkq
+hkiG9w0BAQsFAAOCAQEABOnS5z5QWjiepyD5OvikaE3k3iBSvbuy2hV8bZH1lpQM
+zS7pw9I5jPHcdI3ToMImlN3hDKywOwiYMUHdAfH0L1wUO9okUYvjiZDCkziYpxg1
+Fq0sG39FydswjbMLHHf5pU5JAIFyqoQb4TT7FvuMCLhaFwuUGk7AXo/RdpFc4EbL
+lpgDrrXqp30ch/wp8GLqJnnqgSDWBx7YjwbmR3v1HZXq3aWE6Q4Fcb01DsR2yxF/
+ru4ff6LjylLbVNDge8nbOaPS+hU1mBDCfXWcGuAGcJZPkzmxjYenWmCHULu1/Bzo
+cHqQqXNX8z1Xd9gRHtRIPHq81kwr2264F6AzcnsnNg==
+-----END CERTIFICATE-----

files/mitmproxy/mitmproxy-dhparam.pem

@@ -0,0 +1,14 @@
+
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAyT6LzpwVFS3gryIo29J5icvgxCnCebcdSe/NHMkD8dKJf8suFCg3
+O2+dguLakSVif/t6dhImxInJk230HmfC8q93hdcg/j8rLGJYDKu3ik6H//BAHKIv
+j5O9yjU3rXCfmVJQic2Nne39sg3CreAepEts2TvYHhVv3TEAzEqCtOuTjgDv0ntJ
+Gwpj+BJBRQGG9NvprX1YGJ7WOFBP/hWU7d6tgvE6Xa7T/u9QIKpYHMIkcN/l3ZFB
+chZEqVlyrcngtSXCROTPcDOQ6Q8QzhaBJS+Z6rcsd7X+haiQqvoFcmaJ08Ks6LQC
+ZIL2EtYJw8V8z7C0igVEBIADZBI6OTbuuhDwRw//zU1uq52Oc48CIZlGxTYG/Evq
+o9EWAXUYVzWkDSTeBH1r4z/qLPE2cnhtMxbFxuvK53jGB0emy2y1Ei6IhKshJ5qX
+IB/aE7SSHyQ3MDHHkCmQJCsOd4Mo26YX61NZ+n501XjqpCBQ2+DfZCBh8Va2wDyv
+A2Ryg9SUz8j0AXViRNMJgJrr446yro/FuJZwnQcO3WQnXeqSBnURqKjmqkeFP+d8
+6mk2tqJaY507lRNqtGlLnj7f5RNoBFJDCLBNurVgfvq9TCVWKDIFD4vZRjCrnl6I
+rD693XKIHUCWOjMh1if6omGXKHH40QuME2gNa50+YPn1iYDl88uDbbMCAQI=
+-----END DH PARAMETERS-----