- Removed separate html volume, use /var/www as single web root
- Moved html/ content into www/html/
- Updated default.conf root to /var/www/html
- Allows organizing multiple sites under /var/www (html, mon_site, etc.)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Runtipi copies app data/ contents to APP_DATA_DIR/data/, not APP_DATA_DIR/.
Without the data/ prefix, Docker creates empty directories instead of
using the actual config files, causing nginx to crash on startup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- internalPort: 80 (number) -> "80" (string) to match Runtipi schema
- Added missing source field required for app discovery
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- id: nginx-custom -> nginx (must match folder name for Runtipi discovery)
- tipiVersion: 1 -> tipi_version: 2 (correct key name and version)
- Removed min_tipi_version and $schema fields
- Service name: nginx-custom -> nginx
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extract agent-template.conf and default/agent.conf from official
wazuh/wazuh-manager:4.14.1 image and store them in scripts/templates/.
The init-manager.sh script now copies these files instead of creating
them inline, ensuring consistency with official Wazuh configuration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When /var/ossec/etc/shared is mounted as an empty volume, create the
required agent-template.conf and default/agent.conf files automatically.
This fixes group creation errors after fresh deployments.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add manager-shared volume to mount /var/ossec/etc/shared for Wazuh
manager, ensuring agent groups are persisted across container restarts.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Removed step 5 (manual restart via Runtipi interface) from the indexer
password change procedure. In Runtipi, clicking "Mettre à jour" already
restarts the application automatically, making the manual restart step
redundant.
Renumbered subsequent steps:
- Old step 6 → New step 5 (securityadmin.sh)
- Old step 7 → New step 6 (Update env vars)
- Old step 8 → New step 7 (Test passwords)
This simplifies the procedure and avoids confusion for users.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changed the API password test command to use localhost:55000 instead
of VOTRE_IP:55000 for better clarity since the command is executed
from the server itself via SSH.
This is more consistent with other local testing commands.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Docker exec does not interpret wildcards (*) in container names.
Replaced all `docker exec -it wazuh-runtipi_*-container-name` commands
with `docker exec -it $(docker ps --filter "name=container" --format "{{.Names}}")`.
This ensures the commands work correctly on all systems.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Merged update and restart steps into one since they're done
together in Runtipi interface (Update then Restart button).
Renumbered step 5 to step 4 (verification).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Removed the "one-liner" docker exec approach and kept only
the manual method (entering the container).
This is simpler and easier to follow:
1. Enter container
2. View current config with cat
3. Replace password with sed
4. Verify with grep
5. Exit
User preference: keep it straightforward with one clear method
instead of multiple alternatives.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The actual wazuh.yml file has passwords WITHOUT quotes:
password: MyS3cr37P450r.*-
But the sed command was searching FOR quotes:
password: "MyS3cr37P450r.*-"
This caused the sed command to not match and not replace anything.
Fixed by removing quotes from the sed pattern to match the actual
YAML format used by Wazuh.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The dashboard container doesn't have vi or nano installed.
Replaced manual editing instructions with automated sed command.
Changes:
- Added one-liner sed command to replace password directly
- Added verification command to check the change
- Kept manual alternative for troubleshooting
- Escaped special characters in regex (. and *)
This makes the password change procedure much simpler and
doesn't require installing additional tools in the container.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
According to official Wazuh documentation, changing the API password
requires updating BOTH:
1. The wazuh.yml file in the dashboard container
2. The API_PASSWORD environment variable
Previous documentation only mentioned step 2, which is incomplete.
Added:
- Step to edit /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
- Warning that this file is not in a persistent volume
- Link to official documentation
- vi editor instructions for YAML modification
Fixes incomplete API password change procedure.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Port 9200 is not exposed to the host (security by design).
Updated all OpenSearch API test commands to use docker exec
from within Wazuh containers instead of direct host access.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add concise testing commands after password change procedure:
- Test admin via Dashboard and API
- Test kibanaserver via API
- Security test to verify old passwords no longer work
Simple, clear, and actionable for users.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add special handling in log display loop to exclude indexer-init
when matching indexer container. Without this fix, grep matches
both wazuh-indexer and wazuh-indexer-init when service=indexer,
causing indexer-init logs to display twice.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Simplify the confusing find the exact path step by showing that
wildcards work directly with nano. Add fallback instructions with
concrete example if wildcards do not work.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add detailed, actionable instructions for changing Wazuh passwords
adapted for Runtipi deployment:
- Complete hash.sh interaction examples
- Step-by-step internal_users.yml editing guide
- Full securityadmin.sh command sequence with expected output
- Runtipi UI navigation instructions
- API password testing commands
- Clear distinction between Indexer vs API procedures
This matches the official Wazuh documentation but adapted for
Runtipi paths and workflow.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Remove misleading suggestion that setting passwords in Runtipi form
before installation can bypass the official hash.sh + securityadmin.sh
procedure. Make it clear this is the ONLY supported method.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add documentation for post-installation health verification via
the Wazuh web interface at /app/logs#/health-check endpoint.
This provides users with a visual alternative to the CLI script.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
CRITICAL CORRECTION: Removed the "Méthode 1: Avant l'Installation" which
was not based on official Wazuh documentation and is non-functional.
The ONLY supported method for changing passwords in Wazuh Docker is the
post-installation procedure using hash.sh and securityadmin.sh tools.
Changes:
- Removed misleading "Méthode 1" that suggested pre-install env vars work
- Added clear security warning that default passwords are public
- Emphasized that post-installation procedure is MANDATORY
- Clarified that Runtipi env vars alone are NOT sufficient for security
- Updated title to "OBLIGATOIRE pour Production" (mandatory)
This aligns documentation with official Wazuh security procedures:
https://documentation.wazuh.com/current/deployment-options/docker/changing-default-password.html🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replaced the simplified password change instructions with the official
Wazuh Docker deployment procedure from:
https://documentation.wazuh.com/current/deployment-options/docker/changing-default-password.html
Changes:
- Added reference link to official Wazuh documentation
- Updated Méthode 2 with official hash generation procedure using hash.sh
- Added complete securityadmin.sh command with correct paths
- Specified password requirements (8-64 chars with symbols for API)
- Added warning about complexity of post-install password changes
- Emphasized pre-installation password configuration as best practice
This ensures users follow the correct and secure procedure for changing
passwords in Wazuh Docker deployments.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Runtipi schema requires the 'devices' array field in reservations section.
Added empty devices array to all three services with resource limits:
- wazuh-indexer
- wazuh-manager
- wazuh-dashboard
This fixes the schema validation error:
"Invalid input: expected array, received undefined"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Separate variable declaration and assignment to avoid masking return values.
This follows shellcheck best practices for error handling.
Changes:
- Separate declaration/assignment for container_name (line 59-60)
- Separate declaration/assignment for status (line 67-69)
- Separate declaration/assignment for health (line 68-70)
- Separate declaration/assignment for exit_code (line 86-87)
All 4 SC2155 warnings are now resolved.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Based on Kubernetes configuration analysis from wazuh-kubernetes-main repository.
Changes to docker-compose.json:
- Add resource limits (CPU/RAM) to all services based on K8s recommendations
* Indexer: 0.5-1.0 CPU, 1-2GB RAM
* Manager: 1.0-2.0 CPU, 1-2GB RAM
* Dashboard: 0.2-0.4 CPU, 512MB-2GB RAM
- Add Log4j security flag: -Dlog4j2.formatMsgNoLookups=true (CVE-2021-44228)
- Add DISABLE_INSTALL_DEMO_CONFIG=true for indexer security
- Add WAZUH_NODE_TYPE=master for explicit node configuration
- Add SERVER_SSL_ENABLED=true for dashboard
Changes to metadata/description.md:
- Update prerequisites with CPU/RAM/Disk requirements
- Add "Variables d'Environnement Techniques" section
- Rewrite "Limites de Ressources" with K8s-based recommendations
- Update "Espace Disque" with production storage requirements
- Add new section "Considérations de Production et Scaling"
* Single-node deployment limitations
* HA configuration with Kubernetes
* Scaling recommendations
* Production security checklist
* Backup script for critical volumes
All improvements follow official Wazuh Kubernetes production configurations
for optimal stability and security.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added official Wazuh Kubernetes deployment repository for reference.
This provides:
- Kubernetes manifests for production deployments
- Resource limits and health check configurations
- Security best practices
- Multi-node and HA deployment examples
Useful for future improvements and K8s migration considerations.
Size: 900K
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Changed 'Bug #3 fixed' to 'persistent via symlink' when config is OK
- Changed 'pthread_create fix present' to 'Configured (prevents pthread_create errors)'
- Only mention bugs/fixes in error/warning states, not in success states
- Makes the output clearer and less confusing for users
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Change SSL verification to GREEN when configured via env vars (it's correct)
- Show '0 FAILED' in GREEN when there are no failures (success state)
- Fix GB calculation rounding (use %.0f instead of int to round properly)
- Add ≈ symbol before GB value for clarity (8,1G ≈ 8 GB instead of incorrect 6 GB)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changed all disk size references from ~7-8GB, 7,4G, and ~5GB to consistent 7 GB format for professional appearance.
Updated files:
- description.md (2 occurrences)
- wazuh-health-check.sh (4 occurrences)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Corrected resource limits section to reflect actual docker-compose.json configuration.
Uses Java heap and ulimits, not deploy.resources.limits.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add logs.txt (328KB) - health check and diagnostic logs
- Add wazuh-documentations/ - Offline copies of official Wazuh Docker documentation (HTML)
- Add wazuh-official-docker-main/ - Complete official Wazuh Docker repository for reference
These resources provide offline documentation and troubleshooting reference for the Wazuh RunTipi deployment.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Update health check SSL verification message to be informative instead of warning
- Health check now accepts both 'full' and 'certificate' SSL modes
- Fix description.md to match actual implementation (no dashboard watchdog)
- Correct init-manager.sh and init-dashboard.sh documentation examples
- Replace obsolete dashboard migration section with actual manager persistence logic
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The official Wazuh dashboard entrypoint prompts 'Overwrite? [y/N]' if
the keystore already exists. This causes the container to hang waiting
for user input on fresh installs.
Solution: Delete the keystore file before exec'ing the entrypoint.
The entrypoint will recreate it automatically without prompting.
This ensures fresh installs work without manual intervention.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Remove watchdog and migration detection logic (over-engineered)
- Remove keystore creation (let official entrypoint handle it)
- Use exec /entrypoint.sh instead of background process
- Reduce from 135 lines to 50 lines
- Follow official Wazuh Docker patterns
This fixes the dashboard restart loop caused by keystore prompt.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Added Wazuh 4.14.1 SIEM/XDR application for Runtipi
- Simplified init scripts following official Wazuh Docker patterns
- Complete documentation in French (description.md)
- Health check diagnostic script (wazuh-health-check.sh)
- SSL/TLS certificates auto-generation
- Whoami test application included
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
