Running OpenTAXII
To run OpenTAXII in production it is recommended to use standalone WSGI container that works with Flask. In this example we use Gunicorn WSGI HTTP Server. For complete logging configuration we recommend Gunicorn 19.8 and above.
Note
Run pip install gunicorn to install gunicorn. Yes, it’s that simple.
To run OpenTAXII with Gunicorn execute:
(venv) $ gunicorn opentaxii.http:app \
--bind localhost:9000 --config python:opentaxii.http
Common practice is to wrap gunicorn execution into supervisord, to be able to monitor, start, and stop it easily.
Example supervisord configuration file:
[program:opentaxii]
command =
/opt/eclecticiq/opentaxii-venv/bin/gunicorn opentaxii.http:app
--workers 2
--log-level info
--log-file -
--timeout 300
--bind localhost:9000
--config python:opentaxii.http
environment =
OPENTAXII_CONFIG="/opt/eclecticiq/custom-opentaxii-configuration.yml"
stdout_logfile = /var/log/opentaxii.log
redirect_stderr = true
autostart = true
autorestart = true
Using SSL/TLS
If you want to run OpenTAXII with SSL, you need to use a web server like Nginx, that provides SSL/TLS layer. You can find details on how to run Nginx with SSL here.
Make sure you configure your TAXII services in OpenTAXII with proper protocol bindings:
use
urn:taxii.mitre.org:protocol:https:1.0if you’re planning on serving data via HTTPS.use
urn:taxii.mitre.org:protocol:http:1.0if the server is going to support unsecure HTTP as well.
You can use multiple protocol bindings per service. That would tell OpenTAXII you want to advertise services over both HTTPs and HTTP. TAXII services create external URLs according to their protocol bindings, using http:// or https:// schemas.
Continue to Manage OpenTAXII pages to learn how to manage the OpenTAXII instance.