Comment on page
Get started with Ghostwriter quickly and easily with Docker and Ghostwriter CLI
You will need Docker version >=20 for the Alpine Linux images for Ghostwriter. Run
docker --versionto check your installation. Look at the
Versionvalue for the client and server.
You will need Docker Compose version >=1.26 to support the compose files. Run
docker-compose --versionto check your installation.
$ docker-compose --version
docker-compose version 1.29.2, build 5becea4c # Good; >=1.26.x
$ docker version 1 ↵
Cloud integration: v1.0.25
Version: 20.10.16 # Good; >=20.x.x
API version: 1.41
Go version: go1.17.10
Git commit: aa7e414
Built: Thu May 12 09:20:34 2022
« snip »
There are now multiple ways to install Docker Compose. One of them makes it a subcommand of Docker, so you run it as
docker compose. Ghostwriter CLI needs
docker-composein your PATH.
If you install Compose and
docker-composeis not in your PATH, rename the script in the install directory (e.g.,
/usr/local/bin/docker-composeon macOS and Linux) or create a symlink.
Docker requires sufficient resources to build the containers successfully. Most systems capable of running a modern OS should have the necessary resources. If building Ghostwriter inside of a VM, ensure the VM meets the following recommended specs:
- Two (2) vCPUs
- 3GB RAM
- 10GB Storage
The above specs are recommendations for the bare minimum necessary to get started. Ideally, provide at least one vCPU per container, more RAM for multiple users and scheduled tasks to run smoothly, and more storage for file uploads.
- Five (5) vCPUs
- 4GB RAM
Ghostwriter can run on Windows, macOS, and Linux, so there are multiple builds of Ghostwriter CLI. Pick the appropriate Ghostwriter CLI binary for your operating system.
ghostwriter-cli-macos: macOS (Intel)
ghostwriter-cli-linux: Linux amd64
ghostwriter-cli.exe: Windows 64-bit
You can rename these binaries without causing any issues. This wiki will always refer to it simply as
You can install Ghostwriter with three basic commands:
$ git clone https://github.com/GhostManager/Ghostwriter.git
$ cd Ghostwriter
$ ./ghostwriter-cli install
Ghostwriter will create self-signed TLS/SSL certificates. If you'd like to use yoursigned certificates, do that now to make things easier. If you don't have them ready, you can install them later.
installcommand will take care of everything necessary to create a production environment for you. That command performs the following actions:
- Sets up the default server configuration
- Generates TLS certificates for the server
- Builds the Docker containers
- Creates a default admin user with a randomly generated password
If you'd prefer to install a development (
dev) environment, you can run:
./ghostwriter-cli install --dev
A development environment is best if you want to change Ghostwriter's codebase or test functionality. Debug logging is enabled, which makes it easier to troubleshoot. The
devinstallation does not use TLS, so it skips creating certificates.
The Ghostwriter server will now be accessible! Just visit https://127.0.0.1 and authenticate with the admin user. The password is displayed in the Ghostwriter CLI output at the end of the installation.
You can also get the password by running this command:
./ghostwriter-cli config get admin_password
This password is only used for creating the account. You can change it in the admin panel after logging into Ghostwriter. You can also change any other part of the user profile.
Changing the password in the config DOES NOT affect the installation. It's only stored in the config to make it easy for you to view the original password.
You may create users using the admin panel or ask users to sign-up using
/accounts/signup. Filling out a complete profile is recommended. Ghostwriter can use full names for displaying user actions and filling-in report templates.
Django usernames are case-sensitive, so all lowercase is recommended to avoid confusion later.
You may wish to change some of the configuration options. The following sections outline common customizations.
If you make changes to the configuration, restart Ghostwriter for the changes to take effect:
./ghostwriter-cli containers down
./ghostwriter-cli containers up
The default format is
d M Ywhich formats dates like so: 3 Jun 2022
This format is the default used in parts of the user interface and reports. You can change the date format with this command:
./ghostwriter-cli config set date_format "d M Y"
You can use your own TLS/SSL certificates for Ghostwriter. To swap in your certificate package:
- 1.Name the keypair files ghostwriter.key and ghostwriter.crt
- 2.Name the Diffie-Helman Parameters file dhparam.pem
- 3.Place all three files inside the ssl directory
Your certificate will likely have a new hostname, so continue to the next section to complete the customization of your domain name.
Ghostwriter explicitly checks the hostname against a list of allowed hosts to avoid potential exposure to HTTP Host header attacks. To access Ghostwriter with your custom domain name or server IP address, you must tell the server to allow new IP addresses or hostnames.
To allow a new IP address or hostname, run this command:
./ghostwriter-cli config allowhost <YOUR DOMAIN NAME OR IP>
If you are setting up a new domain accompanied by a TLS certificate, update the Nginx hostname to match your new certificate and domain name:
./ghostwriter-cli config set NGINX_HOST <YOUR DOMAIN NAME>
You can use
config disallowhostto remove a host you have added to the list.
While not recommended, a wildcard (
*) will work, but only
*will allow any hostname or IP address.
192.168.10.*will not work to allow a host.
Similar to the HTTP
Hostheader protections, Ghostwriter also checks the
Refererheaders. If you are accessing Ghostwriter through a proxy, configure Ghostwriter to trust the proxy with this command:
./ghostwriter-cli config trustorigin <YOUR PROXY>
You can use
config distrustoriginto remove a proxy you have added to the list.