feat: initial T-Pot attack map with Spanish UI and Docker support

- Full Spanish interface (all UI text, popups, charts, tables) - Dark and light mode support - Disclaimer banner: no data logged, public European service - Footer: Servicio ofrecido por Cloud Host (cloudhost.es) - Docker: single container (Redis + DataServer + AttackMapServer) - Remote T-Pot support via ELASTICSEARCH_URL env var (direct or SSH tunnel) - Based on telekom-security/t-pot-attack-map (Apache 2.0) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-25 21:23:28 +01:00
commit 1aa164263f
306 changed files with 17213 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,26 @@
+# Copy this file to .env and fill in your values
+# cp .env.example .env
+
+# =============================================================
+# T-Pot Remote Connection
+# =============================================================
+
+# Full URL to your remote T-Pot's Elasticsearch
+# T-Pot typically exposes ES on port 64298 locally.
+#
+# OPTION A: Direct connection (if your T-Pot ES is network-reachable)
+# ELASTICSEARCH_URL=http://your-tpot-ip:64298
+#
+# OPTION B: SSH tunnel (recommended for security)
+# 1. On your host machine, create an SSH tunnel:
+#    ssh -N -L 64298:localhost:9200 user@your-tpot-host -i /path/to/key
+# 2. Then use host.docker.internal to reach your host from the container:
+# ELASTICSEARCH_URL=http://host.docker.internal:64298
+#
+ELASTICSEARCH_URL=http://your-tpot-host:64298
+
+# Port to expose the attack map web UI (default: 8080)
+WEB_PORT=8080
+
+# Set to DISABLED to suppress console attack log output
+TPOT_ATTACKMAP_TEXT=ENABLED