Sutty/containers-nginx
5
0
Fork 0
Code Issues Pull requests 1 Projects Releases Wiki Activity

feat: modsecurity

Browse source
This commit is contained in:
f 2024-11-05 11:21:04 -03:00
parent 66e10a7635
commit 062e13bda0
No known key found for this signature in database
2 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.woodpecker.yml
View file

@ -13,6 +13,7 @@ steps:
- "ACCESS_LOG_VERSION=${ACCESS_LOG_VERSION}"
- "NGINX_VERSION=${NGINX_VERSION}"
- "BASE_IMAGE=gitea.nulo.in/sutty/monit"
- "EXTRA_PACKAGES="
password:
from_secret: "DOCKER_PASSWORD"
when:
@ -23,6 +24,7 @@ matrix:
- ALPINE_VERSION: "3.20.3"
ACCESS_LOG_VERSION: "0.5.8"
NGINX_VERSION: "1.26.2-r0"
EXTRA_PACKAGES: "nginx-mod-http-modsecurity coreruleset"
- ALPINE_VERSION: "3.19.4"
ACCESS_LOG_VERSION: "0.5.8"
NGINX_VERSION: "1.24.0-r16"

3
Dockerfile
View file

@ -6,6 +6,7 @@ LABEL org.opencontainers.image.authors="f@sutty.nl"
ARG NGINX_VERSION="1.24.0-r7"
ARG ACCESS_LOGS_FLAGS="--database=sqlite3:///var/log/access_log.sqlite3 -c /usr/share/crawler-user-agents/crawler-user-agents.json"
ARG ACCESS_LOG_VERSION="0.5.6"
ARG EXTRA_PACKAGES
ENV ACCESS_LOGS_FLAGS=${ACCESS_LOGS_FLAGS}
@ -24,7 +25,7 @@ COPY --chown=nginx:nginx ./nginx /etc/nginx
COPY ./access_log.sqlite3 /var/lib/access_log.sqlite3
# Install modules after rewriting /etc/nginx
RUN apk add --no-cache nginx-mod-http-brotli nginx-mod-http-geoip2 nginx-mod-http-naxsi
RUN apk add --no-cache nginx-mod-http-brotli nginx-mod-http-geoip2 ${EXTRA_PACKAGES}
# Add support for request_uri parsing if access_log >= 0.3.0
RUN mv /etc/nginx/access_logd_`access_log -v`.conf /etc/nginx/access_logd.conf