Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Revert to original README

Browse source
This commit is contained in:
Unknown 2018-05-02 23:52:58 +08:00
parent 9521593cbc
commit 3b7e5a573c
3 changed files with 73 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile.alpine
View file

@ -1,4 +1,4 @@
FROM nginx:1.13-alpine
FROM rizemon/nginx-mod:latest
LABEL maintainer="Jason Wilder mail@jasonwilder.com"
# Install wget and install/updates certificates

43
nginx.tmpl
View file

@ -1,3 +1,6 @@
{{/* Load the json that returns a list of rule names mapped to its respective filepath */}}
{{ $RULES := parseJson $.Env.RULES }}
{{ $CurrentContainer := where $ "ID" .Docker.CurrentContainerID | first }}
{{ define "upstream" }}
@ -293,6 +296,26 @@ server {
{{ else if (exists "/etc/nginx/vhost.d/default_location") }}
include /etc/nginx/vhost.d/default_location;
{{ end }}
{{/* $INCLUDES return the resulting list of rules to be included */}}
{{ $INCLUDES := keys ( groupByMulti $containers "Env.INCLUDES" "," ) }}
{{ if ( ne ( len $INCLUDES ) 0 ) }}
modsecurity on;
modsecurity_rules '
{{/* Loop through each rule in the order specified in $RULES */}}
{{ range $index, $obj := $RULES }}
{{ $NAME := index $obj "NAME" }}
{{ $PATH := index $obj "PATH" }}
{{/* If the rule is required to be included*/}}
{{ range $INCLUDE := $INCLUDES }}
{{ if (eq $NAME $INCLUDE ) }}
Include {{ $PATH }}
{{ end }}
{{ end }}
{{ end }}
';
{{ end }}
}
}
@ -339,6 +362,26 @@ server {
{{ else if (exists "/etc/nginx/vhost.d/default_location") }}
include /etc/nginx/vhost.d/default_location;
{{ end }}
{{/* $INCLUDES return the resulting list of rules to be included */}}
{{ $INCLUDES := keys ( groupByMulti $containers "Env.INCLUDES" "," ) }}
{{ if ( ne ( len $INCLUDES ) 0 ) }}
modsecurity on;
modsecurity_rules '
{{/* Loop through each rule in the order specified in $RULES */}}
{{ range $index, $obj := $RULES }}
{{ $NAME := index $obj "NAME" }}
{{ $PATH := index $obj "PATH" }}
{{/* If the rule is required to be included*/}}
{{ range $INCLUDE := $INCLUDES }}
{{ if (eq $NAME $INCLUDE ) }}
Include {{ $PATH }}
{{ end }}
{{ end }}
{{ end }}
';
{{ end }}
}
}

29
rules.json Normal file
View file

@ -0,0 +1,29 @@
[
{"NAME":"MODSEC","PATH":"/etc/nginx/modsecurity.conf"},
{"NAME":"SETUP","PATH":"/etc/nginx/crs-setup.conf"},
{"NAME":"BEFORE","PATH":"/etc/nginx/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example"},
{"NAME":"INIT","PATH":"/etc/nginx/rules/REQUEST-901-INITIALIZATION.conf"},
{"NAME":"COMMON","PATH":"/etc/nginx/rules/REQUEST-905-COMMON-EXCEPTIONS.conf"},
{"NAME":"IP-REP","PATH":"/etc/nginx/rules/REQUEST-910-IP-REPUTATION.conf"},
{"NAME":"METHOD-ENF","PATH":"/etc/nginx/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"},
{"NAME":"DOS","PATH":"/etc/nginx/rules/REQUEST-912-DOS-PROTECTION.conf"},
{"NAME":"SCANNER","PATH":"/etc/nginx/rules/REQUEST-913-SCANNER-DETECTION.conf"},
{"NAME":"PROTO-ENF","PATH":"/etc/nginx/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"},
{"NAME":"PROTO-ATK","PATH":"/etc/nginx/rules/REQUEST-921-PROTOCOL-ATTACK.conf"},
{"NAME":"LFI","PATH":"/etc/nginx/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"},
{"NAME":"RFI","PATH":"/etc/nginx/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"},
{"NAME":"RCE","PATH":"/etc/nginx/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"},
{"NAME":"PHP","PATH":"/etc/nginx/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"},
{"NAME":"XSS","PATH":"/etc/nginx/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"},
{"NAME":"SQLI","PATH":"/etc/nginx/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"},
{"NAME":"SESSION","PATH":"/etc/nginx/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf"},
{"NAME":"REQ-EVAL","PATH":"/etc/nginx/rules/REQUEST-949-BLOCKING-EVALUATION.conf"},
{"NAME":"LEAK","PATH":"/etc/nginx/rules/RESPONSE-950-DATA-LEAKAGES.conf"},
{"NAME":"LEAK-SQL","PATH":"/etc/nginx/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"},
{"NAME":"LEAK-JAVA","PATH":"/etc/nginx/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf"},
{"NAME":"LEAK-PHP","PATH":"/etc/nginx/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf"},
{"NAME":"LEAK-IIS","PATH":"/etc/nginx/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf"},
{"NAME":"RES-EVAL","PATH":"/etc/nginx/rules/RESPONSE-959-BLOCKING-EVALUATION.conf"},
{"NAME":"COOR","PATH":"/etc/nginx/rules/RESPONSE-980-CORRELATION.conf"},
{"NAME":"AFTER","PATH":"/etc/nginx/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example"}
]