Fabio/nginx-proxy-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/crowdsec_openresty' into add_modsecurity_crowdsecurity

Browse source
This commit is contained in:
baudneo 2022-11-06 20:28:47 -07:00
commit 1e60debe56
No known key found for this signature in database
GPG key ID: DAD7FFF0C3FE76D7
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -13,10 +13,14 @@
</a>
</p>
# Trivy Scan
# Trivy Scan (CVE scanner)
- [Buster-slim based image](https://trivy.dev/results/?image=baudneo/nginx-proxy-manager:latest)
- [Bullseye-slim based image](https://trivy.dev/results/?image=baudneo/nginx-proxy-manager:bullseye)
---
# Updated
- Now running Debian Bullseye as base OS in the tagged image 'bullseye'.
---
This project comes as a pre-built docker image that enables you to easily forward to your websites
running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt.
@ -66,7 +70,7 @@ I won't go in to too much detail here but here are the basics for someone new to
version: '3'
services:
app:
image: 'baudneo/nginx-proxy-manager:latest'
image: 'baudneo/nginx-proxy-manager:bullseye'
restart: unless-stopped
ports:
- '80:80'
@ -140,7 +144,7 @@ Immediately after logging in with this default user you will be asked to modify
# ModSecurity
_ModSecurity WAF is installed and loaded by default, OWASP-CoreRuleSet is installed and used as the default rule set. The user is responsible for configuring modsecurity via config/CLI._
__MODSECURITY HAS KNOWN MEMORY LEAKS!__ Whenever `nginx -s reload` is issued expect RAM to increase by 10 to several hundred MB (depending on if you have custom rule files or are double enabling modsec). Nginx is reloaded every time a host is created/modified and when the SSL cert renewal timer resets. The only way to get modsec to release REAM is to restart nginx from inside the running container using `nginx -s stop; nginx -s reload` or by restarting the container using `sudo docker restart [Name of NPM container]`
__MODSECURITY HAS KNOWN MEMORY LEAKS!__ Whenever `nginx -s reload` is issued expect RAM to increase by 10 to several hundred MB (depending on if you have custom rule files or are double enabling modsec). Nginx is reloaded every time a host is created/modified and when the SSL cert renewal timer resets. The only way to get modsec to release RAM is to restart nginx from inside the running container using `nginx -s stop; nginx -s reload` or by restarting the container using `sudo docker restart [Name of NPM container]`
## Environment Variables
- `MODSEC_CREATE=1` - Force recreating the default modsecurity config, _This should never be needed_