-
Notifications
You must be signed in to change notification settings - Fork 1
/
Dockerfile-latest-version
125 lines (98 loc) · 3.25 KB
/
Dockerfile-latest-version
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
FROM centos:8
LABEL version="3.0.4"
LABEL maintainer="Lauro Gomes <[email protected]>"
ENV NGINXVERSION="1.19.0"
ENV FRONTEND="cadastro.laurodepaula.com.br"
ENV BACKEND="fastapi:8000"
RUN dnf -y install \
gcc-c++ \
flex \
bison \
yajl \
curl-devel \
curl \
zlib-devel \
pcre-devel \
autoconf \
automake \
git \
curl \
make \
libxml2-devel \
pkgconfig \
libtool \
httpd-devel \
redhat-rpm-config \
git \
wget \
openssl \
openssl-devel \
vim \
nano \
python38
RUN dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm ;\
dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm ;\
dnf -y install dnf-plugins-core ;\
dnf config-manager --set-enabled powertools ;\
dnf install -y doxygen yajl-devel ;\
dnf --enablerepo=remi install -y GeoIP-devel
RUN mkdir -p /opt/modsec/ModSecurity ;\
git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity /opt/modsec/ModSecurity
RUN cd /opt/modsec/ModSecurity ;\
git submodule init ;\
git submodule update ;\
./build.sh; \
./configure; \
make ;\
make install;
RUN mkdir /opt/modsec/ModSecurity-nginx;\
cd /opt/modsec;\
git clone https://github.com/SpiderLabs/ModSecurity-nginx.git
RUN useradd -r -M -s /sbin/nologin -d /usr/local/nginx nginx
RUN mkdir /opt/nginx-${NGINXVERSION}
RUN cd /opt/; \
wget https://nginx.org/download/nginx-${NGINXVERSION}.tar.gz ;\
tar xzf nginx-${NGINXVERSION}.tar.gz
COPY ./files/hide_version.sh /root
RUN chmod +x /root/hide_version.sh && \
/root/hide_version.sh
RUN cd /opt/nginx-${NGINXVERSION};\
./configure \
--user=nginx \
--group=nginx \
--with-pcre-jit \
--with-debug \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--add-module=/opt/modsec/ModSecurity-nginx ;\
make; \
make install
RUN ln -s /usr/local/nginx/sbin/nginx /usr/sbin/
RUN mkdir /root/.certs/
RUN cd /root/.certs/ ;\
openssl req -x509 -newkey rsa:4096 \
-keyout nginx.key \
-out nginx.crt \
-days 10000 \
-nodes \
-subj "/C=BR/ST=Pernambuco/L=Recife/O=Suporte Conectado/O=SPC/CN=*.conectado.local"
RUN cp /opt/modsec/ModSecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf ;\
cp /opt/modsec/ModSecurity/unicode.mapping /usr/local/nginx/conf/ ;\
mkdir /usr/local/nginx/conf.d/ ;\
mkdir /var/log/nginx/ ;\
git clone https://github.com/coreruleset/coreruleset.git /usr/local/nginx/conf/owasp-crs ;\
cp /usr/local/nginx/conf/owasp-crs/crs-setup.conf.example /usr/local/nginx/conf/owasp-crs/crs-setup.conf ;\
dnf clean all
COPY ./files/nginx.conf /usr/local/nginx/conf/nginx.conf
COPY ./files/virtualHost.conf /usr/local/nginx/conf.d/
COPY ./files/virtualHost.template /usr/local/nginx/conf.d/
COPY ./files/entrypoint.py /root/
COPY ./files/start.sh /root/
COPY ./files/modsecurity.conf /usr/local/nginx/conf/modsecurity.conf
#COPY ./files/errorpages.conf /usr/local/nginx/conf.d/
RUN python3 /root/entrypoint.py
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 80/tcp 443/tcp
CMD [ "bash", "/root/start.sh" ]