-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Felipe Zipitria <[email protected]>
- Loading branch information
Showing
25 changed files
with
240 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
.vscode/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
FROM golang as go-builder | ||
|
||
ARG libcoraza_version=master | ||
|
||
# For latest build deps, see https://github.com/nginxinc/docker-nginx/blob/master/mainline/alpine/Dockerfile | ||
RUN set -eux; \ | ||
apt-get update -qq; \ | ||
apt-get install -qq --no-install-recommends \ | ||
autoconf \ | ||
automake \ | ||
libtool \ | ||
gcc \ | ||
bash \ | ||
make | ||
|
||
COPY ./libcoraza /tmp/master | ||
|
||
RUN set -eux; \ | ||
#wget https://github.com/corazawaf/libcoraza/tarball/master -O /tmp/master; \ | ||
#tar -xvf /tmp/master; \ | ||
#cd corazawaf-libcoraza-*; \ | ||
cd /tmp/master; \ | ||
./build.sh; \ | ||
./configure; \ | ||
make; \ | ||
make V=1 install | ||
|
||
FROM nginx:stable as ngx-coraza | ||
|
||
COPY --from=go-builder /usr/local/include/coraza /usr/local/include/coraza | ||
COPY --from=go-builder /usr/local/lib/libcorazacore.a /usr/local/lib | ||
COPY --from=go-builder /usr/local/lib/libcorazautils.a /usr/local/lib | ||
COPY --from=go-builder /usr/local/lib/libcorazacore.so /usr/local/lib | ||
COPY --from=go-builder /usr/local/lib/libcorazautils.so /usr/local/lib | ||
|
||
# For latest build deps, see https://github.com/nginxinc/docker-nginx/blob/master/mainline/alpine/Dockerfile | ||
RUN set -eux; \ | ||
apt-get update -qq; \ | ||
apt-get install -qq --no-install-recommends \ | ||
gcc \ | ||
gnupg1 \ | ||
ca-certificates \ | ||
libc-dev \ | ||
make \ | ||
openssl \ | ||
curl \ | ||
gnupg \ | ||
wget \ | ||
libpcre3 libpcre3-dev \ | ||
zlib1g-dev | ||
|
||
COPY . /usr/src/coraza-nginx | ||
|
||
# Download sources | ||
RUN set -eux; \ | ||
curl "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -o - | tar zxC /usr/src -f -; | ||
# Reuse same cli arguments as the nginx:alpine image used to build | ||
|
||
RUN CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p');\ | ||
cd /usr/src/nginx-$NGINX_VERSION; \ | ||
./configure --with-compat "$CONFARGS" --add-dynamic-module=/usr/src/coraza-nginx; \ | ||
make modules; \ | ||
mkdir -p /usr/lib/nginx/modules; \ | ||
find objs/*.so -print; \ | ||
cp objs/ngx_*.so /usr/lib/nginx/modules | ||
|
||
FROM nginx:stable | ||
|
||
RUN sed -i -e "s|events {|load_module \"/usr/lib/nginx/modules/ngx_http_coraza_module.so\";\n\nevents {|" /etc/nginx/nginx.conf; | ||
|
||
COPY ./coraza.conf /etc/nginx/conf.d/coraza.conf | ||
COPY --from=ngx-coraza /usr/lib/nginx/modules/ /usr/lib/nginx/modules/ | ||
COPY --from=go-builder /usr/local/lib/libcorazacore.so /usr/local/lib | ||
COPY --from=go-builder /usr/local/lib/libcorazautils.so /usr/local/lib | ||
|
||
RUN ldconfig -v | ||
|
||
EXPOSE 80 | ||
STOPSIGNAL SIGTERM | ||
CMD ["nginx", "-g", "daemon off;"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
coraza on; | ||
coraza_rules 'SecRuleEngine On | ||
SecRule ARGS "@streq whee" "id:10,phase:2" | ||
SecRule ARGS "@streq whee" "id:11,phase:2" | ||
'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,12 +6,12 @@ global rules_phase | |
|
||
|
||
# Rules | ||
probe process("/usr/local/lib/libcoraza.so.3").function("[email protected]*") | ||
probe process("/usr/local/lib/libcoraza.so").function("[email protected]*") | ||
{ | ||
begin_rule = gettimeofday_us(); | ||
} | ||
|
||
probe process("/usr/local/lib/libcoraza.so.3").function("[email protected]*").return | ||
probe process("/usr/local/lib/libcoraza.so").function("[email protected]*").return | ||
{ | ||
elapsed_rule = gettimeofday_us() - begin_rule | ||
rules[$this->m_ruleId] <<< elapsed_rule | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.