-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* 20240701 - dev NGINX App Protect 5 compiler * 20240701 - dev NGINX App Protect 5 compiler * 20240730 - v5.1 dev * 2024073002 - v5.1 dev * 2024073003 dev 5.1 * 20240731 - 5.1 dev * 2024080201 - 5.1 dev * 20240806 - 5.1 dev Moved resolvers config to include files Added per-upstream resolver support FEATURES updated * 2024080602 - 5.1 dev Moved HTTP upstreams to separate include files Bugfixes Updated postman collection * 20240807 - 5.1 dev Moved HTTP and Stream upstream to separated include config file Added DNS resolver support for stream servers and stream upstreams Moved .declaration.http.resolvers[] to .declaration.resolvers[] Postman collection updated for v5.1 * 2024080801 - 5.1 dev Postman collection updated NGINX One REST API endpoints updated * 2024080809 - 5.1 dev FEATURES updated Postman collection README updated API v5.1 USAGE updated * 2024080902 - 5.1 dev FEATURES updated * 2024080903 - 5.1 dev
1 parent
181c7b4
commit 59ea39a
Showing
30 changed files
with
1,029 additions
and
607 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
# syntax=docker/dockerfile:1 | ||
ARG VERSION_TAG | ||
ARG BASE_IMAGE=private-registry.nginx.com/nap/waf-compiler:${VERSION_TAG} | ||
FROM ${BASE_IMAGE} | ||
|
||
# Installing packages as root | ||
USER root | ||
|
||
ENV DEBIAN_FRONTEND="noninteractive" | ||
|
||
# REST API wrapper | ||
WORKDIR /compiler | ||
COPY src src/ | ||
# REST API wrapper | ||
|
||
RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ | ||
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ | ||
apt-get update \ | ||
&& apt-get install -y \ | ||
apt-transport-https \ | ||
lsb-release \ | ||
ca-certificates \ | ||
wget \ | ||
gnupg2 \ | ||
ubuntu-keyring \ | ||
&& wget -qO - https://cs.nginx.com/static/keys/app-protect-security-updates.key | gpg --dearmor | \ | ||
tee /usr/share/keyrings/app-protect-security-updates.gpg >/dev/null \ | ||
&& printf "deb [signed-by=/usr/share/keyrings/app-protect-security-updates.gpg] \ | ||
https://pkgs.nginx.com/app-protect-security-updates/ubuntu `lsb_release -cs` nginx-plus\n" | \ | ||
tee /etc/apt/sources.list.d/nginx-app-protect.list \ | ||
&& wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx \ | ||
&& apt-get update \ | ||
&& apt-get install -y \ | ||
app-protect-attack-signatures \ | ||
app-protect-bot-signatures \ | ||
app-protect-threat-campaigns \ | ||
# REST API wrapper | ||
&& apt-get -y install python3 python3-venv \ | ||
&& python3 -m venv /compiler/env/ \ | ||
&& . /compiler/env/bin/activate \ | ||
&& pip3 install --no-cache --upgrade pip setuptools virtualenv \ | ||
&& python3 -m pip install --upgrade pip \ | ||
&& pip3 install -r /compiler/src/requirements.txt \ | ||
# REST API wrapper | ||
&& apt-get clean \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
# non-root default user (UID 101) | ||
USER nginx | ||
|
||
# REST API wrapper | ||
ENTRYPOINT [ "/compiler/src/start.sh" ] | ||
# REST API wrapper |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# REST API for NGINX App Protect WAF Compiler | ||
|
||
This contrib provides a set of REST API to use the NGINX App Protect 5 policy compiler | ||
|
||
## REST API Endpoints | ||
|
||
- `/v1/compile/policy` - compiles a JSON policy into a bundle | ||
- Method: `POST` | ||
- Payload: `{"global-settings": "<BASE64_ENCODED_GLOBAL_SETTINGS_JSON>", "policy": "<BASE64_ENCODED_POLICY_JSON>", "cookie-protection-seed": "<SEED_VALUE>"}` | ||
- `/v1/compile/logprofile` - compiles a log profile JSON into a bundle | ||
- Method: `POST` | ||
- Payload: `{"logprofile": "<BASE64_ENCODED_LOG_PROFILE_JSON>"}` | ||
- `/v1/bundle/info` - returns details on a compiled bundle | ||
- Method: `POST` | ||
- Payload: `{"bundle": "<BASE64_ENCODED_TGZ_BUNDLE>"}` | ||
|
||
Headers required for all endpoints: | ||
|
||
``` | ||
Content-Type: application/json | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
typing | ||
uvicorn | ||
fastapi | ||
uuid | ||
pyyaml |
Oops, something went wrong.