Dockerfile 1.87 KB
Newer Older
tr's avatar
tr committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
FROM centos:8 AS builder

RUN dnf install -y epel-release sudo && \
    dnf groupinstall -y 'Development Tools' 'RPM Development Tools' && \
    rm -rf /var/cache/* /var/log/*

RUN useradd user && \
    usermod -aG wheel user && \
    sed -e '/^%wheel.*/d' -e 's/^# \(%wheel.*\)/\1/' -i /etc/sudoers && \
    chown user:user /usr/local/src
USER user
WORKDIR /home/user

ENV LC_ALL C

# Build modsecurity
ENV MODSECURITY_VERSION 3.0.4

RUN sudo dnf install -y libcurl-devel libxml2-devel pcre-devel && \
    sudo rm -rf /var/cache/* /var/log/*

RUN curl -L https://github.com/SpiderLabs/ModSecurity/releases/download/v$MODSECURITY_VERSION/modsecurity-v$MODSECURITY_VERSION.tar.gz \
        -o /usr/local/src/modsecurity.tar.gz && \
    tar -zxC /usr/local/src -f /usr/local/src/modsecurity.tar.gz

RUN cd /usr/local/src/modsecurity-v$MODSECURITY_VERSION && \
    ./build.sh && \
    ./configure && \
    make && \
    sudo make install
tr's avatar
tr committed
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

# Build modsecurity-nginx
ENV MODSECURITY_NGINX_VERSION 1.0.1

RUN curl -L https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v$MODSECURITY_NGINX_VERSION/modsecurity-nginx-v$MODSECURITY_NGINX_VERSION.tar.gz \
        -o /usr/local/src/modsecurity-nginx.tar.gz && \
    tar -zxC /usr/local/src -f /usr/local/src/modsecurity-nginx.tar.gz

RUN cd /usr/local/src && \
    dnf download --source nginx && \
    sudo dnf builddep -y nginx-*.src.rpm && \
    sudo dnf install -y nginx && \
    sudo rm -rf /var/cache/* /var/log/*

RUN cd /usr/local/src && \
    CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p') && \
    rpmdev-setuptree && \
    rpmbuild -rp nginx-*.src.rpm && \
    cd $HOME/rpmbuild/BUILD/nginx-* && \
    eval ./configure \
        --with-compat \
        $CONFARGS \
        --add-dynamic-module=/usr/local/src/modsecurity-nginx-v$MODSECURITY_NGINX_VERSION && \
    make modules && \
    cp objs/ngx_http_modsecurity_module.so /usr/local/src/