Dockerfile 2.86 KB
Newer Older
tr's avatar
tr committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
FROM centos:8 AS builder

RUN dnf install -y epel-release sudo && \
    dnf groupinstall -y 'Development Tools' 'RPM Development Tools' && \
    rm -rf /var/cache/* /var/log/*

RUN useradd user && \
    usermod -aG wheel user && \
    sed -e '/^%wheel.*/d' -e 's/^# \(%wheel.*\)/\1/' -i /etc/sudoers && \
    chown user:user /usr/local/src
USER user
WORKDIR /home/user

ENV LC_ALL C

# Build modsecurity
ENV MODSECURITY_VERSION 3.0.4

RUN sudo dnf install -y libcurl-devel libxml2-devel pcre-devel && \
    sudo rm -rf /var/cache/* /var/log/*

RUN curl -L https://github.com/SpiderLabs/ModSecurity/releases/download/v$MODSECURITY_VERSION/modsecurity-v$MODSECURITY_VERSION.tar.gz \
        -o /usr/local/src/modsecurity.tar.gz && \
    tar -zxC /usr/local/src -f /usr/local/src/modsecurity.tar.gz

RUN cd /usr/local/src/modsecurity-v$MODSECURITY_VERSION && \
    ./build.sh && \
    ./configure && \
    make && \
    sudo make install
tr's avatar
tr committed
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

# Build modsecurity-nginx
ENV MODSECURITY_NGINX_VERSION 1.0.1

RUN curl -L https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v$MODSECURITY_NGINX_VERSION/modsecurity-nginx-v$MODSECURITY_NGINX_VERSION.tar.gz \
        -o /usr/local/src/modsecurity-nginx.tar.gz && \
    tar -zxC /usr/local/src -f /usr/local/src/modsecurity-nginx.tar.gz

RUN cd /usr/local/src && \
    dnf download --source nginx && \
    sudo dnf builddep -y nginx-*.src.rpm && \
    sudo dnf install -y nginx && \
    sudo rm -rf /var/cache/* /var/log/*

RUN cd /usr/local/src && \
    CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p') && \
    rpmdev-setuptree && \
    rpmbuild -rp nginx-*.src.rpm && \
    cd $HOME/rpmbuild/BUILD/nginx-* && \
    eval ./configure \
        $CONFARGS \
        --add-dynamic-module=/usr/local/src/modsecurity-nginx-v$MODSECURITY_NGINX_VERSION && \
    make modules && \
    cp objs/ngx_http_modsecurity_module.so /usr/local/src/
tr's avatar
tr committed
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87


FROM centos:8

ENV MODSECURITY_VERSION 3.0.4
ENV MODSECURITY_NGINX_VERSION 1.0.1

RUN cd /usr/local/src && \
    dnf install -y nginx && \
    rm -rf /var/cache/* /var/log/*

# Copy modsecurity
COPY --from=builder /usr/local/modsecurity/bin/modsec-rules-check /usr/local/bin/
COPY --from=builder /usr/local/modsecurity/lib/libmodsecurity.so /usr/local/modsecurity/lib/
COPY --from=builder /usr/local/modsecurity/lib/libmodsecurity.so.3 /usr/local/modsecurity/lib/
COPY --from=builder /usr/local/modsecurity/lib/libmodsecurity.so.$MODSECURITY_VERSION /usr/local/modsecurity/lib/

# Copy modsecurity-nginx
COPY --from=builder /usr/local/src/ngx_http_modsecurity_module.so /usr/lib64/nginx/modules/

COPY nginx.conf /etc/nginx/
COPY modsecurity /etc/modsecurity
RUN mkdir -p /var/log/nginx && \
    mkdir -p /etc/modsecurity/rules && \
    ln -sf /dev/stdout /var/log/nginx/access.log && \
    ln -sf /dev/stderr /var/log/nginx/error.log

VOLUME /etc/modsecurity/rules/
EXPOSE 80

STOPSIGNAL SIGQUIT

CMD ["nginx", "-g", "daemon off;"]