Skip to content

Commit fae028e

Browse files
author
Vincent Devillers
committed
Add modsecurity
1 parent 2ee3f20 commit fae028e

File tree

1 file changed

+37
-0
lines changed

1 file changed

+37
-0
lines changed

build/Dockerfile

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -172,6 +172,33 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
172172
# COPY build/*.crt /etc/pki/ca-trust/source/anchors/
173173
# RUN update-ca-trust extract
174174

175+
############################################# GRAAL: ModSecurity #############################################
176+
FROM ${BUILD_OS} AS modsecurity-lib
177+
ARG MS_NGINX_VERSION=1.23.2
178+
179+
RUN apt-get update && apt-get install -y -q --fix-missing --no-install-recommends apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev
180+
RUN git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity \
181+
&& cd ModSecurity \
182+
&& git submodule init \
183+
&& git submodule update \
184+
&& ./build.sh \
185+
&& ./configure \
186+
&& make \
187+
&& make install \
188+
&& cd .. \
189+
&& ls -all /usr/local/lib
190+
191+
RUN git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
192+
193+
# Get nginx to build against
194+
RUN curl -sS -O -L http://nginx.org/download/nginx-${MS_NGINX_VERSION}.tar.gz \
195+
&& tar zxvf nginx-${MS_NGINX_VERSION}.tar.gz && rm -f nginx-${MS_NGINX_VERSION}.tar.gz \
196+
&& cd nginx-${MS_NGINX_VERSION} \
197+
&& ./configure --with-compat --add-dynamic-module=../ModSecurity-nginx \
198+
&& make modules \
199+
&& cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules \
200+
&& cd .. \
201+
&& ls -all /usr/local/lib
175202

176203
############################################# Create common files, permissions and setcap #############################################
177204
FROM ${BUILD_OS} as common
@@ -182,6 +209,16 @@ ARG GIT_COMMIT
182209
ARG TARGETPLATFORM
183210
ARG NAP_MODULES=none
184211

212+
# GRAAL: add modsecurity
213+
RUN --mount=type=bind,from=modsecurity-lib,target=/tmp/ot/ \
214+
ls -all /tmp/ot/usr/local/modsecurity/ \
215+
&& ls -all /tmp/ot/usr/lib/nginx/modules/ \
216+
&& mkdir /usr/local/modsecurity \
217+
&& cp -av -r /tmp/ot/usr/local/modsecurity /usr/local/ \
218+
&& cp -av /tmp/ot/usr/lib/nginx/modules/ngx_http_modsecurity_module.so /usr/lib/nginx/modules/ \
219+
&& ldconfig /usr/local/lib/
220+
# /GRAAL
221+
185222
# copy oidc files on plus build
186223
RUN --mount=type=bind,target=/tmp [ -n "${BUILD_OS##*plus*}" ] && exit 0; mkdir -p /etc/nginx/oidc/ && cp -a /tmp/internal/configs/oidc/* /etc/nginx/oidc/
187224

0 commit comments

Comments
 (0)