docker-nginx-full icon indicating copy to clipboard operation
docker-nginx-full copied to clipboard
verified publisher icon NginxProxyManager

Add ModSecurity

Open Renaud11232 opened this issue 4 years ago • 9 comments

Hello,

This PR aims at adding ModSecurity (jc21/nginx-proxy-manager#847), with all options enabled, to nginx-proxy-manager. Support for this could later be added in the web UI but I think I would already be great to have it installed, so it can be configured manually, if desired.

For this to work, additional libraries needed to be installed and compiled (The version of libmaxminddb available in the buster repositories was too old).

This also makes the image bigger (824MB for linux/amd64) since only copying libmodsecurity files adds a 355MB layer.

I succesfully built this image on my local machine for amd64.

Thanks

Renaud11232 avatar Nov 12 '21 10:11 Renaud11232

Looking at the logs, it looks like the build failed because the environment valiables I added in the Jenkins configuration are not used :

[2021-11-12T10:57:19.751Z] #82 0.352 ❯ Building libmaxminddb ...
[2021-11-12T10:57:19.751Z] #82 0.352 --2021-11-12 10:57:19--  https://github.com/maxmind/libmaxminddb/releases/download//libmaxminddb-.tar.gz
[2021-11-12T10:57:19.751Z] #82 0.359 Resolving github.com (github.com)... 52.64.108.95
[2021-11-12T10:57:19.751Z] #82 0.389 Connecting to github.com (github.com)|52.64.108.95|:443... connected.
[2021-11-12T10:57:20.387Z] #82 0.498 HTTP request sent, awaiting response... 404 Not Found
[2021-11-12T10:57:20.387Z] #82 0.796 2021-11-12 10:57:20 ERROR 404: Not Found.
[2021-11-12T10:57:20.387Z] #82 0.796 
[2021-11-12T10:57:20.387Z] #82 ERROR: process "/bin/sh -c /tmp/build-libmaxminddb" did not complete successfully: exit code: 8

I don't know Jenkins too much but I assume it's because it's using the configuration file from the master branch

Renaud11232 avatar Nov 12 '21 11:11 Renaud11232

You can run a local build with this command:

BASE_TAG=latest \
OPENRESTY_VERSION=1.19.3.1 \
LUA_VERSION=5.1.5 \
LUAROCKS_VERSION=3.3.1 \
MODSECURITY_VERSION=3.0.5 \
MODSECURITY_NGINX_VERSION=1.0.2 \
MAXMIND_VERSION=1.6.0 \
docker build \
  --pull \
  --build-arg BASE_TAG \
  --build-arg OPENRESTY_VERSION \
  --build-arg LUA_VERSION \
  --build-arg LUAROCKS_VERSION \
  --build-arg MODSECURITY_VERSION \
  --build-arg MODSECURITY_NGINX_VERSION \
  --build-arg MAXMIND_VERSION \
  -f docker/Dockerfile .

jc21 avatar Nov 12 '21 11:11 jc21

I've noticed that mod security build needs git as well

jc21 avatar Nov 12 '21 11:11 jc21

I've changed the Dockerfile so it includes git for the build.

Building the image locally works :

Successfully built c4dba0cc3706
root@ubuntu:~# docker images
REPOSITORY   TAG           IMAGE ID       CREATED          SIZE
<none>       <none>        c4dba0cc3706   8 seconds ago    824MB
...

Renaud11232 avatar Nov 12 '21 12:11 Renaud11232

@jc21 will ModSecurity be add to nginx proxy manager ?

jwklijnsma avatar Jan 10 '22 13:01 jwklijnsma

What happened at last?

itsKV avatar Aug 04 '22 07:08 itsKV

ModSecurity in nginx proxy manager would be really awesome and would improve security enormously. Is there already news about this?

tombauer avatar Feb 07 '23 17:02 tombauer

What happened. Can ModSecurity be added to NPM?

jorisdonkers avatar May 16 '24 08:05 jorisdonkers

Can Any onw share if they have did it?

mayank-joshi-01 avatar May 27 '24 14:05 mayank-joshi-01