Merge pull request #328 from fichte/main

use stable version of modsecurity nginx connector
coreruleset · Feb 1, 2025 · 123b819 · 123b819
2 parents b745189 + c6f58d6
commit 123b819
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 8 deletions.
diff --git a/docker-bake.hcl b/docker-bake.hcl
@@ -24,6 +24,10 @@ variable "httpd-version" {
     default = "2.4.63"
 }
 
+variable "modsecurity-nginx-version" {
+    default = "1.0.3"
+}
+
 variable "lua-version" {
     default = "5.3"
 }
@@ -105,7 +109,7 @@ target "docker-metadata-action" {}
 
 target "platforms-base" {
     inherits = ["docker-metadata-action"]
-    context="."    
+    context="."
     platforms = ["linux/amd64", "linux/arm64/v8", "linux/arm/v7", "linux/i386"]
     labels = {
         "org.opencontainers.image.source" = "https://github.com/coreruleset/modsecurity-crs-docker"
@@ -150,6 +154,7 @@ target "nginx" {
         LUA_MODULES = join(" ", lua-modules-debian)
         NGINX_VERSION = "${nginx-version}"
         NGINX_DYNAMIC_MODULES = join(" ", nginx-dynamic-modules)
+        MODSECURITY_NGINX_VERSION = "${modsecurity-nginx-version}"
     }
     tags = concat(tag("nginx"),
         vtag("${crs-version}", "nginx")
@@ -163,9 +168,9 @@ target "nginx-alpine" {
         LUA_MODULES = join(" ", lua-modules-alpine)
         NGINX_DYNAMIC_MODULES = join(" ", nginx-dynamic-modules)
         NGINX_VERSION = "${nginx-version}"
+        MODSECURITY_NGINX_VERSION = "${modsecurity-nginx-version}"
     }
     tags = concat(tag("nginx-alpine"),
         vtag("${crs-version}", "nginx-alpine")
     )
 }
-
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
@@ -6,6 +6,7 @@ ARG MODSEC3_VERSION="n/a"
 ARG LMDB_VERSION="n/a"
 ARG LUA_VERSION="n/a"
 ARG NGINX_DYNAMIC_MODULES="n/a"
+ARG MODSECURITY_NGINX_VERSION="n/a"
 
 USER root
 
@@ -53,7 +54,7 @@ RUN set -eux; \
     sed -ie "s/i386-linux-gnu/${ARCH}/g" build/pcre2.m4; \
     ./build.sh; \
     ./configure --with-yajl --with-ssdeep --with-pcre2 --with-maxmind --enable-silent-rules; \
-    make install; \
+    make -j$(nproc) install; \
     strip /usr/local/modsecurity/lib/lib*.so*
 
 # Build modules
@@ -62,14 +63,18 @@ RUN set -eux; \
     for module in ${NGINX_DYNAMIC_MODULES}; \
     do \
         repo=$(echo "${module}" | awk -F'/' '{print $2}'); \
-        git clone -b master --depth 1 "https://github.com/${module}.git" ; \
+        if [ "${module}" == "owasp-modsecurity/ModSecurity-nginx" ]; then \
+          git clone -b v${MODSECURITY_NGINX_VERSION} --depth 1 "https://github.com/${module}.git"; \
+        else \
+          git clone -b master --depth 1 "https://github.com/${module}.git"; \
+        fi; \
         modules="${modules} --add-dynamic-module=../${repo}"; \
     done; \
     curl -sSL "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -o nginx-${NGINX_VERSION}.tar.gz; \
     tar -xzf nginx-${NGINX_VERSION}.tar.gz; \
     cd ./nginx-${NGINX_VERSION}; \
     ./configure --with-compat ${modules}; \
-    make modules; \
+    make -j$(nproc) modules; \
     strip objs/*.so; \
     cp objs/*.so /etc/nginx/modules/; \
     mkdir /etc/modsecurity.d; \

diff --git a/nginx/Dockerfile-alpine b/nginx/Dockerfile-alpine
@@ -5,6 +5,7 @@ FROM nginxinc/nginx-unprivileged:${NGINX_VERSION}-alpine AS build
 ARG MODSEC3_VERSION="n/a"
 ARG LUA_VERSION="n/a"
 ARG NGINX_DYNAMIC_MODULES="n/a"
+ARG MODSECURITY_NGINX_VERSION="n/a"
 
 USER root
 
@@ -49,7 +50,7 @@ RUN set -eux; \
     sed -ie "s/i386-linux-gnu/${ARCH}/g" build/pcre2.m4; \
     ./build.sh; \
     ./configure --with-yajl --with-ssdeep --with-lmdb --with-pcre2 --with-maxmind --enable-silent-rules; \
-    make install; \
+    make -j$(nproc) install; \
     strip /usr/local/modsecurity/lib/lib*.so*
 
    # Build modules
@@ -58,14 +59,18 @@ RUN set -eux; \
     for module in ${NGINX_DYNAMIC_MODULES}; \
     do \
         repo=$(echo "${module}" | awk -F'/' '{print $2}'); \
-        git clone -b master --depth 1 "https://github.com/${module}.git" ; \
+        if [ "${module}" == "owasp-modsecurity/ModSecurity-nginx" ]; then \
+          git clone -b v${MODSECURITY_NGINX_VERSION} --depth 1 "https://github.com/${module}.git"; \
+        else \
+          git clone -b master --depth 1 "https://github.com/${module}.git"; \
+        fi; \
         modules="${modules} --add-dynamic-module=../${repo}"; \
     done; \
     curl -sSL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz -o nginx-${NGINX_VERSION}.tar.gz; \
     tar -xzf nginx-${NGINX_VERSION}.tar.gz; \
     cd ./nginx-${NGINX_VERSION}; \
     ./configure --with-compat ${modules}; \
-    make modules; \
+    make -j$(nproc) modules; \
     strip objs/*.so; \
     cp objs/*.so /etc/nginx/modules/; \
     mkdir /etc/modsecurity.d; \