From 3fb1c97b32c159d42d26127bf2e552a2dc7f1545 Mon Sep 17 00:00:00 2001 From: Carl Kittelberger Date: Thu, 13 Apr 2017 22:51:59 +0200 Subject: [PATCH] Initial commit. --- Dockerfile | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..4294475 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,90 @@ +FROM nginx:1.10.3 + +MAINTAINER Carl Kittelberger "icedream@icedream.pw" + +# TODO - verify against Nginx GPG key ID: 7BD9BF62 (simply add the key to the keyring, the verification seems to be done by apt-get source) + +ARG MODSECURITY_GIT_URL="https://github.com/SpiderLabs/ModSecurity.git" +ARG MODSECURITY_VERSION="v3/master" +ARG MODSECURITY_SOURCE_DIR="/usr/src/modsecurity-${MODSECURITY_VERSION}" +ARG MODSECURITY_NGINX_VERSION=master +ARG MODSECURITY_NGINX_GIT_URL=https://github.com/SpiderLabs/ModSecurity-nginx.git +ARG MODSECURITY_NGINX_SOURCE_DIR="/usr/src/modsecurity-nginx-${MODSECURITY_NGINX_VERSION}" + +RUN apt-get update \ + && apt-get install -yq --no-install-recommends \ + debian-keyring \ + dpkg-dev \ + lsb-release \ + && apt-mark auto debian-keyring dpkg-dev \ + && echo "deb-src http://nginx.org/packages/debian/ $(lsb_release -cs) nginx" \ + | tee -a /etc/apt/sources.list >/dev/null \ + && apt-get update \ + && (cd /usr/src \ + && apt-get source nginx=${NGINX_VERSION} \ + ) \ + && apt-get build-dep -y nginx=${NGINX_VERSION} \ + && apt-mark auto $(\ + apt-cache showsrc nginx |\ + sed -e '/Build-Depends/!d;s/Build-Depends: \|,\|([^)]*),*\|\[[^]]*\]//g' \ + ) \ + && apt-get install --no-install-recommends -y coreutils git \ + && apt-mark auto git \ + && apt-get install -y \ + autoconf \ + automake \ + autotools-dev \ + bison \ + curl \ + dh-autoreconf \ + doxygen \ + flex \ + g++ \ + libcurl3-gnutls \ + libcurl4-gnutls-dev \ + libgeoip1 \ + libgeoip-dev \ + libpcre++0 \ + libpcre++-dev \ + libtool \ + libxml2 \ + libxml2-dev \ + libyajl2 \ + libyajl-dev \ + && apt-mark auto \ + autoconf \ + automake \ + autotools-dev \ + bison \ + dh-autoreconf \ + doxygen \ + flex \ + g++ \ + libcurl4-gnutls-dev \ + libgeoip-dev \ + libpcre++-dev \ + libtool \ + libxml2-dev \ + libyajl-dev \ + && git clone "${MODSECURITY_GIT_URL}" "${MODSECURITY_SOURCE_DIR}" \ + && (cd "${MODSECURITY_SOURCE_DIR}" \ + && git checkout "${MODSECURITY_VERSION}" \ + && sh ./build.sh \ + && git submodule update --init \ + && ./configure \ + && make -j$(nproc) \ + && make install \ + ) \ + && git clone "${MODSECURITY_NGINX_GIT_URL}" "${MODSECURITY_NGINX_SOURCE_DIR}" \ + && (cd "${MODSECURITY_NGINX_SOURCE_DIR}" \ + && git checkout "${MODSECURITY_NGINX_VERSION}" \ + ) \ + && (cd /usr/src/nginx-*/ \ + && mkdir -p debian/modules \ + && ln -s "${MODSECURITY_NGINX_SOURCE_DIR}" debian/modules/modsecurity \ + && sed -i 's,\\./configure,\\./configure --add-module=$(MODULESDIR)/modsecurity,' debian/rules \ + && DEB_BUILD_OPTIONS=nodoc dpkg-buildpackage -b -uc -us -tc -j$(nproc) \ + && dpkg -i ../nginx_*.deb \ + ) \ + && apt-get autoremove --purge -y \ + && rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /usr/src/modsecurity* /usr/src/nginx*