update mainline to 1.17.1 and stable to 1.16.0

RHodeidra · Jul 20, 2019 · 92b27c4 · 92b27c4
1 parent 872d532
commit 92b27c4
Show file tree

Hide file tree

Showing 9 changed files with 73 additions and 47 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.7 AS nginx-naxsi-build
+FROM alpine:3.10.1 AS nginx-naxsi-build
 
 RUN set -ex ; \
     addgroup -S nginx ; \
@@ -113,9 +113,11 @@ RUN set -ex ; \
     ; \
     \
     apk add --no-cache --virtual .build-deps \
+        clang \
         gcc \
         gd-dev \
         geoip-dev \
+        gettext \
         libc-dev \
         libxslt-dev \
         linux-headers \
@@ -134,7 +136,7 @@ RUN set -ex ; \
     ; \
     \
     cd nginx-$NGINX_VERSION ; \
-    ./configure $config ; \
+    CC=clang CFLAGS=-Os ./configure $config ; \
     make -j$(getconf _NPROCESSORS_ONLN) ; \
     make install ; \
     rm -rf /etc/nginx/html/ ; \
@@ -155,7 +157,6 @@ RUN set -ex ; \
         /tmp/nginx-$NGINX_VERSION \
     ; \
     \
-    apk add --no-cache --virtual .build-deps gettext ; \
     mv /usr/bin/envsubst /tmp/ ; \
     \
     run_deps="$( \

diff --git a/LICENSE b/LICENSE
@@ -1,5 +1,5 @@
 Copyright (C) 2011-2016 Nginx, Inc.
-Copyright (C) 2017-2018 Dimitri Gence
+Copyright (C) 2017-2019 Dimitri Gence
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

diff --git a/Makefile b/Makefile
@@ -2,45 +2,46 @@ IMAGE=dmgnx/nginx-naxsi
 
 NAXSI_VERSION=0.56
 NAXSI_TAG=untagged-afabfc163946baa8036f
-NGINX_MAINLINE_VERSION=1.15.0
-NGINX_STABLE_VERSION=1.14.0
+NGINX_MAINLINE_VERSION=1.17.1
+NGINX_STABLE_VERSION=1.16.0
 
-.PHONY:mainline stable
+dir/mainline: mainline
+
+dir/stable: stable
 
-all: mainline stable
+image/mainline: mainline
+	docker build \
+		-t $(IMAGE):latest \
+		-t $(IMAGE):$< \
+		-t $(IMAGE):$(NGINX_MAINLINE_VERSION)-$(NAXSI_VERSION) \
+		$<
 
-mainline: Dockerfile
+image/stable: stable
+	docker build \
+		-t $(IMAGE):$< \
+		-t $(IMAGE):$(NGINX_STABLE_VERSION)-$(NAXSI_VERSION) \
+		$<
+
+mainline:
 	mkdir -p $@
 	sed \
-			-e 's/@NGINX_VERSION@/$(NGINX_MAINLINE_VERSION)/' \
-			-e 's/@NAXSI_VERSION@/$(NAXSI_VERSION)/' \
-			-e 's/@NAXSI_TAG@/$(NAXSI_TAG)/' \
-			$< \
-		> $@/$<
+		-e 's/@NGINX_VERSION@/$(NGINX_MAINLINE_VERSION)/' \
+		-e 's/@NAXSI_VERSION@/$(NAXSI_VERSION)/' \
+		-e 's/@NAXSI_TAG@/$(NAXSI_TAG)/' \
+		Dockerfile \
+		> $@/Dockerfile
 	cp docker-entrypoint.sh $@
 	cp nginx.conf $@
 	cp nginx.vh.default.conf $@
 
-stable: Dockerfile
+stable:
 	mkdir -p $@
 	sed \
-			-e 's/@NGINX_VERSION@/$(NGINX_STABLE_VERSION)/' \
-			-e 's/@NAXSI_VERSION@/$(NAXSI_VERSION)/' \
-			-e 's/@NAXSI_TAG@/$(NAXSI_TAG)/' \
-			$< \
-		> $@/$<
+		-e 's/@NGINX_VERSION@/$(NGINX_STABLE_VERSION)/' \
+		-e 's/@NAXSI_VERSION@/$(NAXSI_VERSION)/' \
+		-e 's/@NAXSI_TAG@/$(NAXSI_TAG)/' \
+		Dockerfile \
+		> $@/Dockerfile
 	cp docker-entrypoint.sh $@
 	cp nginx.conf $@
 	cp nginx.vh.default.conf $@
-
-update:
-	sed -i \
-		-e 's/^\(NAXSI_VERSION=\)\([0-9]\+\(\.\|$$\)\)\+/\1$(NAXSI_VERSION)/' \
-		-e 's/^\(NAXSI_TAG=\)\([0-9a-zA-Z.-]\)\+/\1$(NAXSI_TAG)/' \
-		-e 's/^\(NGINX_MAINLINE_VERSION=\)\([0-9]\+\(\.\|$$\)\)\+/\1$(NGINX_MAINLINE_VERSION)/' \
-		-e 's/^\(NGINX_STABLE_VERSION=\)\([0-9]\+\(\.\|$$\)\)\+/\1$(NGINX_STABLE_VERSION)/' \
-	   	Makefile
-	sed -i \
-		-e "s/\`$(shell grep '`mainline`' README.md | cut -d'`' -f2)\`/\`$(NGINX_MAINLINE_VERSION)\`/" \
-		-e "s/\`$(shell grep '`stable`' README.md | cut -d'`' -f2)\`/\`$(NGINX_STABLE_VERSION)\`/" \
-		README.md
diff --git a/README.md b/README.md
@@ -2,12 +2,10 @@
 [![Docker Pulls](https://img.shields.io/docker/pulls/dmgnx/nginx-naxsi.svg)](https://hub.docker.com/r/dmgnx/nginx-naxsi/)
 [![Docker Automated buil](https://img.shields.io/docker/automated/dmgnx/nginx-naxsi.svg)](https://hub.docker.com/r/dmgnx/nginx-naxsi/)
 
-**NOT MAINTAINED ANYMORE**
-
 # Supported tags and respective `Dockerfile` links
 
--   [`0.56-1.15.0`, `0.56-1.15`, `mainline`, `latest` (*mainline/Dockerfile*)](https://github.com/dmgnx/docker-nginx-naxsi/blob/master/mainline/Dockerfile)
--   [`0.56-1.14.0`, `0.56-1.14`, `stable` (*stable/Dockerfile*)](https://github.com/dmgnx/docker-nginx-naxsi/blob/master/stable/Dockerfile)
+-   [`1.17.1-0.56`, `mainline`, `latest` (*mainline/Dockerfile*)](https://github.com/dmgnx/docker-nginx-naxsi/blob/master/mainline/Dockerfile)
+-   [`1.16.0-0.56`, `stable` (*stable/Dockerfile*)](https://github.com/dmgnx/docker-nginx-naxsi/blob/master/stable/Dockerfile)
 
 # How to use this image
 

diff --git a/mainline/Dockerfile b/mainline/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.7 AS nginx-naxsi-build
+FROM alpine:3.10.1 AS nginx-naxsi-build
 
 RUN set -ex ; \
     addgroup -S nginx ; \
@@ -12,7 +12,7 @@ RUN set -ex ; \
 
 ENV NAXSI_VERSION=0.56 \
     NAXSI_TAG=untagged-afabfc163946baa8036f \
-    NGINX_VERSION=1.15.0
+    NGINX_VERSION=1.17.1
 
 WORKDIR /tmp
 
@@ -113,9 +113,11 @@ RUN set -ex ; \
     ; \
     \
     apk add --no-cache --virtual .build-deps \
+        clang \
         gcc \
         gd-dev \
         geoip-dev \
+        gettext \
         libc-dev \
         libxslt-dev \
         linux-headers \
@@ -134,7 +136,7 @@ RUN set -ex ; \
     ; \
     \
     cd nginx-$NGINX_VERSION ; \
-    ./configure $config ; \
+    CC=clang CFLAGS=-Os ./configure $config ; \
     make -j$(getconf _NPROCESSORS_ONLN) ; \
     make install ; \
     rm -rf /etc/nginx/html/ ; \
@@ -155,7 +157,6 @@ RUN set -ex ; \
         /tmp/nginx-$NGINX_VERSION \
     ; \
     \
-    apk add --no-cache --virtual .build-deps gettext ; \
     mv /usr/bin/envsubst /tmp/ ; \
     \
     run_deps="$( \

diff --git a/mainline/nginx.vh.default.conf b/mainline/nginx.vh.default.conf
@@ -8,6 +8,14 @@ server {
     location / {
         root   /usr/share/nginx/html;
         index  index.html index.htm;
+        SecRulesEnabled;
+        LearningMode;
+        DeniedUrl "/50x.html"; 
+        CheckRule "$SQL >= 8" BLOCK;
+        CheckRule "$RFI >= 8" BLOCK;
+        CheckRule "$TRAVERSAL >= 4" BLOCK;
+        CheckRule "$EVADE >= 4" BLOCK;
+        CheckRule "$XSS >= 8" BLOCK;
     }
 
     #error_page  404              /404.html;
@@ -16,7 +24,7 @@ server {
     #
     error_page   500 502 503 504  /50x.html;
     location = /50x.html {
-        root   /usr/share/nginx/html;
+        return 403;
     }
 
     # proxy the PHP scripts to Apache listening on 127.0.0.1:80

diff --git a/nginx.vh.default.conf b/nginx.vh.default.conf
@@ -8,6 +8,14 @@ server {
     location / {
         root   /usr/share/nginx/html;
         index  index.html index.htm;
+        SecRulesEnabled;
+        LearningMode;
+        DeniedUrl "/50x.html"; 
+        CheckRule "$SQL >= 8" BLOCK;
+        CheckRule "$RFI >= 8" BLOCK;
+        CheckRule "$TRAVERSAL >= 4" BLOCK;
+        CheckRule "$EVADE >= 4" BLOCK;
+        CheckRule "$XSS >= 8" BLOCK;
     }
 
     #error_page  404              /404.html;
@@ -16,7 +24,7 @@ server {
     #
     error_page   500 502 503 504  /50x.html;
     location = /50x.html {
-        root   /usr/share/nginx/html;
+        return 403;
     }
 
     # proxy the PHP scripts to Apache listening on 127.0.0.1:80

diff --git a/stable/Dockerfile b/stable/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.7 AS nginx-naxsi-build
+FROM alpine:3.10.1 AS nginx-naxsi-build
 
 RUN set -ex ; \
     addgroup -S nginx ; \
@@ -12,7 +12,7 @@ RUN set -ex ; \
 
 ENV NAXSI_VERSION=0.56 \
     NAXSI_TAG=untagged-afabfc163946baa8036f \
-    NGINX_VERSION=1.14.0
+    NGINX_VERSION=1.16.0
 
 WORKDIR /tmp
 
@@ -113,9 +113,11 @@ RUN set -ex ; \
     ; \
     \
     apk add --no-cache --virtual .build-deps \
+        clang \
         gcc \
         gd-dev \
         geoip-dev \
+        gettext \
         libc-dev \
         libxslt-dev \
         linux-headers \
@@ -134,7 +136,7 @@ RUN set -ex ; \
     ; \
     \
     cd nginx-$NGINX_VERSION ; \
-    ./configure $config ; \
+    CC=clang CFLAGS=-Os ./configure $config ; \
     make -j$(getconf _NPROCESSORS_ONLN) ; \
     make install ; \
     rm -rf /etc/nginx/html/ ; \
@@ -155,7 +157,6 @@ RUN set -ex ; \
         /tmp/nginx-$NGINX_VERSION \
     ; \
     \
-    apk add --no-cache --virtual .build-deps gettext ; \
     mv /usr/bin/envsubst /tmp/ ; \
     \
     run_deps="$( \

diff --git a/stable/nginx.vh.default.conf b/stable/nginx.vh.default.conf
@@ -8,6 +8,14 @@ server {
     location / {
         root   /usr/share/nginx/html;
         index  index.html index.htm;
+        SecRulesEnabled;
+        LearningMode;
+        DeniedUrl "/50x.html"; 
+        CheckRule "$SQL >= 8" BLOCK;
+        CheckRule "$RFI >= 8" BLOCK;
+        CheckRule "$TRAVERSAL >= 4" BLOCK;
+        CheckRule "$EVADE >= 4" BLOCK;
+        CheckRule "$XSS >= 8" BLOCK;
     }
 
     #error_page  404              /404.html;
@@ -16,7 +24,7 @@ server {
     #
     error_page   500 502 503 504  /50x.html;
     location = /50x.html {
-        root   /usr/share/nginx/html;
+        return 403;
     }
 
     # proxy the PHP scripts to Apache listening on 127.0.0.1:80