8000 Things Needed For Docker · Issue #15 · coreruleset/modsecurity-docker · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
This repository was archived by the owner on Nov 26, 2022. It is now read-only.

Things Needed For Docker #15

Closed
ghost opened this issue Mar 14, 2019 · 6 comments
Closed

Things Needed For Docker #15

ghost opened this issue Mar 14, 2019 · 6 comments

Comments

@ghost
Copy link
ghost commented Mar 14, 2019

This container is going to be run as a reverse proxy basically.

It should:

  • SSL CERT: generate its own self-signed SSL cert to accept TLS traffic. User can replace with their own SSL cert after it is up and running if they want
  • HIGHER VERSION: we should build Apache from source so we get 2.4.38 which has quite a bit more than 2.4.29, the latest version in Ubuntu:18.04 LTS
  • DEFAULT SITE FILE: we should add in a default site file that sets up the correct ProxyPass directives. The IP address to pass the requests too will be a variable the user will provide on the command-line during docker run.
  • DOCKERFILE SECURITY: we can probably put some limits on the container by dropping certain kernel privileges, restricting resource consumption, etc. There are some easy/quick commands to do this
  • RANDOM: random other things I'm forgetting :)

Future Cool Stuff:

  • We can make a helm chart for ModSecurity!
  • This helm chart could be used to install ModSecurity firewall layer on any K8s cluster...going to be cool stuff
@ghost ghost mentioned this issue Mar 14, 2019
Closed
@fzipi
Copy link
Member
fzipi commented Mar 14, 2019

For SSL CERT, should we add https://github.com/icing/mod_md so we can generate also valid certificates using LetsEncrypt?

@franbuehler
Copy link
Contributor

We should also add automated builds. The current images are 4 and 6 months old.
That's not very trustworthy.

@ghost
Copy link
Author
ghost commented Apr 4, 2019
edited by ghost
Loading

For SSL CERT, should we add https://github.com/icing/mod_md so we can generate also valid certificates using LetsEncrypt?

Yes very good point.

We can either use a one-off openssl command like here (look for the yellow bar) or something else. @franbuehler might have already made something for us though luckily :)

@csanders-git
Copy link
Contributor

hmmm, you think its not a drag on the letsencrypt echosystem?>

@fzipi
Copy link
Member
fzipi commented Apr 4, 2019
edited
Loading

The only thing is if this is a public facing IP or not. Otherwise, it won't work.
Also httpd:2.4 doesn't come with mod_md by default, so we may delay this plan a little bit. But if we build from source, then makes sense to have it.

@bittner bittner mentioned this issue Aug 8, 2019
Closed
@CRS-migration-bot CRS-migration-bot mentioned this issue May 13, 2020
Closed
@fzipi
Copy link
Member
fzipi commented Aug 28, 2021

@danehrlich1 This one is > 2 years old, lots of things have changed by now. Do you think you can create a new issue with the remaining stuff you'll like to see? I'm closing this one.

@fzipi fzipi closed this as completed Aug 28, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fzipi @csanders-git @franbuehler
0