https://github.com/hasufell/docker-exherbo-nginx
https://github.com/hasufell/docker-exherbo-nginx
Last synced: about 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/hasufell/docker-exherbo-nginx
- Owner: hasufell
- Created: 2016-08-13T14:37:55.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2018-02-02T21:51:14.000Z (over 7 years ago)
- Last Synced: 2025-01-28T18:46:02.253Z (4 months ago)
- Language: Shell
- Size: 11.7 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
## Build the container
```
docker build -t hasufell/exherbo-nginx .
```
## Run
If you use IPv4 and have __usable__ nginx configuration in `/etc/nginx` and
static web files in `/srv/www` (nginx must be configure to use that location)
on the __host__, then you might want to run:
```
docker run -d \
-p 80:80 \
-p 443:443 \
-v /etc/nginx:/etc/nginx \
-v /srv/www:/srv/www \
hasufell/exherbo-nginx
```
## Enabling modsecurity
Modsecurity configuration and files are installed into `/etc/nginx/modsecurity`.
It includes the `base_rules` rules from the `www-apache/modsecurity-crs` package.
If you want to use your own ruleset/configuration, simply mount in the
`/etc/nginx/modsecurity` directory from the host and configure your site to
something like:
```
location / {
root /srv;
autoindex on;
ModSecurityEnabled on;
ModSecurityConfig modsecurity/modsecurity.conf;
}
```
If you want the rules to be automatically updated, you can use the script
at `/usr/bin/update-modsec.sh` which runs at every 23th hour. Note that it
requires the file `/etc/nginx/modsecurity/modsecurity.conf.orig` to be
present (containing only base configuration without ruleset) which is true
by default, but might not be true if you mounted in `/etc/nginx/modsecurity`
from the host.
E.g.:
```sh
docker exec -ti -d update-modsec.sh
```