From 09f09a34328079f04d372ff5fb7faf9e180cc7e4 Mon Sep 17 00:00:00 2001
From: JingLu5 <lvjing5@huawei.com>
Date: Fri, 24 Aug 2018 10:55:14 +0800
Subject: Modsecurity as a service

JIRA: CLOVER-68

1. Add Dockerfile and related files to build clover's modsecurity Docekr container
2. Add mainfest to install the Modsecurity in kubernetes cluster

Change-Id: Ia92926e730c04720f931999d7ec30565ce9e54be
Signed-off-by: JingLu5 <lvjing5@huawei.com>
---
 samples/services/modsecurity/docker/Dockerfile | 37 ++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 samples/services/modsecurity/docker/Dockerfile

(limited to 'samples/services/modsecurity/docker/Dockerfile')

diff --git a/samples/services/modsecurity/docker/Dockerfile b/samples/services/modsecurity/docker/Dockerfile
new file mode 100644
index 0000000..5a01f21
--- /dev/null
+++ b/samples/services/modsecurity/docker/Dockerfile
@@ -0,0 +1,37 @@
+FROM owasp/modsecurity:v2-ubuntu-apache
+MAINTAINER Jing Lu lvjing5@huawei.com
+
+ARG COMMIT=v3.1/dev
+ARG REPO=SpiderLabs/owasp-modsecurity-crs
+ENV PARANOIA=1
+
+RUN a2enmod rewrite
+
+RUN apt-get update && \
+    apt-get -y install python git ca-certificates iproute2 vim
+
+RUN cd /opt && \
+  git clone https://github.com/${REPO}.git owasp-modsecurity-crs-3.1 && \
+  cd owasp-modsecurity-crs-3.1 && \
+  git checkout -qf ${COMMIT}
+
+RUN cd /opt && \
+  cp -R /opt/owasp-modsecurity-crs-3.1/ /etc/apache2/modsecurity.d/owasp-crs/ && \
+  mv /etc/apache2/modsecurity.d/owasp-crs/crs-setup.conf.example /etc/apache2/modsecurity.d/owasp-crs/crs-setup.conf && \
+  cd /etc/apache2/modsecurity.d && \
+  printf "include modsecurity.d/owasp-crs/crs-setup.conf\ninclude modsecurity.d/owasp-crs/rules/*.conf" > include.conf && \
+  sed -i -e 's/SecRuleEngine DetectionOnly/SecRuleEngine On/g' /etc/apache2/modsecurity.d/modsecurity.conf && \
+  a2enmod proxy proxy_http
+
+COPY proxy.conf           /etc/apache2/modsecurity.d/proxy.conf
+COPY docker-entrypoint.sh /
+
+RUN chmod 777 /docker-entrypoint.sh
+
+COPY .htaccess            /var/www/html/.htaccess
+COPY apache2.conf         /etc/apache2/apache2.conf
+
+EXPOSE 80
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["apachectl", "-D", "FOREGROUND"]
-- 
cgit 1.2.3-korg