really/nginx-modsecurity

The readme leaves a few things out

sudo mkdir -p /data/nginx/conf.d/
sudo nano /data/nginx/conf.d/www.example.com.conf

    upstream www.example.com {
        server 1.1.1.1;
    }

    server {
        listen       80;

        server_name  www.example.com;
        modsecurity on;

        location / {
            proxy_pass http://www.example.com/;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
            proxy_redirect off;
            proxy_buffering off;
            proxy_force_ranges on;
            proxy_set_header        Host            $host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

        }

}

then start the docker

docker run --name nginx-modsecurity \
  --restart=always \
  --net=host \
  -v /data/nginx/conf.d:/etc/nginx/conf.d:rw \
  -v /data/letsencrypt:/etc/letsencrypt:rw \
  -p 80:80 -p 443:443 -d \
  really/nginx-modsecurity

after which you can run certbot which will add the SSL config to your site file

docker exec -it nginx-modsecurity certbot --no-redirect --nginx -d www.example.com

really/nginx-modsecurity

Docker container providing nginx with [modsecurity] (https://www.modsecurity.org), lua and certbot for Let's Encrypt SSL certificates

Launch nginx using the default config:

docker run --name nginx-modsecurity \
  --restart=always \
  --net=host \
  -v /data/nginx/conf.d:/etc/nginx/conf.d:rw \
  -v /data/letsencrypt:/etc/letsencrypt:rw \
  -p 80:80 -p 443:443 -d \
  really/nginx-modsecurity

ModSecurity

Pre-configured with rules from OWASP CRS on my default. If you want to disable it for a particular location simply set it to off

server
{
  listen 80;
  listen [::]:80;
  listen [::]:443 ssl http2;
  listen 443 ssl http2;

  server_name insecure.example.com;

  set $upstream "http://10.0.0.1:9000";

  include /etc/nginx/defaults/https.conf;
  include /etc/nginx/defaults/resolver.conf;

  location /
  {
    include /etc/nginx/defaults/proxy.conf;
    proxy_pass $upstream;
    modsecurity off;
  }

  include /etc/nginx/defaults/error-page.conf;

  ssl_certificate /etc/letsencrypt/live/insecure.example.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/insecure.example.com/privkey.pem; # managed by Certbot

  ssl_trusted_certificate /etc/letsencrypt/live/insecure.example.com/chain.pem; # managed by Certbot
  ssl_stapling on; # managed by Certbot
  ssl_stapling_verify on; # managed by Certbot

}

Certbot

Easily add SSL security to your nginx hosts with certbot. docker exec -it nginx-modsecurity /bin/sh will bring up a prompt at which time you can certbot to your hearts content.

or

docker exec -it nginx-modsecurity certbot --no-redirect --must-staple -d example.com

It even auto-renew's for you every day!

Name		Name	Last commit message	Last commit date
Latest commit History 25 Commits
hooks		hooks
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
certbot.default.sh		certbot.default.sh
docker-entrypoint.sh		docker-entrypoint.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

really/nginx-modsecurity

ModSecurity

Certbot

About

Uh oh!

Releases

Packages

Languages

License

mcurtis789/docker-nginx-modsecurity

Folders and files

Latest commit

History

Repository files navigation

really/nginx-modsecurity

ModSecurity

Certbot

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages