ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-10-12 23:32:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Move <MODSEC> to base http {} block in an effort to minimize KNOWN modsec memory leaks.

Browse Source
This commit is contained in:
baudneo
2022-11-04 16:15:32 -06:00
parent c935714d3c
commit b32114826d
3 changed files with 19 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docker/rootfs/etc/cont-init.d/97_modsecurity.sh
View File

@@ -33,14 +33,14 @@ fi
# Enable modsecurity in the server block of :80 and :443 # Enable modsecurity in the server block of :80 and :443
# Can disable this (default) and add the modsec directives in each location block # Can disable this (default) and add the modsec directives in each location block
if [ "${MODSEC_ENABLE}" == "1" ] || [ "${MODSEC_ENABLE}" -eq 1 ]; then if [ "${MODSEC_ENABLE}" == "1" ] || [ "${MODSEC_ENABLE}" -eq 1 ]; then
log "Enabling modsecurity in server block of port 80 and 443" message="Enabling modsecurity in ROOT http block"
sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/conf.d/default.conf sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/nginx.conf
sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/conf.d/default.conf sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/nginx.conf
fi
# Enabled modsecurity in the server block of :81 (admin dashboard) # Enabled modsecurity in the server block of :81 (admin dashboard)
if [ "${MODSEC_ADMIN_PANEL}" == "1" ] || [ "${MODSEC_ADMIN_PANEL}" -eq 1 ]; then if [ "${MODSEC_ADMIN_PANEL}" == "0" ] || [ "${MODSEC_ADMIN_PANEL}" -eq 0 ]; then
log "Enabling modsecurity in server block of admin dashboard port 81" log "${message} and DISABLING in Admin dashboard port 81"
sed -i "s|#<MODSEC_ON>|modsecurity on;|g" /etc/nginx/conf.d/production.conf sed -i "s|#<MODSEC_ON>|modsecurity off;|g" /etc/nginx/conf.d/production.conf
sed -i "s|#<MODSEC_RULES>|modsecurity_rules_file /etc/nginx/modsec/main.conf;|g" /etc/nginx/conf.d/production.conf else
log "${message} and Admin dashboard port 81"
fi
fi fi

3
docker/rootfs/etc/nginx/nginx.conf
View File

@@ -56,7 +56,8 @@ http {
map $host $forward_scheme { map $host $forward_scheme {
default http; default http;
} }
#<MODSEC_ON>
#<MODSEC_RULES>
# Real IP Determination # Real IP Determination
# Local subnets: # Local subnets:

12
local-build.sh
View File

@@ -19,13 +19,15 @@ export BUILD_VERSION=dev
export BUILD_COMMIT= export BUILD_COMMIT=
export BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" export BUILD_DATE="$(date '+%Y-%m-%d %T %Z')"
export SSL_CERTS_PATH="/etc/ssl/certs/GTS_Root_R1.pem" export SSL_CERTS_PATH="/etc/ssl/certs/GTS_Root_R1.pem"
echo -e "${YELLOW} ${CYAN}Running ${RED}'scripts/frontend-build'${RESET}"
bash ./scripts/frontend-build # Build FrontEnd
echo -e "${YELLOW} ${CYAN}Completed ${RED}'frontend-build'${RESET}" #echo -e "${YELLOW} ${CYAN}Running ${RED}'scripts/frontend-build'${RESET}"
# Build #bash ./scripts/frontend-build
#echo -e "${YELLOW} ${CYAN}Completed ${RED}'frontend-build'${RESET}"
# Build Final Image
echo -e "${BLUE} ${CYAN}Building ${RED}LOCAL ${CYAN}Image [${DOCKER_IMAGE}] with tag: ${YELLOW}${BASE_TAG}${CYAN}...${RESET}" echo -e "${BLUE} ${CYAN}Building ${RED}LOCAL ${CYAN}Image [${DOCKER_IMAGE}] with tag: ${YELLOW}${BASE_TAG}${CYAN}...${RESET}"
docker build \ docker build \
\
--build-arg BUILD_VERSION="${BUILD_VERSION:-dev}" \ --build-arg BUILD_VERSION="${BUILD_VERSION:-dev}" \
--build-arg BUILD_COMMIT="${BUILD_COMMIT:-notset}" \ --build-arg BUILD_COMMIT="${BUILD_COMMIT:-notset}" \
--build-arg BUILD_DATE="${BUILD_DATE}" \ --build-arg BUILD_DATE="${BUILD_DATE}" \