Dockerfile_compile_debian

FROM vdveldet/base-os

ARG VERSION
ARG NGINX_VERSION
ARG MODSECURITY
ARG MODSECURITY_RELEASE

ENV VERSION $VERSION
ENV NGINX_VERSION $NGINX_VERSION
ENV MODSECURITY $MODSECURITY
ENV MODSECURITY_RELEASE $MODSECURITY_RELEASE

MAINTAINER vdvelde.t@gmail.com
LABEL Description="nginx ${NGINX_VERSION} server + mod_security ${MODSECURITY}" \
      version="${VERSION}"

# Add Repo
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install software-properties-common && \
  DEBIAN_FRONTEND=noninteractive LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/nginx-mainline

# Download nginx Compiled version
RUN apt-get install -y nginx
RUN apt-get install -y \
  apt-utils \
  autoconf \
  automake \
  build-essential \
  git \
  libcurl4-openssl-dev \
  libgeoip-dev \
  liblmdb-dev \
  libpcre++-dev \
  libtool \
  libxml2-dev \
  libyajl-dev \
  pkgconf \
  wget \
  zlib1g-dev \
  libyajl2 \
  openssl \
  libssl-dev \
  libperl-dev \
  libxslt-dev \
  checkinstall \
  rsync \
  libgd-dev

RUN git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity
RUN cd ModSecurity && \
  git submodule init && \
  git submodule update && \
  ./build.sh && \
  ./configure && \
  make && \
  make install && \
  cd ..

RUN  cd ModSecurity && \
  export MODSECURITY && \
  checkinstall --pkgname="modsecurity" --pkgversion="${MODSECURITY}" --pkgrelease="${MODSECURITY_RELEASE}" --maintainer="vdvelde.t@gmail.com" --nodoc --install=yes -y && \
  cd ..

# Create Packaging struncture
RUN mkdir -p /tmp/nginx-module-modsecurity3_${NGINX_VERSION}/DEBIAN/
COPY packager/control /tmp/nginx-module-modsecurity3_${NGINX_VERSION}/DEBIAN/

# Compile Connector
RUN git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git

# Download the nginx source code
RUN NGINX_VERSION=$(nginx -v 2>&1| awk -F "/" {'print $2'} | awk {'print $1'}) && \
  wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && tar zxvf nginx-${NGINX_VERSION}.tar.gz && \
  cd nginx-${NGINX_VERSION} && \
  COMPILE_OPT=$(nginx -V 2>&1 | grep "configure arguments" | \
  awk -F: {'print $2'} | \
  sed 's/--add-dynamic-module=.*//g') && \
  echo "./configure --add-dynamic-module=../ModSecurity-nginx ${COMPILE_OPT}" > comp.ksh  && \
  cat comp.ksh && \
  bash comp.ksh && \
  make modules && \
  mkdir -p  /usr/share/nginx/modules && \
  cp objs/ngx_http_modsecurity_module.so /usr/share/nginx/modules/ && \
  mkdir -p /tmp/nginx-module-modsecurity3_${NGINX_VERSION}/usr/share/nginx/modules/ && \
  cp objs/ngx_http_modsecurity_module.so /tmp/nginx-module-modsecurity3_${NGINX_VERSION}/usr/share/nginx/modules/ && \
  cd ..

# forward request and error logs to docker log collector
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
  ln -sf /dev/stderr /var/log/nginx/error.log && \
  ln -sf /dev/stdout /var/log/modsec_audit.log

# Configure mod ModSecurity
RUN mkdir -p /etc/nginx/modsec/
RUN  cd /etc/nginx/modsec && \
  curl -O https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended && \
  mv modsecurity.conf-recommended modsecurity.conf && \
  sed -i -e 's/worker_processes auto;/worker_processes 1;/g' /etc/nginx/nginx.conf && \
  sed -i -e 's/SecRuleEngine DetectionOnly/SecRuleEngine On/g' /etc/nginx/modsec/modsecurity.conf && \
  sed -i -e 's/SecAuditEngine RelevantOnly/SecAuditEngine off/g' /etc/nginx/modsec/modsecurity.conf && \
  git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git owasp && \
  cd owasp && \
  mv crs-setup.conf.example crs-setup.conf

# PATCH Mod security installation
RUN cd /etc/nginx/modsec/ && \
  curl -O https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/unicode.mapping

COPY nginx/nginx/10-mod-modsecurity.conf /etc/nginx/modules-enabled/
COPY nginx/modsec/main.conf /etc/nginx/modsec/

COPY nginx/nginx/default.conf /etc/nginx/conf.d/
COPY nginx/nginx/nginx.conf /etc/nginx/nginx.conf

# Create the nginx-module-modsecurity_1.0 package
  RUN cd /tmp/ && \
    mkdir -p /tmp/nginx-module-modsecurity3_${NGINX_VERSION}/etc/nginx/ && \
    rsync -Rratv /etc/nginx/* /tmp/nginx-module-modsecurity3_${NGINX_VERSION}/etc/nginx/ && \
    dpkg-deb --build nginx-module-modsecurity3_${NGINX_VERSION} && \
    ls -l

RUN echo "daemon off;" >> /etc/nginx/nginx.conf

CMD /usr/sbin/nginx