Skip to content
/ Docker-NGINX-Certbot-ModSecurity Public
forked from staticfloat/docker-nginx-certbot-old

Build a Docker image of NGINX with the ModSecurity Web Application Firewall extension and create and renew website certificates using the Let's Encrypt free certificate authority.

License

MIT license
0 stars 255 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

NicklasXYZ/Docker-NGINX-Certbot-ModSecurity

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

134 Commits
base
base
 
 
illustrations
illustrations
 
 
waf3
waf3
 
 
waf3_dep
waf3_dep
 
 
web
web
 
 
GenConfFiles.py
GenConfFiles.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
settings.env
settings.env
 
 

Repository files navigation

Docker + NGINX + TLS Termination + ModSecurity Web Application Firewall 3 (WAF3)

This repository is an attempt to combine two existing repositories (listed below) which each adds some extra functionality to NGINX beyond what one usually gets with an official NGINX base Docker image. The purpose of combining these two repositores is to be able build and run a single Docker image of NGINX and thus use NGINX as a primary entrypoint for all incoming client requests going to a backend system. In this context, the role of NGINX can thus be said to primarily be that of a Load Balancer and/or a reverse proxy that directs incoming requests to the appropriate backend server. NGINX is also used here to add Cross Origin Resource Sharing (CORS) headers in the responses to client requests.

The two repositories that have been combined into this one are described in the following:

  1. docker-waf by theonemule. This repository contains the Dockerfiles to build a custom Docker image of NGINX with the ModSecurity Web Application Firewall extension.
  2. docker-nginx-certbot by staticfloat. This repository contains the Dockerfiles to build a Docker image that uses Let's Encrypt and Certbot to add TLS/SSL termination capabilities to NGINX.

Conclusively, this repository thus contains all the files needed to build and run a Docker image of NGINX with a WAF and TLS/SSL termination capabilities.

The main changes/additions are:

  • All Docker images now use Alpine Linux as the image base (for smaller Docker images).
  • A Python templating script GenConfFiles.py has been added to more easily set the correct parameters and generate the correct configuration files.

A Small Note

To be able to combine the two repositories in the easiest way and to reduce build time, two intermediate Docker images are built:

waf3_dep --> waf3 --> nginx

The Docker images waf3_dep and waf3 are simply intermediate images used by the final nginx Docker image that runs NGINX and Certbot.

Directory & File Overview

A rough overview and a description of the most important files and directories in this repository is given below:

.

├── base/
│   └── conf/       <-- This directory contains templates for automatically
│                       generating Dockerfiles and configuration files.
├── GenConfFiles.py <-- This python script automatically generates configuration files
│                        and places them in the right directories.
├── nginx/          <-- (Is automatically generated.)   
│   ├── conf.d/     <-- The main NGINX Dockerfile and configuration file is located in
│   │                    this directory. 
│   └── https/      <-- This is where the Let's Encrypt certificates are located.
├── settings.env    <-- All vital settings and file paths are set in this file.
│                       All configuration files are generated based on the content
│                       of this file. The GenConfFiles.py parses this file.
├── waf3_dep/       <-- A Dockerfile is located here. It is used to build an intermediate
│                       base image which is used to build NGINX with the ModSecurity WAF.
├── waf3/           <-- A Dockerfile is located here. It is used to build Docker image of
│                       NGINX with the ModSecurity WAF extension.
└── web/            <-- This is where the test app source code is located.

Prerequisites & Usage

  • Git
  • Python 3.8 along with the pip package manager to automatically install all Python dependencies
  • Docker & Docker Compose

Deployment

  • 1: Pull the repository, navigate to the root directory of the repository and install Python dependencies by running:
git clone https://github.com/NicklasXYZ/Docker-NGINX-Certbot-ModSecurity.git && \
cd Docker-NGINX-Certbot-ModSecurity/ && \
pip install -r requirements.txt

  • 2: Read through the settings.env file and set the appropriate settings

  • 3: Generate all the appropriate configuration files (based on the content of the settings.env file):

python GenConfFiles.py --env_file settings.env
  • 4: Generate an SSL dhparam file (the filename should be the same as the one set in the settings.env file) with openssl:
# The path "nginx/dhparams" is hardcoded in the GenConfFiles.py file.
# It should thus not be changed. 
openssl dhparam -out nginx/dhparams/dhparam2048.pem 2048

  • 5: Possibly make some final edits to the generated nginx.conf file. This file is located in the nginx/conf.d/ directory.

  • 6: Create and start all services/docker containers via docker compose by running (this might take a while):

sudo docker-compose up --build

About

Build a Docker image of NGINX with the ModSecurity Web Application Firewall extension and create and renew website certificates using the Let's Encrypt free certificate authority.

Topics

letsencrypt docker nginx dockerfiles certificate docker-compose alpine firewall waf load-balancer reverse-proxy alpine-linux ssl-certificate certbot modsecurity tls-certificate modsecurity-nginx tls-termination ssl-termination waf3

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages

  • HTML 41.5%
  • Shell 29.7%
  • Python 20.7%
  • Dockerfile 7.4%
  • JavaScript 0.7%