-
-
Notifications
You must be signed in to change notification settings - Fork 344
/
docker-compose.yml
72 lines (68 loc) · 2.69 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# Only one of these will be up at a time for now.
# Concurrency will be on the tests folder we have.
services:
modsec2-apache:
container_name: modsec2-apache
image: owasp/modsecurity-crs:apache@sha256:9c20dd4756378de04c3587911efdf37c15614403c0540e008f16ca1cdbc63cba
environment:
SERVERNAME: modsec2-apache
BACKEND: http://backend
PORT: "8080"
MODSEC_RULE_ENGINE: DetectionOnly
BLOCKING_PARANOIA: 4
ERRORLOG: "/var/log/error.log"
ACCESSLOG: "/var/log/access.log"
MODSEC_AUDIT_LOG_FORMAT: Native
MODSEC_AUDIT_LOG_TYPE: Serial
MODSEC_AUDIT_LOG: "/var/log/modsec_audit.log"
MODSEC_TMP_DIR: "/tmp"
MODSEC_RESP_BODY_ACCESS: "On"
MODSEC_RESP_BODY_MIMETYPE: "text/plain text/html text/xml application/json"
MAX_FILE_SIZE: "64100"
COMBINED_FILE_SIZES: "65535"
CRS_ENABLE_TEST_MARKER: 1
VALIDATE_UTF8_ENCODING: 1
volumes:
- ./logs/modsec2-apache:/var/log:rw
- ../rules:/opt/owasp-crs/rules:ro
- ../plugins:/opt/owasp-crs/plugins:ro
- ../crs-setup.conf.example:/etc/modsecurity.d/owasp-crs/crs-setup.conf.example
entrypoint: ["/bin/sh", "-c", "/bin/cp /etc/modsecurity.d/owasp-crs/crs-setup.conf.example /etc/modsecurity.d/owasp-crs/crs-setup.conf && /docker-entrypoint.sh httpd-foreground"]
ports:
- "80:8080"
depends_on:
- backend
modsec3-nginx:
container_name: modsec3-nginx
image: owasp/modsecurity-crs:nginx@sha256:71c4719eadc99b0e5df30aa8b07ffb93a71f9e69b3aee59a9029e7cef3f528d9
environment:
SERVERNAME: modsec3-nginx
BACKEND: http://backend
PORT: "8080"
MODSEC_RULE_ENGINE: DetectionOnly
BLOCKING_PARANOIA: 4
ERRORLOG: "/var/log/error.log"
LOGLEVEL: "info"
ACCESSLOG: "/var/log/access.log"
MODSEC_AUDIT_LOG_FORMAT: Native
MODSEC_AUDIT_LOG_TYPE: Serial
MODSEC_AUDIT_LOG: "/var/log/modsec_audit.log"
MODSEC_RESP_BODY_ACCESS: "On"
MODSEC_RESP_BODY_MIMETYPE: "text/plain text/html text/xml application/json"
MAX_FILE_SIZE: "64100"
COMBINED_FILE_SIZES: "65535"
CRS_ENABLE_TEST_MARKER: 1
VALIDATE_UTF8_ENCODING: 1
volumes:
- ./logs/modsec3-nginx:/var/log:rw
- ../rules:/opt/owasp-crs/rules:ro
- ../plugins:/opt/owasp-crs/plugins:ro
- ../crs-setup.conf.example:/etc/modsecurity.d/owasp-crs/crs-setup.conf.example
entrypoint: ["/bin/sh", "-c", "/bin/cp /etc/modsecurity.d/owasp-crs/crs-setup.conf.example /etc/modsecurity.d/owasp-crs/crs-setup.conf && /docker-entrypoint.sh nginx -g 'daemon off;'"]
ports:
- "80:8080"
depends_on:
- backend
backend:
image: ghcr.io/coreruleset/albedo:0.0.14
command: ["--port", "80"]