FROM jwilder/nginx-proxy:0.9.3 as nginx-proxy

FROM owasp/modsecurity:3.0.6 as modsecurity

Author: eben0

Dockerfile

@@ -1,5 +1,8 @@
-FROM jwilder/nginx-proxy:0.8.0 as nginx-proxy
-FROM owasp/modsecurity:3.0.4 as modsecurity
+# ModSecurity NGINX Proxy
+# eben0/modsecurity-nginx-proxy
+
+FROM jwilder/nginx-proxy:0.9.3 as nginx-proxy
+FROM owasp/modsecurity:3.0.6 as modsecurity
 LABEL maintainer="Eyal Benatav <[email protected]>"
 
 # copy stuff from nginx-proxy
@@ -10,19 +13,21 @@ COPY --from=nginx-proxy /app/ /app/
 
 # env vars
 ENV DOCKER_HOST unix:///tmp/docker.sock
-ENV RULES_PATH /etc/modsecurity.d/rules
+ENV RULES_PATH /etc/modsecurity.d/proxy-rules
 ENV RULES_FILE ${RULES_PATH}/rules.conf
 
 RUN rm -rf /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/logging.conf \
-    # replace bash env and exec command
-    && sed -i -e 's:#!/bin/bash -e::g' -e 's:etc/:/etc/:g' /docker-entrypoint.sh \
+    # remove the first line (#!/bin/sh) from modsecurity entrypoint
+    && sed -i '1d' /docker-entrypoint.sh \
+    # replace the exec command from nginx-proxy entrypoint
     && sed -i 's:exec "$@":\n:g' /app/docker-entrypoint.sh \
-    # concatinate both entry pointers
+    # add modsecurity entrypoint into nginx-proxy entrypoint
     && cat /docker-entrypoint.sh >> /app/docker-entrypoint.sh \
     # create rules dir and file
     && mkdir -p ${RULES_PATH} && touch ${RULES_FILE} \
     # add rules file to setup.conf
     && echo "Include ${RULES_FILE}" >> /etc/modsecurity.d/setup.conf \
+    #&& echo "SecRuleEngine On" >> /etc/modsecurity.d/modsecurity.conf \
     # add nginx modsecurity module
     && sed -i '1s;^;load_module modules/ngx_http_modsecurity_module.so\;\n;' /etc/nginx/nginx.conf \
     # do some cleanup