1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | # Dockerfile to build openresety Installed Containers FROM 192.168.1.67 /library/centos7 .4:v1 MAINTAINER xiayun <xiay@baomihua.com> #Install necessary tools RUN yum install -y pcre-devel wget net-tools gcc zlib zlib-devel make openssl-devel unzip python-devel #download tar.gz ADD https: //openresty .org /download/openresty-1 .11.2.5. tar .gz . ADD http: //labs .frickle.com /files/ngx_cache_purge-2 .3. tar .gz . ADD https: //github .com /loveshell/ngx_lua_waf/archive/master .zip . #unzip RUN tar zxvf ngx_cache_purge-2.3. tar .gz RUN tar -zxvf openresty-1.11.2.5. tar .gz RUN unzip master.zip #install openresety RUN cd openresty-1.11.2.5 && . /configure --prefix= /usr/local/openresty --with-luajit --with-http_stub_status_module --with-pcre --with-pcre-jit --add-module=.. /ngx_cache_purge-2 .3/ && gmake && gmake install RUN mkdir /usr/local/openresty/nginx/conf/waf/ RUN mkdir /usr/local/openresty/nginx/logs/hack/ RUN cp -r /ngx_lua_waf-master/ * /usr/local/openresty/nginx/conf/waf/ RUN mv /usr/local/openresty/nginx/conf/nginx .conf /usr/local/openresty/nginx/conf/nginx .conf.bak RUN mv /usr/local/openresty/nginx/conf/waf/config .lua /usr/local/openresty/nginx/conf/waf/config .bak COPY .nginx_conf /usr/local/openresty/nginx/conf/nginx .conf COPY config.lua /usr/local/openresty/nginx/conf/waf/config .lua #add user nginx RUN useradd -s /sbin/nologin nginx #chown nginx RUN chown -R nginx.nginx /usr/local/openresty/ RUN chown -R nginx.nginx /ngx_cache_purge-2 .3 #Expose ports for 80 EXPOSE 80 #start openresty CMD /usr/local/openresty/nginx/sbin/nginx -g "daemon off;" |
附1:.nginx_conf 与Dockerfile在同一路径
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 | user nginx nginx; worker_processes 2; error_log /usr/local/openresty/nginx/logs/nginx_error .log error; pid /usr/local/openresty/nginx/nginx .pid; worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535; } http { lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua" ; lua_shared_dict limit 10m; init_by_lua_file /usr/local/openresty/nginx/conf/waf/init .lua; access_by_lua_file /usr/local/openresty/nginx/conf/waf/waf .lua; include mime.types; default_type application /octet-stream ; charset utf-8; server_tokens off; log_format main '$host $status [$time_local] $upstream_addr $remote_addr - $remote_user [$time_local] $request_uri ' '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" ' '$bytes_sent $request_time $sent_http_x_cache_hit "$upstream_cache_status"' ; log_format log404 '$status [$time_local] $remote_addr $host$request_uri $sent_http_location' ; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 300m; sendfile on; fastcgi_intercept_errors on; tcp_nopush on; keepalive_timeout 20; tcp_nodelay on; client_body_timeout 10; client_body_buffer_size 512k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text /plain application /x-javascript text /css application /xml ; gzip_vary on; send_timeout 60; open_file_cache max=200000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; ssi on; ssi_silent_errors on; ssi_types text /shtml ; server { listen 80; server_name localhost; index index.html index.htm index.shtml index.php; root /usr/local/openresty/nginx/html ; if ($http_user_agent ~* "Baiduspider-render|qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot" ) { return 403; } location ~ \.php$ { include fastcgi_params; fastcgi_pass unix: /tmp/php-fcgi .sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html $fastcgi_script_name; } } } |
附2:config.lua与Dockerfile同一路径
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | RulePath = "/usr/local/openresty/nginx/conf/waf/wafconf/" attacklog = "on" logdir = "/usr/local/openresty/nginx/logs/hack/" UrlDeny= "off" Redirect= "off" CookieMatch= "off" postMatch= "off" whiteModule= "off" black_fileExt={ "php" , "jsp" } ipWhitelist={ "127.0.0.1" , "192.168.20.25" } ipBlocklist={} CCDeny= "off" CCrate= "100/60" html=[[ <html xmlns= "http://www.w3.org/1999/xhtml" >< head > <meta http-equiv= "Content-Type" content= "text/html; charset=utf-8" > <title>网站防火墙< /title > <style> p { line-height:20px; } ul{ list-style- type :none;} li{ list-style- type :none;} < /style > < /head > <body style= " padding:0; margin:0; font:14px/1.5 Microsoft Yahei, 宋体,sans-serif; color:#555;" > <div style= "margin: 0 auto; width:1000px; padding-top:70px; overflow:hidden;" > <div style= "width:600px; float:left;" > <div style= " height:40px; line-height:40px; color:#fff; font-size:16px; overflow:hidden; background:#6bb3f6; padding-left:20px;" >网站防火墙 < /div > <div style= "border:1px dashed #cdcece; border-top:none; font-size:14px; background:#fff; color:#555; line-height:24px; height:220px; padding:20px 20px 0 20px; overflow-y:auto;background:#f3f7f9;" > <p style= " margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;" ><span style= " font-weight:600; color:#fc4f03;" >您的请求带有不合法参数,已被网站管理员设置拦截!< /span >< /p > <p style= " margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;" >可能原因:您提交的内容包含危险的攻击请求< /p > <p style= " margin-top:12px; margin-bottom:12px; margin-left:0px; margin-right:0px; -qt-block-indent:1; text-indent:0px;" >如何解决:< /p > <ul style= "margin-top: 0px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; -qt-list-indent: 1;" ><li style= " margin-top:12px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;" >1)检查提交内容;< /li > <li style= " margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;" >2)如网站托管,请联系空间提供商;< /li > <li style= " margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;" >3)普通网站访客,请联系网站管理员;< /li >< /ul > < /div > < /div > < /div > < /body >< /html > ]] |