added new vanilla nginx image
This commit is contained in:
@@ -2,8 +2,8 @@ name: haven_apps
|
||||
include:
|
||||
- ./portainer/docker-compose.yaml
|
||||
- ./code-server/docker-compose.yaml
|
||||
- ./nextcloud/docker-compose-linux-io.yaml
|
||||
- ./nginx/docker-compose.yaml
|
||||
# - ./nextcloud/docker-compose-linux-io.yaml
|
||||
# - ./nginx/docker-compose.yaml
|
||||
# - ./filebrowser/docker-compose.yaml
|
||||
# - ./authentik/docker-compose.yaml
|
||||
# - ./homepage/docker-compose.yaml
|
||||
|
||||
115
nginx-modsecurity/docker-compose.yaml
Normal file
115
nginx-modsecurity/docker-compose.yaml
Normal file
@@ -0,0 +1,115 @@
|
||||
# This docker-compose file starts owasp/modsecurity-crs
|
||||
#
|
||||
# ATTENTION!
|
||||
# Some of the environment variables at the bottom of this
|
||||
# docker-compose.yaml file and TLS are only available
|
||||
# for self-built images based on Dockerfile-2.9-apache,
|
||||
# and only if build args SETTLS and SETPROXY were set during
|
||||
# the build of the parent owasp/modsecurity:2.9-apache image.
|
||||
|
||||
x-defaults: &default-settings
|
||||
environment:
|
||||
SERVERNAME: localhost
|
||||
#############################################
|
||||
# CRS Variables
|
||||
#############################################
|
||||
# Paranoia Level
|
||||
PARANOIA: 1
|
||||
# Replaces PARANOIA as of CRS 4
|
||||
BLOCKING_PARANOIA: 1
|
||||
# Inbound and Outbound Anomaly Score Threshold
|
||||
ANOMALY_INBOUND: 5
|
||||
ANOMALY_OUTBOUND: 4
|
||||
# Executing Paranoia Level
|
||||
# - EXECUTING_PARANOIA=2
|
||||
#
|
||||
# Replaces EXECUTING_PARANOIA as of CRS 4
|
||||
# - DETECTION_PARANOIA=2
|
||||
#
|
||||
# New in CRS 4
|
||||
REPORTING_LEVEL: 2
|
||||
|
||||
#######################################################
|
||||
# Reverse Proxy mode
|
||||
# (only available if SETPROXY was enabled during the
|
||||
# parent ModSecurity image)
|
||||
#######################################################
|
||||
# PROXYLOCATION: Application Backend of Reverse Proxy
|
||||
#PROXYLOCATION: http://portainer:8000/
|
||||
#
|
||||
# If needed: add own httpd-proxy.conf (only available if SETPROXY
|
||||
# was enabled during build of parent ModSecurity image)
|
||||
# - ./httpd-proxy.conf:/usr/local/apache2/conf/extra/httpd-proxy.conf
|
||||
|
||||
#######################################################
|
||||
# Various CRS Variables with Default Values
|
||||
#######################################################
|
||||
# ENFORCE_BODYPROC_URLENCODED: 1
|
||||
# ALLOWED_METHODS: GET HEAD POST OPTIONS
|
||||
# ALLOWED_REQUEST_CONTENT_TYPE: '|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'
|
||||
# ALLOWED_REQUEST_CONTENT_TYPE_CHARSET: 'utf-8|iso-8859-1|iso-8859-15|windows-1252'
|
||||
# ALLOWED_HTTP_VERSIONS: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0
|
||||
# RESTRICTED_EXTENSIONS: .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/
|
||||
# RESTRICTED_HEADERS_BASIC: /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/
|
||||
# RESTRICTED_HEADERS_EXTENDED: /accept-charset/
|
||||
# STATIC_EXTENSIONS: /.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/
|
||||
|
||||
#######################################################
|
||||
# CRS Variables with Default Value unlimited
|
||||
#######################################################
|
||||
# MAX_NUM_ARGS: 255
|
||||
# ARG_NAME_LENGTH: 100
|
||||
# ARG_LENGTH: 400
|
||||
# TOTAL_ARG_LENGTH: 64000
|
||||
# MAX_FILE_SIZE: 1048576
|
||||
# COMBINED_FILE_SIZES: 1048576
|
||||
|
||||
#######################################################
|
||||
# Volumes for ModSecurity Tuning
|
||||
#######################################################
|
||||
volumes:
|
||||
#- /mnt/appdata/nginx-modsecurity/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
|
||||
#- /mnt/appdata/nginx-modsecurity/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
|
||||
|
||||
#######################################################
|
||||
# Add TLS server certificate and key
|
||||
# (only available if SETPROXY was enabled during the
|
||||
# parent ModSecurity image)
|
||||
#######################################################
|
||||
#- /mnt/appdata/nginx-modsecurity/server.crt:/usr/local/apache2/conf/server.crt
|
||||
#- /mnt/appdata/nginx-modsecurity/server.key:/usr/local/apache2/conf/server.key
|
||||
#######################################################
|
||||
# CPR Custom Volume Mappings - doesnt work!!
|
||||
#######################################################
|
||||
- nginx_data:/etc/nginx/
|
||||
- modsecurity_data:/etc/modsecurity.d/
|
||||
#- /mnt/modecurity-temp:/mnt/modsecurity-temp/
|
||||
#- /mnt/appdata/nginx-modsecurity/modsecurity.d:/etc/modsecurity.d
|
||||
|
||||
services:
|
||||
|
||||
nginx-modsec:
|
||||
container_name: nginx-modsec
|
||||
image: owasp/modsecurity-crs:4.17.1-nginx-alpine-202508061208
|
||||
ports:
|
||||
- "80:8080"
|
||||
# only available if SETTLS was enabled:
|
||||
- "443:8443"
|
||||
networks:
|
||||
- haven_internal
|
||||
user: root
|
||||
#user: 1000:1000
|
||||
<<: *default-settings
|
||||
|
||||
networks:
|
||||
haven_internal:
|
||||
name: haven_internal
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
nginx_data:
|
||||
name: nginx_data
|
||||
external: true
|
||||
modsecurity_data:
|
||||
name: modsecurity_data
|
||||
external: true
|
||||
@@ -1,115 +1,21 @@
|
||||
# This docker-compose file starts owasp/modsecurity-crs
|
||||
#
|
||||
# ATTENTION!
|
||||
# Some of the environment variables at the bottom of this
|
||||
# docker-compose.yaml file and TLS are only available
|
||||
# for self-built images based on Dockerfile-2.9-apache,
|
||||
# and only if build args SETTLS and SETPROXY were set during
|
||||
# the build of the parent owasp/modsecurity:2.9-apache image.
|
||||
|
||||
x-defaults: &default-settings
|
||||
environment:
|
||||
SERVERNAME: localhost
|
||||
#############################################
|
||||
# CRS Variables
|
||||
#############################################
|
||||
# Paranoia Level
|
||||
PARANOIA: 1
|
||||
# Replaces PARANOIA as of CRS 4
|
||||
BLOCKING_PARANOIA: 1
|
||||
# Inbound and Outbound Anomaly Score Threshold
|
||||
ANOMALY_INBOUND: 5
|
||||
ANOMALY_OUTBOUND: 4
|
||||
# Executing Paranoia Level
|
||||
# - EXECUTING_PARANOIA=2
|
||||
#
|
||||
# Replaces EXECUTING_PARANOIA as of CRS 4
|
||||
# - DETECTION_PARANOIA=2
|
||||
#
|
||||
# New in CRS 4
|
||||
REPORTING_LEVEL: 2
|
||||
|
||||
#######################################################
|
||||
# Reverse Proxy mode
|
||||
# (only available if SETPROXY was enabled during the
|
||||
# parent ModSecurity image)
|
||||
#######################################################
|
||||
# PROXYLOCATION: Application Backend of Reverse Proxy
|
||||
#PROXYLOCATION: http://portainer:8000/
|
||||
#
|
||||
# If needed: add own httpd-proxy.conf (only available if SETPROXY
|
||||
# was enabled during build of parent ModSecurity image)
|
||||
# - ./httpd-proxy.conf:/usr/local/apache2/conf/extra/httpd-proxy.conf
|
||||
|
||||
#######################################################
|
||||
# Various CRS Variables with Default Values
|
||||
#######################################################
|
||||
# ENFORCE_BODYPROC_URLENCODED: 1
|
||||
# ALLOWED_METHODS: GET HEAD POST OPTIONS
|
||||
# ALLOWED_REQUEST_CONTENT_TYPE: '|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'
|
||||
# ALLOWED_REQUEST_CONTENT_TYPE_CHARSET: 'utf-8|iso-8859-1|iso-8859-15|windows-1252'
|
||||
# ALLOWED_HTTP_VERSIONS: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0
|
||||
# RESTRICTED_EXTENSIONS: .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/
|
||||
# RESTRICTED_HEADERS_BASIC: /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/
|
||||
# RESTRICTED_HEADERS_EXTENDED: /accept-charset/
|
||||
# STATIC_EXTENSIONS: /.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/
|
||||
|
||||
#######################################################
|
||||
# CRS Variables with Default Value unlimited
|
||||
#######################################################
|
||||
# MAX_NUM_ARGS: 255
|
||||
# ARG_NAME_LENGTH: 100
|
||||
# ARG_LENGTH: 400
|
||||
# TOTAL_ARG_LENGTH: 64000
|
||||
# MAX_FILE_SIZE: 1048576
|
||||
# COMBINED_FILE_SIZES: 1048576
|
||||
|
||||
#######################################################
|
||||
# Volumes for ModSecurity Tuning
|
||||
#######################################################
|
||||
volumes:
|
||||
#- /mnt/appdata/nginx-modsecurity/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
|
||||
#- /mnt/appdata/nginx-modsecurity/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
|
||||
|
||||
#######################################################
|
||||
# Add TLS server certificate and key
|
||||
# (only available if SETPROXY was enabled during the
|
||||
# parent ModSecurity image)
|
||||
#######################################################
|
||||
#- /mnt/appdata/nginx-modsecurity/server.crt:/usr/local/apache2/conf/server.crt
|
||||
#- /mnt/appdata/nginx-modsecurity/server.key:/usr/local/apache2/conf/server.key
|
||||
#######################################################
|
||||
# CPR Custom Volume Mappings - doesnt work!!
|
||||
#######################################################
|
||||
- nginx_data:/etc/nginx/
|
||||
- modsecurity_data:/etc/modsecurity.d/
|
||||
#- /mnt/modecurity-temp:/mnt/modsecurity-temp/
|
||||
#- /mnt/appdata/nginx-modsecurity/modsecurity.d:/etc/modsecurity.d
|
||||
|
||||
services:
|
||||
|
||||
nginx-modsec:
|
||||
container_name: nginx-modsec
|
||||
image: owasp/modsecurity-crs:4.17.1-nginx-alpine-202508061208
|
||||
nginx:
|
||||
image: ghcr.io/open-webui/open-webui:ollama
|
||||
container_name: nginx
|
||||
ports:
|
||||
- "80:8080"
|
||||
# only available if SETTLS was enabled:
|
||||
- "443:8443"
|
||||
- 3001:8081
|
||||
environment:
|
||||
- "OLLAMA_API_BASE_URL=http://ollama-webui:11434/api"
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ollama_data:/app/backend/data
|
||||
- havenuser_data:/mnt/userdata
|
||||
networks:
|
||||
- haven_internal
|
||||
user: root
|
||||
#user: 1000:1000
|
||||
<<: *default-settings
|
||||
|
||||
networks:
|
||||
haven_internal:
|
||||
name: haven_internal
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
nginx_data:
|
||||
name: nginx_data
|
||||
external: true
|
||||
modsecurity_data:
|
||||
name: modsecurity_data
|
||||
external: true
|
||||
ollama_data:
|
||||
havenuser_data:
|
||||
Reference in New Issue
Block a user