docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602 linux/amd64

docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602 - 国内下载镜像源 浏览次数:27
使用中文描述如下: OWASP ModSecurity Core Rule Set镜像提供ModSecurity Core Rule Set,用于保护 web 应用免受攻击和加速安全扫描。
源镜像 docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602
国内镜像 swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602
镜像ID sha256:d524b8e513aeddf53e8eaeab1ed0e3ede63ea30a81ceda287052033f95f15b51
镜像TAG 3.3.5-openresty-alpine-fat-202402140602
大小 410.69MB
镜像源 docker.io
项目信息 Docker-Hub主页 🚀项目TAG 🚀
CMD /usr/local/openresty/bin/openresty -g daemon off;
启动入口 /docker-entrypoint.sh
工作目录
OS/平台 linux/amd64
浏览量 27 次
贡献者 49****1@qq.com
镜像创建 2024-02-14T18:52:44.877782071Z
同步时间 2024-12-10 11:30
更新时间 2024-12-23 07:18
开放端口
80/tcp
环境变量
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin LUA_PATH=/usr/local/openresty/site/lualib/?.ljbc;/usr/local/openresty/site/lualib/?/init.ljbc;/usr/local/openresty/lualib/?.ljbc;/usr/local/openresty/lualib/?/init.ljbc;/usr/local/openresty/site/lualib/?.lua;/usr/local/openresty/site/lualib/?/init.lua;/usr/local/openresty/lualib/?.lua;/usr/local/openresty/lualib/?/init.lua;./?.lua;/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/?/init.lua;/usr/local/openresty/luajit/share/lua/5.1/?.lua;/usr/local/openresty/luajit/share/lua/5.1/?/init.lua LUA_CPATH=/usr/local/openresty/site/lualib/?.so;/usr/local/openresty/lualib/?.so;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so ACCESSLOG=/var/log/nginx/access.log BACKEND=http://localhost:80 DNS_SERVER= ERRORLOG=/var/log/nginx/error.log KEEPALIVE_TIMEOUT=60s LOGLEVEL=warn METRICS_ALLOW_FROM=127.0.0.0/24 METRICS_DENY_FROM=all METRICSLOG=/dev/null MODSEC_AUDIT_ENGINE=RelevantOnly MODSEC_AUDIT_LOG_FORMAT=JSON MODSEC_AUDIT_LOG_TYPE=Serial MODSEC_AUDIT_LOG=/dev/stdout MODSEC_AUDIT_LOG_PARTS=ABIJDEFHZ MODSEC_AUDIT_STORAGE=/var/log/modsecurity/audit/ MODSEC_DATA_DIR=/tmp/modsecurity/data MODSEC_DEBUG_LOG=/dev/null MODSEC_DEBUG_LOGLEVEL=0 MODSEC_DEFAULT_PHASE1_ACTION=phase:1,pass,log,tag:'${MODSEC_TAG}' MODSEC_DEFAULT_PHASE2_ACTION=phase:2,pass,log,tag:'${MODSEC_TAG}' MODSEC_PCRE_MATCH_LIMIT_RECURSION=100000 MODSEC_PCRE_MATCH_LIMIT=100000 MODSEC_REQ_BODY_ACCESS=on MODSEC_REQ_BODY_LIMIT=13107200 MODSEC_REQ_BODY_LIMIT_ACTION=Reject MODSEC_REQ_BODY_JSON_DEPTH_LIMIT=512 MODSEC_REQ_BODY_NOFILES_LIMIT=131072 MODSEC_RESP_BODY_ACCESS=on MODSEC_RESP_BODY_LIMIT=1048576 MODSEC_RESP_BODY_LIMIT_ACTION=ProcessPartial MODSEC_RESP_BODY_MIMETYPE=text/plain text/html text/xml MODSEC_RULE_ENGINE=on MODSEC_STATUS_ENGINE=Off MODSEC_TAG=modsecurity MODSEC_TMP_DIR=/tmp/modsecurity/tmp MODSEC_TMP_SAVE_UPLOADED_FILES=on MODSEC_UPLOAD_DIR=/tmp/modsecurity/upload PORT=80 NGINX_ALWAYS_TLS_REDIRECT=off SET_REAL_IP_FROM=127.0.0.1 REAL_IP_HEADER=X-REAL-IP REAL_IP_PROXY_HEADER=X-REAL-IP REAL_IP_RECURSIVE=on PROXY_SSL=off PROXY_SSL_CERT=/etc/nginx/conf/proxy.crt PROXY_SSL_CERT_KEY=/etc/nginx/conf/proxy.key PROXY_SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 PROXY_SSL_PROTOCOLS=TLSv1.2 TLSv1.3 PROXY_SSL_VERIFY=off PROXY_SSL_VERIFY_DEPTH=1 PROXY_TIMEOUT=60s SERVER_NAME=localhost SERVER_TOKENS=off SSL_CERT=/etc/nginx/conf/server.crt SSL_CERT_KEY=/etc/nginx/conf/server.key SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSL_DH_BITS=2048 SSL_OCSP_STAPLING=on SSL_PORT=443 SSL_PREFER_CIPHERS=off SSL_PROTOCOLS=TLSv1.2 TLSv1.3 SSL_VERIFY=off SSL_VERIFY_DEPTH=1 WORKER_CONNECTIONS=1024 LD_LIBRARY_PATH=/usr/local/lib:/usr/local/openresty NGINX_ENVSUBST_OUTPUT_DIR=/usr/local/openresty/nginx/conf PARANOIA=1 ANOMALY_INBOUND=5 ANOMALY_OUTBOUND=4 BLOCKING_PARANOIA=1
镜像标签
Taavi Ansper <taaviansperr@gmail.com>: maintainer https://github.com/coreruleset/modsecurity-crs-docker: org.opencontainers.image.source : resty_add_package_builddeps : resty_add_package_rundeps --with-pcre --with-cc-opt='-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include' --with-ld-opt='-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib' : resty_config_deps --with-compat --with-file-aio --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-http_xslt_module=dynamic --with-ipv6 --with-mail --with-mail_ssl_module --with-md5-asm --with-sha1-asm --with-stream --with-stream_ssl_module --with-threads : resty_config_options : resty_config_options_more : resty_eval_post_download_pre_configure : resty_eval_post_make : resty_eval_pre_configure openresty/openresty: resty_fat_image_base 1.25.3.1-alpine-amd64: resty_fat_image_tag alpine: resty_image_base 3.19: resty_image_tag --with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT': resty_luajit_options 3.9.2: resty_luarocks_version 1.1.1f: resty_openssl_patch_version https://www.openssl.org/source: resty_openssl_url_base 1.1.1w: resty_openssl_version --enable-jit: resty_pcre_build_options --with-pcre-jit: resty_pcre_options 4e6ce03e0336e8b4a3d6c2b70b1c5e18590a5673a98186da90d4f33c23defc09: resty_pcre_sha256 8.45: resty_pcre_version 1.25.3.1: resty_version
镜像安全扫描 查看Trivy扫描报告

系统OS: alpine 3.19.1 扫描引擎: Trivy 扫描时间: 2024-12-10 11:30

低危漏洞:6 中危漏洞:47 高危漏洞:9 严重漏洞:2
docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602 (alpine 3.19.1) (alpine) /usr/local/openresty/nginx/conf/server.key ()

Docker拉取命令 无权限下载?点我修复 

docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602
docker tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602  docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602

Containerd拉取命令 

ctr images pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602
ctr images tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602  docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602

Shell快速替换命令 

sed -i 's#owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602#swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602#' deployment.yaml

Ansible快速分发-Docker 

#ansible k8s -m shell -a 'docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602 && docker tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602  docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602'

Ansible快速分发-Containerd 

#ansible k8s -m shell -a 'ctr images pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602 && ctr images tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602  docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602'

镜像构建历史 


# 2024-02-15 02:52:44  0.00B 设置默认要执行的命令
CMD ["/usr/local/openresty/bin/openresty" "-g" "daemon off;"]
                        
# 2024-02-15 02:52:44  0.00B 配置容器启动时运行的命令
ENTRYPOINT ["/docker-entrypoint.sh"]
                        
# 2024-02-15 02:52:44  0.00B 指定检查容器健康状态的命令
HEALTHCHECK &{["CMD-SHELL" "/usr/local/bin/healthcheck"] "0s" "0s" "0s" "0s" '\x00'}
                        
# 2024-02-15 02:52:44  0.00B 声明容器运行时监听的端口
EXPOSE map[80/tcp:{}]
                        
# 2024-02-15 02:52:44  27.45MB 执行命令并创建新的镜像层
RUN |1 MODSEC3_VERSION=3.0.12 /bin/sh -c set -eux;     apk add --no-cache         curl         curl-dev         libfuzzy2         libmaxminddb-dev         libstdc++         libxml2-dev         lmdb-dev         moreutils         tzdata         pcre         pcre2         sed         yajl;     luarocks install lua-resty-openidc;     mkdir /var/log/nginx;     mkdir -p /tmp/modsecurity/data;     mkdir -p /tmp/modsecurity/upload;     mkdir -p /tmp/modsecurity/tmp;     mkdir -p /usr/local/modsecurity;     sed -i 's/^\(SecDisableBackendCompression .*\)/# \1/' /usr/local/openresty/nginx/templates/modsecurity.d/modsecurity-override.conf.template;     ln -s /usr/local/modsecurity/lib/libmodsecurity.so.${MODSEC3_VERSION} /usr/local/modsecurity/lib/libmodsecurity.so.3.0;     ln -s /usr/local/modsecurity/lib/libmodsecurity.so.${MODSEC3_VERSION} /usr/local/modsecurity/lib/libmodsecurity.so.3;     ln -s /usr/local/modsecurity/lib/libmodsecurity.so.${MODSEC3_VERSION} /usr/local/modsecurity/lib/libmodsecurity.so;     ln -sv /opt/owasp-crs /etc/modsecurity.d/;     chmod -R g=u /var/log/ /var/run/ /usr/local/openresty/nginx/ /etc/modsecurity.d/ # buildkit
                        
# 2024-02-15 02:52:39  9.42KB 复制新文件或目录到容器中
COPY openresty/docker-entrypoint.d/*.sh /docker-entrypoint.d/ # buildkit
                        
# 2024-02-15 02:52:39  1.62KB 复制新文件或目录到容器中
COPY openresty/docker-entrypoint.sh / # buildkit
                        
# 2024-02-15 02:52:39  1.07KB 复制新文件或目录到容器中
COPY openresty/templates/nginx.conf.template /usr/local/openresty/nginx/templates # buildkit
                        
# 2024-02-15 02:52:39  8.63KB 复制新文件或目录到容器中
COPY src/opt/modsecurity/activate-rules.sh /docker-entrypoint.d/95-activate-rules.sh # buildkit
                        
# 2024-02-15 02:52:39  953.00B 复制新文件或目录到容器中
COPY src/opt/modsecurity/activate-plugins.sh /docker-entrypoint.d/94-activate-plugins.sh # buildkit
                        
# 2024-02-15 02:52:39  323.00B 复制新文件或目录到容器中
COPY src/bin/healthcheck /usr/local/bin/healthcheck # buildkit
                        
# 2024-02-15 02:52:39  693.00B 复制新文件或目录到容器中
COPY src/etc/modsecurity.d/setup.conf /usr/local/openresty/nginx/templates/modsecurity.d/setup.conf.template # buildkit
                        
# 2024-02-15 02:52:39  1.49KB 复制新文件或目录到容器中
COPY src/etc/modsecurity.d/modsecurity-override.conf /usr/local/openresty/nginx/templates/modsecurity.d/modsecurity-override.conf.template # buildkit
                        
# 2024-02-15 02:52:39  0.00B 复制新文件或目录到容器中
COPY nginx/templates/modsecurity.d /usr/local/openresty/nginx/templates/modsecurity.d # buildkit
                        
# 2024-02-15 02:52:39  1.24KB 复制新文件或目录到容器中
COPY nginx/templates/includes /usr/local/openresty/nginx/templates/includes # buildkit
                        
# 2024-02-15 02:52:39  1.94KB 复制新文件或目录到容器中
COPY nginx/templates/conf.d /usr/local/openresty/nginx/templates/conf.d # buildkit
                        
# 2024-02-15 02:52:39  2.63MB 复制新文件或目录到容器中
COPY /opt/owasp-crs /opt/owasp-crs # buildkit
                        
# 2024-02-15 02:52:39  11.20KB 复制新文件或目录到容器中
COPY /etc/modsecurity.d/modsecurity.conf /etc/modsecurity.d/modsecurity.conf # buildkit
                        
# 2024-02-15 02:52:39  53.15KB 复制新文件或目录到容器中
COPY /etc/modsecurity.d/unicode.mapping /etc/modsecurity.d/unicode.mapping # buildkit
                        
# 2024-02-15 02:52:39  1.44KB 复制新文件或目录到容器中
COPY /usr/share/TLS/dhparam-* /etc/ssl/certs/ # buildkit
                        
# 2024-02-15 02:52:38  1.96KB 复制新文件或目录到容器中
COPY /usr/share/TLS/server.crt /usr/local/openresty/nginx/conf/server.crt # buildkit
                        
# 2024-02-15 02:52:38  3.27KB 复制新文件或目录到容器中
COPY /usr/share/TLS/server.key /usr/local/openresty/nginx/conf/server.key # buildkit
                        
# 2024-02-15 02:52:38  273.97KB 复制新文件或目录到容器中
COPY /usr/local/openresty/nginx/modules/ngx_http_modsecurity_module.so /usr/local/openresty/nginx/modules/ngx_http_modsecurity_module.so # buildkit
                        
# 2024-02-15 02:52:38  2.52MB 复制新文件或目录到容器中
COPY /usr/local/modsecurity/lib/libmodsecurity.so.3.0.12 /usr/local/modsecurity/lib/ # buildkit
                        
# 2024-02-15 02:52:38  0.00B 设置环境变量 ACCESSLOG BACKEND DNS_SERVER ERRORLOG KEEPALIVE_TIMEOUT LOGLEVEL METRICS_ALLOW_FROM METRICS_DENY_FROM METRICSLOG MODSEC_AUDIT_ENGINE MODSEC_AUDIT_LOG_FORMAT MODSEC_AUDIT_LOG_TYPE MODSEC_AUDIT_LOG MODSEC_AUDIT_LOG_PARTS MODSEC_AUDIT_STORAGE MODSEC_DATA_DIR MODSEC_DEBUG_LOG MODSEC_DEBUG_LOGLEVEL MODSEC_DEFAULT_PHASE1_ACTION MODSEC_DEFAULT_PHASE2_ACTION MODSEC_PCRE_MATCH_LIMIT_RECURSION MODSEC_PCRE_MATCH_LIMIT MODSEC_REQ_BODY_ACCESS MODSEC_REQ_BODY_LIMIT MODSEC_REQ_BODY_LIMIT_ACTION MODSEC_REQ_BODY_JSON_DEPTH_LIMIT MODSEC_REQ_BODY_NOFILES_LIMIT MODSEC_RESP_BODY_ACCESS MODSEC_RESP_BODY_LIMIT MODSEC_RESP_BODY_LIMIT_ACTION MODSEC_RESP_BODY_MIMETYPE MODSEC_RULE_ENGINE MODSEC_STATUS_ENGINE MODSEC_TAG MODSEC_TMP_DIR MODSEC_TMP_SAVE_UPLOADED_FILES MODSEC_UPLOAD_DIR PORT NGINX_ALWAYS_TLS_REDIRECT SET_REAL_IP_FROM REAL_IP_HEADER REAL_IP_PROXY_HEADER REAL_IP_RECURSIVE PROXY_SSL PROXY_SSL_CERT PROXY_SSL_CERT_KEY PROXY_SSL_CIPHERS PROXY_SSL_PROTOCOLS PROXY_SSL_VERIFY PROXY_SSL_VERIFY_DEPTH PROXY_TIMEOUT SERVER_NAME SERVER_TOKENS SSL_CERT SSL_CERT_KEY SSL_CIPHERS SSL_DH_BITS SSL_OCSP_STAPLING SSL_PORT SSL_PREFER_CIPHERS SSL_PROTOCOLS SSL_VERIFY SSL_VERIFY_DEPTH WORKER_CONNECTIONS LD_LIBRARY_PATH NGINX_ENVSUBST_OUTPUT_DIR PARANOIA ANOMALY_INBOUND ANOMALY_OUTBOUND BLOCKING_PARANOIA
ENV ACCESSLOG=/var/log/nginx/access.log BACKEND=http://localhost:80 DNS_SERVER= ERRORLOG=/var/log/nginx/error.log KEEPALIVE_TIMEOUT=60s LOGLEVEL=warn METRICS_ALLOW_FROM=127.0.0.0/24 METRICS_DENY_FROM=all METRICSLOG=/dev/null MODSEC_AUDIT_ENGINE=RelevantOnly MODSEC_AUDIT_LOG_FORMAT=JSON MODSEC_AUDIT_LOG_TYPE=Serial MODSEC_AUDIT_LOG=/dev/stdout MODSEC_AUDIT_LOG_PARTS=ABIJDEFHZ MODSEC_AUDIT_STORAGE=/var/log/modsecurity/audit/ MODSEC_DATA_DIR=/tmp/modsecurity/data MODSEC_DEBUG_LOG=/dev/null MODSEC_DEBUG_LOGLEVEL=0 MODSEC_DEFAULT_PHASE1_ACTION=phase:1,pass,log,tag:'${MODSEC_TAG}' MODSEC_DEFAULT_PHASE2_ACTION=phase:2,pass,log,tag:'${MODSEC_TAG}' MODSEC_PCRE_MATCH_LIMIT_RECURSION=100000 MODSEC_PCRE_MATCH_LIMIT=100000 MODSEC_REQ_BODY_ACCESS=on MODSEC_REQ_BODY_LIMIT=13107200 MODSEC_REQ_BODY_LIMIT_ACTION=Reject MODSEC_REQ_BODY_JSON_DEPTH_LIMIT=512 MODSEC_REQ_BODY_NOFILES_LIMIT=131072 MODSEC_RESP_BODY_ACCESS=on MODSEC_RESP_BODY_LIMIT=1048576 MODSEC_RESP_BODY_LIMIT_ACTION=ProcessPartial MODSEC_RESP_BODY_MIMETYPE=text/plain text/html text/xml MODSEC_RULE_ENGINE=on MODSEC_STATUS_ENGINE=Off MODSEC_TAG=modsecurity MODSEC_TMP_DIR=/tmp/modsecurity/tmp MODSEC_TMP_SAVE_UPLOADED_FILES=on MODSEC_UPLOAD_DIR=/tmp/modsecurity/upload PORT=80 NGINX_ALWAYS_TLS_REDIRECT=off SET_REAL_IP_FROM=127.0.0.1 REAL_IP_HEADER=X-REAL-IP REAL_IP_PROXY_HEADER=X-REAL-IP REAL_IP_RECURSIVE=on PROXY_SSL=off PROXY_SSL_CERT=/etc/nginx/conf/proxy.crt PROXY_SSL_CERT_KEY=/etc/nginx/conf/proxy.key PROXY_SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 PROXY_SSL_PROTOCOLS=TLSv1.2 TLSv1.3 PROXY_SSL_VERIFY=off PROXY_SSL_VERIFY_DEPTH=1 PROXY_TIMEOUT=60s SERVER_NAME=localhost SERVER_TOKENS=off SSL_CERT=/etc/nginx/conf/server.crt SSL_CERT_KEY=/etc/nginx/conf/server.key SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSL_DH_BITS=2048 SSL_OCSP_STAPLING=on SSL_PORT=443 SSL_PREFER_CIPHERS=off SSL_PROTOCOLS=TLSv1.2 TLSv1.3 SSL_VERIFY=off SSL_VERIFY_DEPTH=1 WORKER_CONNECTIONS=1024 LD_LIBRARY_PATH=/usr/local/lib:/usr/local/openresty NGINX_ENVSUBST_OUTPUT_DIR=/usr/local/openresty/nginx/conf PARANOIA=1 ANOMALY_INBOUND=5 ANOMALY_OUTBOUND=4 BLOCKING_PARANOIA=1
                        
# 2024-02-15 02:52:38  0.00B 添加元数据标签
LABEL maintainer=Taavi Ansper <taaviansperr@gmail.com>
                        
# 2024-02-15 02:52:38  0.00B 定义构建参数
ARG MODSEC3_VERSION
                        
# 2024-02-05 04:06:03  0.00B 设置环境变量 LUA_CPATH
ENV LUA_CPATH=/usr/local/openresty/site/lualib/?.so;/usr/local/openresty/lualib/?.so;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so
                        
# 2024-02-05 04:06:03  0.00B 设置环境变量 LUA_PATH
ENV LUA_PATH=/usr/local/openresty/site/lualib/?.ljbc;/usr/local/openresty/site/lualib/?/init.ljbc;/usr/local/openresty/lualib/?.ljbc;/usr/local/openresty/lualib/?/init.ljbc;/usr/local/openresty/site/lualib/?.lua;/usr/local/openresty/site/lualib/?/init.lua;/usr/local/openresty/lualib/?.lua;/usr/local/openresty/lualib/?/init.lua;./?.lua;/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/?/init.lua;/usr/local/openresty/luajit/share/lua/5.1/?.lua;/usr/local/openresty/luajit/share/lua/5.1/?/init.lua
                        
# 2024-02-05 04:06:03  272.35MB 执行命令并创建新的镜像层
RUN |3 RESTY_FAT_IMAGE_BASE=openresty/openresty RESTY_FAT_IMAGE_TAG=1.25.3.1-alpine-amd64 RESTY_LUAROCKS_VERSION=3.9.2 /bin/sh -c apk add --no-cache --virtual .build-deps         perl-dev     && apk add --no-cache         bash         build-base         curl         libintl         linux-headers         make         musl         outils-md5         perl         unzip         wget     && cd /tmp     && curl -fSL https://luarocks.github.io/luarocks/releases/luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz -o luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz     && tar xzf luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz     && cd luarocks-${RESTY_LUAROCKS_VERSION}     && ./configure         --prefix=/usr/local/openresty/luajit         --with-lua=/usr/local/openresty/luajit         --lua-suffix=jit-2.1.0-beta3         --with-lua-include=/usr/local/openresty/luajit/include/luajit-2.1     && make build     && make install     && cd /tmp     && rm -rf luarocks-${RESTY_LUAROCKS_VERSION} luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz     && apk add --no-cache --virtual .gettext gettext     && mv /usr/bin/envsubst /tmp/     && apk del .build-deps .gettext     && mv /tmp/envsubst /usr/local/bin/ # buildkit
                        
# 2024-02-05 04:06:03  0.00B 添加元数据标签
LABEL resty_luarocks_version=3.9.2
                        
# 2024-02-05 04:06:03  0.00B 添加元数据标签
LABEL resty_fat_image_tag=1.25.3.1-alpine-amd64
                        
# 2024-02-05 04:06:03  0.00B 添加元数据标签
LABEL resty_fat_image_base=openresty/openresty
                        
# 2024-02-05 04:06:03  0.00B 添加元数据标签
LABEL maintainer=Evan Wies <evan@neomantra.net>
                        
# 2024-02-05 04:06:03  0.00B 定义构建参数
ARG RESTY_LUAROCKS_VERSION=3.9.2
                        
# 2024-02-05 04:06:03  0.00B 定义构建参数
ARG RESTY_FAT_IMAGE_TAG=alpine
                        
# 2024-02-05 04:06:03  0.00B 定义构建参数
ARG RESTY_FAT_IMAGE_BASE=openresty/openresty
                        
# 2024-02-05 00:08:29  0.00B 设置停止容器时发送的系统调用信号
STOPSIGNAL SIGQUIT
                        
# 2024-02-05 00:08:29  0.00B 设置默认要执行的命令
CMD ["/usr/local/openresty/bin/openresty" "-g" "daemon off;"]
                        
# 2024-02-05 00:08:29  1.59KB 复制新文件或目录到容器中
COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf # buildkit
                        
# 2024-02-05 00:08:29  2.99KB 复制新文件或目录到容器中
COPY nginx.conf /usr/local/openresty/nginx/conf/nginx.conf # buildkit
                        
# 2024-02-05 00:08:29  0.00B 设置环境变量 PATH
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin
                        
# 2024-02-05 00:08:29  97.99MB 执行命令并创建新的镜像层
RUN |20 RESTY_IMAGE_BASE=alpine RESTY_IMAGE_TAG=3.19 RESTY_VERSION=1.25.3.1 RESTY_OPENSSL_VERSION=1.1.1w RESTY_OPENSSL_PATCH_VERSION=1.1.1f RESTY_OPENSSL_URL_BASE=https://www.openssl.org/source RESTY_PCRE_VERSION=8.45 RESTY_PCRE_BUILD_OPTIONS=--enable-jit RESTY_PCRE_SHA256=4e6ce03e0336e8b4a3d6c2b70b1c5e18590a5673a98186da90d4f33c23defc09 RESTY_J=1 RESTY_CONFIG_OPTIONS=    --with-compat     --with-file-aio     --with-http_addition_module     --with-http_auth_request_module     --with-http_dav_module     --with-http_flv_module     --with-http_geoip_module=dynamic     --with-http_gunzip_module     --with-http_gzip_static_module     --with-http_image_filter_module=dynamic     --with-http_mp4_module     --with-http_random_index_module     --with-http_realip_module     --with-http_secure_link_module     --with-http_slice_module     --with-http_ssl_module     --with-http_stub_status_module     --with-http_sub_module     --with-http_v2_module     --with-http_v3_module     --with-http_xslt_module=dynamic     --with-ipv6     --with-mail     --with-mail_ssl_module     --with-md5-asm     --with-sha1-asm     --with-stream     --with-stream_ssl_module     --with-threads      RESTY_CONFIG_OPTIONS_MORE= RESTY_LUAJIT_OPTIONS=--with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT' RESTY_PCRE_OPTIONS=--with-pcre-jit RESTY_ADD_PACKAGE_BUILDDEPS= RESTY_ADD_PACKAGE_RUNDEPS= RESTY_EVAL_PRE_CONFIGURE= RESTY_EVAL_POST_DOWNLOAD_PRE_CONFIGURE= RESTY_EVAL_POST_MAKE= _RESTY_CONFIG_DEPS=--with-pcre     --with-cc-opt='-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include'     --with-ld-opt='-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib'      /bin/sh -c apk add --no-cache --virtual .build-deps         build-base         coreutils         curl         gd-dev         geoip-dev         libxslt-dev         linux-headers         make         perl-dev         readline-dev         zlib-dev         ${RESTY_ADD_PACKAGE_BUILDDEPS}     && apk add --no-cache         gd         geoip         libgcc         libxslt         zlib         ${RESTY_ADD_PACKAGE_RUNDEPS}     && cd /tmp     && if [ -n "${RESTY_EVAL_PRE_CONFIGURE}" ]; then eval $(echo ${RESTY_EVAL_PRE_CONFIGURE}); fi     && cd /tmp     && curl -fSL "${RESTY_OPENSSL_URL_BASE}/openssl-${RESTY_OPENSSL_VERSION}.tar.gz" -o openssl-${RESTY_OPENSSL_VERSION}.tar.gz     && tar xzf openssl-${RESTY_OPENSSL_VERSION}.tar.gz     && cd openssl-${RESTY_OPENSSL_VERSION}     && if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.1" ] ; then         echo 'patching OpenSSL 1.1.1 for OpenResty'         && curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ;     fi     && if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.0" ] ; then         echo 'patching OpenSSL 1.1.0 for OpenResty'         && curl -s https://raw.githubusercontent.com/openresty/openresty/ed328977028c3ec3033bc25873ee360056e247cd/patches/openssl-1.1.0j-parallel_build_fix.patch | patch -p1         && curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ;     fi     && ./config       no-threads shared zlib -g       enable-ssl3 enable-ssl3-method       --prefix=/usr/local/openresty/openssl       --libdir=lib       -Wl,-rpath,/usr/local/openresty/openssl/lib     && make -j${RESTY_J}     && make -j${RESTY_J} install_sw     && cd /tmp     && curl -fSL https://downloads.sourceforge.net/project/pcre/pcre/${RESTY_PCRE_VERSION}/pcre-${RESTY_PCRE_VERSION}.tar.gz -o pcre-${RESTY_PCRE_VERSION}.tar.gz     && echo "${RESTY_PCRE_SHA256}  pcre-${RESTY_PCRE_VERSION}.tar.gz" | shasum -a 256 --check     && tar xzf pcre-${RESTY_PCRE_VERSION}.tar.gz     && cd /tmp/pcre-${RESTY_PCRE_VERSION}     && ./configure         --prefix=/usr/local/openresty/pcre         --disable-cpp         --enable-utf         --enable-unicode-properties         ${RESTY_PCRE_BUILD_OPTIONS}     && make -j${RESTY_J}     && make -j${RESTY_J} install     && cd /tmp     && curl -fSL https://openresty.org/download/openresty-${RESTY_VERSION}.tar.gz -o openresty-${RESTY_VERSION}.tar.gz     && tar xzf openresty-${RESTY_VERSION}.tar.gz     && cd /tmp/openresty-${RESTY_VERSION}     && if [ -n "${RESTY_EVAL_POST_DOWNLOAD_PRE_CONFIGURE}" ]; then eval $(echo ${RESTY_EVAL_POST_DOWNLOAD_PRE_CONFIGURE}); fi     && eval ./configure -j${RESTY_J} ${_RESTY_CONFIG_DEPS} ${RESTY_CONFIG_OPTIONS} ${RESTY_CONFIG_OPTIONS_MORE} ${RESTY_LUAJIT_OPTIONS} ${RESTY_PCRE_OPTIONS}     && make -j${RESTY_J}     && make -j${RESTY_J} install     && cd /tmp     && if [ -n "${RESTY_EVAL_POST_MAKE}" ]; then eval $(echo ${RESTY_EVAL_POST_MAKE}); fi     && rm -rf         openssl-${RESTY_OPENSSL_VERSION}.tar.gz openssl-${RESTY_OPENSSL_VERSION}         pcre-${RESTY_PCRE_VERSION}.tar.gz pcre-${RESTY_PCRE_VERSION}         openresty-${RESTY_VERSION}.tar.gz openresty-${RESTY_VERSION}     && apk del .build-deps     && mkdir -p /var/run/openresty     && ln -sf /dev/stdout /usr/local/openresty/nginx/logs/access.log     && ln -sf /dev/stderr /usr/local/openresty/nginx/logs/error.log # buildkit
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_pcre_options=--with-pcre-jit
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_luajit_options=--with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT'
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_eval_post_make=
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_eval_post_download_pre_configure=
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_eval_pre_configure=
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_add_package_rundeps=
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_add_package_builddeps=
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_config_deps=--with-pcre     --with-cc-opt='-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include'     --with-ld-opt='-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib'     
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_config_options_more=
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_config_options=    --with-compat     --with-file-aio     --with-http_addition_module     --with-http_auth_request_module     --with-http_dav_module     --with-http_flv_module     --with-http_geoip_module=dynamic     --with-http_gunzip_module     --with-http_gzip_static_module     --with-http_image_filter_module=dynamic     --with-http_mp4_module     --with-http_random_index_module     --with-http_realip_module     --with-http_secure_link_module     --with-http_slice_module     --with-http_ssl_module     --with-http_stub_status_module     --with-http_sub_module     --with-http_v2_module     --with-http_v3_module     --with-http_xslt_module=dynamic     --with-ipv6     --with-mail     --with-mail_ssl_module     --with-md5-asm     --with-sha1-asm     --with-stream     --with-stream_ssl_module     --with-threads     
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_pcre_sha256=4e6ce03e0336e8b4a3d6c2b70b1c5e18590a5673a98186da90d4f33c23defc09
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_pcre_build_options=--enable-jit
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_pcre_version=8.45
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_openssl_url_base=https://www.openssl.org/source
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_openssl_patch_version=1.1.1f
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_openssl_version=1.1.1w
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_version=1.25.3.1
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_image_tag=3.19
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL resty_image_base=alpine
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG _RESTY_CONFIG_DEPS=--with-pcre     --with-cc-opt='-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include'     --with-ld-opt='-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib'     
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_EVAL_POST_MAKE=
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_EVAL_POST_DOWNLOAD_PRE_CONFIGURE=
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_EVAL_PRE_CONFIGURE=
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_ADD_PACKAGE_RUNDEPS=
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_ADD_PACKAGE_BUILDDEPS=
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_PCRE_OPTIONS=--with-pcre-jit
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_LUAJIT_OPTIONS=--with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT'
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_CONFIG_OPTIONS_MORE=
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_CONFIG_OPTIONS=    --with-compat     --with-file-aio     --with-http_addition_module     --with-http_auth_request_module     --with-http_dav_module     --with-http_flv_module     --with-http_geoip_module=dynamic     --with-http_gunzip_module     --with-http_gzip_static_module     --with-http_image_filter_module=dynamic     --with-http_mp4_module     --with-http_random_index_module     --with-http_realip_module     --with-http_secure_link_module     --with-http_slice_module     --with-http_ssl_module     --with-http_stub_status_module     --with-http_sub_module     --with-http_v2_module     --with-http_v3_module     --with-http_xslt_module=dynamic     --with-ipv6     --with-mail     --with-mail_ssl_module     --with-md5-asm     --with-sha1-asm     --with-stream     --with-stream_ssl_module     --with-threads     
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_J=1
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_PCRE_SHA256=4e6ce03e0336e8b4a3d6c2b70b1c5e18590a5673a98186da90d4f33c23defc09
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_PCRE_BUILD_OPTIONS=--enable-jit
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_PCRE_VERSION=8.45
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_OPENSSL_URL_BASE=https://www.openssl.org/source
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_OPENSSL_PATCH_VERSION=1.1.1f
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_OPENSSL_VERSION=1.1.1w
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_VERSION=1.25.3.1
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_IMAGE_TAG=3.19
                        
# 2024-02-05 00:08:29  0.00B 定义构建参数
ARG RESTY_IMAGE_BASE=alpine
                        
# 2024-02-05 00:08:29  0.00B 添加元数据标签
LABEL maintainer=Evan Wies <evan@neomantra.net>
                        
# 2024-01-27 08:30:48  0.00B 
/bin/sh -c #(nop)  CMD ["/bin/sh"]
                        
# 2024-01-27 08:30:48  7.38MB 
/bin/sh -c #(nop) ADD file:37a76ec18f9887751cd8473744917d08b7431fc4085097bb6a09d81b41775473 in /

镜像信息 

{
    "Id": "sha256:d524b8e513aeddf53e8eaeab1ed0e3ede63ea30a81ceda287052033f95f15b51",
    "RepoTags": [
        "owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602",
        "swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602"
    ],
    "RepoDigests": [
        "owasp/modsecurity-crs@sha256:2b1d430cca6641aae85ef3cfa0d1bfef8b1c513ef755ead5a89307a9ba4b3935",
        "swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs@sha256:5cc3eaeec98872718cc622471cd9d3c28702b2e44ad44f9ad94405a973712cd2"
    ],
    "Parent": "",
    "Comment": "buildkit.dockerfile.v0",
    "Created": "2024-02-14T18:52:44.877782071Z",
    "Container": "",
    "ContainerConfig": null,
    "DockerVersion": "",
    "Author": "",
    "Config": {
        "Hostname": "",
        "Domainname": "",
        "User": "",
        "AttachStdin": false,
        "AttachStdout": false,
        "AttachStderr": false,
        "ExposedPorts": {
            "80/tcp": {}
        },
        "Tty": false,
        "OpenStdin": false,
        "StdinOnce": false,
        "Env": [
            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin",
            "LUA_PATH=/usr/local/openresty/site/lualib/?.ljbc;/usr/local/openresty/site/lualib/?/init.ljbc;/usr/local/openresty/lualib/?.ljbc;/usr/local/openresty/lualib/?/init.ljbc;/usr/local/openresty/site/lualib/?.lua;/usr/local/openresty/site/lualib/?/init.lua;/usr/local/openresty/lualib/?.lua;/usr/local/openresty/lualib/?/init.lua;./?.lua;/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/?/init.lua;/usr/local/openresty/luajit/share/lua/5.1/?.lua;/usr/local/openresty/luajit/share/lua/5.1/?/init.lua",
            "LUA_CPATH=/usr/local/openresty/site/lualib/?.so;/usr/local/openresty/lualib/?.so;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so",
            "ACCESSLOG=/var/log/nginx/access.log",
            "BACKEND=http://localhost:80",
            "DNS_SERVER=",
            "ERRORLOG=/var/log/nginx/error.log",
            "KEEPALIVE_TIMEOUT=60s",
            "LOGLEVEL=warn",
            "METRICS_ALLOW_FROM=127.0.0.0/24",
            "METRICS_DENY_FROM=all",
            "METRICSLOG=/dev/null",
            "MODSEC_AUDIT_ENGINE=RelevantOnly",
            "MODSEC_AUDIT_LOG_FORMAT=JSON",
            "MODSEC_AUDIT_LOG_TYPE=Serial",
            "MODSEC_AUDIT_LOG=/dev/stdout",
            "MODSEC_AUDIT_LOG_PARTS=ABIJDEFHZ",
            "MODSEC_AUDIT_STORAGE=/var/log/modsecurity/audit/",
            "MODSEC_DATA_DIR=/tmp/modsecurity/data",
            "MODSEC_DEBUG_LOG=/dev/null",
            "MODSEC_DEBUG_LOGLEVEL=0",
            "MODSEC_DEFAULT_PHASE1_ACTION=phase:1,pass,log,tag:'${MODSEC_TAG}'",
            "MODSEC_DEFAULT_PHASE2_ACTION=phase:2,pass,log,tag:'${MODSEC_TAG}'",
            "MODSEC_PCRE_MATCH_LIMIT_RECURSION=100000",
            "MODSEC_PCRE_MATCH_LIMIT=100000",
            "MODSEC_REQ_BODY_ACCESS=on",
            "MODSEC_REQ_BODY_LIMIT=13107200",
            "MODSEC_REQ_BODY_LIMIT_ACTION=Reject",
            "MODSEC_REQ_BODY_JSON_DEPTH_LIMIT=512",
            "MODSEC_REQ_BODY_NOFILES_LIMIT=131072",
            "MODSEC_RESP_BODY_ACCESS=on",
            "MODSEC_RESP_BODY_LIMIT=1048576",
            "MODSEC_RESP_BODY_LIMIT_ACTION=ProcessPartial",
            "MODSEC_RESP_BODY_MIMETYPE=text/plain text/html text/xml",
            "MODSEC_RULE_ENGINE=on",
            "MODSEC_STATUS_ENGINE=Off",
            "MODSEC_TAG=modsecurity",
            "MODSEC_TMP_DIR=/tmp/modsecurity/tmp",
            "MODSEC_TMP_SAVE_UPLOADED_FILES=on",
            "MODSEC_UPLOAD_DIR=/tmp/modsecurity/upload",
            "PORT=80",
            "NGINX_ALWAYS_TLS_REDIRECT=off",
            "SET_REAL_IP_FROM=127.0.0.1",
            "REAL_IP_HEADER=X-REAL-IP",
            "REAL_IP_PROXY_HEADER=X-REAL-IP",
            "REAL_IP_RECURSIVE=on",
            "PROXY_SSL=off",
            "PROXY_SSL_CERT=/etc/nginx/conf/proxy.crt",
            "PROXY_SSL_CERT_KEY=/etc/nginx/conf/proxy.key",
            "PROXY_SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
            "PROXY_SSL_PROTOCOLS=TLSv1.2 TLSv1.3",
            "PROXY_SSL_VERIFY=off",
            "PROXY_SSL_VERIFY_DEPTH=1",
            "PROXY_TIMEOUT=60s",
            "SERVER_NAME=localhost",
            "SERVER_TOKENS=off",
            "SSL_CERT=/etc/nginx/conf/server.crt",
            "SSL_CERT_KEY=/etc/nginx/conf/server.key",
            "SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
            "SSL_DH_BITS=2048",
            "SSL_OCSP_STAPLING=on",
            "SSL_PORT=443",
            "SSL_PREFER_CIPHERS=off",
            "SSL_PROTOCOLS=TLSv1.2 TLSv1.3",
            "SSL_VERIFY=off",
            "SSL_VERIFY_DEPTH=1",
            "WORKER_CONNECTIONS=1024",
            "LD_LIBRARY_PATH=/usr/local/lib:/usr/local/openresty",
            "NGINX_ENVSUBST_OUTPUT_DIR=/usr/local/openresty/nginx/conf",
            "PARANOIA=1",
            "ANOMALY_INBOUND=5",
            "ANOMALY_OUTBOUND=4",
            "BLOCKING_PARANOIA=1"
        ],
        "Cmd": [
            "/usr/local/openresty/bin/openresty",
            "-g",
            "daemon off;"
        ],
        "Healthcheck": {
            "Test": [
                "CMD-SHELL",
                "/usr/local/bin/healthcheck"
            ]
        },
        "ArgsEscaped": true,
        "Image": "",
        "Volumes": null,
        "WorkingDir": "",
        "Entrypoint": [
            "/docker-entrypoint.sh"
        ],
        "OnBuild": null,
        "Labels": {
            "maintainer": "Taavi Ansper \u003ctaaviansperr@gmail.com\u003e",
            "org.opencontainers.image.source": "https://github.com/coreruleset/modsecurity-crs-docker",
            "resty_add_package_builddeps": "",
            "resty_add_package_rundeps": "",
            "resty_config_deps": "--with-pcre     --with-cc-opt='-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include'     --with-ld-opt='-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib'     ",
            "resty_config_options": "    --with-compat     --with-file-aio     --with-http_addition_module     --with-http_auth_request_module     --with-http_dav_module     --with-http_flv_module     --with-http_geoip_module=dynamic     --with-http_gunzip_module     --with-http_gzip_static_module     --with-http_image_filter_module=dynamic     --with-http_mp4_module     --with-http_random_index_module     --with-http_realip_module     --with-http_secure_link_module     --with-http_slice_module     --with-http_ssl_module     --with-http_stub_status_module     --with-http_sub_module     --with-http_v2_module     --with-http_v3_module     --with-http_xslt_module=dynamic     --with-ipv6     --with-mail     --with-mail_ssl_module     --with-md5-asm     --with-sha1-asm     --with-stream     --with-stream_ssl_module     --with-threads     ",
            "resty_config_options_more": "",
            "resty_eval_post_download_pre_configure": "",
            "resty_eval_post_make": "",
            "resty_eval_pre_configure": "",
            "resty_fat_image_base": "openresty/openresty",
            "resty_fat_image_tag": "1.25.3.1-alpine-amd64",
            "resty_image_base": "alpine",
            "resty_image_tag": "3.19",
            "resty_luajit_options": "--with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT'",
            "resty_luarocks_version": "3.9.2",
            "resty_openssl_patch_version": "1.1.1f",
            "resty_openssl_url_base": "https://www.openssl.org/source",
            "resty_openssl_version": "1.1.1w",
            "resty_pcre_build_options": "--enable-jit",
            "resty_pcre_options": "--with-pcre-jit",
            "resty_pcre_sha256": "4e6ce03e0336e8b4a3d6c2b70b1c5e18590a5673a98186da90d4f33c23defc09",
            "resty_pcre_version": "8.45",
            "resty_version": "1.25.3.1"
        },
        "StopSignal": "SIGQUIT"
    },
    "Architecture": "amd64",
    "Os": "linux",
    "Size": 410692631,
    "GraphDriver": {
        "Data": {
            "LowerDir": "/var/lib/docker/overlay2/327e0b03bd96ce53d9b233ccbd2612292cd8ca68a92e723beba5cafe2f7bb652/diff:/var/lib/docker/overlay2/a60e388d4dbf534ec3e9111bed827398750ed4b0af3dfbffcf2de0210a407ccb/diff:/var/lib/docker/overlay2/db0ae55deae75a240f629e7e1821b648101c2234dfc272d7cb8655707cb9dca9/diff:/var/lib/docker/overlay2/e15cc6482b74ab2b1ec028a0b680043d6d2857bbb70b9f96d357e1f83fcaba2e/diff:/var/lib/docker/overlay2/c773809775665eb85806b58c89492d03b056c97c9707b999a46e94e98ab06e5a/diff:/var/lib/docker/overlay2/7568416ff80266bc3582c5de0baec757c06f5f91deac9b83358dcf5dee04cac0/diff:/var/lib/docker/overlay2/a3b69585a1d2506b2b0ff98acccf84fa9b8464543fb1ae1b9dfab84529cb1552/diff:/var/lib/docker/overlay2/7e5963e8a67996eabe10cebcd94c1063c160d637a2c6b2859f51ff7b96145a5f/diff:/var/lib/docker/overlay2/3b52baa815aebe6703c90db06d92e391613af3f0cb10bfcbfa842221bdfe50ee/diff:/var/lib/docker/overlay2/0981e69acd6e24006fda8d9a0689b5409428542a6207131e56adfdf011a2e5f0/diff:/var/lib/docker/overlay2/3595a8d941664186006206a4be1363748d37dbe8d7873cb4410d507c0151a381/diff:/var/lib/docker/overlay2/ee54d1f1dd9c217186779a20b244191b67d308d4a0639b8a15e06ed62b3cc616/diff:/var/lib/docker/overlay2/bc71b2484b1169649ad94db33d0f6e2a6a4e53dc6275477174a37b8d6b755b50/diff:/var/lib/docker/overlay2/b38e706842583d6a24e1168b13bd4d27ebefe53337d135d44f84cb151ecb42b4/diff:/var/lib/docker/overlay2/4d9ca867e23c436c305be972683d651625c88c1a316e722d6c2cc81c6f37c64a/diff:/var/lib/docker/overlay2/65f006f6729ca8145c23907d73215d9562914e24fc87c41fce679104b91a7c6e/diff:/var/lib/docker/overlay2/c1d3c7169576e1b5ebfcffcf23c56f883c2cb935254f6d5861e6f5fdff3db5f7/diff:/var/lib/docker/overlay2/40c11788243733baa67746b1b20e886639da444af9b4a944b39a75fd6b670411/diff:/var/lib/docker/overlay2/4e86ee7b8765eb9b3366e4886abce2445e6d0cc1e59056269a1583959ee32d12/diff:/var/lib/docker/overlay2/bbf8eca9e626353e316288fbeda270e0c7afda0bb97c1d08331a098c12bafdc4/diff:/var/lib/docker/overlay2/0697d55fec15b706c1fe40e1a8c559b209a35185e496a6e5d501bb1f6a9a732b/diff:/var/lib/docker/overlay2/fecb86c747f078f895588cdf5a760979a6615b0fe82484ba9518f25f03296bf5/diff:/var/lib/docker/overlay2/07b7e40bc4d96f4faef20c0cd28ad8f96e9db8b1e7e2de54260f6492dce9e3a7/diff:/var/lib/docker/overlay2/05020cdd716af9042a848dfa1a82562fa9510169a4d19fd27c55bee01abe28d6/diff",
            "MergedDir": "/var/lib/docker/overlay2/70aa5f1f6a3aeca5bfd1647de061dfcc79aa86354cb91833ff5da482db18f1e1/merged",
            "UpperDir": "/var/lib/docker/overlay2/70aa5f1f6a3aeca5bfd1647de061dfcc79aa86354cb91833ff5da482db18f1e1/diff",
            "WorkDir": "/var/lib/docker/overlay2/70aa5f1f6a3aeca5bfd1647de061dfcc79aa86354cb91833ff5da482db18f1e1/work"
        },
        "Name": "overlay2"
    },
    "RootFS": {
        "Type": "layers",
        "Layers": [
            "sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820",
            "sha256:561dd9e76bc927b19e6f8f19c19ea5291e443bf33d2c28ee7591242fd60d2d55",
            "sha256:e9986d10ffd0dab15a6127c588287dc3702bd9189e93595a171f7196bb44341e",
            "sha256:f3c517a5002327f428254bf7d9e6730b568b7bde8f41a5573b6323984c835662",
            "sha256:7e839c51368423f4a9aac44b18f04758ee897b5274acc783b7c4c62a56747c38",
            "sha256:4c86d8eb99ac82ca6741e7f62af831866c823973895facddf57dae5d9ac1c9cf",
            "sha256:ac2ce00c946304ac428896e2633070673ad2a148426ef7637c5897fff5d9ec69",
            "sha256:463cfcdad21776019711c5329b13dfbe52d1e92e8d85d3d6355b08b2a26798da",
            "sha256:037ce8dce3bff9528d34d83754711518a25fd6b06d62c211300e02ece035fea8",
            "sha256:43e0a36d66781dda765f4eebe820e5e75261544241f89b2bf83ec6e69a918454",
            "sha256:4517692b67a2971363bad7b165f3e28a642f6c5ee805509fc07f9c33fdf6a7c2",
            "sha256:2da9babaaa7872355b89f03c611d4cf721a549b1734f50bea07f2dd195f3f8ee",
            "sha256:e28dd85bbe44521f91e61f08d5ac12228ea9253b8c0a8d441841da834a997e7b",
            "sha256:9dde46a2b241feff8842a0d39c8ec47ced951d2111bd1bc51ee981a895f73710",
            "sha256:d387fcae6f2d76e2d34ae06441295cf17ffb778ff737d281ef9ef2683e6073d8",
            "sha256:4b2543ca5cda5874b7e9c10d0a15a4c7643ab17d4a767b4ebc34c511ad435dfa",
            "sha256:9270227f29357b5a95b7e125757418f71fe40a13eff2980d6859f11f7fbdb2ef",
            "sha256:dc92f6a8cb7a74c305f1e59dadf740d146fe29a06c66b7110c85cc40a471fb77",
            "sha256:66d9c4eb7203856bd800c32339ffc002f27438f7c281bc667466ea1d88807860",
            "sha256:f901a4bf960e5c6becb5226e7a2a1269457dbb8884c82a9628568ce987bf400c",
            "sha256:8c426da7115593791c6761447427b702475febd68cd1604d79e36ce980ac6e02",
            "sha256:a55c161af26ee1e5d6bcacf8200791827f4827f620016e51d4e7085f5b59af5d",
            "sha256:322a3c1ff4ec214f6f76a990645e6c645fd1c27176bbd157da1f07e5e7e4cfcc",
            "sha256:6acda594669ea412881a417b638b37185051b016832763bb07965ac91f3c4ec4",
            "sha256:6f64a25f20393c663df579a9f234c5bc75b1f12dffc7735a6c6703a4498cc13b"
        ]
    },
    "Metadata": {
        "LastTagTime": "2024-12-10T11:30:10.203645093+08:00"
    }
}

更多版本

docker.io/owasp/modsecurity-crs:nginx

linux/amd64 docker.io275.82MB2024-11-14 14:55
54

docker.io/owasp/modsecurity-crs:openresty-alpine-fat

linux/amd64 docker.io425.81MB2024-12-09 18:07
26

docker.io/owasp/modsecurity-crs:4.9.0-openresty-alpine-fat-202412090512

linux/amd64 docker.io425.81MB2024-12-10 10:38
31

docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602

linux/amd64 docker.io410.69MB2024-12-10 11:30
26