docker.io/owasp/modsecurity-crs:nginx linux/amd64

docker.io/owasp/modsecurity-crs:nginx - 国内下载镜像源浏览次数:85

使用中文描述如下： OWASP ModSecurity Core Rule Set镜像提供ModSecurity Core Rule Set，用于保护 web 应用免受攻击和加速安全扫描。

源镜像	docker.io/owasp/modsecurity-crs:nginx
国内镜像	swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx
镜像ID	sha256:9cee9689df8f54e483e55b02e4cb7f39fd050adb98ac2055b57973f664f4e090
镜像TAG	nginx
大小	275.82MB
镜像源	docker.io
项目信息	Docker-Hub主页 🚀项目TAG 🚀
CMD	nginx -g daemon off;
启动入口	/docker-entrypoint.sh
工作目录
OS/平台	linux/amd64
浏览量	85 次
贡献者
镜像创建	2024-11-07T10:26:54.702536814Z
同步时间	2024-11-14 14:55
更新时间	2025-02-05 07:05

开放端口

8080/tcp

环境变量

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin NGINX_VERSION=1.27.2 NJS_VERSION=0.8.6 NJS_RELEASE=1~bookworm PKG_RELEASE=1~bookworm DYNPKG_RELEASE=1~bookworm ACCESSLOG=/var/log/nginx/access.log BACKEND=http://localhost:80 DNS_SERVER= ERRORLOG=/var/log/nginx/error.log KEEPALIVE_TIMEOUT=60s LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib LOGLEVEL=warn METRICS_ALLOW_FROM=127.0.0.0/24 METRICS_DENY_FROM=all METRICSLOG=/dev/null MODSEC_ARGUMENT_SEPARATOR=& MODSEC_ARGUMENTS_LIMIT=1000 MODSEC_AUDIT_ENGINE=RelevantOnly MODSEC_AUDIT_LOG=/dev/stdout MODSEC_AUDIT_LOG_FORMAT=JSON MODSEC_AUDIT_LOG_PARTS=ABIJDEFHZ MODSEC_AUDIT_LOG_RELEVANT_STATUS=^(?:5|4(?!04)) MODSEC_AUDIT_LOG_TYPE=Serial MODSEC_COOKIE_FORMAT=0 MODSEC_AUDIT_STORAGE_DIR=/var/log/modsecurity/audit/ MODSEC_DATA_DIR=/tmp/modsecurity/data MODSEC_DEBUG_LOG=/dev/null MODSEC_DEBUG_LOGLEVEL=0 MODSEC_DEFAULT_PHASE1_ACTION=phase:1,pass,log,tag:'${MODSEC_TAG}' MODSEC_DEFAULT_PHASE2_ACTION=phase:2,pass,log,tag:'${MODSEC_TAG}' MODSEC_DISABLE_BACKEND_COMPRESSION=Off MODSEC_PCRE_MATCH_LIMIT=100000 MODSEC_PCRE_MATCH_LIMIT_RECURSION=100000 MODSEC_REQ_BODY_ACCESS=on MODSEC_REQ_BODY_JSON_DEPTH_LIMIT=512 MODSEC_REQ_BODY_LIMIT=13107200 MODSEC_REQ_BODY_LIMIT_ACTION=Reject MODSEC_REQ_BODY_NOFILES_LIMIT=131072 MODSEC_RESP_BODY_ACCESS=on MODSEC_RESP_BODY_LIMIT=1048576 MODSEC_RESP_BODY_LIMIT_ACTION=ProcessPartial MODSEC_RESP_BODY_MIMETYPE=text/plain text/html text/xml MODSEC_RULE_ENGINE=on MODSEC_STATUS_ENGINE=Off MODSEC_TAG=modsecurity MODSEC_TMP_DIR=/tmp/modsecurity/tmp MODSEC_TMP_SAVE_UPLOADED_FILES=on MODSEC_UNICODE_MAPPING=20127 MODSEC_UPLOAD_DIR=/tmp/modsecurity/upload MODSEC_UPLOAD_FILE_MODE=0600 MODSEC_UPLOAD_KEEP_FILES=Off NGINX_ALWAYS_TLS_REDIRECT=off NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx PORT=8080 PROXY_SSL_CERT=/etc/nginx/conf/proxy.crt PROXY_SSL_CERT_KEY=/etc/nginx/conf/proxy.key PROXY_SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 PROXY_SSL=off PROXY_SSL_PROTOCOLS=TLSv1.2 TLSv1.3 PROXY_SSL_VERIFY_DEPTH=1 PROXY_SSL_VERIFY=off PROXY_TIMEOUT=60s REAL_IP_HEADER=X-REAL-IP REAL_IP_PROXY_HEADER=X-REAL-IP REAL_IP_RECURSIVE=on SERVER_NAME=localhost SERVER_TOKENS=off SET_REAL_IP_FROM=127.0.0.1 SSL_CERT=/etc/nginx/conf/server.crt SSL_CERT_KEY=/etc/nginx/conf/server.key SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSL_DH_BITS=2048 SSL_OCSP_STAPLING=on SSL_PORT=8443 SSL_PREFER_CIPHERS=off SSL_PROTOCOLS=TLSv1.2 TLSv1.3 SSL_VERIFY_DEPTH=1 SSL_VERIFY=off WORKER_CONNECTIONS=1024 PARANOIA=1 ANOMALY_INBOUND=5 ANOMALY_OUTBOUND=4 BLOCKING_PARANOIA=1

镜像标签

Felipe Zipitria <felipe.zipitria@owasp.org>: maintainer 2024-11-04T00:08:29.462Z: org.opencontainers.image.created Unprivileged NGINX Dockerfiles: org.opencontainers.image.description Apache-2.0: org.opencontainers.image.licenses 69dec3fc07d2e604fa4fde8b18513dd406fc747a: org.opencontainers.image.revision https://github.com/coreruleset/modsecurity-crs-docker: org.opencontainers.image.source docker-nginx-unprivileged: org.opencontainers.image.title https://github.com/nginxinc/docker-nginx-unprivileged: org.opencontainers.image.url 1.27.2: org.opencontainers.image.version

阿里云高校计划(￥300代金券)领取

阿里云2核2G高性能云服务器 99元/年❤️

华为云2核4G2M云服务器，惊爆价99元1年

腾讯云2核2G云服务器，惊爆价99元1年

Ucloud 2核2G4M 59元/年❤️ 香港专线400G流量/月服务器 93元/年❤️

GPU创意AI画图炼丹服务器

GPT人工智能60G学习资料❤️

Docker拉取命令无权限下载?点我修复

docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx
docker tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx  docker.io/owasp/modsecurity-crs:nginx

Containerd拉取命令

ctr images pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx
ctr images tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx  docker.io/owasp/modsecurity-crs:nginx

Shell快速替换命令

sed -i 's#owasp/modsecurity-crs:nginx#swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx#' deployment.yaml

Ansible快速分发-Docker

#ansible k8s -m shell -a 'docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx && docker tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx  docker.io/owasp/modsecurity-crs:nginx'

Ansible快速分发-Containerd

#ansible k8s -m shell -a 'ctr images pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx && ctr images tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx  docker.io/owasp/modsecurity-crs:nginx'

镜像构建历史


# 2024-11-07 18:26:54  0.00B 指定检查容器健康状态的命令
HEALTHCHECK &{["CMD-SHELL" "/usr/local/bin/healthcheck"] "0s" "0s" "0s" "0s" '\x00'}
                        
# 2024-11-07 18:26:54  0.00B 执行命令并创建新的镜像层
RUN |4 MODSEC3_VERSION=3.0.13 LMDB_VERSION=0.9.29 LUA_VERSION=5.3 LUA_MODULES=lua-zlib lua-socket /bin/sh -c mkdir -p /tmp/modsecurity/data;     mkdir -p /tmp/modsecurity/upload;     mkdir -p /tmp/modsecurity/tmp # buildkit
                        
# 2024-11-07 18:26:54  0.00B 指定运行容器时使用的用户
USER nginx
                        
# 2024-11-07 18:26:54  80.44MB 执行命令并创建新的镜像层
RUN |4 MODSEC3_VERSION=3.0.13 LMDB_VERSION=0.9.29 LUA_VERSION=5.3 LUA_MODULES=lua-zlib lua-socket /bin/sh -c set -eux;     echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections;     apt-get update -qq;     LD_LIBRARY_PATH="" apt-get install -y -qq --no-install-recommends --no-install-suggests         ca-certificates         curl         libcurl4-gnutls-dev         libfuzzy2         liblua${LUA_VERSION}         ${LUA_MODULES}         libxml2         libyajl2         libmaxminddb-dev         moreutils;     rm -rf /var/lib/apt/lists/*;     apt-get clean;     mkdir /etc/nginx/ssl;     sed -i 's/^\(SecDisableBackendCompression .*\)/# \1/' /etc/nginx/templates/modsecurity.d/modsecurity-override.conf.template;     ln -s /usr/local/modsecurity/lib/libmodsecurity.so.${MODSEC3_VERSION} /usr/local/modsecurity/lib/libmodsecurity.so.3.0;     ln -s /usr/local/modsecurity/lib/libmodsecurity.so.${MODSEC3_VERSION} /usr/local/modsecurity/lib/libmodsecurity.so.3;     ln -s /usr/local/modsecurity/lib/libmodsecurity.so.${MODSEC3_VERSION} /usr/local/modsecurity/lib/libmodsecurity.so;     ln -sv /opt/owasp-crs /etc/modsecurity.d/;     chown nginx:nginx /opt/owasp-crs /etc/modsecurity.d # buildkit
                        
# 2024-11-07 18:26:46  0.00B 指定运行容器时使用的用户
USER root
                        
# 2024-11-07 18:26:46  2.20KB 复制新文件或目录到容器中
COPY src/bin/* /usr/local/bin/ # buildkit
                        
# 2024-11-07 18:26:46  3.56KB 复制新文件或目录到容器中
COPY nginx/templates /etc/nginx/templates/ # buildkit
                        
# 2024-11-07 18:26:46  9.06KB 复制新文件或目录到容器中
COPY src/opt/modsecurity/activate-rules.sh /docker-entrypoint.d/95-activate-rules.sh # buildkit
                        
# 2024-11-07 18:26:46  953.00B 复制新文件或目录到容器中
COPY src/opt/modsecurity/activate-plugins.sh /docker-entrypoint.d/94-activate-plugins.sh # buildkit
                        
# 2024-11-07 18:26:46  1.91KB 复制新文件或目录到容器中
COPY nginx/docker-entrypoint.d/*.sh /docker-entrypoint.d/ # buildkit
                        
# 2024-11-07 18:26:46  693.00B 复制新文件或目录到容器中
COPY src/etc/modsecurity.d/setup.conf /etc/nginx/templates/modsecurity.d/setup.conf.template # buildkit
                        
# 2024-11-07 18:26:46  93.00B 复制新文件或目录到容器中
COPY src/etc/modsecurity.d/modsecurity-override.conf /etc/nginx/templates/modsecurity.d/modsecurity-override.conf.template # buildkit
                        
# 2024-11-07 18:26:46  3.57KB 复制新文件或目录到容器中
COPY src/etc/modsecurity.d/modsecurity.conf /etc/nginx/templates/modsecurity.d/modsecurity.conf.template # buildkit
                        
# 2024-11-07 18:26:46  1.04MB 复制新文件或目录到容器中
COPY /opt/owasp-crs /opt/owasp-crs # buildkit
                        
# 2024-11-07 18:26:46  53.15KB 复制新文件或目录到容器中
COPY /etc/modsecurity.d/unicode.mapping /etc/modsecurity.d/unicode.mapping # buildkit
                        
# 2024-11-07 18:26:46  1.19KB 复制新文件或目录到容器中
COPY /usr/share/TLS/dhparam-* /etc/ssl/certs/ # buildkit
                        
# 2024-11-07 18:26:46  88.78KB 复制新文件或目录到容器中
COPY /usr/local/lib/liblmdb.so /usr/local/lib/ # buildkit
                        
# 2024-11-07 18:26:46  23.98KB 复制新文件或目录到容器中
COPY /etc/nginx/modules/ngx_http_modsecurity_module.so /etc/nginx/modules/ngx_http_modsecurity_module.so # buildkit
                        
# 2024-11-07 18:26:46  2.47MB 复制新文件或目录到容器中
COPY /usr/local/modsecurity/lib/libmodsecurity.so.3.0.13 /usr/local/modsecurity/lib/ # buildkit
                        
# 2024-11-07 18:26:46  0.00B 设置环境变量 ACCESSLOG BACKEND DNS_SERVER ERRORLOG KEEPALIVE_TIMEOUT LD_LIBRARY_PATH LOGLEVEL METRICS_ALLOW_FROM METRICS_DENY_FROM METRICSLOG MODSEC_ARGUMENT_SEPARATOR MODSEC_ARGUMENTS_LIMIT MODSEC_AUDIT_ENGINE MODSEC_AUDIT_LOG MODSEC_AUDIT_LOG_FORMAT MODSEC_AUDIT_LOG_PARTS MODSEC_AUDIT_LOG_RELEVANT_STATUS MODSEC_AUDIT_LOG_TYPE MODSEC_COOKIE_FORMAT MODSEC_AUDIT_STORAGE_DIR MODSEC_DATA_DIR MODSEC_DEBUG_LOG MODSEC_DEBUG_LOGLEVEL MODSEC_DEFAULT_PHASE1_ACTION MODSEC_DEFAULT_PHASE2_ACTION MODSEC_DISABLE_BACKEND_COMPRESSION MODSEC_PCRE_MATCH_LIMIT MODSEC_PCRE_MATCH_LIMIT_RECURSION MODSEC_REQ_BODY_ACCESS MODSEC_REQ_BODY_JSON_DEPTH_LIMIT MODSEC_REQ_BODY_LIMIT MODSEC_REQ_BODY_LIMIT_ACTION MODSEC_REQ_BODY_NOFILES_LIMIT MODSEC_RESP_BODY_ACCESS MODSEC_RESP_BODY_LIMIT MODSEC_RESP_BODY_LIMIT_ACTION MODSEC_RESP_BODY_MIMETYPE MODSEC_RULE_ENGINE MODSEC_STATUS_ENGINE MODSEC_TAG MODSEC_TMP_DIR MODSEC_TMP_SAVE_UPLOADED_FILES MODSEC_UNICODE_MAPPING MODSEC_UPLOAD_DIR MODSEC_UPLOAD_FILE_MODE MODSEC_UPLOAD_KEEP_FILES NGINX_ALWAYS_TLS_REDIRECT NGINX_ENVSUBST_OUTPUT_DIR PORT PROXY_SSL_CERT PROXY_SSL_CERT_KEY PROXY_SSL_CIPHERS PROXY_SSL PROXY_SSL_PROTOCOLS PROXY_SSL_VERIFY_DEPTH PROXY_SSL_VERIFY PROXY_TIMEOUT REAL_IP_HEADER REAL_IP_PROXY_HEADER REAL_IP_RECURSIVE SERVER_NAME SERVER_TOKENS SET_REAL_IP_FROM SSL_CERT SSL_CERT_KEY SSL_CIPHERS SSL_DH_BITS SSL_OCSP_STAPLING SSL_PORT SSL_PREFER_CIPHERS SSL_PROTOCOLS SSL_VERIFY_DEPTH SSL_VERIFY WORKER_CONNECTIONS PARANOIA ANOMALY_INBOUND ANOMALY_OUTBOUND BLOCKING_PARANOIA
ENV ACCESSLOG=/var/log/nginx/access.log BACKEND=http://localhost:80 DNS_SERVER= ERRORLOG=/var/log/nginx/error.log KEEPALIVE_TIMEOUT=60s LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib LOGLEVEL=warn METRICS_ALLOW_FROM=127.0.0.0/24 METRICS_DENY_FROM=all METRICSLOG=/dev/null MODSEC_ARGUMENT_SEPARATOR=& MODSEC_ARGUMENTS_LIMIT=1000 MODSEC_AUDIT_ENGINE=RelevantOnly MODSEC_AUDIT_LOG=/dev/stdout MODSEC_AUDIT_LOG_FORMAT=JSON MODSEC_AUDIT_LOG_PARTS=ABIJDEFHZ MODSEC_AUDIT_LOG_RELEVANT_STATUS=^(?:5|4(?!04)) MODSEC_AUDIT_LOG_TYPE=Serial MODSEC_COOKIE_FORMAT=0 MODSEC_AUDIT_STORAGE_DIR=/var/log/modsecurity/audit/ MODSEC_DATA_DIR=/tmp/modsecurity/data MODSEC_DEBUG_LOG=/dev/null MODSEC_DEBUG_LOGLEVEL=0 MODSEC_DEFAULT_PHASE1_ACTION=phase:1,pass,log,tag:'${MODSEC_TAG}' MODSEC_DEFAULT_PHASE2_ACTION=phase:2,pass,log,tag:'${MODSEC_TAG}' MODSEC_DISABLE_BACKEND_COMPRESSION=Off MODSEC_PCRE_MATCH_LIMIT=100000 MODSEC_PCRE_MATCH_LIMIT_RECURSION=100000 MODSEC_REQ_BODY_ACCESS=on MODSEC_REQ_BODY_JSON_DEPTH_LIMIT=512 MODSEC_REQ_BODY_LIMIT=13107200 MODSEC_REQ_BODY_LIMIT_ACTION=Reject MODSEC_REQ_BODY_NOFILES_LIMIT=131072 MODSEC_RESP_BODY_ACCESS=on MODSEC_RESP_BODY_LIMIT=1048576 MODSEC_RESP_BODY_LIMIT_ACTION=ProcessPartial MODSEC_RESP_BODY_MIMETYPE=text/plain text/html text/xml MODSEC_RULE_ENGINE=on MODSEC_STATUS_ENGINE=Off MODSEC_TAG=modsecurity MODSEC_TMP_DIR=/tmp/modsecurity/tmp MODSEC_TMP_SAVE_UPLOADED_FILES=on MODSEC_UNICODE_MAPPING=20127 MODSEC_UPLOAD_DIR=/tmp/modsecurity/upload MODSEC_UPLOAD_FILE_MODE=0600 MODSEC_UPLOAD_KEEP_FILES=Off NGINX_ALWAYS_TLS_REDIRECT=off NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx PORT=8080 PROXY_SSL_CERT=/etc/nginx/conf/proxy.crt PROXY_SSL_CERT_KEY=/etc/nginx/conf/proxy.key PROXY_SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 PROXY_SSL=off PROXY_SSL_PROTOCOLS=TLSv1.2 TLSv1.3 PROXY_SSL_VERIFY_DEPTH=1 PROXY_SSL_VERIFY=off PROXY_TIMEOUT=60s REAL_IP_HEADER=X-REAL-IP REAL_IP_PROXY_HEADER=X-REAL-IP REAL_IP_RECURSIVE=on SERVER_NAME=localhost SERVER_TOKENS=off SET_REAL_IP_FROM=127.0.0.1 SSL_CERT=/etc/nginx/conf/server.crt SSL_CERT_KEY=/etc/nginx/conf/server.key SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSL_DH_BITS=2048 SSL_OCSP_STAPLING=on SSL_PORT=8443 SSL_PREFER_CIPHERS=off SSL_PROTOCOLS=TLSv1.2 TLSv1.3 SSL_VERIFY_DEPTH=1 SSL_VERIFY=off WORKER_CONNECTIONS=1024 PARANOIA=1 ANOMALY_INBOUND=5 ANOMALY_OUTBOUND=4 BLOCKING_PARANOIA=1
                        
# 2024-11-07 18:26:46  0.00B 添加元数据标签
LABEL maintainer=Felipe Zipitria <felipe.zipitria@owasp.org>
                        
# 2024-11-07 18:26:46  0.00B 定义构建参数
ARG LUA_MODULES=lua-zlib lua-socket
                        
# 2024-11-07 18:26:46  0.00B 定义构建参数
ARG LUA_VERSION=5.3
                        
# 2024-11-07 18:26:46  0.00B 定义构建参数
ARG LMDB_VERSION=0.9.29
                        
# 2024-11-07 18:26:46  0.00B 定义构建参数
ARG MODSEC3_VERSION=3.0.13
                        
# 2024-11-04 08:09:20  0.00B 设置默认要执行的命令
CMD ["nginx" "-g" "daemon off;"]
                        
# 2024-11-04 08:09:20  0.00B 指定运行容器时使用的用户
USER 101
                        
# 2024-11-04 08:09:20  0.00B 设置停止容器时发送的系统调用信号
STOPSIGNAL SIGQUIT
                        
# 2024-11-04 08:09:20  0.00B 声明容器运行时监听的端口
EXPOSE map[8080/tcp:{}]
                        
# 2024-11-04 08:09:20  0.00B 配置容器启动时运行的命令
ENTRYPOINT ["/docker-entrypoint.sh"]
                        
# 2024-11-04 08:09:20  4.62KB 复制新文件或目录到容器中
COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit
                        
# 2024-11-04 08:09:20  3.01KB 复制新文件或目录到容器中
COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit
                        
# 2024-11-04 08:09:20  389.00B 复制新文件或目录到容器中
COPY 15-local-resolvers.envsh /docker-entrypoint.d # buildkit
                        
# 2024-11-04 08:09:20  2.13KB 复制新文件或目录到容器中
COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit
                        
# 2024-11-04 08:09:20  1.62KB 复制新文件或目录到容器中
COPY docker-entrypoint.sh / # buildkit
                        
# 2024-11-04 08:09:20  9.58KB 执行命令并创建新的镜像层
RUN |2 UID=101 GID=101 /bin/sh -c sed -i 's,listen       80;,listen       8080;,' /etc/nginx/conf.d/default.conf     && sed -i '/user  nginx;/d' /etc/nginx/nginx.conf     && sed -i 's,/var/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf     && sed -i "/^http {/a \    proxy_temp_path /tmp/proxy_temp;\n    client_body_temp_path /tmp/client_temp;\n    fastcgi_temp_path /tmp/fastcgi_temp;\n    uwsgi_temp_path /tmp/uwsgi_temp;\n    scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf     && chown -R $UID:0 /var/cache/nginx     && chmod -R g+w /var/cache/nginx     && chown -R $UID:0 /etc/nginx     && chmod -R g+w /etc/nginx # buildkit
                        
# 2024-11-04 08:09:20  116.88MB 执行命令并创建新的镜像层
RUN |2 UID=101 GID=101 /bin/sh -c set -x     && groupadd --system --gid $GID nginx || true     && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid $UID nginx || true     && apt-get update     && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates     &&     NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3";     NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg;     export GNUPGHOME="$(mktemp -d)";     found='';     for NGINX_GPGKEY in $NGINX_GPGKEYS; do         for server in             hkp://keyserver.ubuntu.com:80             pgp.mit.edu         ; do             echo "Fetching GPG key $NGINX_GPGKEY from $server";             gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break;         done;         test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1;     done;     gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ;     rm -rf "$GNUPGHOME";     apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/*     && dpkgArch="$(dpkg --print-architecture)"     && nginxPackages="         nginx=${NGINX_VERSION}-${PKG_RELEASE}         nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE}         nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE}         nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE}         nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE}     "     && case "$dpkgArch" in         amd64|arm64)             echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list             && apt-get update             ;;         *)             tempDir="$(mktemp -d)"             && chmod 777 "$tempDir"                         && savedAptMark="$(apt-mark showmanual)"                         && apt-get update             && apt-get install --no-install-recommends --no-install-suggests -y                 curl                 devscripts                 equivs                 git                 libxml2-utils                 lsb-release                 xsltproc             && (                 cd "$tempDir"                 && REVISION="${NGINX_VERSION}-${PKG_RELEASE}"                 && REVISION=${REVISION%~*}                 && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz                 && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz"                 && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then                     echo "pkg-oss tarball checksum verification succeeded!";                 else                     echo "pkg-oss tarball checksum verification failed!";                     exit 1;                 fi                 && tar xzvf ${REVISION}.tar.gz                 && cd pkg-oss-${REVISION}                 && cd debian                 && for target in base module-geoip module-image-filter module-njs module-xslt; do                     make rules-$target;                     mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes"                         debuild-$target/nginx-$NGINX_VERSION/debian/control;                 done                 && make base module-geoip module-image-filter module-njs module-xslt             )                         && apt-mark showmanual | xargs apt-mark auto > /dev/null             && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; }                         && ls -lAFh "$tempDir"             && ( cd "$tempDir" && dpkg-scanpackages . > Packages )             && grep '^Package: ' "$tempDir/Packages"             && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list             && apt-get -o Acquire::GzipIndexes=false update             ;;     esac         && apt-get install --no-install-recommends --no-install-suggests -y                         $nginxPackages                         gettext-base                         curl     && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list         && if [ -n "$tempDir" ]; then         apt-get purge -y --auto-remove         && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list;     fi     && ln -sf /dev/stdout /var/log/nginx/access.log     && ln -sf /dev/stderr /var/log/nginx/error.log     && mkdir /docker-entrypoint.d # buildkit
                        
# 2024-11-04 08:09:20  0.00B 定义构建参数
ARG GID=101
                        
# 2024-11-04 08:09:20  0.00B 定义构建参数
ARG UID=101
                        
# 2024-11-04 08:09:20  0.00B 设置环境变量 DYNPKG_RELEASE
ENV DYNPKG_RELEASE=1~bookworm
                        
# 2024-11-04 08:09:20  0.00B 设置环境变量 PKG_RELEASE
ENV PKG_RELEASE=1~bookworm
                        
# 2024-11-04 08:09:20  0.00B 设置环境变量 NJS_RELEASE
ENV NJS_RELEASE=1~bookworm
                        
# 2024-11-04 08:09:20  0.00B 设置环境变量 NJS_VERSION
ENV NJS_VERSION=0.8.6
                        
# 2024-11-04 08:09:20  0.00B 设置环境变量 NGINX_VERSION
ENV NGINX_VERSION=1.27.2
                        
# 2024-11-04 08:09:20  0.00B 添加元数据标签
LABEL maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>
                        
# 2024-10-17 08:20:30  0.00B 
/bin/sh -c #(nop)  CMD ["bash"]
                        
# 2024-10-17 08:20:29  74.78MB 
/bin/sh -c #(nop) ADD file:90b9dd8f12120e8b2cd3ece45fcbe8af67e40565e2032a40f64bd921c43e2ce7 in /

镜像信息

{
    "Id": "sha256:9cee9689df8f54e483e55b02e4cb7f39fd050adb98ac2055b57973f664f4e090",
    "RepoTags": [
        "owasp/modsecurity-crs:nginx",
        "swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx"
    ],
    "RepoDigests": [
        "owasp/modsecurity-crs@sha256:3eed86f6b8256fcc3dd211c7c46cee009438b80be949160757737304b34ce9af",
        "swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs@sha256:9e3d3acb9d1a371677e543b539366aef5648f0395db9e5132286a9f6f33e3600"
    ],
    "Parent": "",
    "Comment": "buildkit.dockerfile.v0",
    "Created": "2024-11-07T10:26:54.702536814Z",
    "Container": "",
    "ContainerConfig": null,
    "DockerVersion": "",
    "Author": "",
    "Config": {
        "Hostname": "",
        "Domainname": "",
        "User": "nginx",
        "AttachStdin": false,
        "AttachStdout": false,
        "AttachStderr": false,
        "ExposedPorts": {
            "8080/tcp": {}
        },
        "Tty": false,
        "OpenStdin": false,
        "StdinOnce": false,
        "Env": [
            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
            "NGINX_VERSION=1.27.2",
            "NJS_VERSION=0.8.6",
            "NJS_RELEASE=1~bookworm",
            "PKG_RELEASE=1~bookworm",
            "DYNPKG_RELEASE=1~bookworm",
            "ACCESSLOG=/var/log/nginx/access.log",
            "BACKEND=http://localhost:80",
            "DNS_SERVER=",
            "ERRORLOG=/var/log/nginx/error.log",
            "KEEPALIVE_TIMEOUT=60s",
            "LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib",
            "LOGLEVEL=warn",
            "METRICS_ALLOW_FROM=127.0.0.0/24",
            "METRICS_DENY_FROM=all",
            "METRICSLOG=/dev/null",
            "MODSEC_ARGUMENT_SEPARATOR=\u0026",
            "MODSEC_ARGUMENTS_LIMIT=1000",
            "MODSEC_AUDIT_ENGINE=RelevantOnly",
            "MODSEC_AUDIT_LOG=/dev/stdout",
            "MODSEC_AUDIT_LOG_FORMAT=JSON",
            "MODSEC_AUDIT_LOG_PARTS=ABIJDEFHZ",
            "MODSEC_AUDIT_LOG_RELEVANT_STATUS=^(?:5|4(?!04))",
            "MODSEC_AUDIT_LOG_TYPE=Serial",
            "MODSEC_COOKIE_FORMAT=0",
            "MODSEC_AUDIT_STORAGE_DIR=/var/log/modsecurity/audit/",
            "MODSEC_DATA_DIR=/tmp/modsecurity/data",
            "MODSEC_DEBUG_LOG=/dev/null",
            "MODSEC_DEBUG_LOGLEVEL=0",
            "MODSEC_DEFAULT_PHASE1_ACTION=phase:1,pass,log,tag:'${MODSEC_TAG}'",
            "MODSEC_DEFAULT_PHASE2_ACTION=phase:2,pass,log,tag:'${MODSEC_TAG}'",
            "MODSEC_DISABLE_BACKEND_COMPRESSION=Off",
            "MODSEC_PCRE_MATCH_LIMIT=100000",
            "MODSEC_PCRE_MATCH_LIMIT_RECURSION=100000",
            "MODSEC_REQ_BODY_ACCESS=on",
            "MODSEC_REQ_BODY_JSON_DEPTH_LIMIT=512",
            "MODSEC_REQ_BODY_LIMIT=13107200",
            "MODSEC_REQ_BODY_LIMIT_ACTION=Reject",
            "MODSEC_REQ_BODY_NOFILES_LIMIT=131072",
            "MODSEC_RESP_BODY_ACCESS=on",
            "MODSEC_RESP_BODY_LIMIT=1048576",
            "MODSEC_RESP_BODY_LIMIT_ACTION=ProcessPartial",
            "MODSEC_RESP_BODY_MIMETYPE=text/plain text/html text/xml",
            "MODSEC_RULE_ENGINE=on",
            "MODSEC_STATUS_ENGINE=Off",
            "MODSEC_TAG=modsecurity",
            "MODSEC_TMP_DIR=/tmp/modsecurity/tmp",
            "MODSEC_TMP_SAVE_UPLOADED_FILES=on",
            "MODSEC_UNICODE_MAPPING=20127",
            "MODSEC_UPLOAD_DIR=/tmp/modsecurity/upload",
            "MODSEC_UPLOAD_FILE_MODE=0600",
            "MODSEC_UPLOAD_KEEP_FILES=Off",
            "NGINX_ALWAYS_TLS_REDIRECT=off",
            "NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx",
            "PORT=8080",
            "PROXY_SSL_CERT=/etc/nginx/conf/proxy.crt",
            "PROXY_SSL_CERT_KEY=/etc/nginx/conf/proxy.key",
            "PROXY_SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
            "PROXY_SSL=off",
            "PROXY_SSL_PROTOCOLS=TLSv1.2 TLSv1.3",
            "PROXY_SSL_VERIFY_DEPTH=1",
            "PROXY_SSL_VERIFY=off",
            "PROXY_TIMEOUT=60s",
            "REAL_IP_HEADER=X-REAL-IP",
            "REAL_IP_PROXY_HEADER=X-REAL-IP",
            "REAL_IP_RECURSIVE=on",
            "SERVER_NAME=localhost",
            "SERVER_TOKENS=off",
            "SET_REAL_IP_FROM=127.0.0.1",
            "SSL_CERT=/etc/nginx/conf/server.crt",
            "SSL_CERT_KEY=/etc/nginx/conf/server.key",
            "SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
            "SSL_DH_BITS=2048",
            "SSL_OCSP_STAPLING=on",
            "SSL_PORT=8443",
            "SSL_PREFER_CIPHERS=off",
            "SSL_PROTOCOLS=TLSv1.2 TLSv1.3",
            "SSL_VERIFY_DEPTH=1",
            "SSL_VERIFY=off",
            "WORKER_CONNECTIONS=1024",
            "PARANOIA=1",
            "ANOMALY_INBOUND=5",
            "ANOMALY_OUTBOUND=4",
            "BLOCKING_PARANOIA=1"
        ],
        "Cmd": [
            "nginx",
            "-g",
            "daemon off;"
        ],
        "Healthcheck": {
            "Test": [
                "CMD-SHELL",
                "/usr/local/bin/healthcheck"
            ]
        },
        "ArgsEscaped": true,
        "Image": "",
        "Volumes": null,
        "WorkingDir": "",
        "Entrypoint": [
            "/docker-entrypoint.sh"
        ],
        "OnBuild": null,
        "Labels": {
            "maintainer": "Felipe Zipitria \u003cfelipe.zipitria@owasp.org\u003e",
            "org.opencontainers.image.created": "2024-11-04T00:08:29.462Z",
            "org.opencontainers.image.description": "Unprivileged NGINX Dockerfiles",
            "org.opencontainers.image.licenses": "Apache-2.0",
            "org.opencontainers.image.revision": "69dec3fc07d2e604fa4fde8b18513dd406fc747a",
            "org.opencontainers.image.source": "https://github.com/coreruleset/modsecurity-crs-docker",
            "org.opencontainers.image.title": "docker-nginx-unprivileged",
            "org.opencontainers.image.url": "https://github.com/nginxinc/docker-nginx-unprivileged",
            "org.opencontainers.image.version": "1.27.2"
        },
        "StopSignal": "SIGQUIT"
    },
    "Architecture": "amd64",
    "Os": "linux",
    "Size": 275817827,
    "GraphDriver": {
        "Data": {
            "LowerDir": "/var/lib/docker/overlay2/1e8e538093d4d81d03c7e0364aeba2165443c2a764c146a08c5e176e5474812e/diff:/var/lib/docker/overlay2/cf461eaeb04d908c845874d5511c1e2cf115561e3bc5480958426384849ed351/diff:/var/lib/docker/overlay2/ef7241067bc73e74dcde5792565c12733607df372c0c12de5bab79db1c0c58f5/diff:/var/lib/docker/overlay2/2ac648fd1cd8a4eca80427ab4cf4050d98ed22312eaaec084bb6d46d7533cf10/diff:/var/lib/docker/overlay2/7d75682f2ff9cd2f3a4efcbf7348121eba86444284a5f47fdd1db29fd602bd3f/diff:/var/lib/docker/overlay2/ad395d0308088a4f3c05a06f817a8b8c968963dfe19bb49d08d08127b191ce83/diff:/var/lib/docker/overlay2/ddcd1fa86e72573d490e8b21ee22adc528ef30af3527199960adfa6de96340b4/diff:/var/lib/docker/overlay2/0a901f5fc490c575556a95602dfeb2afa2b4f9251a4c931f02d67152e946188f/diff:/var/lib/docker/overlay2/2f4f99fcfe42925a13f9498faecfcada7930eeba723f6b61eac8aafa7103b5d1/diff:/var/lib/docker/overlay2/a393322fbcad802a4517b7133a656e3896c5c147a7c059fb52a239bb5efb5edd/diff:/var/lib/docker/overlay2/53234cf179231d3f1387b79efadb8dfd9cefe68f9f2ca2d2f49bdd1939c4ca43/diff:/var/lib/docker/overlay2/da6a977409100559cb4e3c8491fe9162c75269d156731fa0a452c976c49a7755/diff:/var/lib/docker/overlay2/f9bdd88a049f1734eed8e30791a32c40615235ea178ccad5e7da08fbe4b4479e/diff:/var/lib/docker/overlay2/fb6563526b8b6b6061d251a5f0c78310a2d18bb8bd2131304528f18fc709b970/diff:/var/lib/docker/overlay2/bdc38721111eeb3a9b0fa373e2a2dadd3b60810a5e3b6e380b632c4988242412/diff:/var/lib/docker/overlay2/a36f4f22e642e1cef4b7c355b0743033170438b8788254661951c6911d2a352d/diff:/var/lib/docker/overlay2/5ec720e81f194ced8be20bc32788ab0e00253c7d8f735453a28f0a3399917b80/diff:/var/lib/docker/overlay2/ef56c7d764619a9e09be1e18fb16fd26027eaf918ad893c73bef7cdeb29fb4ad/diff:/var/lib/docker/overlay2/4a4829ed5ebf5389f489f883bda718b39bce1b0dcc63367682443072ee0aae8e/diff:/var/lib/docker/overlay2/66a51eb01b4b001d6816d7c91e969be3bbb3ecf176856eb0d1e2b022abe4956a/diff:/var/lib/docker/overlay2/7e8a03d4727adc704baab8a01502e6b16ee90fc0901ece388b7c4e316ab270ce/diff:/var/lib/docker/overlay2/405fa07e6c36b0ace72c267001d6440b397f4a3edd382bdb44cc33242ef990c1/diff:/var/lib/docker/overlay2/640dc40711366eefdc38587353d7800897ec5b45fb0486472d1bbe1802e322be/diff",
            "MergedDir": "/var/lib/docker/overlay2/a16a0afa0685d310e96e4bfa631059920171266a9741f46808c10fa58bc2a511/merged",
            "UpperDir": "/var/lib/docker/overlay2/a16a0afa0685d310e96e4bfa631059920171266a9741f46808c10fa58bc2a511/diff",
            "WorkDir": "/var/lib/docker/overlay2/a16a0afa0685d310e96e4bfa631059920171266a9741f46808c10fa58bc2a511/work"
        },
        "Name": "overlay2"
    },
    "RootFS": {
        "Type": "layers",
        "Layers": [
            "sha256:98b5f35ea9d3eca6ed1881b5fe5d1e02024e1450822879e4c13bb48c9386d0ad",
            "sha256:7f20a186269f0cfa4127299f18881d89a9043a17445d5bd585f7161d0714e12b",
            "sha256:18a8e16c32733cea244a9fdb77c9cc2f78cd4491e15c9aeeec6bb4916572ce7c",
            "sha256:d718075e1116aa4655eb41c554e756a5e614088f821dbf9c159c468fa9328de0",
            "sha256:360e44133f827ce8f1bf848a6bba18d90d98834cfd9ce8112bf57ecc50cf0260",
            "sha256:71f1f2569a8e0ab832b3f98f79e7d111f633b3cc8ba29279f5c310ef4786ee64",
            "sha256:f72ede0754059f3e9d6f4820ed485f32bc49e9d1c5ad83ca9e721941f3dede84",
            "sha256:4cb01b1b0e2d759aff1a1decec9358c384f0220084b86ec5ce54459ba33e5851",
            "sha256:85431f4474df628adaf2a51ffa49134368be2420b3ff92099b6d9ce94592e0a5",
            "sha256:ab60e9601878940c789418e6ce5799f114ed1244b3d15cf1c697e8602e0b6840",
            "sha256:8a2a4e451278436f3822a815d26380ebca0bf05d2a69e3d5f8033f06b06ea3c3",
            "sha256:df8d6b38f89cc524d30f55b26cb03f9fe6bda24d74f81606caf8c5809bef8bfb",
            "sha256:aa884fae0268bd35f31dbcf2b516f52c66c6b3ba91da635644b608245fa40b91",
            "sha256:666def7be2511e362f138f96e6a2f4352dc27798ac2f29c74c76d7763d5bdef0",
            "sha256:dc3b4b8e1b58f9b323551ac38ede7c40a3da753b4a4f97f34cd8b562a3126943",
            "sha256:046d99c466577f8cbe1093fe792badec7d89495d0ee4e25c94bdb57111a2fb54",
            "sha256:18b2ad12b3a4636c69cecbae31c3183b0b4dd5ec5f1e96e31c0e6e048fa4254b",
            "sha256:7f72f96165227eda07e89831ef02b10a17d936d27be423d38c221b26bbdcc403",
            "sha256:730d27db240a483a7ffdde93f4f7a79b782c83d1428889e6d77a298e8f57dc83",
            "sha256:48aba4999aa5731d0c214406f7bfb10c1d3bdabe0c38120853212759b28fa9dc",
            "sha256:4adb5d26666c7d8f0d6eb1addc98cd88221bcf36f2d180156141a50f3412b894",
            "sha256:215a6c46a9dfcab33415658ffaeb896431e3b3a1bf3398e8cf9195ea73195b2f",
            "sha256:fbcedd2234059ce063ce136cd4869a947dbacfa05c18134a2d988a8c9d45f84f",
            "sha256:71a5bf61ba755cf0ab09b2ee4cff7157b2333a41f744b0b74cb85f18699d1f8a"
        ]
    },
    "Metadata": {
        "LastTagTime": "2024-11-14T14:55:43.435767203+08:00"
    }
}

更多版本

docker.io/owasp/modsecurity-crs:nginx

linux/amd64 docker.io275.82MB2024-11-14 14:55

docker.io/owasp/modsecurity-crs:openresty-alpine-fat

linux/amd64 docker.io425.81MB2024-12-09 18:07

docker.io/owasp/modsecurity-crs:4.9.0-openresty-alpine-fat-202412090512

linux/amd64 docker.io425.81MB2024-12-10 10:38

docker.io/owasp/modsecurity-crs:3.3.5-openresty-alpine-fat-202402140602

linux/amd64 docker.io410.69MB2024-12-10 11:30