docker.io/owasp/modsecurity-crs:nginx linux/amd64

docker.io/owasp/modsecurity-crs:nginx - 国内下载镜像源浏览次数:19

使用中文描述如下： OWASP ModSecurity Core Rule Set镜像提供ModSecurity Core Rule Set，用于保护 web 应用免受攻击和加速安全扫描。

源镜像	docker.io/owasp/modsecurity-crs:nginx
国内镜像	swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx
镜像ID	sha256:9cee9689df8f54e483e55b02e4cb7f39fd050adb98ac2055b57973f664f4e090
镜像TAG	nginx
大小	275.82MB
镜像源	docker.io
项目信息	Docker-Hub主页 🚀项目TAG 🚀
CMD	nginx -g daemon off;
启动入口	/docker-entrypoint.sh
工作目录
OS/平台	linux/amd64
浏览量	19 次
贡献者
镜像创建	2024-11-07T10:26:54.702536814Z
同步时间	2024-11-14 14:55
更新时间	2024-11-21 13:03

阿里云高校计划(￥300代金券)领取

阿里云2核2G高性能云服务器 99元/年❤️

华为云2核4G2M云服务器，惊爆价99元1年

腾讯云2核2G云服务器，惊爆价99元1年

Ucloud 2核2G4M 59元/年❤️ 香港专线400G流量/月服务器 93元/年❤️

GPU创意AI画图炼丹服务器

京东云2C2G 58/年❤️

GPT人工智能60G学习资料❤️

开放端口

8080/tcp

环境变量

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin NGINX_VERSION=1.27.2 NJS_VERSION=0.8.6 NJS_RELEASE=1~bookworm PKG_RELEASE=1~bookworm DYNPKG_RELEASE=1~bookworm ACCESSLOG=/var/log/nginx/access.log BACKEND=http://localhost:80 DNS_SERVER= ERRORLOG=/var/log/nginx/error.log KEEPALIVE_TIMEOUT=60s LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib LOGLEVEL=warn METRICS_ALLOW_FROM=127.0.0.0/24 METRICS_DENY_FROM=all METRICSLOG=/dev/null MODSEC_ARGUMENT_SEPARATOR=& MODSEC_ARGUMENTS_LIMIT=1000 MODSEC_AUDIT_ENGINE=RelevantOnly MODSEC_AUDIT_LOG=/dev/stdout MODSEC_AUDIT_LOG_FORMAT=JSON MODSEC_AUDIT_LOG_PARTS=ABIJDEFHZ MODSEC_AUDIT_LOG_RELEVANT_STATUS=^(?:5|4(?!04)) MODSEC_AUDIT_LOG_TYPE=Serial MODSEC_COOKIE_FORMAT=0 MODSEC_AUDIT_STORAGE_DIR=/var/log/modsecurity/audit/ MODSEC_DATA_DIR=/tmp/modsecurity/data MODSEC_DEBUG_LOG=/dev/null MODSEC_DEBUG_LOGLEVEL=0 MODSEC_DEFAULT_PHASE1_ACTION=phase:1,pass,log,tag:'${MODSEC_TAG}' MODSEC_DEFAULT_PHASE2_ACTION=phase:2,pass,log,tag:'${MODSEC_TAG}' MODSEC_DISABLE_BACKEND_COMPRESSION=Off MODSEC_PCRE_MATCH_LIMIT=100000 MODSEC_PCRE_MATCH_LIMIT_RECURSION=100000 MODSEC_REQ_BODY_ACCESS=on MODSEC_REQ_BODY_JSON_DEPTH_LIMIT=512 MODSEC_REQ_BODY_LIMIT=13107200 MODSEC_REQ_BODY_LIMIT_ACTION=Reject MODSEC_REQ_BODY_NOFILES_LIMIT=131072 MODSEC_RESP_BODY_ACCESS=on MODSEC_RESP_BODY_LIMIT=1048576 MODSEC_RESP_BODY_LIMIT_ACTION=ProcessPartial MODSEC_RESP_BODY_MIMETYPE=text/plain text/html text/xml MODSEC_RULE_ENGINE=on MODSEC_STATUS_ENGINE=Off MODSEC_TAG=modsecurity MODSEC_TMP_DIR=/tmp/modsecurity/tmp MODSEC_TMP_SAVE_UPLOADED_FILES=on MODSEC_UNICODE_MAPPING=20127 MODSEC_UPLOAD_DIR=/tmp/modsecurity/upload MODSEC_UPLOAD_FILE_MODE=0600 MODSEC_UPLOAD_KEEP_FILES=Off NGINX_ALWAYS_TLS_REDIRECT=off NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx PORT=8080 PROXY_SSL_CERT=/etc/nginx/conf/proxy.crt PROXY_SSL_CERT_KEY=/etc/nginx/conf/proxy.key PROXY_SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 PROXY_SSL=off PROXY_SSL_PROTOCOLS=TLSv1.2 TLSv1.3 PROXY_SSL_VERIFY_DEPTH=1 PROXY_SSL_VERIFY=off PROXY_TIMEOUT=60s REAL_IP_HEADER=X-REAL-IP REAL_IP_PROXY_HEADER=X-REAL-IP REAL_IP_RECURSIVE=on SERVER_NAME=localhost SERVER_TOKENS=off SET_REAL_IP_FROM=127.0.0.1 SSL_CERT=/etc/nginx/conf/server.crt SSL_CERT_KEY=/etc/nginx/conf/server.key SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSL_DH_BITS=2048 SSL_OCSP_STAPLING=on SSL_PORT=8443 SSL_PREFER_CIPHERS=off SSL_PROTOCOLS=TLSv1.2 TLSv1.3 SSL_VERIFY_DEPTH=1 SSL_VERIFY=off WORKER_CONNECTIONS=1024 PARANOIA=1 ANOMALY_INBOUND=5 ANOMALY_OUTBOUND=4 BLOCKING_PARANOIA=1

镜像标签

Felipe Zipitria <felipe.zipitria@owasp.org>: maintainer 2024-11-04T00:08:29.462Z: org.opencontainers.image.created Unprivileged NGINX Dockerfiles: org.opencontainers.image.description Apache-2.0: org.opencontainers.image.licenses 69dec3fc07d2e604fa4fde8b18513dd406fc747a: org.opencontainers.image.revision https://github.com/coreruleset/modsecurity-crs-docker: org.opencontainers.image.source docker-nginx-unprivileged: org.opencontainers.image.title https://github.com/nginxinc/docker-nginx-unprivileged: org.opencontainers.image.url 1.27.2: org.opencontainers.image.version

Docker拉取命令无权限下载?点我修复

docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx
docker tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx  docker.io/owasp/modsecurity-crs:nginx

Containerd拉取命令

ctr images pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx
ctr images tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx  docker.io/owasp/modsecurity-crs:nginx

Shell快速替换命令

sed -i 's#owasp/modsecurity-crs:nginx#swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx#' deployment.yaml

Ansible快速分发-Docker

#ansible k8s -m shell -a 'docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx && docker tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx  docker.io/owasp/modsecurity-crs:nginx'

Ansible快速分发-Containerd

#ansible k8s -m shell -a 'ctr images pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx && ctr images tag  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx  docker.io/owasp/modsecurity-crs:nginx'

镜像历史

大小	创建时间	层信息
0.00B	2024-11-07 18:26:54	HEALTHCHECK &{["CMD-SHELL" "/usr/local/bin/healthcheck"] "0s" "0s" "0s" "0s" '\x00'}
0.00B	2024-11-07 18:26:54	RUN \|4 MODSEC3_VERSION=3.0.13 LMDB_VERSION=0.9.29 LUA_VERSION=5.3 LUA_MODULES=lua-zlib lua-socket /bin/sh -c mkdir -p /tmp/modsecurity/data; mkdir -p /tmp/modsecurity/upload; mkdir -p /tmp/modsecurity/tmp # buildkit
0.00B	2024-11-07 18:26:54	USER nginx
80.44MB	2024-11-07 18:26:54	RUN \|4 MODSEC3_VERSION=3.0.13 LMDB_VERSION=0.9.29 LUA_VERSION=5.3 LUA_MODULES=lua-zlib lua-socket /bin/sh -c set -eux; echo 'debconf debconf/frontend select Noninteractive' \| debconf-set-selections; apt-get update -qq; LD_LIBRARY_PATH="" apt-get install -y -qq --no-install-recommends --no-install-suggests ca-certificates curl libcurl4-gnutls-dev libfuzzy2 liblua${LUA_VERSION} ${LUA_MODULES} libxml2 libyajl2 libmaxminddb-dev moreutils; rm -rf /var/lib/apt/lists/; apt-get clean; mkdir /etc/nginx/ssl; sed -i 's/^$SecDisableBackendCompression .$/# \1/' /etc/nginx/templates/modsecurity.d/modsecurity-override.conf.template; ln -s /usr/local/modsecurity/lib/libmodsecurity.so.${MODSEC3_VERSION} /usr/local/modsecurity/lib/libmodsecurity.so.3.0; ln -s /usr/local/modsecurity/lib/libmodsecurity.so.${MODSEC3_VERSION} /usr/local/modsecurity/lib/libmodsecurity.so.3; ln -s /usr/local/modsecurity/lib/libmodsecurity.so.${MODSEC3_VERSION} /usr/local/modsecurity/lib/libmodsecurity.so; ln -sv /opt/owasp-crs /etc/modsecurity.d/; chown nginx:nginx /opt/owasp-crs /etc/modsecurity.d # buildkit
0.00B	2024-11-07 18:26:46	USER root
2.20KB	2024-11-07 18:26:46	COPY src/bin/* /usr/local/bin/ # buildkit
3.56KB	2024-11-07 18:26:46	COPY nginx/templates /etc/nginx/templates/ # buildkit
9.06KB	2024-11-07 18:26:46	COPY src/opt/modsecurity/activate-rules.sh /docker-entrypoint.d/95-activate-rules.sh # buildkit
953.00B	2024-11-07 18:26:46	COPY src/opt/modsecurity/activate-plugins.sh /docker-entrypoint.d/94-activate-plugins.sh # buildkit
1.91KB	2024-11-07 18:26:46	COPY nginx/docker-entrypoint.d/*.sh /docker-entrypoint.d/ # buildkit
693.00B	2024-11-07 18:26:46	COPY src/etc/modsecurity.d/setup.conf /etc/nginx/templates/modsecurity.d/setup.conf.template # buildkit
93.00B	2024-11-07 18:26:46	COPY src/etc/modsecurity.d/modsecurity-override.conf /etc/nginx/templates/modsecurity.d/modsecurity-override.conf.template # buildkit
3.57KB	2024-11-07 18:26:46	COPY src/etc/modsecurity.d/modsecurity.conf /etc/nginx/templates/modsecurity.d/modsecurity.conf.template # buildkit
1.04MB	2024-11-07 18:26:46	COPY /opt/owasp-crs /opt/owasp-crs # buildkit
53.15KB	2024-11-07 18:26:46	COPY /etc/modsecurity.d/unicode.mapping /etc/modsecurity.d/unicode.mapping # buildkit
1.19KB	2024-11-07 18:26:46	COPY /usr/share/TLS/dhparam-* /etc/ssl/certs/ # buildkit
88.78KB	2024-11-07 18:26:46	COPY /usr/local/lib/liblmdb.so /usr/local/lib/ # buildkit
23.98KB	2024-11-07 18:26:46	COPY /etc/nginx/modules/ngx_http_modsecurity_module.so /etc/nginx/modules/ngx_http_modsecurity_module.so # buildkit
2.47MB	2024-11-07 18:26:46	COPY /usr/local/modsecurity/lib/libmodsecurity.so.3.0.13 /usr/local/modsecurity/lib/ # buildkit
0.00B	2024-11-07 18:26:46	ENV ACCESSLOG=/var/log/nginx/access.log BACKEND=http://localhost:80 DNS_SERVER= ERRORLOG=/var/log/nginx/error.log KEEPALIVE_TIMEOUT=60s LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib LOGLEVEL=warn METRICS_ALLOW_FROM=127.0.0.0/24 METRICS_DENY_FROM=all METRICSLOG=/dev/null MODSEC_ARGUMENT_SEPARATOR=& MODSEC_ARGUMENTS_LIMIT=1000 MODSEC_AUDIT_ENGINE=RelevantOnly MODSEC_AUDIT_LOG=/dev/stdout MODSEC_AUDIT_LOG_FORMAT=JSON MODSEC_AUDIT_LOG_PARTS=ABIJDEFHZ MODSEC_AUDIT_LOG_RELEVANT_STATUS=^(?:5\|4(?!04)) MODSEC_AUDIT_LOG_TYPE=Serial MODSEC_COOKIE_FORMAT=0 MODSEC_AUDIT_STORAGE_DIR=/var/log/modsecurity/audit/ MODSEC_DATA_DIR=/tmp/modsecurity/data MODSEC_DEBUG_LOG=/dev/null MODSEC_DEBUG_LOGLEVEL=0 MODSEC_DEFAULT_PHASE1_ACTION=phase:1,pass,log,tag:'${MODSEC_TAG}' MODSEC_DEFAULT_PHASE2_ACTION=phase:2,pass,log,tag:'${MODSEC_TAG}' MODSEC_DISABLE_BACKEND_COMPRESSION=Off MODSEC_PCRE_MATCH_LIMIT=100000 MODSEC_PCRE_MATCH_LIMIT_RECURSION=100000 MODSEC_REQ_BODY_ACCESS=on MODSEC_REQ_BODY_JSON_DEPTH_LIMIT=512 MODSEC_REQ_BODY_LIMIT=13107200 MODSEC_REQ_BODY_LIMIT_ACTION=Reject MODSEC_REQ_BODY_NOFILES_LIMIT=131072 MODSEC_RESP_BODY_ACCESS=on MODSEC_RESP_BODY_LIMIT=1048576 MODSEC_RESP_BODY_LIMIT_ACTION=ProcessPartial MODSEC_RESP_BODY_MIMETYPE=text/plain text/html text/xml MODSEC_RULE_ENGINE=on MODSEC_STATUS_ENGINE=Off MODSEC_TAG=modsecurity MODSEC_TMP_DIR=/tmp/modsecurity/tmp MODSEC_TMP_SAVE_UPLOADED_FILES=on MODSEC_UNICODE_MAPPING=20127 MODSEC_UPLOAD_DIR=/tmp/modsecurity/upload MODSEC_UPLOAD_FILE_MODE=0600 MODSEC_UPLOAD_KEEP_FILES=Off NGINX_ALWAYS_TLS_REDIRECT=off NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx PORT=8080 PROXY_SSL_CERT=/etc/nginx/conf/proxy.crt PROXY_SSL_CERT_KEY=/etc/nginx/conf/proxy.key PROXY_SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 PROXY_SSL=off PROXY_SSL_PROTOCOLS=TLSv1.2 TLSv1.3 PROXY_SSL_VERIFY_DEPTH=1 PROXY_SSL_VERIFY=off PROXY_TIMEOUT=60s REAL_IP_HEADER=X-REAL-IP REAL_IP_PROXY_HEADER=X-REAL-IP REAL_IP_RECURSIVE=on SERVER_NAME=localhost SERVER_TOKENS=off SET_REAL_IP_FROM=127.0.0.1 SSL_CERT=/etc/nginx/conf/server.crt SSL_CERT_KEY=/etc/nginx/conf/server.key SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSL_DH_BITS=2048 SSL_OCSP_STAPLING=on SSL_PORT=8443 SSL_PREFER_CIPHERS=off SSL_PROTOCOLS=TLSv1.2 TLSv1.3 SSL_VERIFY_DEPTH=1 SSL_VERIFY=off WORKER_CONNECTIONS=1024 PARANOIA=1 ANOMALY_INBOUND=5 ANOMALY_OUTBOUND=4 BLOCKING_PARANOIA=1
0.00B	2024-11-07 18:26:46	LABEL maintainer=Felipe Zipitria <felipe.zipitria@owasp.org>
0.00B	2024-11-07 18:26:46	ARG LUA_MODULES=lua-zlib lua-socket
0.00B	2024-11-07 18:26:46	ARG LUA_VERSION=5.3
0.00B	2024-11-07 18:26:46	ARG LMDB_VERSION=0.9.29
0.00B	2024-11-07 18:26:46	ARG MODSEC3_VERSION=3.0.13
0.00B	2024-11-04 08:09:20	CMD ["nginx" "-g" "daemon off;"]
0.00B	2024-11-04 08:09:20	USER 101
0.00B	2024-11-04 08:09:20	STOPSIGNAL SIGQUIT
0.00B	2024-11-04 08:09:20	EXPOSE map[8080/tcp:{}]
0.00B	2024-11-04 08:09:20	ENTRYPOINT ["/docker-entrypoint.sh"]
4.62KB	2024-11-04 08:09:20	COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit
3.01KB	2024-11-04 08:09:20	COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit
389.00B	2024-11-04 08:09:20	COPY 15-local-resolvers.envsh /docker-entrypoint.d # buildkit
2.13KB	2024-11-04 08:09:20	COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit
1.62KB	2024-11-04 08:09:20	COPY docker-entrypoint.sh / # buildkit
9.58KB	2024-11-04 08:09:20	RUN \|2 UID=101 GID=101 /bin/sh -c sed -i 's,listen 80;,listen 8080;,' /etc/nginx/conf.d/default.conf && sed -i '/user nginx;/d' /etc/nginx/nginx.conf && sed -i 's,/var/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf && sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf && chown -R $UID:0 /var/cache/nginx && chmod -R g+w /var/cache/nginx && chown -R $UID:0 /etc/nginx && chmod -R g+w /etc/nginx # buildkit
116.88MB	2024-11-04 08:09:20	RUN \|2 UID=101 GID=101 /bin/sh -c set -x && groupadd --system --gid $GID nginx \|\| true && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid $UID nginx \|\| true && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates && NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3"; NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; export GNUPGHOME="$(mktemp -d)"; found=''; for NGINX_GPGKEY in $NGINX_GPGKEYS; do for server in hkp://keyserver.ubuntu.com:80 pgp.mit.edu ; do echo "Fetching GPG key $NGINX_GPGKEY from $server"; gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; done; test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; done; gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; rm -rf "$GNUPGHOME"; apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* && dpkgArch="$(dpkg --print-architecture)" && nginxPackages=" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} " && case "$dpkgArch" in amd64\|arm64) echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list && apt-get update ;; ) tempDir="$(mktemp -d)" && chmod 777 "$tempDir" && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y curl devscripts equivs git libxml2-utils lsb-release xsltproc && ( cd "$tempDir" && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" && REVISION=${REVISION%~} && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c ${REVISION}.tar.gz" && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then echo "pkg-oss tarball checksum verification succeeded!"; else echo "pkg-oss tarball checksum verification failed!"; exit 1; fi && tar xzvf ${REVISION}.tar.gz && cd pkg-oss-${REVISION} && cd debian && for target in base module-geoip module-image-filter module-njs module-xslt; do make rules-$target; mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" debuild-$target/nginx-$NGINX_VERSION/debian/control; done && make base module-geoip module-image-filter module-njs module-xslt ) && apt-mark showmanual \| xargs apt-mark auto > /dev/null && { [ -z "$savedAptMark" ] \|\| apt-mark manual $savedAptMark; } && ls -lAFh "$tempDir" && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) && grep '^Package: ' "$tempDir/Packages" && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list && apt-get -o Acquire::GzipIndexes=false update ;; esac && apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base curl && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/ /etc/apt/sources.list.d/nginx.list && if [ -n "$tempDir" ]; then apt-get purge -y --auto-remove && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; fi && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && mkdir /docker-entrypoint.d # buildkit
0.00B	2024-11-04 08:09:20	ARG GID=101
0.00B	2024-11-04 08:09:20	ARG UID=101
0.00B	2024-11-04 08:09:20	ENV DYNPKG_RELEASE=1~bookworm
0.00B	2024-11-04 08:09:20	ENV PKG_RELEASE=1~bookworm
0.00B	2024-11-04 08:09:20	ENV NJS_RELEASE=1~bookworm
0.00B	2024-11-04 08:09:20	ENV NJS_VERSION=0.8.6
0.00B	2024-11-04 08:09:20	ENV NGINX_VERSION=1.27.2
0.00B	2024-11-04 08:09:20	LABEL maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>
0.00B	2024-10-17 08:20:30	/bin/sh -c #(nop) CMD ["bash"]
74.78MB	2024-10-17 08:20:29	/bin/sh -c #(nop) ADD file:90b9dd8f12120e8b2cd3ece45fcbe8af67e40565e2032a40f64bd921c43e2ce7 in /

镜像信息

{
    "Id": "sha256:9cee9689df8f54e483e55b02e4cb7f39fd050adb98ac2055b57973f664f4e090",
    "RepoTags": [
        "owasp/modsecurity-crs:nginx",
        "swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs:nginx"
    ],
    "RepoDigests": [
        "owasp/modsecurity-crs@sha256:3eed86f6b8256fcc3dd211c7c46cee009438b80be949160757737304b34ce9af",
        "swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/owasp/modsecurity-crs@sha256:9e3d3acb9d1a371677e543b539366aef5648f0395db9e5132286a9f6f33e3600"
    ],
    "Parent": "",
    "Comment": "buildkit.dockerfile.v0",
    "Created": "2024-11-07T10:26:54.702536814Z",
    "Container": "",
    "ContainerConfig": null,
    "DockerVersion": "",
    "Author": "",
    "Config": {
        "Hostname": "",
        "Domainname": "",
        "User": "nginx",
        "AttachStdin": false,
        "AttachStdout": false,
        "AttachStderr": false,
        "ExposedPorts": {
            "8080/tcp": {}
        },
        "Tty": false,
        "OpenStdin": false,
        "StdinOnce": false,
        "Env": [
            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
            "NGINX_VERSION=1.27.2",
            "NJS_VERSION=0.8.6",
            "NJS_RELEASE=1~bookworm",
            "PKG_RELEASE=1~bookworm",
            "DYNPKG_RELEASE=1~bookworm",
            "ACCESSLOG=/var/log/nginx/access.log",
            "BACKEND=http://localhost:80",
            "DNS_SERVER=",
            "ERRORLOG=/var/log/nginx/error.log",
            "KEEPALIVE_TIMEOUT=60s",
            "LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib",
            "LOGLEVEL=warn",
            "METRICS_ALLOW_FROM=127.0.0.0/24",
            "METRICS_DENY_FROM=all",
            "METRICSLOG=/dev/null",
            "MODSEC_ARGUMENT_SEPARATOR=\u0026",
            "MODSEC_ARGUMENTS_LIMIT=1000",
            "MODSEC_AUDIT_ENGINE=RelevantOnly",
            "MODSEC_AUDIT_LOG=/dev/stdout",
            "MODSEC_AUDIT_LOG_FORMAT=JSON",
            "MODSEC_AUDIT_LOG_PARTS=ABIJDEFHZ",
            "MODSEC_AUDIT_LOG_RELEVANT_STATUS=^(?:5|4(?!04))",
            "MODSEC_AUDIT_LOG_TYPE=Serial",
            "MODSEC_COOKIE_FORMAT=0",
            "MODSEC_AUDIT_STORAGE_DIR=/var/log/modsecurity/audit/",
            "MODSEC_DATA_DIR=/tmp/modsecurity/data",
            "MODSEC_DEBUG_LOG=/dev/null",
            "MODSEC_DEBUG_LOGLEVEL=0",
            "MODSEC_DEFAULT_PHASE1_ACTION=phase:1,pass,log,tag:'${MODSEC_TAG}'",
            "MODSEC_DEFAULT_PHASE2_ACTION=phase:2,pass,log,tag:'${MODSEC_TAG}'",
            "MODSEC_DISABLE_BACKEND_COMPRESSION=Off",
            "MODSEC_PCRE_MATCH_LIMIT=100000",
            "MODSEC_PCRE_MATCH_LIMIT_RECURSION=100000",
            "MODSEC_REQ_BODY_ACCESS=on",
            "MODSEC_REQ_BODY_JSON_DEPTH_LIMIT=512",
            "MODSEC_REQ_BODY_LIMIT=13107200",
            "MODSEC_REQ_BODY_LIMIT_ACTION=Reject",
            "MODSEC_REQ_BODY_NOFILES_LIMIT=131072",
            "MODSEC_RESP_BODY_ACCESS=on",
            "MODSEC_RESP_BODY_LIMIT=1048576",
            "MODSEC_RESP_BODY_LIMIT_ACTION=ProcessPartial",
            "MODSEC_RESP_BODY_MIMETYPE=text/plain text/html text/xml",
            "MODSEC_RULE_ENGINE=on",
            "MODSEC_STATUS_ENGINE=Off",
            "MODSEC_TAG=modsecurity",
            "MODSEC_TMP_DIR=/tmp/modsecurity/tmp",
            "MODSEC_TMP_SAVE_UPLOADED_FILES=on",
            "MODSEC_UNICODE_MAPPING=20127",
            "MODSEC_UPLOAD_DIR=/tmp/modsecurity/upload",
            "MODSEC_UPLOAD_FILE_MODE=0600",
            "MODSEC_UPLOAD_KEEP_FILES=Off",
            "NGINX_ALWAYS_TLS_REDIRECT=off",
            "NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx",
            "PORT=8080",
            "PROXY_SSL_CERT=/etc/nginx/conf/proxy.crt",
            "PROXY_SSL_CERT_KEY=/etc/nginx/conf/proxy.key",
            "PROXY_SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
            "PROXY_SSL=off",
            "PROXY_SSL_PROTOCOLS=TLSv1.2 TLSv1.3",
            "PROXY_SSL_VERIFY_DEPTH=1",
            "PROXY_SSL_VERIFY=off",
            "PROXY_TIMEOUT=60s",
            "REAL_IP_HEADER=X-REAL-IP",
            "REAL_IP_PROXY_HEADER=X-REAL-IP",
            "REAL_IP_RECURSIVE=on",
            "SERVER_NAME=localhost",
            "SERVER_TOKENS=off",
            "SET_REAL_IP_FROM=127.0.0.1",
            "SSL_CERT=/etc/nginx/conf/server.crt",
            "SSL_CERT_KEY=/etc/nginx/conf/server.key",
            "SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
            "SSL_DH_BITS=2048",
            "SSL_OCSP_STAPLING=on",
            "SSL_PORT=8443",
            "SSL_PREFER_CIPHERS=off",
            "SSL_PROTOCOLS=TLSv1.2 TLSv1.3",
            "SSL_VERIFY_DEPTH=1",
            "SSL_VERIFY=off",
            "WORKER_CONNECTIONS=1024",
            "PARANOIA=1",
            "ANOMALY_INBOUND=5",
            "ANOMALY_OUTBOUND=4",
            "BLOCKING_PARANOIA=1"
        ],
        "Cmd": [
            "nginx",
            "-g",
            "daemon off;"
        ],
        "Healthcheck": {
            "Test": [
                "CMD-SHELL",
                "/usr/local/bin/healthcheck"
            ]
        },
        "ArgsEscaped": true,
        "Image": "",
        "Volumes": null,
        "WorkingDir": "",
        "Entrypoint": [
            "/docker-entrypoint.sh"
        ],
        "OnBuild": null,
        "Labels": {
            "maintainer": "Felipe Zipitria \u003cfelipe.zipitria@owasp.org\u003e",
            "org.opencontainers.image.created": "2024-11-04T00:08:29.462Z",
            "org.opencontainers.image.description": "Unprivileged NGINX Dockerfiles",
            "org.opencontainers.image.licenses": "Apache-2.0",
            "org.opencontainers.image.revision": "69dec3fc07d2e604fa4fde8b18513dd406fc747a",
            "org.opencontainers.image.source": "https://github.com/coreruleset/modsecurity-crs-docker",
            "org.opencontainers.image.title": "docker-nginx-unprivileged",
            "org.opencontainers.image.url": "https://github.com/nginxinc/docker-nginx-unprivileged",
            "org.opencontainers.image.version": "1.27.2"
        },
        "StopSignal": "SIGQUIT"
    },
    "Architecture": "amd64",
    "Os": "linux",
    "Size": 275817827,
    "GraphDriver": {
        "Data": {
            "LowerDir": "/var/lib/docker/overlay2/1e8e538093d4d81d03c7e0364aeba2165443c2a764c146a08c5e176e5474812e/diff:/var/lib/docker/overlay2/cf461eaeb04d908c845874d5511c1e2cf115561e3bc5480958426384849ed351/diff:/var/lib/docker/overlay2/ef7241067bc73e74dcde5792565c12733607df372c0c12de5bab79db1c0c58f5/diff:/var/lib/docker/overlay2/2ac648fd1cd8a4eca80427ab4cf4050d98ed22312eaaec084bb6d46d7533cf10/diff:/var/lib/docker/overlay2/7d75682f2ff9cd2f3a4efcbf7348121eba86444284a5f47fdd1db29fd602bd3f/diff:/var/lib/docker/overlay2/ad395d0308088a4f3c05a06f817a8b8c968963dfe19bb49d08d08127b191ce83/diff:/var/lib/docker/overlay2/ddcd1fa86e72573d490e8b21ee22adc528ef30af3527199960adfa6de96340b4/diff:/var/lib/docker/overlay2/0a901f5fc490c575556a95602dfeb2afa2b4f9251a4c931f02d67152e946188f/diff:/var/lib/docker/overlay2/2f4f99fcfe42925a13f9498faecfcada7930eeba723f6b61eac8aafa7103b5d1/diff:/var/lib/docker/overlay2/a393322fbcad802a4517b7133a656e3896c5c147a7c059fb52a239bb5efb5edd/diff:/var/lib/docker/overlay2/53234cf179231d3f1387b79efadb8dfd9cefe68f9f2ca2d2f49bdd1939c4ca43/diff:/var/lib/docker/overlay2/da6a977409100559cb4e3c8491fe9162c75269d156731fa0a452c976c49a7755/diff:/var/lib/docker/overlay2/f9bdd88a049f1734eed8e30791a32c40615235ea178ccad5e7da08fbe4b4479e/diff:/var/lib/docker/overlay2/fb6563526b8b6b6061d251a5f0c78310a2d18bb8bd2131304528f18fc709b970/diff:/var/lib/docker/overlay2/bdc38721111eeb3a9b0fa373e2a2dadd3b60810a5e3b6e380b632c4988242412/diff:/var/lib/docker/overlay2/a36f4f22e642e1cef4b7c355b0743033170438b8788254661951c6911d2a352d/diff:/var/lib/docker/overlay2/5ec720e81f194ced8be20bc32788ab0e00253c7d8f735453a28f0a3399917b80/diff:/var/lib/docker/overlay2/ef56c7d764619a9e09be1e18fb16fd26027eaf918ad893c73bef7cdeb29fb4ad/diff:/var/lib/docker/overlay2/4a4829ed5ebf5389f489f883bda718b39bce1b0dcc63367682443072ee0aae8e/diff:/var/lib/docker/overlay2/66a51eb01b4b001d6816d7c91e969be3bbb3ecf176856eb0d1e2b022abe4956a/diff:/var/lib/docker/overlay2/7e8a03d4727adc704baab8a01502e6b16ee90fc0901ece388b7c4e316ab270ce/diff:/var/lib/docker/overlay2/405fa07e6c36b0ace72c267001d6440b397f4a3edd382bdb44cc33242ef990c1/diff:/var/lib/docker/overlay2/640dc40711366eefdc38587353d7800897ec5b45fb0486472d1bbe1802e322be/diff",
            "MergedDir": "/var/lib/docker/overlay2/a16a0afa0685d310e96e4bfa631059920171266a9741f46808c10fa58bc2a511/merged",
            "UpperDir": "/var/lib/docker/overlay2/a16a0afa0685d310e96e4bfa631059920171266a9741f46808c10fa58bc2a511/diff",
            "WorkDir": "/var/lib/docker/overlay2/a16a0afa0685d310e96e4bfa631059920171266a9741f46808c10fa58bc2a511/work"
        },
        "Name": "overlay2"
    },
    "RootFS": {
        "Type": "layers",
        "Layers": [
            "sha256:98b5f35ea9d3eca6ed1881b5fe5d1e02024e1450822879e4c13bb48c9386d0ad",
            "sha256:7f20a186269f0cfa4127299f18881d89a9043a17445d5bd585f7161d0714e12b",
            "sha256:18a8e16c32733cea244a9fdb77c9cc2f78cd4491e15c9aeeec6bb4916572ce7c",
            "sha256:d718075e1116aa4655eb41c554e756a5e614088f821dbf9c159c468fa9328de0",
            "sha256:360e44133f827ce8f1bf848a6bba18d90d98834cfd9ce8112bf57ecc50cf0260",
            "sha256:71f1f2569a8e0ab832b3f98f79e7d111f633b3cc8ba29279f5c310ef4786ee64",
            "sha256:f72ede0754059f3e9d6f4820ed485f32bc49e9d1c5ad83ca9e721941f3dede84",
            "sha256:4cb01b1b0e2d759aff1a1decec9358c384f0220084b86ec5ce54459ba33e5851",
            "sha256:85431f4474df628adaf2a51ffa49134368be2420b3ff92099b6d9ce94592e0a5",
            "sha256:ab60e9601878940c789418e6ce5799f114ed1244b3d15cf1c697e8602e0b6840",
            "sha256:8a2a4e451278436f3822a815d26380ebca0bf05d2a69e3d5f8033f06b06ea3c3",
            "sha256:df8d6b38f89cc524d30f55b26cb03f9fe6bda24d74f81606caf8c5809bef8bfb",
            "sha256:aa884fae0268bd35f31dbcf2b516f52c66c6b3ba91da635644b608245fa40b91",
            "sha256:666def7be2511e362f138f96e6a2f4352dc27798ac2f29c74c76d7763d5bdef0",
            "sha256:dc3b4b8e1b58f9b323551ac38ede7c40a3da753b4a4f97f34cd8b562a3126943",
            "sha256:046d99c466577f8cbe1093fe792badec7d89495d0ee4e25c94bdb57111a2fb54",
            "sha256:18b2ad12b3a4636c69cecbae31c3183b0b4dd5ec5f1e96e31c0e6e048fa4254b",
            "sha256:7f72f96165227eda07e89831ef02b10a17d936d27be423d38c221b26bbdcc403",
            "sha256:730d27db240a483a7ffdde93f4f7a79b782c83d1428889e6d77a298e8f57dc83",
            "sha256:48aba4999aa5731d0c214406f7bfb10c1d3bdabe0c38120853212759b28fa9dc",
            "sha256:4adb5d26666c7d8f0d6eb1addc98cd88221bcf36f2d180156141a50f3412b894",
            "sha256:215a6c46a9dfcab33415658ffaeb896431e3b3a1bf3398e8cf9195ea73195b2f",
            "sha256:fbcedd2234059ce063ce136cd4869a947dbacfa05c18134a2d988a8c9d45f84f",
            "sha256:71a5bf61ba755cf0ab09b2ee4cff7157b2333a41f744b0b74cb85f18699d1f8a"
        ]
    },
    "Metadata": {
        "LastTagTime": "2024-11-14T14:55:43.435767203+08:00"
    }
}

更多版本

docker.io/owasp/modsecurity-crs:nginx

linux/amd64 docker.io275.82MB2024-11-14 14:55