Skip to content

Commit

Permalink
Merge pull request #2 from corazawaf/fixes
Browse files Browse the repository at this point in the history 
fix: second pass changing names and main module
  • Loading branch information
@fzipi
fzipi authored Nov 9, 2023
2 parents 32d9ed9 + 1c4c699 commit a746b53
Show file tree
Hide file tree
Showing 35 changed files with 564 additions and 556 deletions.
52 changes: 33 additions & 19 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,18 +16,18 @@ jobs:
libcoraza_version: master
strategy:
matrix:
nginx_version: ['1.22.0']
nginx_version: ['1.24.0']
# The type of runner that the job will run on
os: [ubuntu-20.04]
os: [ubuntu-22.04]

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: "Checkout repo"
uses: actions/checkout@v3
uses: actions/checkout@v4

# Grab nginx source, from cache if possible, or from web
- name: Grab nginx-${{ matrix.nginx_version }} cache
uses: actions/cache@v2
uses: actions/cache@v3
id: cache-nginx
with:
path: nginx-${{ matrix.nginx_version }}
Expand All @@ -41,7 +41,7 @@ jobs:
# Grab libcoraza
- name: Grab libcoraza-${{ env.libcoraza_version }} cache
uses: actions/cache@v2
uses: actions/cache@v3
id: cache-pcre
with:
path: libcoraza-${{ env.libcoraza_version }}
Expand All @@ -57,19 +57,19 @@ jobs:
- name: Install dependencies with apt
run: |
sudo add-apt-repository universe
sudo apt-get update
sudo apt-get -y \
--fix-missing install \
sudo apt-get -qq update
sudo apt-get -y -qq \
--fix-missing --no-install-recommends install \
gcc make \
libxml2-dev \
libxslt-dev \
libgd-dev \
libgeoip-dev
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@v4
with:
go-version: ^1.17.7
go-version: ^1.21.x

- name: Configure environment
run: |
Expand All @@ -89,26 +89,28 @@ jobs:
- name: Configure compilation of dynamic module
run: |
ls -l
cd ${{ github.workspace }}/nginx-${{ matrix.nginx_version }}
./configure \
--with-compat \
--add-dynamic-module=${{ github.workspace }}/ \
--with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' \
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' \
--prefix=/usr/share/nginx \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid \
--modules-path=/usr/lib/nginx/modules \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--with-debug \
--with-file-aio \
--with-threads \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
Expand All @@ -126,10 +128,22 @@ jobs:
--with-http_xslt_module=dynamic \
--with-stream=dynamic
- name: Compile dynamic module
run: |
- name: Compile dynamic module and install nginx
run: |
cd ${{ github.workspace }}/nginx-${{ matrix.nginx_version }}
make modules
make
sudo make install
- name: Run tests
run: |
wget http://hg.nginx.org/nginx-tests/archive/tip.tar.gz
tar xzf tip.tar.gz
cd nginx-tests-*
cp ../t/* .
export TEST_NGINX_BINARY=/usr/sbin/nginx
export TEST_NGINX_GLOBALS="load_module \"/usr/lib/nginx/modules/ngx_http_coraza_module.so\";"
prove . -t coraza*.t
- name: Upload a Build Artifact
uses: actions/upload-artifact@v2
Expand Down
38 changes: 19 additions & 19 deletions .github/workflows/stale.yml
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
#name: "Close stale issues"
#on:
# schedule:
# - cron: "0 0 * * *"
#
#jobs:
# stale:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/stale@v3
# with:
# repo-token: ${{ secrets.GITHUB_TOKEN }}
# stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days'
# stale-pr-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days'
# stale-issue-label: 'no-issue-activity'
# stale-pr-label: 'no-pr-activity'
# exempt-issue-label: 'nostale,work-in-progress'
# days-before-stale: 30
# days-before-close: 5
name: "Close stale issues"
on:
schedule:
- cron: "0 0 * * *"

jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days'
stale-pr-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days'
stale-issue-label: 'no-issue-activity'
stale-pr-label: 'no-pr-activity'
exempt-issue-label: 'nostale,work-in-progress'
days-before-stale: 30
days-before-close: 5
2 changes: 1 addition & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
.vscode/
.vscode/
62 changes: 0 additions & 62 deletions CHANGES
View file

This file was deleted.

141 changes: 85 additions & 56 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,56 +1,85 @@
FROM ubuntu:latest

RUN apt-get update \
&& apt install -y wget build-essential libpcre++-dev git-core libtool openssl libssl-dev zlib1g-dev\
&& wget http://nginx.org/download/nginx-1.22.0.tar.gz \
&& tar -xvzf nginx-1.22.0.tar.gz
WORKDIR /nginx-1.22.0

RUN wget https://go.dev/dl/go1.19.linux-amd64.tar.gz && \
tar -C /usr/local -xzf go1.19.linux-amd64.tar.gz

ENV PATH="$PATH:/usr/local/go/bin"
ENV CPPFLAGS="-DPNG_ARM_NEON_OPT=0"
COPY . coraza

RUN git clone https://github.com/corazawaf/libcoraza && \
cd libcoraza && \
./build.sh && \
./configure && \
make && \
make install

RUN ./configure \
--with-compat \
--add-module=/nginx-1.22.0/coraza/ \
--with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' \
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' \
--prefix=/usr/share/nginx \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid \
--modules-path=/usr/lib/nginx/modules \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-debug \
--with-http_ssl_module \
--with-http_stub_status_module \
#--with-http_realip_module \
--with-http_auth_request_module \
--with-http_v2_module \
#--with-http_dav_module \
--with-http_slice_module \
--with-threads \
--with-http_addition_module \
#--with-http_geoip_module=dynamic \
--with-http_gunzip_module \
#--with-http_gzip_static_module \
#--with-http_image_filter_module=dynamic \
--with-http_sub_module \
#--with-http_xslt_module=dynamic \
--with-stream=dynamic
FROM --platform=$BUILDPLATFORM golang as go-builder

ARG libcoraza_version=master

# For latest build deps, see https://github.com/nginxinc/docker-nginx/blob/master/mainline/alpine/Dockerfile
RUN set -eux; \
apt-get update -qq; \
apt-get install -qq --no-install-recommends \
autoconf \
automake \
libtool \
gcc \
bash \
make

RUN set -eux; \
wget https://github.com/corazawaf/libcoraza/tarball/master -O /tmp/master; \
tar -xvf /tmp/master; \
cd corazawaf-libcoraza-*; \
./build.sh; \
./configure; \
make; \
make V=1 install

FROM nginx:stable as ngx-coraza

COPY --from=go-builder /usr/local/include/coraza /usr/local/include/coraza
COPY --from=go-builder /usr/local/lib/libcoraza.a /usr/local/lib
COPY --from=go-builder /usr/local/lib/libcoraza.so /usr/local/lib

# For latest build deps, see https://github.com/nginxinc/docker-nginx/blob/master/mainline/alpine/Dockerfile
RUN set -eux; \
apt-get update -qq; \
apt-get install -qq --no-install-recommends \
gcc \
gnupg1 \
ca-certificates \
libc-dev \
make \
openssl \
curl \
gnupg \
wget \
libpcre3 libpcre3-dev \
zlib1g-dev

COPY . /usr/src/coraza-nginx

# Download sources
RUN set -eux; \
curl "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -o - | tar zxC /usr/src -f -;
# Reuse same cli arguments as the nginx:alpine image used to build

RUN set -eux; \
CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p');\
cd /usr/src/nginx-$NGINX_VERSION; \
./configure --with-compat "$CONFARGS" --add-dynamic-module=/usr/src/coraza-nginx; \
make modules; \
mkdir -p /usr/lib/nginx/modules; \
find objs/*.so -print; \
cp objs/ngx_*.so /usr/lib/nginx/modules

FROM nginx:stable

RUN sed -i -e "s|events {|load_module \"/usr/lib/nginx/modules/ngx_http_coraza_module.so\";\n\nevents {|" /etc/nginx/nginx.conf;

COPY ./coraza.conf /etc/nginx/conf.d/coraza.conf
COPY --from=ngx-coraza /usr/lib/nginx/modules/ /usr/lib/nginx/modules/
COPY --from=go-builder /usr/local/lib/libcoraza.so /usr/local/lib

RUN ldconfig -v

COPY ./t /tmp/t

RUN set -eux; \
apt-get update -qq; \
apt-get install -qq --no-install-recommends curl perl; \
curl http://hg.nginx.org/nginx-tests/archive/tip.tar.gz -o tip.tar.gz; \
tar xzf tip.tar.gz; \
cd nginx-tests-*; \
cp /tmp/t/* . ;\
export TEST_NGINX_BINARY=/usr/sbin/nginx; \
export TEST_NGINX_GLOBALS="load_module \"/usr/lib/nginx/modules/ngx_http_coraza_module.so\";"; \
prove . -t coraza*.t

Loading

0 comments on commit a746b53

Please sign in to comment.