Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci(fix): NAP tests #453

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

ci(fix): NAP tests #453

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9639991
ci(fix): NAP tests
alessfg Jul 28, 2024
419cce8
Update molecule.yml
alessfg Jul 29, 2024
bc717ef
Merge branch 'main' into nap
alessfg Aug 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
124 changes: 62 additions & 62 deletions molecule/complete_plus/converge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,9 @@
deployment_location: /etc/nginx/nginx.conf
config:
main:
# load_module:
# - modules/ngx_http_app_protect_module.so
# - modules/ngx_http_app_protect_dos_module.so
load_module:
- modules/ngx_http_app_protect_module.so
- modules/ngx_http_app_protect_dos_module.so
user: nginx
worker_processes: auto
error_log:
Expand Down Expand Up @@ -151,27 +151,27 @@
core:
default_type: application/octet-stream
keepalive_timeout: 65s
# app_protect_waf:
# physical_memory_util_thresholds:
# high: 100
# low: 100
# cpu_thresholds:
# high: 100
# low: 100
# failure_mode_action: pass
# cookie_seed: testseed
# compressed_requests_action: drop
# app_protect_dos:
# liveliness:
# enable: true
# uri: /app_protect_dos_liveliness
# port: 8090
# readiness:
# enable: true
# uri: /app_protect_dos_readiness
# port: 8090
# arb_fqdn: 192.168.1.10
# accelerated_mitigation: false
app_protect_waf:
physical_memory_util_thresholds:
high: 100
low: 100
cpu_thresholds:
high: 100
low: 100
failure_mode_action: pass
cookie_seed: testseed
compressed_requests_action: drop
app_protect_dos:
liveliness:
enable: true
uri: /app_protect_dos_liveliness
port: 8090
readiness:
enable: true
uri: /app_protect_dos_readiness
port: 8090
arb_fqdn: 192.168.1.10
accelerated_mitigation: false
grpc:
bind:
address: $remote_addr
Expand Down Expand Up @@ -351,26 +351,26 @@
default_server: true
server_name: localhost
client_max_body_size: 512k
# app_protect_waf:
# enable: true
# policy_file: /etc/app_protect/conf/NginxDefaultPolicy.json
# security_log_enable: true
# security_log:
# - path: /etc/app_protect/conf/log_default.json
# dest: syslog:server=10.1.1.1:514
# - path: /etc/app_protect/conf/log_default.json
# dest: syslog:server=10.1.1.2:514
# app_protect_dos:
# enable: true
# policy_file: /etc/app_protect/conf/BADOSDefaultPolicy.json
# security_log_enable: true
# security_log:
# path: /etc/app_protect_dos/log-default.json
# dest: syslog:server=10.1.1.1:514
# monitor:
# uri: http://10.1.1.1:5000/monitor
# protocol: http2
# timeout: 10
app_protect_waf:
enable: true
policy_file: /etc/app_protect/conf/NginxDefaultPolicy.json
security_log_enable: true
security_log:
- path: /etc/app_protect/conf/log_default.json
dest: syslog:server=10.1.1.1:514
- path: /etc/app_protect/conf/log_default.json
dest: syslog:server=10.1.1.2:514
app_protect_dos:
enable: true
policy_file: /etc/app_protect/conf/BADOSDefaultPolicy.json
security_log_enable: true
security_log:
path: /etc/app_protect_dos/log-default.json
dest: syslog:server=10.1.1.1:514
monitor:
uri: http://10.1.1.1:5000/monitor
protocol: http2
timeout: 10
auth_jwt:
enable:
realm: realm
Expand All @@ -390,24 +390,24 @@
format: main
locations:
- location: /
# app_protect_waf:
# enable: true
# policy_file: /etc/app_protect/conf/NginxDefaultPolicy.json
# security_log_enable: true
# security_log:
# - path: /etc/app_protect/conf/log_default.json
# dest: syslog:server=10.1.1.1:514
# - path: /etc/app_protect/conf/log_default.json
# dest: syslog:server=10.1.1.2:514
# app_protect_dos:
# enable: true
# policy_file: /etc/app_protect/conf/BADOSDefaultPolicy.json
# security_log_enable: true
# security_log:
# path: /etc/app_protect_dos/log-default.json
# dest: syslog:server=10.1.1.1:514
# monitor: http://10.1.1.1:5000/monitor
# api: true
app_protect_waf:
enable: true
policy_file: /etc/app_protect/conf/NginxDefaultPolicy.json
security_log_enable: true
security_log:
- path: /etc/app_protect/conf/log_default.json
dest: syslog:server=10.1.1.1:514
- path: /etc/app_protect/conf/log_default.json
dest: syslog:server=10.1.1.2:514
app_protect_dos:
enable: true
policy_file: /etc/app_protect/conf/BADOSDefaultPolicy.json
security_log_enable: true
security_log:
path: /etc/app_protect_dos/log-default.json
dest: syslog:server=10.1.1.1:514
monitor: http://10.1.1.1:5000/monitor
api: true
auth_jwt:
enable: false
leeway: 0s
Expand Down
9 changes: 0 additions & 9 deletions molecule/complete_plus/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,6 @@ lint: |
set -e
ansible-lint --force-color
platforms:
- name: rhel-8
image: redhat/ubi9:9.4
platform: x86_64
dockerfile: ../common/Dockerfile.j2
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
command: /usr/sbin/init
- name: ubuntu-jammy
image: ubuntu:jammy
platform: x86_64
Expand Down
20 changes: 10 additions & 10 deletions molecule/complete_plus/prepare.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,13 @@
key: ../common/files/license/nginx-repo.key
nginx_remove_license: false

# - name: Install NGINX App Protect WAF
# ansible.builtin.include_role:
# name: nginxinc.nginx_app_protect
# vars:
# nginx_app_protect_waf_enable: true
# nginx_app_protect_dos_enable: true
# nginx_app_protect_setup_license: false
# nginx_app_protect_remove_license: false
# nginx_app_protect_install_signatures: false
# nginx_app_protect_install_threat_campaigns: false
- name: Install NGINX App Protect WAF
ansible.builtin.include_role:
name: nginxinc.nginx_app_protect
vars:
nginx_app_protect_waf_enable: true
nginx_app_protect_dos_enable: true
nginx_app_protect_setup_license: false
nginx_app_protect_remove_license: false
nginx_app_protect_install_signatures: false
nginx_app_protect_install_threat_campaigns: false
Loading