Open Ziemowit opened 1 year ago
Hi @Ziemowit !
This looks like a bug in modsecurity module packaging, with regards to wrong build dependencies. I'll work on fixing it.
Thank you!
As a temporary workaround you can apply a following patch:
diff --git a/modules/Dockerfile b/modules/Dockerfile
index 1cce673..9747d68 100644
--- a/modules/Dockerfile
+++ b/modules/Dockerfile
@@ -15,7 +15,7 @@ RUN set -ex \
&& apt install -y --no-install-suggests --no-install-recommends \
patch make wget mercurial devscripts debhelper dpkg-dev \
quilt lsb-release build-essential libxml2-utils xsltproc \
- equivs git g++ libparse-recdescent-perl \
+ equivs git g++ libparse-recdescent-perl libpcre3-dev \
&& XSLSCRIPT_SHA512="f7194c5198daeab9b3b0c3aebf006922c7df1d345d454bd8474489ff2eb6b4bf8e2ffe442489a45d1aab80da6ecebe0097759a1e12cc26b5f0613d05b7c09ffa *stdin" \
&& wget -O /tmp/xslscript.pl https://hg.nginx.org/xslscript/raw-file/01dc9ba12e1b/xslscript.pl \
&& if [ "$(cat /tmp/xslscript.pl | openssl sha512 -r)" = "$XSLSCRIPT_SHA512" ]; then \
For what it's worth, the underlying issue is fixed in the current master branch in modsecurity: https://github.com/SpiderLabs/ModSecurity/commit/791964a0ea73e391a228878e854ab2b713886763
So upgrading modsecurity to when they release a new version will automatically fix that for us too without the need of the aforementioned workaround.
Thank you for a quick action!
Ok, so to finish installation of modsec after successful build as I understand I need to provide my own files:
with load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;
line.
File with servers & locations definitions
server {
...
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/modsecurity.conf;
location / {
....
}
}
Am I correct?
Hi @Ziemowit, yes that's correct.
sed -i 's/libparse-recdescent-perl \/libparse-recdescent-perl libpcre3-dev \/' Dockerfile
ps. yes, I know. but it ain't stupid if it works
When trying to build the nginx image with modsecurity I am getting:
Should I change something in provided Dockerfile to make it work? Or it is an issue?