c - 带有 Modsecurity 的静态 Nginx
问题描述
尝试将 Modsecurity v3.0.4 添加到 Nginx v1.19.9 但遇到一些我不明白的错误。有许多错误类似于我在下面粘贴的错误,但并未包括所有错误。我的意图是创建一个静态 Nginx 二进制文件,而不是使用动态 Modsecurity 模块。谢谢你的帮助。
Dockerfile
FROM alpine:latest as build
#Define build argument for version
ARG NGNX_VERSION=1.19.8
ARG PCRE_VERSION=8.44
ARG OSSL_VERSION=1.1.1k
ARG ZLIB_VERSION=1.2.11
ARG GEO_DB_RELEASE=2021-04
ARG MODSEC_BRANCH=v3.0.4
ARG OWASP_BRANCH=v3.3/master
# Set working directory
WORKDIR /tmp
RUN echo "Installing Dependencies" && \
apk add --no-cache --virtual general-dependencies \
autoconf \
automake \
byacc \
build-base \
gnupg \
perl \
linux-headers \
pcre-dev \
wget \
geoip-dev \
curl-dev \
flex \
g++ \
gcc \
geoip-dev \
git \
libc-dev \
libmaxminddb-dev \
libstdc++ \
libtool \
libxml2-dev \
linux-headers \
lmdb-dev \
make \
openssl-dev \
pcre-dev \
yajl-dev \
zlib-dev
# Clone and compile modsecurity. Binary will be located in /usr/local/modsecurity
RUN echo "Installing ModSec Library" && \
git clone -b ${MODSEC_BRANCH} --depth 1 https://github.com/SpiderLabs/ModSecurity && \
git -C /tmp/ModSecurity submodule update --init --recursive && \
(cd "/tmp/ModSecurity" && \
./build.sh && \
./configure --with-lmdb && \
make -j 10 && \
make install \
)
# Retrieve required packages
RUN echo 'Cloning Modsec Nginx Connector, GeoIP, ModSec OWASP Rules, and download/extract nginx and GeoIP databases' && \
git clone -b master --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git && \
git clone -b ${OWASP_BRANCH} --depth 1 https://github.com/coreruleset/coreruleset.git /usr/local/owasp-modsecurity-crs && \
wget -q https://www.openssl.org/source/openssl-$OSSL_VERSION.tar.gz && \
tar -xzf openssl-$OSSL_VERSION.tar.gz && \
wget -q https://ftp.pcre.org/pub/pcre/pcre-$PCRE_VERSION.tar.bz2 && \
tar -xjf pcre-$PCRE_VERSION.tar.bz2 && \
wget -q http://zlib.net/zlib-$ZLIB_VERSION.tar.gz && \
tar -xzf zlib-$ZLIB_VERSION.tar.gz && \
wget -q http://nginx.org/download/nginx-$NGNX_VERSION.tar.gz && \
tar -xzf nginx-$NGNX_VERSION.tar.gz
# Install Nginx with PCRE, OpenSSL, Geomod, Zlib
RUN set -x && \
cd /tmp/nginx-$NGNX_VERSION && \
./configure \
--with-compat \
--with-ld-opt="-static" \
--with-pcre=/tmp/pcre-${PCRE_VERSION} \
--with-zlib=/tmp/zlib-${ZLIB_VERSION} \
--with-openssl=/tmp/openssl-${OSSL_VERSION} \
--with-http_realip_module \
--with-http_v2_module \
--add-module=/tmp/ModSecurity-nginx \
--with-http_ssl_module && \
make -j 10 && \
make install && \
strip /usr/local/nginx/sbin/nginx && \
apk del general-dependencies
# Symlink access and error logs to /dev/stdout and /dev/stderr, in
# order to make use of Docker's logging mechanism
RUN ln -sf /dev/stdout /usr/local/nginx/logs/access.log && \
ln -sf /dev/stderr /usr/local/nginx/logs/error.log
RUN addgroup -S nginx && adduser -S -G nginx nginx
Nginx make 部分发生故障。与这些类似的还有很多。
/usr/include/c++/10.2.1/bits/basic_string.tcc:225: undefined reference to `std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_S_copy_chars(char*, char const*, char const*)'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/include/c++/10.2.1/bits/basic_string.tcc:219: undefined reference to `std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_create(unsigned long&, unsigned long)'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/include/c++/10.2.1/bits/basic_string.tcc:212: undefined reference to `std::__throw_logic_error(char const*)'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(lt5-libmodsecurity_la-rule.o): in function `_GLOBAL__sub_I_rule.cc':
/usr/include/c++/10.2.1/iostream:74: undefined reference to `std::ios_base::Init::Init()'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(lt5-libmodsecurity_la-rule.o): in function `__static_initialization_and_destruction_0':
/usr/include/c++/10.2.1/iostream:74: undefined reference to `std::ios_base::Init::~Init()'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(lt5-libmodsecurity_la-rule.o): in function `__static_initialization_and_destruction_0':
/tmp/ModSecurity/src/variables/rule.cc:23: undefined reference to `std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string()'
collect2: error: ld returned 1 exit status
make[1]: *** [objs/Makefile:267: objs/nginx] Error 1
解决方案
OWASP ModSecurity 核心规则集项目在这里。
我从未尝试过静态编译,但我建议您在 modsecurity 邮件列表或特定的 modsecurity 开发者邮件列表中提问。
推荐阅读
- python - 如何在 TensorFlow 2.x 中使用相同的标签实现多输出损失?
- python - 检查目标时出错:将 FC 层转换为 Conv2D
- javascript - 具有许多断言的赛普拉斯测试的最佳实践
- typescript - 与 Rollup 和 rollup-plugin-typescript2 捆绑的 Typescript 变坏了
- r - 如何在谷歌搜索链接下抓取描述?
- python - python读取csv,逗号内的文本在具有双双引号的列内“”文本,文本2“”导致与逗号分隔
- java - 不同依赖项上的类冲突
- swift - 如何使用 OnTapGesture 事件播放我的抽奖动画?
- jenkins - Jenkins JNLP 端口暴露内部 ip
- iis - 发布到 IIS 的 Blazor 服务器应用程序获取您的连接不是私有的