Skip to content
/ nginx-waf-cluster Public

Proof of concept multiple nginx + modsecurity instances

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

francis-io/nginx-waf-cluster

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
app
app
 
 
waf
waf
 
 
README.md
README.md
 
 
delete_all_images.sh
delete_all_images.sh
 
 
docker-compose.yml
docker-compose.yml
 
 
start.sh
start.sh
 
 
stop.sh
stop.sh
 
 

Repository files navigation

Modified version of theonemule/docker-waf as a POC autoscaling/HA cluster of WAF instances.

Things of note:

  • Builds an nginx waf container and a simple demo app using multi stage builds, which requires docker >17.05
  • Uses Ubuntu 16.04 LTS, which is very heavy on the final build.
  • Pulls OWASP rules from GitHub without any filtering/pruning.
  • Uses docker swarm to scale the waf containers to 3, to simulate a HA cloud setup.
  • Uses haproxy as an entry point, with some magic config to help find each waf container.

To build and run

./start.sh (I have ran into a bug in my config where the haproxy container starts and fails before the network starts)

You can then access the app via haproxy and the WAF "cluster" on 127.0.0.1 or directly via 127.0.0.1:9090 for testing.

About

Proof of concept multiple nginx + modsecurity instances

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages