CODEWITHSUNDEEP
dockernginxmod-security
CaffeineAddiction
CaffeineAddiction

Reputation: 823

How do I prevent owasp/modsecurity Docker container from overwriting my nginx.conf

I am attempting to update my reg nginx server (docker container) to nginx w/ mod security (docker container). The Nginx configs / Certs / Everything was working with plain Nginx.

I am attempting to use https://hub.docker.com/r/owasp/modsecurity# specificily owasp/modsecurity:nginx-alpine

However, every time I run the container my /etc/nginx/nginx.conf and /etc/nginx/conf.d/ keep getting completely overwritten.

On the one hand, i get that they are writing the config to make use of mod security but I am lost at how they expect an enduser to customize the config or add lets-encrypt keys if they overwrite everything.

Here is my current setup:

docker run \
  --name ms-nginx \
  -d --restart=always \
  -p 80:80 \
  -p 443:443 \
  -v /opt/containers/nginx/modsecurity.d:/etc/modsecurity.d \
  -v /opt/containers/nginx/config:/etc/nginx \
  -v /opt/containers/nginx/www:/var/www:ro \
  -v /etc/letsencrypt/:/etc/letsencrypt:ro \
  -v /etc/ssl/dhparam.pem:/etc/ssl/certs/dhparam-2048.pem:ro \
  owasp/modsecurity:nginx-alpine

Am I doing it wrong? should it be turtles all the way down and I point my main nginx to another Nginx w/ mod security which points to a specific web service? This seems like it should be easy and I am just missing something obvious.

Upvotes: 0

Views: 1472

Answers (1)

CaffeineAddiction
CaffeineAddiction

Reputation: 823

Per Documentation (https://hub.docker.com/r/owasp/modsecurity):

What happens if I want to make changes in a different file, like /etc/nginx/conf.d/default.conf? You mount your local file, e.g. nginx/default.conf as the new template:
/etc/nginx/templates/conf.d/default.conf.template. You can do this similarly with other files. Files in the templates directory will be copied and subdirectories will be preserved.

Upvotes: 1

Related Questions