-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create automated image builds #1
Comments
Having started with refactoring the owasp/modsecurity-crs Docker image I figured that there is probably very little benefit to overwhelm developers with a full choice of
It's probably sufficient to satisfy the use case of wanting to choose the CRS version (primarily) and the Web proxy platform. Because as a developer you may want to use "the latest version of ModSecurity, with the CRS obviously" targeting a specific Web proxy software. Docker Image Tagging SchemeHence, a Dockerfile a developer may want to code could start like this: FROM owasp/modsecurity-crs:3.3-apache FROM owasp/modsecurity-crs:3.3-nginx And while the Nginx flavor would run ModSecurity v3, the Apache flavor would run ModSecurity v2 underneath for plain technical reasons, and no-one should care. The CRS will be the same and the resulting behavior should (hopefully) also match. FROM owasp/modsecurity-crs:3.3 FROM owasp/modsecurity-crs:apache FROM owasp/modsecurity-crs:nginx Whether just specifying the CRS version would default to Nginx or better Apache shall be defined later on, maybe based on popularity or obvious technical advantage (stability, speed). When I specify only the Web proxy platform I should get the latest CRS, following the way the httpd and nginx base images do it. OutcomeThis decision would reduce both the mental overhead for developers using the image and the maintainers of the image, reducing the number of combinations. Does that sound okay or are there reasons to stick to a different tagging scheme? Pinging @csanders-git, @franbuehler, @dune73. |
More design decisions:
This way it should be possible to configure ModSecurity the same way (at the same file locations) completely agnostic from which Web proxy is being used. |
Thanks for pinging me and thanks for your proposals, @bittner . I like them! I also like the idea of copying files to the mentioned directories and just linking them. So we could do it the way you proposed, in my opinion. Other opinions? |
The automatic builds are now in place. The following images (tags) are added/updated on Ducker Hub:
The |
Planned tasks to refactor
modsecurity-crs-docker
/util/docker
) to the newmodsecurity-crs-docker
repositorymodsecurity-docker
imagesRelated issues:
The text was updated successfully, but these errors were encountered: