Merge pull request #1 from Atomicorp/aum-update

Update with aum packaging

Author: atomicturtle

Dockerfile

@@ -6,8 +6,12 @@ RUN yum -y install wget  && yum clean all
 
 RUN cd /root; NON_INT=1 wget -q -O - https://updates.atomicorp.com/installers/atomic |sh
 
+COPY config/tortix-common.repo /etc/yum.repos.d/tortix-common.repo
 
-RUN yum -y install nginx nginx-module-modsecurity http-tools 
+RUN yum -y install nginx nginx-module-modsecurity http-tools roadsend-php-libs aum
+
+# Special condition for aum
+RUN ln -sf /var/asl/bin/aum.dynamic /var/asl/bin/aum
 
 # Configure Nginx and apply fix for very long server names
 RUN echo "daemon off;" >> /etc/nginx/nginx.conf \
@@ -21,6 +25,7 @@ COPY config/00_mod_security.conf /etc/nginx/conf.d/
 COPY config/modsecurity.d /etc/httpd/modsecurity.d
 
 
+
 # Install Forego
 ADD https://github.com/jwilder/forego/releases/download/v0.16.1/forego /usr/local/bin/forego
 RUN chmod u+x /usr/local/bin/forego

README.md

@@ -1,6 +1,48 @@
-This container implements the Free Atomicorp NGINX Web Application Firewall (ModSecurity v3) ruleset. The full commercial ruleset can be added from:
+About
 
-https://www.atomicorp.com 
+This container implements the Atomicorp NGINX Web Application Firewall (ModSecurity v3). It is designed to act as a reverse proxy, and supports automatic container detection and configuration. Rule policies are shared with the container over a volume 
+
+
+Installation
+
+1) Register for WAF rule updates at https://atomicorp.com/pricing/
+
+
+2) Create volume directories for /etc/nginx/conf.d and /etc/httpd/modsecurity.d
+
+	mkdir -p ~/waf/conf.d
+	mkdir -p ~/waf/modsecurity.d
+
+3) Download nginx ruleset at: https://updates.atomicorp.com/channels/rules/nginx-latest/, and extract the archive:
+
+	tar xvf nginx-waf-201802271105.tar.gz
+
+4) Copy the master nginx config:
+	
+	cp rules/conf/00_mod_security.conf ~/waf/conf.d
+	cp rules/conf/tortix_waf.conf  ~/waf/modsecurity.d/
+	cp rules/* ~/waf/modsecurity.d/
+
+
+
+Usage
+
+Basic 
+
+DEFAULT_HOST declares the nginx default host
+
+docker run -d -p 80:80 -e DEFAULT_HOST=www.example.com -v /var/run/docker.sock:/tmp/docker.sock:ro -v ~/waf/conf.d:/etc/nginx/conf.d -v ~/waf/modsecurity.d:/etc/httpd/modsecurity.d atomicorp/nginx-waf-docker
+
+With SSL certificates
+
+docker run -d -p 80:80 -p 443:443 -v /path/to/certs:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro -v ~/waf/conf.d:/etc/nginx/conf.d -v ~/waf/modsecurity.d:/etc/httpd/modsecurity.d atomicorp/nginx-waf-proxy
+
+
+Name-Based virtual host support
+
+available with the environmental variable -e VIRTUAL_HOST=www.example.com. Note that name based virtual  host certificates (if used)use naming convention <VIRTUAL_HOST>.key and <VIRTUAL_HOST>.crt Example: www.example.com.key and www.example.com.crt
+
+docker run -e VIRTUAL_HOST=www.example.com -d -p 80:80 -p 443:443 -v /path/to/certs:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro -v ~/waf/conf.d:/etc/nginx/conf.d -v ~/waf/modsecurity.d:/etc/httpd/modsecurity.d atomicorp/nginx-waf-proxy
 
 
 Thanks:

config/tortix-common.repo

@@ -0,0 +1,8 @@
+[tortix-common]
+name=Atomicorp - Centos 7 - Atomic Secured Linux 
+mirrorlist=http://updates.atomicorp.com/channels/mirrorlist/tortix-common/centos-$releasever-$basearch
+priority=1
+enabled=1
+gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt
+gpgcheck=1
+