An nginx proxy for use in the Deis open source PaaS.
This Docker image is based on the official
Please consult the Makefile for current instructions on how to build, test, push,
install, and start deis/router.
- DEBUG enables verbose output if set
- ETCD_PORT sets the TCP port on which to connect to the local etcd
daemon (default: 4001)
- ETCD_PATH sets the etcd directory where the router announces
its configuration (default: /deis/router)
- ETCD_TTL sets the time-to-live before etcd purges a configuration
value, in seconds (default: 10)
- PORT sets the TCP port on which the router listens (default: 80)
Shellshock exposed that some apps (mostly CGI based) inside a web server can be exploited, allowing the arbitrary execution of commands.
To reduce the contact surface of this attack and others (like SQL injection and cross site scripting), it's possible to enable the naxsi firewall (which is disabled by default). NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX.
The rules included are from this project doxi-rules
Only these modules are enabled:
|web_app.rules||detect exploit/misuse-attempts againts web-applications|
|web_server.rules||generic rules to protect a webserver from misconfiguration and known mistakes / exploit-vectors|
|active-mode.rules||rules to configure active-mode (block)|
|naxsi_core||core naxsi rules|
© 2014 Engine Yard, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.