openresty+redis

Author: Andrea Sessa

docker/debian-nginx-ssl-ja3/Dockerfile renamed to Dockerfile

@@ -50,12 +50,10 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --fix-missing \
     zlib1g-dev
 
 # Create build directory
-RUN mkdir -p /build
+RUN mkdir -p /build/nginx-ssl-ja3
 
 WORKDIR /build
 
-VOLUME ["/build/nginx-ssl-ja3"]
-
 # Get test framework
 RUN git clone https://github.com/nginx/nginx-tests
 
@@ -66,7 +64,7 @@ RUN git clone https://github.com/openssl/openssl
 WORKDIR /build/openssl
 
 RUN git checkout OpenSSL_1_1_1 -b patched
-COPY patches/openssl.extensions.patch /build/openssl
+COPY nginx-ja3/patches/openssl.extensions.patch /build/openssl
 RUN patch -p1 < openssl.extensions.patch
 RUN ./config -d
 RUN make
@@ -78,28 +76,38 @@ RUN hg clone http://hg.nginx.org/nginx
 
 # Patch nginx for fetching ssl client extensions
 WORKDIR /build/nginx
-COPY patches/nginx.latest.patch /build/nginx
+COPY nginx-ja3/patches/nginx.latest.patch /build/nginx
 RUN patch -p1 < nginx.latest.patch
 
 # Install files
 RUN mkdir -p /usr/local/nginx/conf/
-COPY docker/debian-nginx-ssl-ja3/nginx.conf /usr/local/nginx/conf/nginx.conf
 
 # Install self-signed certificate
 RUN LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib /usr/local/bin/openssl req -new -x509 -days 365 -nodes -out /usr/local/nginx/conf/cert.pem -keyout /usr/local/nginx/conf/rsa.key -subj "/C=PT/ST=Lisbon/L=Lisbon/O=Development/CN=foo.local"
 
 # vim config
-COPY docker/debian-nginx-ssl-ja3/vimrc /etc/vim/vimrc
+COPY ./nginx/vimrc /etc/vim/vimrc
 
 RUN echo 'export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib' | tee -a /root/.bashrc
 RUN echo 'export PATH=$PATH:/usr/local/bin:/usr/local/nginx/sbin' | tee -a /root/.bashrc
 RUN echo '' | tee -a /root/.bashrc
 RUN echo 'export ASAN_OPTIONS=symbolize=1' | tee -a /root/.bashrc
-RUN echo 'export export ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer' | tee -a /root/.bashrc
+RUN echo 'export ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer' | tee -a /root/.bashrc
 RUN echo '' | tee -a /root/.bashrc
 
-WORKDIR /build
-COPY docker/debian-nginx-ssl-ja3/compile.sh /build/compile.sh
-RUN echo 'TO COMPILE RUN:\n    cd nginx\n    ASAN_OPTIONS=symbolize=1 ./auto/configure --add-module=/build/nginx-ssl-ja3 --with-http_ssl_module --with-stream_ssl_module --with-debug --with-stream --with-cc-opt="-fsanitize=address -O -fno-omit-frame-pointer" --with-ld-opt="-L/usr/local/lib -Wl,-E -lasan"\n    make install' | tee -a /build/COMPILE.ASAN.README
-RUN echo 'TO TEST RUN:\n    nginx &\n    openssl s_client -connect 127.0.0.1:12345 -cipher "AES128-SHA" -curves secp521r1' | tee -a /build/TEST.README
+COPY nginx-ja3/ /build/nginx-ssl-ja3
 
+WORKDIR /build/nginx
+RUN ASAN_OPTIONS=detect_leaks=0:symbolize=1 ./auto/configure \
+    --add-module=/build/nginx-ssl-ja3 \
+    --with-http_ssl_module \
+    --with-stream_ssl_module \
+    --with-debug \
+    --with-stream \ 
+    --with-http_auth_request_module \
+    --with-cc-opt="-fsanitize=address -O -fno-omit-frame-pointer" \
+    --with-ld-opt="-L/usr/local/lib -Wl,-E -lasan"
+RUN make install 
+
+EXPOSE 443
+CMD ["/usr/local/nginx/sbin/nginx"]

docker-compose.yml

@@ -0,0 +1,25 @@
+version: '3.7'
+
+services:
+    nginx:
+        image: 'nginx-ja3'
+        build: .
+        ports:
+          - '443:443'
+        volumes:
+          - ./nginx/nginx.conf:/usr/local/nginx/conf/nginx.conf
+    openresty:
+        image: openresty/openresty
+        volumes:
+          - ./openresty/lua:/lua
+          - ./openresty/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf
+        ports:
+          - 8080:80
+    redis:
+        image: redis
+        ports:
+          - 6379:6379
+    redis-browser:
+      image: marian/rebrow
+      ports:
+        - 5001:5001