更新 Nginx 至 1.29.3, ModSecurity 至 v3.0.14

AptS-1547 · AptS-1547 · commit a569ef909575 · 2025-10-30T02:25:20.000+08:00
diff --git a/Dockerfile.latest b/Dockerfile.latest
@@ -1,4 +1,4 @@
-FROM nginx:1.29.2-alpine AS builder
+FROM nginx:1.29.3-alpine AS builder
 
 # 设置 ModSecurity 版本
 ENV MODSECURITY_VERSION=v3.0.14
@@ -34,9 +34,9 @@ RUN apk add --no-cache --virtual .build-deps \
 WORKDIR /opt
 
 # 下载 Nginx 源码
-RUN wget https://nginx.org/download/nginx-1.29.2.tar.gz \
-    && tar -xzf nginx-1.29.2.tar.gz \
-    && rm nginx-1.29.2.tar.gz
+RUN wget https://nginx.org/download/nginx-1.29.3.tar.gz \
+    && tar -xzf nginx-1.29.3.tar.gz \
+    && rm nginx-1.29.3.tar.gz
 
 # 下载 ModSecurity
 RUN git clone --depth 1 -b ${MODSECURITY_VERSION} https://github.com/owasp-modsecurity/ModSecurity.git
@@ -55,18 +55,18 @@ RUN cd /opt/ModSecurity \
     && make clean
 
 # 编译 Nginx 与 ModSecurity 模块
-RUN cd /opt/nginx-1.29.2 \
+RUN cd /opt/nginx-1.29.3 \
     && ./configure --with-compat --add-dynamic-module=/opt/ModSecurity-nginx \
     && make modules \
     && cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules \
     && mkdir -p /etc/nginx/modsec \
     && cp /opt/ModSecurity/unicode.mapping /etc/nginx/modsec/
 
 # 最终镜像
-FROM nginx:1.29.2-alpine AS final
+FROM nginx:1.29.3-alpine AS final
 
 # 安装运行时依赖
-RUN apk add --no-cache --purge --virtual .runtime-deps \
+RUN apk add --no-cache --virtual .runtime-deps \
         lua5.4 \
         yajl \
         libstdc++ \
@@ -77,14 +77,17 @@ RUN apk add --no-cache --purge --virtual .runtime-deps \
         curl
 
 # 复制配置文件和模块
-RUN sed -i '1i load_module modules/ngx_http_modsecurity_module.so;\n' /etc/nginx/nginx.conf
+RUN mkdir -p /etc/nginx/modules-available \
+    && echo "load_module modules/ngx_http_modsecurity_module.so;" > /etc/nginx/modules-available/50-modsecurity.conf \
+    && mkdir -p /etc/nginx/modules-enabled \
+    && ln -s /etc/nginx/modules-available/50-modsecurity.conf /etc/nginx/modules-enabled/
 COPY --from=builder /usr/local/modsecurity/ /usr/local/modsecurity/
 COPY --from=builder /etc/nginx/modules/ngx_http_modsecurity_module.so /etc/nginx/modules/
 COPY --from=builder /etc/nginx/modsec/unicode.mapping /etc/nginx/modsec/
 
 # 添加构建信息标签
 LABEL maintainer="AptS-1547 <apts-1547@esaps.net>" \
-      nginx_version="1.29.2" \
+      nginx_version="1.29.3" \
       modsecurity_version="v3.0.14" \
       modsecurity_nginx_version="v1.0.4" \
-      build_date="2025-10-15T17:42:47Z"
+      build_date="2025-10-29T18:25:20Z"
diff --git a/mainline_version b/mainline_version
@@ -1 +1 @@
-1.29.2
+1.29.3
diff --git a/nginx-1.29.3/mod-3.0.14/Dockerfile b/nginx-1.29.3/mod-3.0.14/Dockerfile
@@ -0,0 +1,93 @@
+FROM nginx:1.29.3-alpine AS builder
+
+# 设置 ModSecurity 版本
+ENV MODSECURITY_VERSION=v3.0.14
+ENV MODSECURITY_NGINX_VERSION=v1.0.4
+
+# 安装构建依赖
+RUN apk add --no-cache --virtual .build-deps \
+        alpine-sdk \
+        autoconf \
+        automake \
+        bison \
+        curl \
+        doxygen \
+        flex \
+        g++ \
+        gcc \
+        git \
+        libtool \
+        lmdb-dev \
+        lua5.4-dev \
+        make \
+        curl-dev \
+        pcre2-dev \
+        yajl-dev \
+        zlib-dev \
+        libxml2-dev \
+        geoip-dev \
+        pcre-dev \
+        linux-headers \
+        wget
+
+# 创建工作目录
+WORKDIR /opt
+
+# 下载 Nginx 源码
+RUN wget https://nginx.org/download/nginx-1.29.3.tar.gz \
+    && tar -xzf nginx-1.29.3.tar.gz \
+    && rm nginx-1.29.3.tar.gz
+
+# 下载 ModSecurity
+RUN git clone --depth 1 -b ${MODSECURITY_VERSION} https://github.com/owasp-modsecurity/ModSecurity.git
+
+# 下载 ModSecurity-nginx 连接器
+RUN git clone --depth 1 -b ${MODSECURITY_NGINX_VERSION} https://github.com/owasp-modsecurity/ModSecurity-nginx.git
+
+# 编译 ModSecurity
+RUN cd /opt/ModSecurity \
+    && git submodule init \
+    && git submodule update \
+    && ./build.sh \
+    && ./configure --prefix=/usr/local/modsecurity --with-lmdb --with-pcre2 \
+    && make \
+    && make install \
+    && make clean
+
+# 编译 Nginx 与 ModSecurity 模块
+RUN cd /opt/nginx-1.29.3 \
+    && ./configure --with-compat --add-dynamic-module=/opt/ModSecurity-nginx \
+    && make modules \
+    && cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules \
+    && mkdir -p /etc/nginx/modsec \
+    && cp /opt/ModSecurity/unicode.mapping /etc/nginx/modsec/
+
+# 最终镜像
+FROM nginx:1.29.3-alpine AS final
+
+# 安装运行时依赖
+RUN apk add --no-cache --virtual .runtime-deps \
+        lua5.4 \
+        yajl \
+        libstdc++ \
+        pcre2 \
+        lmdb \
+        geoip \
+        libxml2 \
+        curl
+
+# 复制配置文件和模块
+RUN mkdir -p /etc/nginx/modules-available \
+    && echo "load_module modules/ngx_http_modsecurity_module.so;" > /etc/nginx/modules-available/50-modsecurity.conf \
+    && mkdir -p /etc/nginx/modules-enabled \
+    && ln -s /etc/nginx/modules-available/50-modsecurity.conf /etc/nginx/modules-enabled/
+COPY --from=builder /usr/local/modsecurity/ /usr/local/modsecurity/
+COPY --from=builder /etc/nginx/modules/ngx_http_modsecurity_module.so /etc/nginx/modules/
+COPY --from=builder /etc/nginx/modsec/unicode.mapping /etc/nginx/modsec/
+
+# 添加构建信息标签
+LABEL maintainer="AptS-1547 <apts-1547@esaps.net>" \
+      nginx_version="1.29.3" \
+      modsecurity_version="v3.0.14" \
+      modsecurity_nginx_version="v1.0.4" \
+      build_date="2025-10-29T18:25:20Z"
diff --git a/nginx-1.29.3/mod-3.0.14/README.md b/nginx-1.29.3/mod-3.0.14/README.md
@@ -0,0 +1,20 @@
+# ModSecurity with Nginx
+
+版本信息:
+- Nginx: 1.29.3
+- ModSecurity: v3.0.14
+- ModSecurity-nginx: v1.0.4
+
+创建日期: 2025-10-29T18:25:20Z
+
+## 构建镜像
+
+```bash
+docker build -t modsecurity:1.29.3-3.0.14 .
+```
+
+## 运行容器
+
+```bash
+docker run -d -p 80:80 modsecurity:1.29.3-3.0.14
+```
diff --git a/versions.env b/versions.env
@@ -1,4 +1,4 @@
-NGINX_VERSION=1.29.2
+NGINX_VERSION=1.29.3
 MODSECURITY_VERSION=v3.0.14
 MODSECURITY_NGINX_VERSION=v1.0.4
-BUILD_DATE=2025-10-15T17:42:47Z
+BUILD_DATE=2025-10-29T18:25:20Z
