# First Stage: Build NGINX and modules
FROM owasp/modsecurity-crs:3.3.5-nginx-202310170110

ARG NGINX_VERSION=1.24.0

# Installed necessary packages
RUN apt-get update && apt-get install -y libmaxminddb0 libmaxminddb-dev mmdb-bin git wget
RUN apt install -y build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev
RUN wget http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -P nginx-modules
RUN git clone https://github.com/leev/ngx_http_geoip2_module.git nginx-modules/ngx_http_geoip2_module
RUN tar zxvf nginx-modules/nginx-$NGINX_VERSION.tar.gz -C nginx-modules

# nginx with geoip2 compiled
RUN cd nginx-modules/nginx-1.24.0 && ./configure --add-dynamic-module=../ngx_http_geoip2_module --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx \
    --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock \
    --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
    --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
    --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads \
    --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module \
    --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module \
    --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail \
    --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module \
    --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.24.0/debian/debuild-base/nginx-1.24.0=. -fstack-protector-strong \
    -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

# nginx geoip2 installed
RUN cd nginx-modules/nginx-$NGINX_VERSION && make
RUN cd nginx-modules/nginx-$NGINX_VERSION && make install

# copy modules to default modules path
RUN cp nginx-modules/nginx-1.24.0/objs/ngx_http_geoip2_module.so /usr/lib/nginx/modules
RUN cp nginx-modules/nginx-1.24.0/objs/ngx_stream_geoip2_module.so /usr/lib/nginx/modules

# geoip2 database downloaded
RUN wget https://git.io/GeoLite2-Country.mmdb -P /usr/share/GeoIP/

# nginx configuration files
COPY default.conf /etc/nginx/templates/conf.d/default.conf.template
COPY nginx.conf /etc/nginx/templates/nginx.conf.template

# owasp crs
COPY crs-setup.conf /etc/modsecurity.d/owasp-crs/crs-setup.conf
