Skip to content

Commit 9c722e4

Browse files
aknot242travisamartinJTorreGADubhlaoich
authored
fix: add waf packages to debian and ubuntu waf + dos dockerfiles (#1515)
Co-authored-by: Travis Martin <33876974+travisamartin@users.noreply.github.com> Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com> Co-authored-by: Alan Dooley <a.dooley@f5.com>
1 parent 5592ffb commit 9c722e4

File tree

1 file changed

+18
-14
lines changed

1 file changed

+18
-14
lines changed

content/nap-dos/deployment-guide/learn-about-deployment.md

Lines changed: 18 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1509,7 +1509,7 @@ Make sure to replace upstream and proxy pass directives in this example with rel
15091509
15101510
7. In the same directory create an `entrypoint.sh` file with executable permissions, with the following content:
15111511
1512-
For Alpine / Debian / Ubuntu / UBI 8/ UBI 9:
1512+
For Alpine / Debian / Ubuntu / UBI 8 / UBI 9:
15131513
15141514
```shell
15151515
#!/usr/bin/env bash
@@ -1585,7 +1585,7 @@ RUN printf "https://pkgs.nginx.com/app-protect-dos/alpine/v`egrep -o '^[0-9]+\.[
15851585
printf "https://pkgs.nginx.com/app-protect/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories && \
15861586
printf "https://pkgs.nginx.com/app-protect-security-updates/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories
15871587
1588-
# Update the repository and install the most recent version of the F5 DoS for NGINX package (which includes NGINX Plus):
1588+
# Update the repository and install the most recent versions of the F5 WAF and F5 DoS for NGINX packages (which include NGINX Plus):
15891589
RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \
15901590
--mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \
15911591
--mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
@@ -1627,11 +1627,11 @@ RUN curl -o /etc/yum.repos.d/plus-amazonlinux2023.repo https://cs.nginx.com/stat
16271627
curl -o /etc/yum.repos.d/app-protect-amazonlinux2023.repo https://cs.nginx.com/static/files/app-protect-amazonlinux2023.repo && \
16281628
curl -o /etc/yum.repos.d/dependencies.amazonlinux2023.repo https://cs.nginx.com/static/files/dependencies.amazonlinux2023.repo
16291629
1630-
# Install F5 WAF for NGINX:
1630+
# Update the repository and install the most recent versions of the F5 WAF and F5 DoS for NGINX packages (which include NGINX Plus):
16311631
RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
16321632
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
16331633
--mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
1634-
dnf -y install app-protect app-protect-dos && \
1634+
dnf -y install app-protect app-protect-dos && \
16351635
cat license.jwt > /etc/nginx/license.jwt && \
16361636
rm /etc/yum.repos.d/plus-amazonlinux2023.repo && \
16371637
rm /etc/yum.repos.d/app-protect-dos-amazonlinux2023.repo && \
@@ -1664,23 +1664,25 @@ FROM debian:bullseye
16641664
# Install prerequisite packages:
16651665
RUN apt-get update && \
16661666
apt-get install -y --no-install-recommends apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring && \
1667-
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
1667+
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && \
1668+
wget -qO - https://cs.nginx.com/static/keys/app-protect-security-updates.key | gpg --dearmor | tee /usr/share/keyrings/app-protect-security-updates.gpg > /dev/null
16681669
16691670
# Add NGINX Plus, NGINX App Protect and F5 DoS for NGINX repository:
16701671
RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \
16711672
&& printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect-dos.list \
1672-
&& printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect.list
1673+
&& printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect.list \
1674+
&& printf "deb [signed-by=/usr/share/keyrings/app-protect-security-updates.gpg] https://pkgs.nginx.com/app-protect-security-updates/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/app-protect-security-updates.list
16731675
16741676
# Download the apt configuration to `/etc/apt/apt.conf.d`:
16751677
RUN wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
16761678
1677-
# Install F5 DoS for NGINX
1679+
# Update the repository and install the most recent versions of the F5 WAF and F5 DoS for NGINX packages (which includes NGINX Plus):
16781680
RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
16791681
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
16801682
--mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
1681-
apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-dos && \
1683+
apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect app-protect-dos && \
16821684
cat license.jwt > /etc/nginx/license.jwt && \
1683-
apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list /etc/apt/sources.list.d/nginx-app-protect-dos.list && \
1685+
apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list /etc/apt/sources.list.d/nginx-app-protect.list /etc/apt/sources.list.d/nginx-app-protect-dos.list && \
16841686
rm -rf /etc/apt/apt.conf.d/90nginx /var/lib/apt/lists/*
16851687
16861688
# Forward request logs to Docker log collector:
@@ -1707,23 +1709,25 @@ FROM ubuntu:noble
17071709
# Install prerequisite packages:
17081710
RUN apt-get update && \
17091711
apt-get install -y --no-install-recommends apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring && \
1710-
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
1712+
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && \
1713+
wget -qO - https://cs.nginx.com/static/keys/app-protect-security-updates.key | gpg --dearmor | tee /usr/share/keyrings/app-protect-security-updates.gpg > /dev/null
17111714
17121715
# Add NGINX Plus, NGINX App Protect and F5 DoS for NGINX repository:
17131716
RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \
17141717
&& printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect-dos.list \
1715-
&& printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect.list
1718+
&& printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect.list \
1719+
&& printf "deb [signed-by=/usr/share/keyrings/app-protect-security-updates.gpg] https://pkgs.nginx.com/app-protect-security-updates/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/app-protect-security-updates.list
17161720
17171721
# Download the apt configuration to `/etc/apt/apt.conf.d`:
17181722
RUN wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
17191723
1720-
# Install F5 DoS for NGINX
1724+
# Update the repository and install the most recent versions of the F5 WAF and F5 DoS for NGINX packages (which include NGINX Plus):
17211725
RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
17221726
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
17231727
--mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
1724-
apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-dos && \
1728+
apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect app-protect-dos && \
17251729
cat license.jwt > /etc/nginx/license.jwt && \
1726-
apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list /etc/apt/sources.list.d/nginx-app-protect-dos.list && \
1730+
apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list /etc/apt/sources.list.d/nginx-app-protect.list /etc/apt/sources.list.d/nginx-app-protect-dos.list && \
17271731
rm -rf /etc/apt/apt.conf.d/90nginx /var/lib/apt/lists/*
17281732
17291733
# Forward request logs to Docker log collector:

0 commit comments

Comments
 (0)