🔀 🐛 🐳 💚 Merge Changes from the v3.1.2.

* 💚 Update CI.

* 🐳 Fix dockerfile (#23)

* 🐳 Create Dockerfile. #22

* 🐛 About the rule file permission check.

.github/workflows/test.yml

@@ -1,18 +1,21 @@
 name: test
 
 on: 
-  push:
-    branches:
-      - master
-      - dev
-  pull_request:
-    branches:
-      - master
-      - dev
+  - push
+  - pull_request
 
 
 jobs:
-  test:
+  docker:
+    runs-on: ubuntu-latest
+    needs: native
+    steps:
+      - uses: actions/checkout@v2
+        with: 
+          ref: ${{ github.ref }}
+      - name: Build image with nginx:stable-alpine
+        run: docker build -t test/nginx --build-arg=NGINX_VER=1.18.0 .
+  native:
     runs-on: ubuntu-latest
     strategy:
       matrix:

.gitignore

@@ -1,3 +1,2 @@
 inc/uthash
-.vscode
-docs/ZH-CN/html
+.vscode

CHANGES-ZH-CN.md

@@ -10,12 +10,19 @@
 
 ***
 
-## [v3.1.1] - 2021-01-18
+## [3.1.2] - 2021-02-17
 
 ### 修复
 
-* 兼容较低版本的 GCC（[becbbe0](https://github.com/ADD-SP/ngx_waf/commit/becbbe022b9f6efa606e720d7cbcd6c5d6f22c33)）。
+* 修复了一个 bug，这个 bug 会导致当规则文件不具有可写权限时初始化失败（[20acd27](https://github.com/ADD-SP/ngx_waf/commit/20acd27815d1f266d89c1557e93848c96117b8ff)）。
+
+***
+
+## [3.1.1] - 2021-01-18
 
+### 修复
+
+* 兼容较低版本的 GCC（[becbbe0](https://github.com/ADD-SP/ngx_waf/commit/becbbe022b9f6efa606e720d7cbcd6c5d6f22c33)）。
 
 ***
 

CHANGES.md

@@ -9,6 +9,14 @@
 ### Fixed
 
 
+***
+
+## [3.1.2] - 2021-01-18
+
+### Fixed
+
+* Fixed a bug that caused module initialization to fail when the rule file was not writable ([20acd27](https://github.com/ADD-SP/ngx_waf/commit/20acd27815d1f266d89c1557e93848c96117b8ff)).
+
 ***
 
 ## [3.1.1] - 2021-01-18

Dockerfile

@@ -0,0 +1,83 @@
+FROM nginx:stable-alpine as builder
+ARG CHANGE_SOURCE=false
+ARG NGINX_VER=1.18.0
+
+WORKDIR /usr/local/src
+COPY . ./ngx_waf
+
+SHELL ["/bin/ash", "-o", "pipefail", "-c"]
+## DOCKER_BUILDKIT=1 docker build -t test/nginx --build-arg=NGINX_VER=1.18.0 --build-arg=CHANGE_SOURCE=true .
+RUN set -xe \
+    ## If you're in China, or you need to change sources, will be set CHANGE_SOURCE to true in .env.
+    && if [ ${CHANGE_SOURCE} = true ]; then \
+    # Change application source from dl-cdn.alpinelinux.org to aliyun source
+    # ssed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories \
+    sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/' /etc/apk/repositories \
+    ;fi \
+    && apk update \
+    && apk --no-cache --virtual add uthash-dev \
+        gcc \
+        libc-dev \
+        make \
+        openssl-dev \
+        pcre-dev \
+        zlib-dev \
+        linux-headers \
+        curl \
+        gnupg \
+        libxslt-dev \
+        gd-dev \
+        geoip-dev
+RUN set -xe \
+    && wget "https://nginx.org/download/nginx-${NGINX_VER}.tar.gz" -O "nginx-${NGINX_VER}.tar.gz" \
+    && tar -zxf "nginx-${NGINX_VER}.tar.gz" \
+    && cd "nginx-${NGINX_VER}" \
+    && ./configure \
+    --prefix=/etc/nginx \
+    --sbin-path=/usr/sbin/nginx \
+    --modules-path=/usr/lib/nginx/modules \
+    --conf-path=/etc/nginx/nginx.conf \
+    --error-log-path=/var/log/nginx/error.log \
+    --http-log-path=/var/log/nginx/access.log \
+    --pid-path=/var/run/nginx.pid \
+    --lock-path=/var/run/nginx.lock \
+    --http-client-body-temp-path=/var/cache/nginx/client_temp \
+    --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
+    --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
+    --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
+    --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
+    --with-perl_modules_path=/usr/lib/perl5/vendor_perl \
+    --user=nginx \
+    --group=nginx \
+    --with-compat \
+    --with-file-aio \
+    --with-threads \
+    --with-http_addition_module \
+    --with-http_auth_request_module \
+    --with-http_dav_module \
+    --with-http_flv_module \
+    --with-http_gunzip_module \
+    --with-http_gzip_static_module \
+    --with-http_mp4_module \
+    --with-http_random_index_module \
+    --with-http_realip_module \
+    --with-http_secure_link_module \
+    --with-http_slice_module \
+    --with-http_ssl_module \
+    --with-http_stub_status_module \
+    --with-http_sub_module \
+    --with-http_v2_module \
+    --with-mail \
+    --with-mail_ssl_module \
+    --with-stream \
+    --with-stream_realip_module \
+    --with-stream_ssl_module \
+    --with-stream_ssl_preread_module \
+    --with-cc-opt='-Os -fomit-frame-pointer' \
+    --with-ld-opt=-Wl,--as-needed \
+    --add-module=/usr/local/src/ngx_waf \
+    && make \
+    && cp objs/nginx /usr/sbin/nginx
+
+FROM nginx:stable-alpine
+COPY --from=builder /usr/sbin/nginx /usr/sbin/

README-ZH-CN.md

@@ -42,84 +42,7 @@
 
 ## 安装
 
-On Unix Like
-
-### 下载 nginx 源码
-
-nginx 添加新的模块必须要重新编译，所以先[下载 nginx 源码](http://nginx.org/en/download.html)。
-
-```bash
-cd /usr/local/src
-wget http://nginx.org/download/nginx-version.tar.gz
-tar -zxf nginx-version.tar.gz
-```
-
-> 推荐使用 nginx-1.18.0 的源码，若使用低版本的 nginx 源码则不保证本模块可以正常使用。本模块对 Mainline 版本的 nginx 做了兼容性处理，但考虑到 Mainline 版本仍在开发中，所以不保证一直可以兼容。如果遇到了兼容性问题请提 issue。
-
-### 下载 ngx-waf 源码
-
-```bash
-cd /usr/local/src
-git clone https://github.com/ADD-SP/ngx_waf.git
-cd ngx_waf
-```
-
-### 编译和安装模块
-
-从 nginx-1.9.11 开始，nginx 开始支持动态模块。
-
-静态模块将所有模块编译进一个二进制文件中，所以增删改模块都需要重新编译 nginx 并替换。
-
-动态模块则动态加载 `.so` 文件，无需重新编译整个 nginx。只需要将模块编译成 `.so` 文件然后修改`nginx.conf`即可加载对应的模块。
-
-***
-
-**使用静态模块**
-
-```bash
-cd /usr/local/src/nginx-version
-./configure xxxxxx --add-module=/usr/local/src/ngx_waf
-make
-```
-> xxxxxx 为其它的编译参数，一般来说是将 xxxxxx 替换为`nginx -V`显示的编译参数。
-
-如果您已经安装了 nginx 则可以直接替换二进制文件（假设原有的二进制文件的全路径为`/usr/local/nginx/sbin/nginx`）
-
-```bash
-nginx -s stop
-mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old
-cp objs/nginx /usr/local/nginx/sbin/nginx
-nginx
-```
-
-> 如果不想中断 nginx 服务则可以通过热部署的方式来实现升级，热部署方法见[官方文档](https://nginx.org/en/docs/control.html)。
-
-如果您之前没有安装则直接执行下列命令
-```bash
-make install
-```
-
-***
-
-**使用动态模块**
-
-```bash
-cd /usr/local/src/nginx-version
-./configure xxxxxx --add-dynamic-module=/usr/local/src/ngx_waf
-make modules
-```
-> xxxxxx 为其它的编译参数，一般来说是将 xxxxxx 替换为`nginx -V`显示的编译参数。
-
-此时你需要找到一个目录用来存放模块的 .so 文件，本文假设存储在`/usr/local/nginx/modules`下
-
-```bash
-cp objs/ngx_http_waf_module.so /usr/local/nginx/modules/ngx_http_waf_module.so
-```
-
-然后修改`nginx.conf`，在最顶部添加一行。
-```text
-load_module "/usr/local/nginx/modules/ngx_http_waf_module.so";
-```
+您可以使用两种方式安装本模块，详见[安装指南](docs/install-zh-cn.md)。
 
 ## 使用
 
@@ -266,20 +189,6 @@ https://example.com/www.bak
 2020/01/20 22:58:40 [alert] 24678#0: *11 ngx_waf: [BLACK-POST][(?i)(?:select.+(?:from|limit))], client: 192.168.1.1, server: example.com, request: "POST /xmlrpc.php HTTP/1.1", host: "example.com", referrer: "https://example.com/"
 ```
 
-## 开发文档
-
-### 安装依赖
-
-请确保已经安装 `doxygen` 和 `graphviz`，且 `doxygen` 的版本至少要为 1.8.17。
-
-### 生成文档
-
-```bash
-./mkdocs.sh
-```
-
-在 `docs/ZH-CN/html` 目录下会生成开发文档。你可以直接用浏览器打开 `docs/ZH-CN/html/index.html` 文件来浏览文档。
-
 ## 开源许可证
 
 [BSD 3-Clause License](LICENSE)

README.md

@@ -43,85 +43,7 @@ A web application firewall module for nginx without complex configuration.
 
 ## Install
 
-On Unix Like
-
-### download the source code of nginx
-
-If you want to add a new nginx module, you'll need the nginx source code
-
-```bash
-cd /usr/local/src
-wget http://nginx.org/download/nginx-1.18.0.tar.gz
-tar -zxf nginx-1.18.0.tar.gz
-```
-> The nginx-1.18.0 source code is recommended, but using a lower version of the nginx source code does not guarantee that this module will work. This module is compatible with the Mainline version of nginx, but since the Mainline version is still under development, there is no guarantee that it will always work. If you encounter compatibility issues, please create an issue.
-
-### download the source code of ngx_waf
-
-```bash
-cd /usr/local/src
-git clone https://github.com/ADD-SP/ngx_waf.git
-cd ngx_waf
-```
-
-### compile and install
-
-Starting from nginx-1.9.11, nginx began to support dynamic modules.
-
-Using static modules requires all modules to be compiled into binary files, so adding, deleting and updating modules requires recompiling nginx and replacing the old binary files.
-
-Using dynamic modules only needs to load the `.so` at runtime, without recompiling the entire nginx. Just compile the module into a `.so`, and then edit `nginx.conf` to load the corresponding module.
-
-***
-
-**use static modules**
-
-```bash
-cd /usr/local/src/nginx-1.18.0
-./configure xxx --add-module=/usr/local/src/ngx_waf
-make
-```
-> If you have already installed nginx, it is recommended to run `nginx -V` to get the compilation parameters, and then replace `xxx` with it.
-
-```bash
-nginx -s stop
-mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old
-cp objs/nginx /usr/local/nginx/sbin/nginx
-nginx
-```
-
-> If you don’t want to stop the nginx service, you can upgrade through hot deployment, see [Official Document](https://nginx.org/en/docs/control.html) for hot deployment method.
-
-
-If nginx is not installed.
-
-```bash
-make install
-```
-
-***
-
-**use dynamic modules**
-
-```bash
-cd /usr/local/src/nginx-1.18.0
-./configure xxx --add-dynamic-module=/usr/local/src/ngx_waf
-make modules
-```
-> If you have already installed nginx, it is recommended to run `nginx -V` to get the compilation parameters, and then replace `xxx` with it.
-
-Now you need to find a directory to store the `.so` file of the module, this doc assumes it is stored under `/usr/local/nginx/modules`
-
-```bash
-cp objs/ngx_http_waf_module.so /usr/local/nginx/modules/ngx_http_waf_module.so
-```
-
-Then edit `nginx.conf` and add a line at the top.
-
-```text
-load_module "/usr/local/nginx/modules/ngx_http_waf_module.so";
-```
-
+There are two ways to install this module, see [Installation Guide](docs/install.md).
 
 ## How to use?