mirror of
https://github.com/fabriziosalmi/caddy-waf.git
synced 2025-12-23 14:17:45 -05:00
58 lines
1.6 KiB
Docker
58 lines
1.6 KiB
Docker
# Use a Go base image to build the Caddy binary
|
|
FROM golang:1.24-alpine AS builder
|
|
|
|
# Install git and xcaddy (required for cloning the repository and building Caddy)
|
|
RUN apk add --no-cache git wget && \
|
|
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
|
|
|
|
# Set the working directory inside the container
|
|
WORKDIR /app
|
|
|
|
# Clone the caddy-waf repository
|
|
RUN git clone https://github.com/fabriziosalmi/caddy-waf.git
|
|
|
|
# Navigate into the caddy-waf directory
|
|
WORKDIR /app/caddy-waf
|
|
|
|
# Clean up and update the go.mod file (dependencies are already defined in go.mod)
|
|
RUN go mod tidy
|
|
|
|
# Download the GeoLite2 Country database
|
|
RUN wget https://git.io/GeoLite2-Country.mmdb
|
|
|
|
# Clean up previous build artifacts
|
|
RUN rm -rf buildenv_*
|
|
|
|
# Build Caddy with the caddy-waf module
|
|
RUN xcaddy build --with github.com/fabriziosalmi/caddy-waf=./
|
|
|
|
# --- Runtime Stage (smaller final image) ---
|
|
FROM alpine:latest
|
|
|
|
# Set the working directory
|
|
WORKDIR /app
|
|
|
|
# Copy the built Caddy binary from the builder stage
|
|
COPY --from=builder /app/caddy-waf/caddy /usr/bin/caddy
|
|
|
|
# Copy the GeoLite2 database, rules, blacklists, and Caddyfile
|
|
COPY --from=builder /app/caddy-waf/GeoLite2-Country.mmdb /app/
|
|
COPY --from=builder /app/caddy-waf/rules.json /app/
|
|
COPY --from=builder /app/caddy-waf/ip_blacklist.txt /app/
|
|
COPY --from=builder /app/caddy-waf/dns_blacklist.txt /app/
|
|
COPY Caddyfile /app/
|
|
|
|
# Set the user to caddy for security
|
|
RUN addgroup -S caddy && adduser -S -G caddy caddy
|
|
|
|
# Change ownership of the /app to the caddy user
|
|
RUN chown -R caddy:caddy /app
|
|
|
|
USER caddy
|
|
|
|
# Expose HTTP ports (adjust as needed)
|
|
EXPOSE 8080
|
|
|
|
# Run Caddy
|
|
CMD ["caddy", "run", "--config", "/app/Caddyfile"]
|