docs: add docker-compose.local.yml and docker-compose.yml

acouvreur · acouvreur · commit ba93672d0f2c · 2021-12-28T15:58:58.000+01:00
Development usage and prod usage
diff --git a/README.md b/README.md
@@ -12,72 +12,37 @@ Traefik plugin to proxy requests to [owasp/modsecurity-crs](https://hub.docker.c
 
 - [Traefik Modsecurity Plugin](#traefik-modsecurity-plugin)
   - [Demo](#demo)
-  - [Full Configuration with docker-compose](#full-configuration-with-docker-compose)
-  - [How ?](#how-)
+  - [Usage (docker-compose.yml)](#usage-docker-composeyml)
+  - [How it works](#how-it-works)
+  - [Local development (docker-compose.local.yml)](#local-development-docker-composelocalyml)
 
 ## Demo
 
 Demo with WAF intercepting relative access in query param.
 
 ![Demo](./img/waf.gif)
 
-## Full Configuration with docker-compose
-
-```yml
-version: "3.7"
-
-services:
-  traefik:
-    image: traefik
-    ports:
-      - "8000:80"
-      - "8080:8080"
-    command:
-      - --api.dashboard=true
-      - --api.insecure=true
-      - --pilot.token=$TRAEFIK_PILOT_TOKEN
-      - --experimental.localPlugins.traefik-modsecurity-plugin.moduleName=github.com/acouvreur/traefik-modsecurity-plugin
-      - --providers.docker=true
-      - --entrypoints.http.address=:80
-    volumes:
-      - '/var/run/docker.sock:/var/run/docker.sock'
-      - '.:/plugins-local/src/github.com/acouvreur/traefik-modsecurity-plugin'
-    environment:
-      - TRAEFIK_PILOT_TOKEN
-    labels:
-      - traefik.enable=true
-      - traefik.http.services.traefik.loadbalancer.server.port=8080
-      - traefik.http.middlewares.waf.plugin.traefik-modsecurity-plugin.modSecurityUrl=http://waf:80
-
-  waf:
-    image: owasp/modsecurity-crs:apache
-    environment:
-      - PARANOIA=1
-      - ANOMALY_INBOUND=10
-      - ANOMALY_OUTBOUND=5
-      - BACKEND=http://dummy
-
-  dummy:
-    image: containous/whoami
-
-  website:
-    image: containous/whoami
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.website.rule=PathPrefix(`/website`)
-      - traefik.http.routers.website.middlewares=waf@docker
-```
+## Usage (docker-compose.yml)
+
+See [docker-compose.yml](docker-compose.yml)
 
 1. docker-compose up
 2. Go to http://localhost:8000/website, the request is received without warnings
 3. Go to http://localhost:8000/website?test=../etc, the request is intercepted and returned with 403 Forbidden by owasp/modsecurity
 
-## How ?
+## How it works
 
 This is a very simple plugin that proxies the query to the owasp/modsecurity apache container.
 
 The plugin checks that the response from the waf container hasn't an http code > 400 before forwarding the request to the real service.
 
 If it is > 400, then the error page is returned instead.
 
-The *dummy* service is created so the waf container forward the request to a service and respond with 200 OK all the time.
+The *dummy* service is created so the waf container forward the request to a service and respond with 200 OK all the time.
+
+
+## Local development (docker-compose.local.yml)
+
+See [docker-compose.local.yml](docker-compose.local.yml)
+
+`docker-compose -f docker-compose.local.yml up` to load the local plugin
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
@@ -0,0 +1,42 @@
+version: "3.7"
+
+services:
+  traefik:
+    image: traefik
+    ports:
+      - "8000:80"
+      - "8080:8080"
+    command:
+      - --api.dashboard=true
+      - --api.insecure=true
+      - --pilot.token=$TRAEFIK_PILOT_TOKEN
+      - --experimental.localPlugins.traefik-modsecurity-plugin.moduleName=github.com/acouvreur/traefik-modsecurity-plugin
+      - --providers.docker=true
+      - --entrypoints.http.address=:80
+    volumes:
+      - '/var/run/docker.sock:/var/run/docker.sock'
+      - '.:/plugins-local/src/github.com/acouvreur/traefik-modsecurity-plugin'
+    environment:
+      - TRAEFIK_PILOT_TOKEN
+    labels:
+      - traefik.enable=true
+      - traefik.http.services.traefik.loadbalancer.server.port=8080
+      - traefik.http.middlewares.waf.plugin.traefik-modsecurity-plugin.modSecurityUrl=http://waf:80
+
+  waf:
+    image: owasp/modsecurity-crs:apache
+    environment:
+      - PARANOIA=1
+      - ANOMALY_INBOUND=10
+      - ANOMALY_OUTBOUND=5
+      - BACKEND=http://dummy
+
+  dummy:
+    image: containous/whoami
+
+  website:
+    image: containous/whoami
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.website.rule=PathPrefix(`/website`)
+      - traefik.http.routers.website.middlewares=waf@docker
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -10,12 +10,12 @@ services:
       - --api.dashboard=true
       - --api.insecure=true
       - --pilot.token=$TRAEFIK_PILOT_TOKEN
-      - --experimental.localPlugins.traefik-modsecurity-plugin.moduleName=github.com/acouvreur/traefik-modsecurity-plugin
+      - --experimental.plugins.traefik-modsecurity-plugin.modulename=github.com/acouvreur/traefik-modsecurity-plugin
+      - --experimental.plugins.traefik-modsecurity-plugin.version=v1.0.1
       - --providers.docker=true
       - --entrypoints.http.address=:80
     volumes:
       - '/var/run/docker.sock:/var/run/docker.sock'
-      - '.:/plugins-local/src/github.com/acouvreur/traefik-modsecurity-plugin'
     environment:
       - TRAEFIK_PILOT_TOKEN
     labels:
