github.com/amrnt/deis@v1.3.1/router/README.md

github.com/amrnt/deis@v1.3.1/router/README.md (about)

     1  # Deis Router
     2  
     3  An nginx proxy for use in the [Deis](http://deis.io) open source PaaS.
     4  
     5  This Docker image is based on the official
     6  [ubuntu-debootstrap:14.04](https://registry.hub.docker.com/_/ubuntu/) image.
     7  
     8  Please add any [issues](https://github.com/deis/deis/issues) you find with this software to
     9  the [Deis Project](https://github.com/deis/deis).
    10  
    11  ## Usage
    12  
    13  Please consult the [Makefile](Makefile) for current instructions on how to build, test, push,
    14  install, and start **deis/router**.
    15  
    16  ## Environment Variables
    17  
    18  * **DEBUG** enables verbose output if set
    19  * **ETCD_PORT** sets the TCP port on which to connect to the local etcd
    20    daemon (default: *4001*)
    21  * **ETCD_PATH** sets the etcd directory where the router announces
    22    its configuration (default: */deis/router*)
    23  * **ETCD_TTL** sets the time-to-live before etcd purges a configuration
    24    value, in seconds (default: *10*)
    25  * **PORT** sets the TCP port on which the router listens (default: *80*)
    26  
    27  
    28  ## Firewall
    29  
    30  [Shellshock](https://shellshocker.net) exposed that some apps (mostly CGI based) inside a web server can be exploited, allowing the arbitrary execution of commands.
    31  
    32  To reduce the contact surface of this attack and others (like SQL injection and cross site scripting), it's possible to enable the naxsi firewall (which is disabled by default). [**NAXSI**](https://github.com/nbs-system/naxsi) is an open-source, high performance, low rules maintenance WAF for NGINX.
    33  The rules included are from this project [doxi-rules](https://bitbucket.org/lazy_dogtown/doxi-rules)
    34  
    35  Only these modules are enabled:
    36  
    37  |--|--|
    38  |File| |
    39  |web_app.rules       |detect exploit/misuse-attempts againts web-applications
    40  |web_server.rules    |generic rules to protect a webserver from misconfiguration and known mistakes / exploit-vectors
    41  |active-mode.rules   |rules to configure active-mode (block)
    42  |naxsi_core          |core naxsi rules
    43  
    44  ## License
    45  
    46  © 2014 OpDemand LLC
    47  
    48  Licensed under the Apache License, Version 2.0 (the "License"); you may
    49  not use this file except in compliance with the License. You may obtain
    50  a copy of the License at <http://www.apache.org/licenses/LICENSE-2.0>
    51  
    52  Unless required by applicable law or agreed to in writing, software
    53  distributed under the License is distributed on an "AS IS" BASIS,
    54  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    55  See the License for the specific language governing permissions and
    56  limitations under the License.