github.com/greenboxal/deis@v1.12.1/router/README.md (about) 1 # Deis Router 2 3 An nginx proxy for use in the [Deis](http://deis.io) open source PaaS. 4 5 This Docker image is based on the official 6 [alpine:3.2](https://registry.hub.docker.com/_/alpine/) image. 7 8 Please add any [issues](https://github.com/deis/deis/issues) you find with this software to 9 the [Deis Project](https://github.com/deis/deis). 10 11 ## Usage 12 13 Please consult the [Makefile](Makefile) for current instructions on how to build, test, push, 14 install, and start **deis/router**. 15 16 ## Environment Variables 17 18 * **DEBUG** enables verbose output if set 19 * **ETCD_PORT** sets the TCP port on which to connect to the local etcd 20 daemon (default: *4001*) 21 * **ETCD_PATH** sets the etcd directory where the router announces 22 its configuration (default: */deis/router*) 23 * **ETCD_TTL** sets the time-to-live before etcd purges a configuration 24 value, in seconds (default: *10*) 25 * **PORT** sets the TCP port on which the router listens (default: *80*) 26 27 28 ## Firewall 29 30 [Shellshock](https://shellshocker.net) exposed that some apps (mostly CGI based) inside a web server can be exploited, allowing the arbitrary execution of commands. 31 32 To reduce the contact surface of this attack and others (like SQL injection and cross site scripting), it's possible to enable the naxsi firewall (which is disabled by default). [**NAXSI**](https://github.com/nbs-system/naxsi) is an open-source, high performance, low rules maintenance WAF for NGINX. 33 The rules included are from this project [doxi-rules](https://bitbucket.org/lazy_dogtown/doxi-rules) 34 35 Only these modules are enabled: 36 37 |File|Purpose| 38 |----|-------| 39 |web_app.rules |detect exploit/misuse-attempts againts web-applications 40 |web_server.rules |generic rules to protect a webserver from misconfiguration and known mistakes / exploit-vectors 41 |active-mode.rules |rules to configure active-mode (block) 42 |naxsi_core |core naxsi rules 43 44 ## License 45 46 © 2014 Engine Yard, Inc. 47 48 Licensed under the Apache License, Version 2.0 (the "License"); you may 49 not use this file except in compliance with the License. You may obtain 50 a copy of the License at <http://www.apache.org/licenses/LICENSE-2.0> 51 52 Unless required by applicable law or agreed to in writing, software 53 distributed under the License is distributed on an "AS IS" BASIS, 54 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 55 See the License for the specific language governing permissions and 56 limitations under the License.