I was looking for a simple WAF setup and reeeealllly hoping there is a WAF fly layer coming soon. If not, is there any plans for creating a built-in that has all the recommended configurations for OWASP Top10 and the like that would be suitable for both frontends and APIs?
Iâm having problems executing this example. When I run fly deploy it exits with the following errors:
2021-01-20T18:38:48Z [info] Starting init (commit: 7cf0409)âŚ
2021-01-20T18:38:48Z [info] Running: /docker-entrypoint.sh nginx -g daemon off; as root
2021-01-20T18:38:48Z [info] 2021/01/20 18:38:48 [notice] 502#502: ModSecurity-nginx v1.0.1 (rules loaded inline/local/remote: 0/913/0)
2021-01-20T18:38:52Z [info] Health check status changed to âwarningâ
2021-01-20T18:38:57Z [info] Health check status changed to âcriticalâ
2021-01-20T18:39:34Z [info] Shutting down virtual machine
2021-01-20T18:39:34Z [info] Program exited with code: 0
***v3 failed - Failed due to unhealthy allocations - no stable job version to auto revert to
Came across this during my Cloudflare experiments. Was interested in knowing how this approach went.
Am I right in thinking that since there isnât support for a Docker-compose style of running nginx and nodejs together, to make this work you would have two apps: this nginx-owasp one (which would provide the IP you would point your public domain at) based on the config above, and then separately still have the existing app?
And set the UPSTREAM as the existing appâs ⌠IP? Or would that be https://[name].fly.dev?
Setting the upstream to <app>.fly.dev would work best, but you need to make sure itâs a variable for proxy_pass so nginx will resolve DNS more than once.
For what itâs worth, when we build docker-compose support in, it will launch multiple apps. So what youâre thinking is pretty close to âcorrectâ.