From e7f6a660835d9415aef1a44001c091800cb603b2 Mon Sep 17 00:00:00 2001 From: "xiaobing.wang" Date: Fri, 14 Feb 2025 14:49:31 +0800 Subject: [PATCH] feat: 1.0.4 --- sdk/ingress-nginx/README.md | 39 ++++++++++++++++++- .../ingress-nginx-safeline-1.0.4-1.rockspec | 20 ++++++++++ 2 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 sdk/ingress-nginx/ingress-nginx-safeline-1.0.4-1.rockspec diff --git a/sdk/ingress-nginx/README.md b/sdk/ingress-nginx/README.md index 27640dd..ecdd00c 100644 --- a/sdk/ingress-nginx/README.md +++ b/sdk/ingress-nginx/README.md @@ -2,7 +2,42 @@ [Ingress-nginx](https://kubernetes.github.io/ingress-nginx/) plugin for Chaitin SafeLine Web Application Firewall (WAF). This plugin is used to protect your API from malicious requests. It can be used to block requests that contain malicious content in the request body, query parameters, headers, or URI. -## Usage +## Safeline Prepare +The detection engine of the SafeLine provides services by default via Unix socket. We need to modify it to use TCP, so it can be called by the t1k plugin. + +1.Navigate to the configuration directory of the SafeLine detection engine: +```shell +cd /data/safeline/resources/detector/ +``` +2.Open the `detector.yml` file in a text editor. Modify the bind configuration from Unix socket to TCP by adding the following settings: +```yaml +bind_addr: 0.0.0.0 +listen_port: 8000 +``` +These configuration values will override the default settings in the container, making the SafeLine engine listen on port 8000. + +3.Next, map the container’s port 8000 to the host machine. First, navigate to the SafeLine installation directory: +```shell +cd /data/safeline +``` + +4.Open the compose.yaml file in a text editor and add the ports field to the detector container to expose port 8000: +```yaml +... +detect: + ports: + - 8000:8000 +... +``` + +5.Save the changes and restart SafeLine with the following commands: +```shell +docker-compose down +docker-compose up -d +``` +This will apply the changes and activate the new configuration. + +## Plugin Usage ### Step 1: Install the plugin @@ -67,7 +102,7 @@ env: configMapKeyRef: name: safeline key: port -... +... ``` diff --git a/sdk/ingress-nginx/ingress-nginx-safeline-1.0.4-1.rockspec b/sdk/ingress-nginx/ingress-nginx-safeline-1.0.4-1.rockspec new file mode 100644 index 0000000..5a59b3f --- /dev/null +++ b/sdk/ingress-nginx/ingress-nginx-safeline-1.0.4-1.rockspec @@ -0,0 +1,20 @@ +package = "ingress-nginx-safeline" +version = "1.0.4-1" +source = { + url = "git://github.com/chaitin/ingress-nginx-safeline.git" +} +description = { + summary = "Ingress-Nginx plugin for Chaitin SafeLine Web Application Firewall", + homepage = "https://github.com/chaitin/ingress-nginx-safeline", + license = "Apache License 2.0", + maintainer = "Xiaobing Wang " +} +dependencies = { + "lua-resty-t1k >= 1.1.5" +} +build = { + type = "builtin", + modules = { + ["safeline.main"] = "lib/safeline/main.lua" + } +}