docker-baseimage-alpine-nginx
wstg
docker-baseimage-alpine-nginx | wstg | |
---|---|---|
3 | 27 | |
40 | 6,769 | |
- | 2.6% | |
8.3 | 7.6 | |
7 days ago | 16 days ago | |
Dockerfile | Dockerfile | |
GNU General Public License v3.0 only | Creative Commons Attribution Share Alike 4.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
docker-baseimage-alpine-nginx
-
Nginx Reverse Proxy game hosting
For nginx, if you don't want to deal with Docker, you can probably just follow their quick start guide, installing it on the gateway/proxy server. For the config file, if chucking on a "stream" block like I showed onto the default file that exists on install doesn't cut it, you can always reference linuxserver's default config file. Again, all I did was nuke the "http" block since I wasn't using it.
-
setup subdomain reverse proxy on linuxserver nginx docker container (difference from VM reverse proxy)
# Version 2022/08/05 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx.conf.sample ### Based on alpine defaults # https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.15-stable user abc; # Set number of worker processes automatically based on number of CPU cores. include /config/nginx/worker_processes.conf; # Enables the use of JIT for regular expressions to speed-up their processing. pcre_jit on; # Configures default error logger. error_log /config/log/nginx/error.log; # Includes files with directives to load dynamic modules. include /etc/nginx/modules/*.conf; # Include files with config snippets into the root context. include /etc/nginx/conf.d/*.conf; events { # The maximum number of simultaneous connections that can be opened by # a worker process. worker_connections 1024; } http { # Includes mapping of file name extensions to MIME types of responses # and defines the default type. include /etc/nginx/mime.types; default_type application/octet-stream; # Name servers used to resolve names of upstream servers into addresses. # It's also needed when using tcpsocket and udpsocket in Lua modules. #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001; include /config/nginx/resolver.conf; # Don't tell nginx version to the clients. Default is 'on'. server_tokens off; # Specifies the maximum accepted body size of a client request, as # indicated by the request header Content-Length. If the stated content # length is greater than this size, then the client receives the HTTP # error code 413. Set to 0 to disable. Default is '1m'. client_max_body_size 0; # Sendfile copies data between one FD and other from within the kernel, # which is more efficient than read() + write(). Default is off. sendfile on; # Causes nginx to attempt to send its HTTP response head in one packet, # instead of using partial frames. Default is 'off'. tcp_nopush on; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; # Enable gzipping of responses. #gzip on; # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'. gzip_vary on; # Helper variable for proxying websockets. map $http_upgrade $connection_upgrade { default upgrade; '' close; } # Sets the path, format, and configuration for a buffered log write. access_log /config/log/nginx/access.log; # Includes virtual hosts configs. include /etc/nginx/http.d/*.conf; include /config/nginx/site-confs/*.conf; } daemon off; pid /run/nginx.pid;
-
413 Request Entity Too Large
1 │ ## Version 2018/08/16 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx.conf 2 │ 3 │ user abc; 4 │ worker_processes 4; 5 │ pid /run/nginx.pid; 6 │ include /etc/nginx/modules/*.conf; 7 │ 8 │ events { 9 │ worker_connections 768; 10 │ # multi_accept on; 11 │ } 12 │ 13 │ http { 14 │ 15 │ ## 16 │ # Basic Settings 17 │ ## 18 │ 19 │ sendfile on; 20 │ tcp_nopush on; 21 │ tcp_nodelay on; 22 │ keepalive_timeout 65; 23 │ types_hash_max_size 2048; 24 │ # server_tokens off; 25 │ 26 │ # server_names_hash_bucket_size 64; 27 │ # server_name_in_redirect off; 28 │ 29 │ client_max_body_size 0; 30 │ 31 │ include /etc/nginx/mime.types; 32 │ default_type application/octet-stream; 33 │ 34 │ ## 35 │ # Logging Settings 36 │ ## 37 │ 38 │ access_log /config/log/nginx/access.log; 39 │ error_log /config/log/nginx/error.log; 40 │ 41 │ ## 42 │ # Gzip Settings 43 │ ## 44 │ 45 │ gzip on; 46 │ gzip_disable "msie6"; 47 │ 48 │ # gzip_vary on; 49 │ # gzip_proxied any; 50 │ # gzip_comp_level 6; 51 │ # gzip_buffers 16 8k; 52 │ # gzip_http_version 1.1; 53 │ # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 54 │ 55 │ ## 56 │ # nginx-naxsi config 57 │ ## 58 │ # Uncomment it if you installed nginx-naxsi 59 │ ## 60 │ 61 │ #include /etc/nginx/naxsi_core.rules; 62 │ 63 │ ## 64 │ # nginx-passenger config 65 │ ## 66 │ # Uncomment it if you installed nginx-passenger 67 │ ## 68 │ 69 │ #passenger_root /usr; 70 │ #passenger_ruby /usr/bin/ruby; 71 │ 72 │ ## 73 │ # Virtual Host Configs 74 │ ## 75 │ include /etc/nginx/conf.d/*.conf; 76 │ include /config/nginx/site-confs/*; 77 │ 78 │ } 79 │ 80 │ 81 │ #mail { 82 │ # # See sample authentication script at: 83 │ # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript 84 │ # 85 │ # # auth_http localhost/auth.php; 86 │ # # pop3_capabilities "TOP" "USER"; 87 │ # # imap_capabilities "IMAP4rev1" "UIDPLUS"; 88 │ # 89 │ # server { 90 │ # listen localhost:110; 91 │ # protocol pop3; 92 │ # proxy on; 93 │ # } 94 │ # 95 │ # server { 96 │ # listen localhost:143; 97 │ # protocol imap; 98 │ # proxy on; 99 │ # } 100 │ #} 101 │ daemon off;
wstg
-
Where do you focus your time and energy?
At the beginning, I read all things in here https://owasp.org/www-project-web-security-testing-guide/, also gets familiars with owasp top 10. But later on, I focus on a few techniques only.
-
XSS
I highly recommend PortSwigger's Web Security Academy and have a look at the OWASP Web Security Testing Guide.
- Como identificar vulnerabilidades no código fonte?
- Internal pentesting course
-
I need some Help
You can follow OWASP web testing guide to learn about the test cases performed during testing.
-
Ask HN: Fallback remote job options for an experienced developer in the U.S.?
Most web app testing is performed using this guide https://owasp.org/www-project-web-security-testing-guide/
- Which security strategies can you recommend?
-
Pentest on web app priority
I highly recommend the OWASP Testing Guide: https://owasp.org/www-project-web-security-testing-guide/
-
Web App Pentesting Career
Hi, sit and learn https://owasp.org/www-project-web-security-testing-guide/ that's the best way, than may be EJPT.
-
Git branching for small teams
A short-lived branch-per-issue helps ensure that its resulting pull request doesn’t get too large, making it unwieldy and hard to review carefully. The definition of “short” varies depending on the team or project’s development velocity: for a small team producing a commercial app (like a startup), the time from issue branch creation to PR probably won’t exceed a week. For open source projects like the OWASP WSTG that depends on volunteers working around busy schedules, branches may live for a few weeks to a few months, depending on the contributor. Generally, strive to iterate in as little time as possible.
What are some alternatives?
OWASP-Testing-Checklist - OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.
owasp-masvs - The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
Damn-Vulnerable-Bank - Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
huntkit - Docker - Ubuntu with a bunch of PenTesting tools and wordlists
OWASP-Calculator - 🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment
API-Security - OWASP API Security Project
web-pentesting-checklist - checklist for testing the web applications
awesome-devsecops - An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
see awesome-security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.