Merge pull request #235 from coreruleset/error-low-port

chore: error if port or ssl_port are lower than 1024
coreruleset · Apr 24, 2024 · f5cd07b · f5cd07b
2 parents f9ed657 + 3a11ef0
commit f5cd07b
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 0 deletions.
diff --git a/apache/docker-entrypoint.sh b/apache/docker-entrypoint.sh
@@ -1,6 +1,7 @@
 #!/bin/sh -e
 
 /usr/local/bin/generate-certificate /usr/local/apache2
+/usr/local/bin/check-low-port
 
 . /opt/modsecurity/activate-plugins.sh
 . /opt/modsecurity/activate-rules.sh

diff --git a/nginx/docker-entrypoint.d/01-check-low-port.sh b/nginx/docker-entrypoint.d/01-check-low-port.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+# vim:sw=2:ts=2:sts=2:et
+
+set -eu
+
+LC_ALL=C
+ME=$( basename "$0" )
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+/usr/local/bin/check-low-port
+
+exit 0
diff --git a/src/bin/check-low-port b/src/bin/check-low-port
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+if [ "${PORT}" -lt 1024 ] || [ "${SSL_PORT}" -lt 1024 ]; then
+  echo<<EOF
+ERROR: you are using PORT=${PORT} and SSL_PORT=${SSL_PORT}
+
+Both nginx and httpd containers now run with an unprivileged user.
+
+This means that we cannot bind to ports below 1024, so you might need to correct your PORT and SSL_PORT settings.
+Now the defaults for both nginx and httpd are 8080 and 8443.
+
+FIX:
+
+if you have a port mapping like
+
+ports:
+- "80:80"
+
+then update it to use a port higher than 1024. Example:
+
+- "80:8080"
+
+The same should be done for the SSL ports.
+EOF
+  exit 1
+fi