Skip to content

chore: Update ARXIGNIS version to 1.4-0 and enhance NGINX configurati… #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pigri merged 1 commit into from
Sep 18, 2025
Merged

chore: Update ARXIGNIS version to 1.4-0 and enhance NGINX configurati… #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
ENV NGX_JA4_MODULE_VERSION="1.3.1-beta"
ENV NGX_BROTLI_COMMIT_HASH="6e975bcb015f62e1f303054897783355e2a877dc"
ENV NGX_DYNAMIC_ETAG_VERSION="0.2.1"
ENV NGX_HTTP_AUTH_DIGEST_VERSION="1.0.0"

Check warning on line 20 in Dockerfile

View workflow job for this annotation

GitHub Actions / build (linux/arm64)

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "NGX_HTTP_AUTH_DIGEST_VERSION")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

Check warning on line 20 in Dockerfile

View workflow job for this annotation

GitHub Actions / build (linux/amd64)

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "NGX_HTTP_AUTH_DIGEST_VERSION")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
ENV MODSECURITY_NGINX_VERSION="1.0.4"
ENV MODSECURITY_NGINX_SHA256="6bdc7570911be884c1e43aaf85046137f9fde0cfa0dd4a55b853c81c45a13313"
ENV MODSECURITY_VERSION="3.0.14"
Expand Down Expand Up @@ -292,7 +292,7 @@
STOPSIGNAL SIGQUIT

FROM openresty-builder AS runtime
ENV ARXIGNIS_VERSION="1.3-1"
ENV ARXIGNIS_VERSION="1.4-0"

WORKDIR /etc/nginx

Expand Down
32 changes: 30 additions & 2 deletions example/nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
error_log /var/log/nginx/error.log warn;
error_log /var/log/nginx/error.log info;

#pid logs/nginx.pid;

Expand All @@ -19,6 +19,8 @@ env ARXIGNIS_API_KEY;
env ARXIGNIS_API_URL;
env ARXIGNIS_MODE;
env ARXIGNIS_CAPTCHA_PROVIDER;
env ARXIGNIS_ACCESS_RULE_ID;
# env ARXIGNIS_API_SSL_VERIFY;

http {
include mime.types;
Expand All @@ -29,6 +31,29 @@ http {
lua_shared_dict arxignis_queue 50m;
lua_code_cache off;

real_ip_header X-Forwarded-For;
real_ip_recursive on;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 100.64.0.0/10;
set_real_ip_from 169.254.0.0/16;


geoip2 /usr/local/share/GeoIP/GeoLite2-Country.mmdb {
auto_reload 5m;
$geoip2_metadata_country_build metadata build_epoch;
$geoip2_data_country_code default=US source=$remote_addr country iso_code;
$geoip2_data_country_name country names en;
}

geoip2 /usr/local/share/GeoIP/GeoLite2-ASN.mmdb {
auto_reload 5m;
$geoip2_metadata_asn_build metadata build_epoch;
$geoip2_data_asn source=$remote_addr autonomous_system_number;
$geoip2_data_org source=$remote_addr autonomous_system_organization;
}


#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
Expand Down Expand Up @@ -74,7 +99,10 @@ http {

access_by_lua_block {
local arxignis = require("resty.arxignis")
arxignis.remediate(ngx.var.remote_addr)
-- If GEOIP is not available, pass nil for country and asn
-- arxignis.remediate(ngx.var.remote_addr, nil, nil)
-- If GEOIP is available, pass the country and asn
arxignis.remediate(ngx.var.remote_addr, ngx.var.geoip2_data_country_code, ngx.var.geoip2_data_asn)
}

#charset koi8-r;
Expand Down