Put your Nginx inside a bunker! nginx Docker image secure by default.

Avoid the hassle of following security best practices each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings and tools so you don't need to do it yourself.

Non-exhaustive list of features :
- HTTPS support with transparent Let's Encrypt automation
- State-of-the-art web security : HTTP security headers, php.ini hardening, prevent leaks, ...
- Integrated ModSecurity WAF with the OWASP Core Rule Set
- Automatic ban of strange behaviors with fail2ban
- Antibot challenge through cookie, javascript, captcha or recaptcha v3
- Block TOR, proxies, bad user-agents, countries, ...
- Perform automatic DNSBL checks to block known bad IP
- Prevent bruteforce attacks with rate limiting
- Detect bad files with ClamAV
- Easy to configure with environment variables

https://github.com/bunkerity/bunkerized-nginx

#devops #docker

​​Keep an eye on your #docker image size and prevent it from growing too big!

Limit your docker image size with a simple CLI command. Perfect to be used inside your CI process.

Also available as a Github Action.

https://github.com/wemake-services/docker-image-size-limit

#python

So, after recent cryptography incident (https://github.com/pyca/cryptography/issues/5771) our build-times inside the Alpine-based docker-in-docker CI went from several seconds to ~6 minutes just to install #python dependencies.

This forced me to create our own dind image (https://github.com/wemake-services/wemake-dind/) with everything properly set up: python, rust (required to build `cryptography`), docker-compose, and several #docker quality tools like:
- https://github.com/wemake-services/dump-env which enforces strict .env configuration policies
- https://github.com/wemake-services/docker-image-size-limit which enforces strict image size control

Feel free to use it in your own CI pipelines! Not just for python, but for any docker-in-docker setups that use docker-compose.