45 lines
No EOL
1.1 KiB
Bash
45 lines
No EOL
1.1 KiB
Bash
#!/bin/bash
|
|
# 1. Define Backend
|
|
APP_SERVER="10.0.14.24:80"
|
|
|
|
echo "🛠️ Configuring Wallarm Inline Proxy..."
|
|
|
|
# 2. Write the configuration
|
|
sudo bash -c "cat << 'EOF' > /etc/nginx/sites-available/default
|
|
server {
|
|
listen 80 default_server;
|
|
server_name _;
|
|
|
|
wallarm_mode monitoring;
|
|
|
|
location / {
|
|
proxy_pass http://$APP_SERVER;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
}
|
|
|
|
location /wallarm-status {
|
|
wallarm_status on;
|
|
wallarm_mode off;
|
|
allow 127.0.0.1;
|
|
deny all;
|
|
}
|
|
}
|
|
EOF"
|
|
|
|
# 3. Ensure the site is enabled (Ubuntu requirement)
|
|
sudo ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
|
|
|
|
# 4. Test and Reload
|
|
echo "🔍 Testing Nginx..."
|
|
if sudo nginx -t; then
|
|
sudo systemctl restart nginx
|
|
echo "✅ SUCCESS: Proxying to $APP_SERVER"
|
|
curl -X GET "http://localhost" -H "accept: application/json"
|
|
curl -I "http://localhost/etc/passwd"
|
|
else
|
|
echo "❌ ERROR: Nginx config invalid."
|
|
exit 1
|
|
fi |