Docker image for noblogs

Assumptions:

• the MySQL database is provided externally
• wp-content/blogs.dir (local storage) is provided externally
• wp-content/cache (wp-supercache render cache) is provided externally

The idea is that we provide a single JSON configuration file, and in return we get a container exposing a HTTP endpoint for noblogs.org.

The container is generic: secrets and other configuration parameters are loaded from the JSON configuration file using a custom wp-config.php.

Disable a ModSecurity rule

For this and other customizations, just edit the contents of conf/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf and add whatever directives are necessary.

If you just want to disable a specific rule ID (for example 123456), something like the following will do:

SecRuleRemoveById 123456

Whitelist a URL in ModSecurity

The syntax to whitelist a URL (i.e. disable the ModSecurity engine on a path-based criteria) is not trivial to come up with: if you want to whitelist /some/url.php, you'll have to modify conf/modsecurity/local.cf and add a directive like the following:

SecRule REQUEST_URI "@beginsWith /some/url.php" "id:1,ctl:ruleEngine=Off"

Pay attention to use a new id (1 in the example above) and pick one that isn't already taken, or you will create a broken Docker image that can't start (this is a configuration syntax error).