3b047b680a
- Use two separate //go:generate directives (Ja4Tc for tc_capture.c, Ja4Ssl
for uprobe_ssl.c) to avoid duplicate LICENSE symbol and multi-file clang issue
- Update loader.go to hold tcObjs/sslObjs separately with correct field names:
UprobeSslSetFd, UprobeSslReadEntry, UretprobeSslReadExit,
KprobeAccept4Entry, KretprobeAccept4Exit
- Add systemd-rpm-macros to all three RPM build stages (el8/el9/el10)
so that %{_unitdir} macro resolves correctly
- RPMs now build successfully for el8, el9, el10
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
83 lines
2.5 KiB
Nginx Configuration File
83 lines
2.5 KiB
Nginx Configuration File
# nginx.conf — Stack de test nginx + ja4ebpf
|
|
# HTTP/2 activé (h2) pour tester le parsing de la preface HTTP/2 par ja4ebpf.
|
|
|
|
user nginx;
|
|
worker_processes auto;
|
|
error_log /var/log/nginx/error.log warn;
|
|
pid /run/nginx/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
use epoll;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
sendfile on;
|
|
keepalive_timeout 65;
|
|
keepalive_requests 200;
|
|
|
|
# Log format étendu (debug)
|
|
log_format main '$remote_addr - $remote_user [$time_local] '
|
|
'"$request" $status $body_bytes_sent '
|
|
'"$http_referer" "$http_user_agent" '
|
|
'ssl_protocol=$ssl_protocol ssl_cipher=$ssl_cipher';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
# ── Serveur HTTP (port 80) ─────────────────────────────────────────────
|
|
server {
|
|
listen 80;
|
|
server_name _;
|
|
|
|
location /health {
|
|
return 200 '{"status":"ok","stack":"nginx"}';
|
|
add_header Content-Type application/json;
|
|
}
|
|
|
|
# Redirection HTTPS optionnelle (trafic HTTP testé directement)
|
|
location / {
|
|
root /var/www/html;
|
|
index index.html;
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
}
|
|
|
|
# ── Serveur HTTPS (port 443) avec HTTP/2 ──────────────────────────────
|
|
server {
|
|
listen 443 ssl;
|
|
http2 on;
|
|
server_name _;
|
|
|
|
ssl_certificate /etc/pki/tls/certs/nginx.crt;
|
|
ssl_certificate_key /etc/pki/tls/private/nginx.key;
|
|
|
|
# Suites de chiffrement variées pour générer plusieurs JA4 distincts
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers off;
|
|
|
|
# Activation du session resumption (teste le parsing ja4ebpf de session IDs)
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 10m;
|
|
|
|
location /health {
|
|
return 200 '{"status":"ok","stack":"nginx","tls":true}';
|
|
add_header Content-Type application/json;
|
|
}
|
|
|
|
location / {
|
|
root /var/www/html;
|
|
index index.html;
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
# Endpoint POST pour tester la capture des requêtes avec body
|
|
location /api/ {
|
|
return 200 '{"result":"accepted"}';
|
|
add_header Content-Type application/json;
|
|
}
|
|
}
|
|
}
|