master
7b5bdcf4d3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
1.3 KiB
1.3 KiB
Entry-Point Runtime — Nginx
Signals to gather
argv0equalsnginx.- Config files:
/etc/nginx/nginx.conf,conf.d/*.conf,/usr/share/nginx/html. - Environment (
NGINX_ENTRYPOINT_QUIET_LOGS,NGINX_PORT,NGINX_ENVSUBST_TEMPLATE). - Listening sockets on 80/443 (dynamic mode) or
EXPOSE 80(static). - Modules or scripts shipped with the official Docker entrypoint (
docker-entrypoint.shcollapsing tonginx -g "daemon off;").
Implementation notes
- Parse
nginx.conf(basic directive traversal) to extract worker processes, include chains, upstream definitions. - Handle official entrypoint idioms (
envsubsttemplating) via ShellFlow. - Distinguish pure reverse proxies from PHP-FPM combos; when both
nginxandphp-fpmrun, classify container asSupervisor. - Record static web content presence (
/usr/share/nginx/html/index.html).
Evidence & scoring
- Boost for confirmed config and workers.
- Add evidence for templating features, env substitution, or modules.
- Penalise if binary exists without config (likely not the entry point).
Edge cases
- Alpine images may place configs under
/etc/nginx/conf.d; include both. - Custom builds might rename binary (
openresty,tengine); consider aliases if common. - Windows Nginx not supported; fall back to
Other.