master
7b5bdcf4d3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
25 lines
1.3 KiB
Markdown
25 lines
1.3 KiB
Markdown
# Entry-Point Runtime — Nginx
|
|
|
|
## Signals to gather
|
|
- `argv0` equals `nginx`.
|
|
- Config files: `/etc/nginx/nginx.conf`, `conf.d/*.conf`, `/usr/share/nginx/html`.
|
|
- Environment (`NGINX_ENTRYPOINT_QUIET_LOGS`, `NGINX_PORT`, `NGINX_ENVSUBST_TEMPLATE`).
|
|
- Listening sockets on 80/443 (dynamic mode) or `EXPOSE 80` (static).
|
|
- Modules or scripts shipped with the official Docker entrypoint (`docker-entrypoint.sh` collapsing to `nginx -g "daemon off;"`).
|
|
|
|
## Implementation notes
|
|
- Parse `nginx.conf` (basic directive traversal) to extract worker processes, include chains, upstream definitions.
|
|
- Handle official entrypoint idioms (`envsubst` templating) via ShellFlow.
|
|
- Distinguish pure reverse proxies from PHP-FPM combos; when both `nginx` and `php-fpm` run, classify container as `Supervisor`.
|
|
- Record static web content presence (`/usr/share/nginx/html/index.html`).
|
|
|
|
## Evidence & scoring
|
|
- Boost for confirmed config and workers.
|
|
- Add evidence for templating features, env substitution, or modules.
|
|
- Penalise if binary exists without config (likely not the entry point).
|
|
|
|
## Edge cases
|
|
- Alpine images may place configs under `/etc/nginx/conf.d`; include both.
|
|
- Custom builds might rename binary (`openresty`, `tengine`); consider aliases if common.
|
|
- Windows Nginx not supported; fall back to `Other`.
|