From 2dc3a15bb6c4d2fdd256a2d2bb649af413e79ebf Mon Sep 17 00:00:00 2001
From: bohung <bohung@rulingcom.com>
Date: Sat, 20 Aug 2022 17:04:57 +0800
Subject: [PATCH] Update install nginx script.

---
 install_nginx.sh      | 20 +++++++++++++++++++-
 modsecurity_main.conf |  8 ++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 modsecurity_main.conf

diff --git a/install_nginx.sh b/install_nginx.sh
index c953743..0dec57e 100644
--- a/install_nginx.sh
+++ b/install_nginx.sh
@@ -104,8 +104,16 @@ if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$ins
         sudo bash -l -c "
             cd /root/nginx-$nginx_target_ver &&
             make modules &&
+            mkdir -p /etc/nginx/modules &&
             cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. &&
-            cd ..
+            echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf &&
+            mkdir -p /etc/nginx/modsec &&
+            wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended &&
+            mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf &&
+            cd .. &&
+            cp -f ModSecurity/unicode.mapping /etc/nginx/modsec &&
+            sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf &&
+            wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/modsecurity_main.conf -O /etc/nginx/modsec/main.conf
         "
     fi
     if [[ $nginx_conf_exist == "0" ]]; then
@@ -143,6 +151,16 @@ if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$ins
                 http_block_end=$((http_block_end + 1))
             fi
         done
+        if [[ "$install_modsecurity" == "1" ]]; then
+            echo "Please modify your nginx conf file by yourself!"
+            echo "
+            server {
+                # ...
+                modsecurity on;
+                modsecurity_rules_file /etc/nginx/modsec/main.conf;
+            }
+            "
+        fi
     fi
     cd "$org_pwd"
 fi
\ No newline at end of file
diff --git a/modsecurity_main.conf b/modsecurity_main.conf
new file mode 100644
index 0000000..6214215
--- /dev/null
+++ b/modsecurity_main.conf
@@ -0,0 +1,8 @@
+# From https://github.com/SpiderLabs/ModSecurity/blob/master/
+# modsecurity.conf-recommended
+#
+# Edit to set SecRuleEngine On
+Include "/etc/nginx/modsec/modsecurity.conf"
+
+# Basic test rule
+SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403"
\ No newline at end of file