Update install nginx script.

This commit is contained in:
BoHung Chiu 2022-08-20 17:04:57 +08:00
parent afc5c02215
commit 2dc3a15bb6
2 changed files with 27 additions and 1 deletions

View File

@ -104,8 +104,16 @@ if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$ins
sudo bash -l -c " sudo bash -l -c "
cd /root/nginx-$nginx_target_ver && cd /root/nginx-$nginx_target_ver &&
make modules && make modules &&
mkdir -p /etc/nginx/modules &&
cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. &&
cd .. echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf &&
mkdir -p /etc/nginx/modsec &&
wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended &&
mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf &&
cd .. &&
cp -f ModSecurity/unicode.mapping /etc/nginx/modsec &&
sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf &&
wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/modsecurity_main.conf -O /etc/nginx/modsec/main.conf
" "
fi fi
if [[ $nginx_conf_exist == "0" ]]; then if [[ $nginx_conf_exist == "0" ]]; then
@ -143,6 +151,16 @@ if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$ins
http_block_end=$((http_block_end + 1)) http_block_end=$((http_block_end + 1))
fi fi
done done
if [[ "$install_modsecurity" == "1" ]]; then
echo "Please modify your nginx conf file by yourself!"
echo "
server {
# ...
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
}
"
fi
fi fi
cd "$org_pwd" cd "$org_pwd"
fi fi

8
modsecurity_main.conf Normal file
View File

@ -0,0 +1,8 @@
# From https://github.com/SpiderLabs/ModSecurity/blob/master/
# modsecurity.conf-recommended
#
# Edit to set SecRuleEngine On
Include "/etc/nginx/modsec/modsecurity.conf"
# Basic test rule
SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403"