erictyl
/
install_r45_on_ubuntu_1804lts_doc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update install nginx script with modsecurity module installation.

This commit is contained in:
BoHung Chiu 2022-08-20 16:25:11 +08:00
parent 1769ff5a7c
commit 6a69090d0f
1 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
install_nginx.sh
View File

@ -46,16 +46,37 @@ else
sudo apt-get update
sudo apt-get install --reinstall ca-certificates -y
fi
install_modsecurity="0"
if [[ "$1" == "--install-modsecurity" ]] || [[ "$2" == "--install-modsecurity" ]];then
install_modsecurity="1"
sudo bash -l -c "
cd /root &&
apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev &&
git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity &&
cd ModSecurity &&
git submodule init &&
git submodule update &&
./build.sh &&
./configure &&
make &&
make install &&
cd .. &&
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
"
fi
nginx_configure=""
if [ -z $openssl_source_dir ]; then
nginx_configure="./configure --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module"
else
nginx_configure="./configure --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --with-openssl=$openssl_source_dir"
fi
if [[ "$install_modsecurity" == "1" ]]; then
nginx_configure="$nginx_configure --add-dynamic-module=../ModSecurity-nginx"
fi
nginx_ver="$(nginx -v 2>&1|xargs|awk '{print $3}'|cut -d '/' -f 2)"
nginx_target_ver="1.23.1"
if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]]; then
if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$install_modsecurity" == "1" ]]; then
if [ -f "/etc/nginx/nginx.conf" ]; then
nginx_conf_exist="1"
else
@ -75,6 +96,14 @@ if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]]; then
ln -s /usr/share/nginx/sbin/nginx /usr/sbin/. &&
service nginx restart
"
if [[ "$install_modsecurity" == "1" ]]; then
sudo bash -l -c "
cd /root/nginx-$nginx_target_ver &&
make modules &&
cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. &&
cd ..
"
fi
if [[ $nginx_conf_exist == "0" ]]; then
nginx_conf_path="/etc/nginx/nginx.conf"
server_block_start=`sudo grep -E '^\s*server\s*{' $nginx_conf_path -n|cut -d : -f 1`