Fix install_nginx.sh.

This commit is contained in:
邱博亞 2023-11-26 12:43:11 +08:00
parent 279efe457a
commit 9e937f6ca5
1 changed files with 38 additions and 34 deletions

View File

@ -53,21 +53,34 @@ force_reinstall_openssl="0"
if [[ ! -d "/usr/include/openssl" ]] && [[ ! -d "/usr/local/include/openssl" ]] && [[ ! -d "/usr/pkg/include/openssl" ]] && [[ ! -d "/opt/local/include/openssl" ]] && [[ ! -d /opt/openssl/include/openssl ]]; then if [[ ! -d "/usr/include/openssl" ]] && [[ ! -d "/usr/local/include/openssl" ]] && [[ ! -d "/usr/pkg/include/openssl" ]] && [[ ! -d "/opt/local/include/openssl" ]] && [[ ! -d /opt/openssl/include/openssl ]]; then
force_reinstall_openssl="1" force_reinstall_openssl="1"
fi fi
target_openssl_ver="1.1.1w"
if [ "$(readlink -f `which openssl`)" == "/opt/openssl/bin/openssl" ]; then
openssl_dir="/opt/openssl/ssl"
openssl_source_dir="/root/openssl-$target_openssl_ver"
if [ -z `sudo readlink -f "$openssl_source_dir"` ]; then
force_reinstall_openssl="1"
else
if [ -d /opt/openssl/ssl/certs ] && [ ! -L /opt/openssl/ssl/certs ]; then
rm -rf /opt/openssl/ssl/certs && ln -sf /etc/ssl/certs /opt/openssl/ssl/.
fi
fi
fi
if [[ $(vercomp "$openssl_ver" "1.1.1") == "<" ]] || [[ "$force_reinstall_openssl" == "1" ]]; then if [[ $(vercomp "$openssl_ver" "1.1.1") == "<" ]] || [[ "$force_reinstall_openssl" == "1" ]]; then
# Build openssl # Build openssl
target_openssl_ver="1.1.1q"
sudo bash -l -c " sudo bash -l -c "
cd /root && cd /root &&
wget https://www.openssl.org/source/openssl-$target_openssl_ver.tar.gz --no-check-certificate -O openssl-$target_openssl_ver.tar.gz && wget https://www.openssl.org/source/openssl-$target_openssl_ver.tar.gz --no-check-certificate -O openssl-$target_openssl_ver.tar.gz &&
tar xzvf openssl-$target_openssl_ver.tar.gz && tar xzvf openssl-$target_openssl_ver.tar.gz &&
rm -rf /opt/openssl &&
cd openssl-$target_openssl_ver && cd openssl-$target_openssl_ver &&
./config no-ssl2 no-ssl3 zlib-dynamic -fPIC shared --prefix=/opt/openssl && ./config no-ssl2 no-ssl3 zlib-dynamic -fPIC shared --prefix=/opt/openssl &&
make depend -j$cpu_cores && make install && make depend -j$cpu_cores && make install -j$cpu_cores &&
rm -f /usr/bin/openssl && rm -f /usr/bin/openssl &&
ln -sf /opt/openssl/bin/* /usr/bin/. && ln -sf /opt/openssl/bin/* /usr/bin/. &&
echo '/opt/openssl/lib' > /etc/ld.so.conf.d/openssl.conf && echo '/opt/openssl/lib' > /etc/ld.so.conf.d/openssl.conf &&
ldconfig && ldconfig &&
cp -f /opt/openssl/lib/pkgconfig/openssl.pc /usr/lib/x86_64-linux-gnu/pkgconfig/." cp -f /opt/openssl/lib/pkgconfig/openssl.pc /usr/lib/x86_64-linux-gnu/pkgconfig/. &&
ln -sf /etc/ssl/certs /opt/openssl/ssl/."
openssl_ver="$target_openssl_ver" openssl_ver="$target_openssl_ver"
cd "$org_pwd" cd "$org_pwd"
openssl_dir="/opt/openssl/ssl" openssl_dir="/opt/openssl/ssl"
@ -105,26 +118,15 @@ extra_build_nginx_cmd="true"
if [[ "$@" == *"--install-modsecurity"* ]];then if [[ "$@" == *"--install-modsecurity"* ]];then
install_modsecurity="1" install_modsecurity="1"
if [[ $(vercomp "$ubuntu_ver" "16") == "<" ]]; then #use 3.0.6 if [[ $(vercomp "$ubuntu_ver" "16") == "<" ]]; then #use 3.0.6
sudo bash -l -c " modsecurity_branch="v3.0.6"
cd /root &&
apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev &&
git clone https://github.com/SpiderLabs/ModSecurity.git &&
cd ModSecurity &&
git checkout v3.0.6 &&
git submodule init &&
git submodule update &&
./build.sh &&
./configure &&
make &&
make install &&
cd .. &&
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
"
else else
modsecurity_branch="v3/master"
fi
sudo bash -l -c " sudo bash -l -c "
cd /root && cd /root &&
apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev && apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev &&
git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity && rm -rf ModSecurity &&
git clone --depth 1 -b $modsecurity_branch --single-branch https://github.com/SpiderLabs/ModSecurity &&
cd ModSecurity && cd ModSecurity &&
git submodule init && git submodule init &&
git submodule update && git submodule update &&
@ -133,15 +135,16 @@ if [[ "$@" == *"--install-modsecurity"* ]];then
make && make &&
make install && make install &&
cd .. && cd .. &&
rm -rf ModSecurity-nginx &&
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
" "
fi
nginx_configure="$nginx_configure --add-dynamic-module=../ModSecurity-nginx" nginx_configure="$nginx_configure --add-dynamic-module=../ModSecurity-nginx"
fi fi
if [[ "$@" == *"--install-naxsi"* ]];then if [[ "$@" == *"--install-naxsi"* ]];then
install_naxsi="1" install_naxsi="1"
sudo bash -l -c " sudo bash -l -c "
cd /root && cd /root &&
rm -rf naxsi &&
git clone --depth 1 https://github.com/nbs-system/naxsi.git git clone --depth 1 https://github.com/nbs-system/naxsi.git
" "
nginx_configure="$nginx_configure --add-module=../naxsi/naxsi_src" nginx_configure="$nginx_configure --add-module=../naxsi/naxsi_src"
@ -238,11 +241,12 @@ if [[ $(vercomp "$nginx_ver" "$nginx_target_ver") == "<" ]] || [[ "$1" == '--fo
cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && \ cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && \
echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && \ echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && \
mkdir -p /etc/nginx/modsec && \ mkdir -p /etc/nginx/modsec && \
wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended && \ wget --no-check-certificate -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended -O modsecurity.conf && \
mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf && \
cd .. && \ cd .. && \
cp -f ModSecurity/unicode.mapping /etc/nginx/modsec && \ cp -f ModSecurity/unicode.mapping /etc/nginx/modsec && \
sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf && \ sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf && \
sed -i 's/SecRequestBodyLimit 13107200/SecRequestBodyLimit 131072000/' /etc/nginx/modsec/modsecurity.conf && \
sed -i 's/SecRequestBodyNoFilesLimit 131072/SecRequestBodyNoFilesLimit 1310720/' /etc/nginx/modsec/modsecurity.conf && \
wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/modsecurity_main.conf -O /etc/nginx/modsec/main.conf" wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/modsecurity_main.conf -O /etc/nginx/modsec/main.conf"
fi fi
if [[ $nginx_conf_exist == "0" ]]; then if [[ $nginx_conf_exist == "0" ]]; then