From 6a69090d0fc0d6ab30db1f5f5130f561885d7d64 Mon Sep 17 00:00:00 2001
From: bohung <bohung@rulingcom.com>
Date: Sat, 20 Aug 2022 16:25:11 +0800
Subject: [PATCH] Update install nginx script with modsecurity module
 installation.

---
 install_nginx.sh | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/install_nginx.sh b/install_nginx.sh
index c239ca4..d64a066 100644
--- a/install_nginx.sh
+++ b/install_nginx.sh
@@ -46,16 +46,37 @@ else
     sudo apt-get update
     sudo apt-get install --reinstall ca-certificates -y
 fi
+install_modsecurity="0"
+if [[ "$1" ==  "--install-modsecurity" ]] || [[ "$2" ==  "--install-modsecurity" ]];then
+    install_modsecurity="1"
+    sudo bash -l -c "
+        cd /root &&
+        apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev &&
+        git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity &&
+        cd ModSecurity &&
+        git submodule init &&
+        git submodule update &&
+        ./build.sh &&
+        ./configure &&
+        make &&
+        make install &&
+        cd .. &&
+        git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
+    "
+fi
 nginx_configure=""
 if [ -z $openssl_source_dir ]; then
     nginx_configure="./configure --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module"
 else
     nginx_configure="./configure --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --with-openssl=$openssl_source_dir"
 fi
+if [[ "$install_modsecurity" == "1" ]]; then
+    nginx_configure="$nginx_configure --add-dynamic-module=../ModSecurity-nginx"
+fi
 nginx_ver="$(nginx -v 2>&1|xargs|awk '{print $3}'|cut -d '/' -f 2)"
 
 nginx_target_ver="1.23.1"
-if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]]; then
+if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$install_modsecurity" == "1" ]]; then
     if [ -f "/etc/nginx/nginx.conf" ]; then
         nginx_conf_exist="1"
     else
@@ -75,6 +96,14 @@ if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]]; then
         ln -s /usr/share/nginx/sbin/nginx /usr/sbin/. &&
         service nginx restart
         "
+    if [[ "$install_modsecurity" == "1" ]]; then
+        sudo bash -l -c "
+            cd /root/nginx-$nginx_target_ver &&
+            make modules &&
+            cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. &&
+            cd ..
+        "
+    fi
     if [[ $nginx_conf_exist == "0" ]]; then
         nginx_conf_path="/etc/nginx/nginx.conf"
         server_block_start=`sudo grep  -E '^\s*server\s*{' $nginx_conf_path -n|cut -d : -f 1`