This commit is contained in:
BoHung Chiu 2022-08-24 16:23:59 +08:00
parent fb3db4652e
commit 7c589cd6cc
2 changed files with 60 additions and 25 deletions

View File

@ -87,6 +87,13 @@ fi
if [[ ! -f /etc/init.d/nginx ]]; then if [[ ! -f /etc/init.d/nginx ]]; then
sudo wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/nginx_service.sh -O /etc/init.d/nginx sudo wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/nginx_service.sh -O /etc/init.d/nginx
sudo chmod 755 /etc/init.d/nginx sudo chmod 755 /etc/init.d/nginx
sudo chown root:root /etc/init.d/nginx
if [[ "$ubuntu_ver" > "16" ]] || [[ "$ubuntu_ver" == "16" ]]; then
sudo wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/nginx.service -O /lib/systemd/system/nginx.service
sudo chown root:root /lib/systemd/system/nginx.service
sudo chmod 644 /lib/systemd/system/nginx.service
sudo systemctl daemon-reload
fi
fi fi
nginx_target_ver="1.23.1" nginx_target_ver="1.23.1"
if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$install_modsecurity" == "1" ]]; then if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$install_modsecurity" == "1" ]]; then
@ -97,33 +104,32 @@ if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$ins
fi fi
#Build nginx and install #Build nginx and install
sudo bash -l -c " sudo bash -l -c "
cd /root && cd /root && \
wget http://nginx.org/download/nginx-$nginx_target_ver.tar.gz && wget http://nginx.org/download/nginx-$nginx_target_ver.tar.gz && \
tar -zxvf nginx-$nginx_target_ver.tar.gz && tar -zxvf nginx-$nginx_target_ver.tar.gz && \
cd nginx-$nginx_target_ver && cd nginx-$nginx_target_ver && \
apt remove nginx --purge -y && apt remove nginx --purge -y && \
apt-get -y install libpcre3 libpcre3-dev libxml2 libxml2-dev libxslt-dev libgd-dev && apt-get -y install libpcre3 libpcre3-dev libxml2 libxml2-dev libxslt-dev libgd-dev && \
$nginx_configure && $nginx_configure && \
make -j$cpu_cores && make install && make -j$cpu_cores && make install && \
rm -f /usr/sbin/nginx && rm -f /usr/sbin/nginx && \
ln -s /usr/share/nginx/sbin/nginx /usr/sbin/. && ln -s /usr/share/nginx/sbin/nginx /usr/sbin/. && \
service nginx restart mkdir -p /var/lib/nginx && \
" service nginx restart"
if [[ "$install_modsecurity" == "1" ]]; then if [[ "$install_modsecurity" == "1" ]]; then
sudo bash -l -c " sudo bash -l -c "
cd /root/nginx-$nginx_target_ver && cd /root/nginx-$nginx_target_ver && \
make modules && make modules && \
mkdir -p /etc/nginx/modules && mkdir -p /etc/nginx/modules && \
cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && \
echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && \
mkdir -p /etc/nginx/modsec && mkdir -p /etc/nginx/modsec && \
wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended && wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended && \
mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf && mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf && \
cd .. && cd .. && \
cp -f ModSecurity/unicode.mapping /etc/nginx/modsec && cp -f ModSecurity/unicode.mapping /etc/nginx/modsec && \
sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf && sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf && \
wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/modsecurity_main.conf -O /etc/nginx/modsec/main.conf wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/modsecurity_main.conf -O /etc/nginx/modsec/main.conf"
"
fi fi
if [[ $nginx_conf_exist == "0" ]]; then if [[ $nginx_conf_exist == "0" ]]; then
nginx_conf_path="/etc/nginx/nginx.conf" nginx_conf_path="/etc/nginx/nginx.conf"

29
nginx.service Normal file
View File

@ -0,0 +1,29 @@
# Stop dance for nginx
# =======================
#
# ExecStop sends SIGSTOP (graceful stop) to the nginx process.
# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control
# and sends SIGTERM (fast shutdown) to the main process.
# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends
# SIGKILL to all the remaining processes in the process group (KillMode=mixed).
#
# nginx signals reference doc:
# http://nginx.org/en/docs/control.html
#
[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target