Fix install_nginx.sh.
This commit is contained in:
parent
279efe457a
commit
9e937f6ca5
|
@ -53,21 +53,34 @@ force_reinstall_openssl="0"
|
||||||
if [[ ! -d "/usr/include/openssl" ]] && [[ ! -d "/usr/local/include/openssl" ]] && [[ ! -d "/usr/pkg/include/openssl" ]] && [[ ! -d "/opt/local/include/openssl" ]] && [[ ! -d /opt/openssl/include/openssl ]]; then
|
if [[ ! -d "/usr/include/openssl" ]] && [[ ! -d "/usr/local/include/openssl" ]] && [[ ! -d "/usr/pkg/include/openssl" ]] && [[ ! -d "/opt/local/include/openssl" ]] && [[ ! -d /opt/openssl/include/openssl ]]; then
|
||||||
force_reinstall_openssl="1"
|
force_reinstall_openssl="1"
|
||||||
fi
|
fi
|
||||||
|
target_openssl_ver="1.1.1w"
|
||||||
|
if [ "$(readlink -f `which openssl`)" == "/opt/openssl/bin/openssl" ]; then
|
||||||
|
openssl_dir="/opt/openssl/ssl"
|
||||||
|
openssl_source_dir="/root/openssl-$target_openssl_ver"
|
||||||
|
if [ -z `sudo readlink -f "$openssl_source_dir"` ]; then
|
||||||
|
force_reinstall_openssl="1"
|
||||||
|
else
|
||||||
|
if [ -d /opt/openssl/ssl/certs ] && [ ! -L /opt/openssl/ssl/certs ]; then
|
||||||
|
rm -rf /opt/openssl/ssl/certs && ln -sf /etc/ssl/certs /opt/openssl/ssl/.
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
if [[ $(vercomp "$openssl_ver" "1.1.1") == "<" ]] || [[ "$force_reinstall_openssl" == "1" ]]; then
|
if [[ $(vercomp "$openssl_ver" "1.1.1") == "<" ]] || [[ "$force_reinstall_openssl" == "1" ]]; then
|
||||||
# Build openssl
|
# Build openssl
|
||||||
target_openssl_ver="1.1.1q"
|
|
||||||
sudo bash -l -c "
|
sudo bash -l -c "
|
||||||
cd /root &&
|
cd /root &&
|
||||||
wget https://www.openssl.org/source/openssl-$target_openssl_ver.tar.gz --no-check-certificate -O openssl-$target_openssl_ver.tar.gz &&
|
wget https://www.openssl.org/source/openssl-$target_openssl_ver.tar.gz --no-check-certificate -O openssl-$target_openssl_ver.tar.gz &&
|
||||||
tar xzvf openssl-$target_openssl_ver.tar.gz &&
|
tar xzvf openssl-$target_openssl_ver.tar.gz &&
|
||||||
|
rm -rf /opt/openssl &&
|
||||||
cd openssl-$target_openssl_ver &&
|
cd openssl-$target_openssl_ver &&
|
||||||
./config no-ssl2 no-ssl3 zlib-dynamic -fPIC shared --prefix=/opt/openssl &&
|
./config no-ssl2 no-ssl3 zlib-dynamic -fPIC shared --prefix=/opt/openssl &&
|
||||||
make depend -j$cpu_cores && make install &&
|
make depend -j$cpu_cores && make install -j$cpu_cores &&
|
||||||
rm -f /usr/bin/openssl &&
|
rm -f /usr/bin/openssl &&
|
||||||
ln -sf /opt/openssl/bin/* /usr/bin/. &&
|
ln -sf /opt/openssl/bin/* /usr/bin/. &&
|
||||||
echo '/opt/openssl/lib' > /etc/ld.so.conf.d/openssl.conf &&
|
echo '/opt/openssl/lib' > /etc/ld.so.conf.d/openssl.conf &&
|
||||||
ldconfig &&
|
ldconfig &&
|
||||||
cp -f /opt/openssl/lib/pkgconfig/openssl.pc /usr/lib/x86_64-linux-gnu/pkgconfig/."
|
cp -f /opt/openssl/lib/pkgconfig/openssl.pc /usr/lib/x86_64-linux-gnu/pkgconfig/. &&
|
||||||
|
ln -sf /etc/ssl/certs /opt/openssl/ssl/."
|
||||||
openssl_ver="$target_openssl_ver"
|
openssl_ver="$target_openssl_ver"
|
||||||
cd "$org_pwd"
|
cd "$org_pwd"
|
||||||
openssl_dir="/opt/openssl/ssl"
|
openssl_dir="/opt/openssl/ssl"
|
||||||
|
@ -105,26 +118,15 @@ extra_build_nginx_cmd="true"
|
||||||
if [[ "$@" == *"--install-modsecurity"* ]];then
|
if [[ "$@" == *"--install-modsecurity"* ]];then
|
||||||
install_modsecurity="1"
|
install_modsecurity="1"
|
||||||
if [[ $(vercomp "$ubuntu_ver" "16") == "<" ]]; then #use 3.0.6
|
if [[ $(vercomp "$ubuntu_ver" "16") == "<" ]]; then #use 3.0.6
|
||||||
sudo bash -l -c "
|
modsecurity_branch="v3.0.6"
|
||||||
cd /root &&
|
|
||||||
apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev &&
|
|
||||||
git clone https://github.com/SpiderLabs/ModSecurity.git &&
|
|
||||||
cd ModSecurity &&
|
|
||||||
git checkout v3.0.6 &&
|
|
||||||
git submodule init &&
|
|
||||||
git submodule update &&
|
|
||||||
./build.sh &&
|
|
||||||
./configure &&
|
|
||||||
make &&
|
|
||||||
make install &&
|
|
||||||
cd .. &&
|
|
||||||
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
|
|
||||||
"
|
|
||||||
else
|
else
|
||||||
|
modsecurity_branch="v3/master"
|
||||||
|
fi
|
||||||
sudo bash -l -c "
|
sudo bash -l -c "
|
||||||
cd /root &&
|
cd /root &&
|
||||||
apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev &&
|
apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev &&
|
||||||
git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity &&
|
rm -rf ModSecurity &&
|
||||||
|
git clone --depth 1 -b $modsecurity_branch --single-branch https://github.com/SpiderLabs/ModSecurity &&
|
||||||
cd ModSecurity &&
|
cd ModSecurity &&
|
||||||
git submodule init &&
|
git submodule init &&
|
||||||
git submodule update &&
|
git submodule update &&
|
||||||
|
@ -133,15 +135,16 @@ if [[ "$@" == *"--install-modsecurity"* ]];then
|
||||||
make &&
|
make &&
|
||||||
make install &&
|
make install &&
|
||||||
cd .. &&
|
cd .. &&
|
||||||
|
rm -rf ModSecurity-nginx &&
|
||||||
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
|
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
|
||||||
"
|
"
|
||||||
fi
|
|
||||||
nginx_configure="$nginx_configure --add-dynamic-module=../ModSecurity-nginx"
|
nginx_configure="$nginx_configure --add-dynamic-module=../ModSecurity-nginx"
|
||||||
fi
|
fi
|
||||||
if [[ "$@" == *"--install-naxsi"* ]];then
|
if [[ "$@" == *"--install-naxsi"* ]];then
|
||||||
install_naxsi="1"
|
install_naxsi="1"
|
||||||
sudo bash -l -c "
|
sudo bash -l -c "
|
||||||
cd /root &&
|
cd /root &&
|
||||||
|
rm -rf naxsi &&
|
||||||
git clone --depth 1 https://github.com/nbs-system/naxsi.git
|
git clone --depth 1 https://github.com/nbs-system/naxsi.git
|
||||||
"
|
"
|
||||||
nginx_configure="$nginx_configure --add-module=../naxsi/naxsi_src"
|
nginx_configure="$nginx_configure --add-module=../naxsi/naxsi_src"
|
||||||
|
@ -238,11 +241,12 @@ if [[ $(vercomp "$nginx_ver" "$nginx_target_ver") == "<" ]] || [[ "$1" == '--fo
|
||||||
cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && \
|
cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && \
|
||||||
echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && \
|
echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && \
|
||||||
mkdir -p /etc/nginx/modsec && \
|
mkdir -p /etc/nginx/modsec && \
|
||||||
wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended && \
|
wget --no-check-certificate -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended -O modsecurity.conf && \
|
||||||
mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf && \
|
|
||||||
cd .. && \
|
cd .. && \
|
||||||
cp -f ModSecurity/unicode.mapping /etc/nginx/modsec && \
|
cp -f ModSecurity/unicode.mapping /etc/nginx/modsec && \
|
||||||
sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf && \
|
sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf && \
|
||||||
|
sed -i 's/SecRequestBodyLimit 13107200/SecRequestBodyLimit 131072000/' /etc/nginx/modsec/modsecurity.conf && \
|
||||||
|
sed -i 's/SecRequestBodyNoFilesLimit 131072/SecRequestBodyNoFilesLimit 1310720/' /etc/nginx/modsec/modsecurity.conf && \
|
||||||
wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/modsecurity_main.conf -O /etc/nginx/modsec/main.conf"
|
wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/modsecurity_main.conf -O /etc/nginx/modsec/main.conf"
|
||||||
fi
|
fi
|
||||||
if [[ $nginx_conf_exist == "0" ]]; then
|
if [[ $nginx_conf_exist == "0" ]]; then
|
||||||
|
|
Loading…
Reference in New Issue