Fix install_nginx.sh.

install_nginx.sh

@@ -53,21 +53,34 @@ force_reinstall_openssl="0"
 if [[ ! -d "/usr/include/openssl" ]] && [[ ! -d "/usr/local/include/openssl" ]] && [[ ! -d "/usr/pkg/include/openssl" ]] && [[ ! -d "/opt/local/include/openssl" ]] && [[ ! -d /opt/openssl/include/openssl ]]; then
     force_reinstall_openssl="1"
 fi
+target_openssl_ver="1.1.1w"
+if [ "$(readlink -f `which openssl`)" == "/opt/openssl/bin/openssl" ]; then
+    openssl_dir="/opt/openssl/ssl"
+    openssl_source_dir="/root/openssl-$target_openssl_ver"
+    if [ -z `sudo readlink -f "$openssl_source_dir"` ]; then
+        force_reinstall_openssl="1"
+    else
+        if [ -d /opt/openssl/ssl/certs ] && [ ! -L /opt/openssl/ssl/certs ]; then
+            rm -rf /opt/openssl/ssl/certs && ln -sf /etc/ssl/certs /opt/openssl/ssl/.
+        fi
+    fi
+fi
 if [[ $(vercomp "$openssl_ver" "1.1.1") == "<" ]] || [[ "$force_reinstall_openssl" == "1" ]]; then
     # Build openssl
-    target_openssl_ver="1.1.1q"
     sudo bash -l -c "
         cd /root &&
         wget https://www.openssl.org/source/openssl-$target_openssl_ver.tar.gz --no-check-certificate -O openssl-$target_openssl_ver.tar.gz &&
         tar xzvf openssl-$target_openssl_ver.tar.gz &&
+        rm -rf /opt/openssl &&
         cd openssl-$target_openssl_ver &&
         ./config no-ssl2 no-ssl3 zlib-dynamic -fPIC shared --prefix=/opt/openssl &&
-        make depend -j$cpu_cores && make install &&
+        make depend -j$cpu_cores && make install -j$cpu_cores &&
         rm -f /usr/bin/openssl &&
         ln -sf /opt/openssl/bin/* /usr/bin/. &&
         echo '/opt/openssl/lib' > /etc/ld.so.conf.d/openssl.conf &&
         ldconfig &&
-        cp -f /opt/openssl/lib/pkgconfig/openssl.pc /usr/lib/x86_64-linux-gnu/pkgconfig/."
+        cp -f /opt/openssl/lib/pkgconfig/openssl.pc /usr/lib/x86_64-linux-gnu/pkgconfig/. &&
+        ln -sf /etc/ssl/certs /opt/openssl/ssl/."
     openssl_ver="$target_openssl_ver"
     cd "$org_pwd"
     openssl_dir="/opt/openssl/ssl"
@@ -105,26 +118,15 @@ extra_build_nginx_cmd="true"
 if [[ "$@" == *"--install-modsecurity"* ]];then
     install_modsecurity="1"
     if [[ $(vercomp "$ubuntu_ver" "16") == "<" ]]; then #use 3.0.6
-        sudo bash -l -c "
-            cd /root &&
-            apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev &&
-            git clone https://github.com/SpiderLabs/ModSecurity.git &&
-            cd ModSecurity &&
-            git checkout v3.0.6 &&
-            git submodule init &&
-            git submodule update &&
-            ./build.sh &&
-            ./configure &&
-            make &&
-            make install &&
-            cd .. &&
-            git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
-        "
+        modsecurity_branch="v3.0.6"
     else
+        modsecurity_branch="v3/master"
+    fi
     sudo bash -l -c "
         cd /root &&
         apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev &&
-            git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity &&
+        rm -rf ModSecurity &&
+        git clone --depth 1 -b $modsecurity_branch --single-branch https://github.com/SpiderLabs/ModSecurity &&
         cd ModSecurity &&
         git submodule init &&
         git submodule update &&
@@ -133,15 +135,16 @@ if [[ "$@" == *"--install-modsecurity"* ]];then
         make &&
         make install &&
         cd .. &&
+        rm -rf ModSecurity-nginx &&
         git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
     "
-    fi
     nginx_configure="$nginx_configure --add-dynamic-module=../ModSecurity-nginx"
 fi
 if [[ "$@" == *"--install-naxsi"* ]];then
     install_naxsi="1"
     sudo bash -l -c "
         cd /root &&
+        rm -rf naxsi &&
         git clone --depth 1 https://github.com/nbs-system/naxsi.git
     "
     nginx_configure="$nginx_configure --add-module=../naxsi/naxsi_src"
@@ -238,11 +241,12 @@ if [[ $(vercomp "$nginx_ver" "$nginx_target_ver") ==  "<" ]] || [[ "$1" == '--fo
             cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && \
             echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && \
             mkdir -p /etc/nginx/modsec && \
-            wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended && \
-            mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf && \
+            wget --no-check-certificate -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended -O modsecurity.conf && \
             cd .. && \
             cp -f ModSecurity/unicode.mapping /etc/nginx/modsec && \
             sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf && \
+            sed -i 's/SecRequestBodyLimit 13107200/SecRequestBodyLimit 131072000/' /etc/nginx/modsec/modsecurity.conf && \
+            sed -i 's/SecRequestBodyNoFilesLimit 131072/SecRequestBodyNoFilesLimit 1310720/' /etc/nginx/modsec/modsecurity.conf && \
             wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/modsecurity_main.conf -O /etc/nginx/modsec/main.conf"
     fi
     if [[ $nginx_conf_exist == "0" ]]; then