erictyl
/
install_r45_on_ubuntu_1804lts_doc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix install_nginx.sh

This commit is contained in:
邱博亞 2024-01-01 10:21:11 +08:00
parent 224705bae7
commit a1dc79f11f
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
install_nginx.sh
View File

@ -90,6 +90,8 @@ if [ -z "$cpu_cores" ]; then
cpu_cores="1"; cpu_cores="1";
fi fi
if [[ $(vercomp "$ubuntu_ver" "16") == "<" ]]; then #Need update ca-certificates manual if [[ $(vercomp "$ubuntu_ver" "16") == "<" ]]; then #Need update ca-certificates manual
sudo apt-get install -y apt-transport-https ca-certificates
sudo update-ca-certificates
sudo bash -l -c " sudo bash -l -c "
cd /root && cd /root &&
wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/ca-certificates/20210119~20.04.2/ca-certificates_20210119~20.04.2.tar.xz --no-check-certificate -O ca-certificates_20210119~20.04.2.tar.xz && wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/ca-certificates/20210119~20.04.2/ca-certificates_20210119~20.04.2.tar.xz --no-check-certificate -O ca-certificates_20210119~20.04.2.tar.xz &&
@ -241,7 +243,7 @@ if [[ $(vercomp "$nginx_ver" "$nginx_target_ver") == "<" ]] || [[ "$1" == '--fo
cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && \ cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && \
echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && \ echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && \
mkdir -p /etc/nginx/modsec && \ mkdir -p /etc/nginx/modsec && \
wget --no-check-certificate -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended -O modsecurity.conf && \ wget --no-check-certificate -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended -O /etc/nginx/modsec/modsecurity.conf && \
cd .. && \ cd .. && \
cp -f ModSecurity/unicode.mapping /etc/nginx/modsec && \ cp -f ModSecurity/unicode.mapping /etc/nginx/modsec && \
sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf && \ sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf && \
@ -284,16 +286,6 @@ if [[ $(vercomp "$nginx_ver" "$nginx_target_ver") == "<" ]] || [[ "$1" == '--fo
http_block_end=$((http_block_end + 1)) http_block_end=$((http_block_end + 1))
fi fi
done done
if [[ "$install_modsecurity" == "1" ]]; then
echo "Please modify your nginx conf file by yourself!"
echo "
server {
# ...
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
}
"
fi
fi fi
if [[ -z "$(grep -E 'include\s+\/etc\/nginx\/modules-enabled\/\*\.conf;' /etc/nginx/nginx.conf)" ]]; then if [[ -z "$(grep -E 'include\s+\/etc\/nginx\/modules-enabled\/\*\.conf;' /etc/nginx/nginx.conf)" ]]; then
nginx_conf_path="/etc/nginx/nginx.conf" nginx_conf_path="/etc/nginx/nginx.conf"
@ -301,5 +293,15 @@ if [[ $(vercomp "$nginx_ver" "$nginx_target_ver") == "<" ]] || [[ "$1" == '--fo
sudo bash -l -c "echo '$nginx_conf_contents' > $nginx_conf_path" sudo bash -l -c "echo '$nginx_conf_contents' > $nginx_conf_path"
sudo service nginx restart sudo service nginx restart
fi fi
if [[ "$install_modsecurity" == "1" ]]; then
echo "Please modify your nginx conf file by yourself!"
echo "
server {
# ...
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
}
"
fi
cd "$org_pwd" cd "$org_pwd"
fi fi