Fix install_nginx.sh

2024-01-01 10:21:11 +08:00 · 2024-01-01 10:21:11 +08:00 · a1dc79f11f
parent 224705bae7
commit a1dc79f11f
1 changed files with 13 additions and 11 deletions
--- a/install_nginx.sh
+++ b/install_nginx.sh
@ -90,6 +90,8 @@ if [ -z "$cpu_cores" ]; then
    cpu_cores="1";
 fi
 if [[ $(vercomp "$ubuntu_ver" "16") == "<" ]]; then #Need update ca-certificates manual
+    sudo apt-get install -y apt-transport-https ca-certificates
+    sudo update-ca-certificates
    sudo bash -l -c "
        cd /root &&
        wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/ca-certificates/20210119~20.04.2/ca-certificates_20210119~20.04.2.tar.xz --no-check-certificate -O ca-certificates_20210119~20.04.2.tar.xz &&
@ -241,7 +243,7 @@ if [[ $(vercomp "$nginx_ver" "$nginx_target_ver") ==  "<" ]] || [[ "$1" == '--fo
            cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && \
            echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && \
            mkdir -p /etc/nginx/modsec && \
-            wget --no-check-certificate -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended -O modsecurity.conf && \
+            wget --no-check-certificate -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended -O /etc/nginx/modsec/modsecurity.conf && \
            cd .. && \
            cp -f ModSecurity/unicode.mapping /etc/nginx/modsec && \
            sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf && \
@ -284,16 +286,6 @@ if [[ $(vercomp "$nginx_ver" "$nginx_target_ver") ==  "<" ]] || [[ "$1" == '--fo
                http_block_end=$((http_block_end + 1))
            fi
        done
-        if [[ "$install_modsecurity" == "1" ]]; then
-            echo "Please modify your nginx conf file by yourself!"
-            echo "
-            server {
-                # ...
-                modsecurity on;
-                modsecurity_rules_file /etc/nginx/modsec/main.conf;
-            }
-            "
-        fi
    fi
    if [[ -z "$(grep -E 'include\s+\/etc\/nginx\/modules-enabled\/\*\.conf;' /etc/nginx/nginx.conf)" ]]; then
        nginx_conf_path="/etc/nginx/nginx.conf"
@ -301,5 +293,15 @@ if [[ $(vercomp "$nginx_ver" "$nginx_target_ver") ==  "<" ]] || [[ "$1" == '--fo
        sudo bash -l -c "echo '$nginx_conf_contents' > $nginx_conf_path"
        sudo service nginx restart
    fi
+    if [[ "$install_modsecurity" == "1" ]]; then
+        echo "Please modify your nginx conf file by yourself!"
+        echo "
+        server {
+            # ...
+            modsecurity on;
+            modsecurity_rules_file /etc/nginx/modsec/main.conf;
+        }
+        "
+    fi
    cd "$org_pwd"
 fi