nginx modsecurity on Debian 8

Anoop Alias anoopalias01 at gmail.com
Wed Dec 23 12:52:57 UTC 2015 

append  the configure argument you already mentioned  ./configure
--add-module=/opt/ModSecurity-nginx with the

--with-cc-opt='-g -O2 -fstack-protector-strong -Wformat
-Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro
--prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf
--http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit
--with-ipv6 --with-http_ssl_module --with-http_stub_status_module
--with-http_realip_module --with-http_auth_request_module
--with-http_addition_module --with-http_dav_module --with-http_geoip_module
--with-http_gzip_static_module --with-http_image_filter_module
--with-http_spdy_module --with-http_sub_module --with-http_xslt_module
--with-mail --with-mail_ssl_module
--add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-auth-pam
--add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-dav-ext-module
--add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-echo
--add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-upstream-fair
--add-module=/tmp/buildd/nginx-1.6.2/debian/modules/ngx_http_substitutions_filter_module


##

One problem I see here is that you need to place the modules added there in
their exact path like for
example /tmp/buildd/nginx-1.6.2/debian/modules/nginx-upstream-fair
.Otherwise you will have to modify those path accordingly. you need to
install build deps for nginx too

Also you might be able to use 1.8.0 stable version

Follow -
https://www.digitalocean.com/community/tutorials/how-to-add-ngx_pagespeed-module-to-nginx-in-debian-wheezy
. The difference is you are adding mod_sec instead of pagespeed .



On Wed, Dec 23, 2015 at 6:14 PM, Thierry <lenaigst at maelenn.org> wrote:

> What I have ...
> Could you please explain to me what do I have to do ? I do not understand
> ...
> Sorry
>
> nginx version: nginx/1.6.2
> TLS SNI support enabled
> configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong
> -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2'
> --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx
> --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log
> --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
> --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
> --http-fastcgi-temp-path=/var/lib/nginx/fastcgi
> --http-proxy-temp-path=/var/lib/nginx/proxy
> --http-scgi-temp-path=/var/lib/nginx/scgi
> --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit
> --with-ipv6 --with-http_ssl_module --with-http_stub_status_module
> --with-http_realip_module --with-http_auth_request_module
> --with-http_addition_module --with-http_dav_module --with-http_geoip_module
> --with-http_gzip_static_module --with-http_image_filter_module
> --with-http_spdy_module --with-http_sub_module --with-http_xslt_module
> --with-mail --with-mail_ssl_module
> --add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-auth-pam
> --add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-dav-ext-module
> --add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-echo
> --add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-upstream-fair
> --add-module=/tmp/buildd/nginx-1.6.2/debian/modules/ngx_http_substitutions_filter_module
>
> > nginx -V will show configure arguments. You need to add mod_sec at
> > the beginning of whatever is in there.
>
>
>
>
> > On Wed, Dec 23, 2015 at 5:51 PM, Thierry <lenaigst at maelenn.org> wrote:
>
> > Hi,
> >
> >  A bit lost ...
> >  I know nothing concerning nginx, I am more confortable with Apache2.
> >  I am using an email server who is using nginx on debian 8.
> >  I would need to install modsecurity as module.
> >  I have understood that I need to compile from the working directory of
> >  nginx ....
> >
> >  ./configure --add-module=/opt/ModSecurity-nginx
> >
> >  But how to deal with it if nginx as been installed from binary (debian
> >  package) ?
> >
> >  I have followed these instructions:
> >
> >   $ sudo dnf install gcc-c++ flex bison curl-devel curl yajl yajl-devel
> GeoIP-devel doxygen
> >  $ cd /opt/
> >  $ git clone https://github.com/SpiderLabs/ModSecurity
> >  $ cd ModSecurity
> >  $ git checkout libmodsecurity
> >  $ sh build.sh
> >  $ ./configure
> >  $ make
> >  $ make install
> >  $ cd /opt/
> >  $ git clone https://github.com/SpiderLabs/ModSecurity-nginx
> >  $ cd /opt/Modsecurity-nginx
> >  $ git checkout experimental
> >  $ cd /opt/
> >  *******************************************************************
> >  $ wget http://nginx.org/download/nginx-1.9.2.tar.gz
> >  $ tar -xvzf nginx-1.9.2.tar.gz
> >  $ yum install zlib-devel
> >  *******************************************************************
> >  $ ./configure --add-module=/opt/ModSecurity-nginx
> >
> >
> >
> >  Everything went fine until the last ./configure ....
> >  I  didn't  apply  what's  between  " *** " because my nginx server is
> >  already installed and working.
> >
> >  Any ideas ?
> >
> >  Thx
> >  --
> >  Cordialement,
> >   Thierry                          e-mail : lenaigst at maelenn.org
> >
> >  _______________________________________________
> >  nginx mailing list
> >  nginx at nginx.org
> >  http://mailman.nginx.org/mailman/listinfo/nginx
> >
>
>
>
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



-- 
*Anoop P Alias*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20151223/8f87f271/attachment.html>

More information about the nginx mailing list