<div dir="ltr"><div>Thank you for all of your input!</div><div><br></div><div>Ed<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Oct 13, 2022 at 5:54 PM PGNet Dev <<a href="mailto:pgnet.dev@gmail.com">pgnet.dev@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">> My primary driving reason for considering the deployment of Nginx from source is to use ModSecurity WAF with Nginx. I'm under the impression that it's much easier to use ModSecurity with Nginx when compiled from source.<br>
<br>
If ModSecurity is the issue ...<br>
<br>
There are old instructions easily found ON the <a href="http://nginx.com" rel="noreferrer" target="_blank">nginx.com</a> site,<br>
<br>
<a href="https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/" rel="noreferrer" target="_blank">https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/</a><br>
<br>
for building it as a dynamic module, which can be separately built and added to a packaged nginx build. not required to rebuild/repackage/reinstall nginx itself. of course, you need to match source version to your pkg'd version.<br>
<br>
but note, NGINX is dumping ... er ... Transitioning to End-of-Life ... ModSecurity support,<br>
<br>
F5 NGINX ModSecurity WAF Is Transitioning to End-of-Life<br>
<a href="https://www.nginx.com/blog/f5-nginx-modsecurity-waf-transitioning-to-eol/" rel="noreferrer" target="_blank">https://www.nginx.com/blog/f5-nginx-modsecurity-waf-transitioning-to-eol/</a><br>
<br>
and that ModSecurity itself is on its way out,<br>
<br>
Talking about ModSecurity and the new Coraza WAF<br>
<a href="https://coreruleset.org/20211222/talking-about-modsecurity-and-the-new-coraza-waf/" rel="noreferrer" target="_blank">https://coreruleset.org/20211222/talking-about-modsecurity-and-the-new-coraza-waf/</a><br>
<br>
but not quite dead yet. in the interim, there's ModSecurity v3/master<br>
<br>
<a href="https://github.com/SpiderLabs/ModSecurity" rel="noreferrer" target="_blank">https://github.com/SpiderLabs/ModSecurity</a><br>
<br>
, with a new architecture, and a specific Nginx connector<br>
<br>
<a href="https://github.com/SpiderLabs/ModSecurity-nginx" rel="noreferrer" target="_blank">https://github.com/SpiderLabs/ModSecurity-nginx</a><br>
<br>
which can, similarly to the above, be built/added as a dynamic module, and still works well enough.<br>
<br>
and here's a useful tutorial for setting up Nginx + LibModsecurity<br>
<br>
Configure LibModsecurity with Nginx on CentOS 8<br>
<a href="https://kifarunix.com/configure-libmodsecurity-with-nginx-on-centos-8/" rel="noreferrer" target="_blank">https://kifarunix.com/configure-libmodsecurity-with-nginx-on-centos-8/</a><br>
<br>
<br>
</blockquote></div>