nginx modsecurity on Debian 8
Anoop Alias
anoopalias01 at gmail.com
Wed Dec 23 12:52:57 UTC 2015
append the configure argument you already mentioned ./configure
--add-module=/opt/ModSecurity-nginx with the
--with-cc-opt='-g -O2 -fstack-protector-strong -Wformat
-Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro
--prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf
--http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit
--with-ipv6 --with-http_ssl_module --with-http_stub_status_module
--with-http_realip_module --with-http_auth_request_module
--with-http_addition_module --with-http_dav_module --with-http_geoip_module
--with-http_gzip_static_module --with-http_image_filter_module
--with-http_spdy_module --with-http_sub_module --with-http_xslt_module
--with-mail --with-mail_ssl_module
--add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-auth-pam
--add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-dav-ext-module
--add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-echo
--add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-upstream-fair
--add-module=/tmp/buildd/nginx-1.6.2/debian/modules/ngx_http_substitutions_filter_module
##
One problem I see here is that you need to place the modules added there in
their exact path like for
example /tmp/buildd/nginx-1.6.2/debian/modules/nginx-upstream-fair
.Otherwise you will have to modify those path accordingly. you need to
install build deps for nginx too
Also you might be able to use 1.8.0 stable version
Follow -
https://www.digitalocean.com/community/tutorials/how-to-add-ngx_pagespeed-module-to-nginx-in-debian-wheezy
. The difference is you are adding mod_sec instead of pagespeed .
On Wed, Dec 23, 2015 at 6:14 PM, Thierry <lenaigst at maelenn.org> wrote:
> What I have ...
> Could you please explain to me what do I have to do ? I do not understand
> ...
> Sorry
>
> nginx version: nginx/1.6.2
> TLS SNI support enabled
> configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong
> -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2'
> --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx
> --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log
> --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
> --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
> --http-fastcgi-temp-path=/var/lib/nginx/fastcgi
> --http-proxy-temp-path=/var/lib/nginx/proxy
> --http-scgi-temp-path=/var/lib/nginx/scgi
> --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit
> --with-ipv6 --with-http_ssl_module --with-http_stub_status_module
> --with-http_realip_module --with-http_auth_request_module
> --with-http_addition_module --with-http_dav_module --with-http_geoip_module
> --with-http_gzip_static_module --with-http_image_filter_module
> --with-http_spdy_module --with-http_sub_module --with-http_xslt_module
> --with-mail --with-mail_ssl_module
> --add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-auth-pam
> --add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-dav-ext-module
> --add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-echo
> --add-module=/tmp/buildd/nginx-1.6.2/debian/modules/nginx-upstream-fair
> --add-module=/tmp/buildd/nginx-1.6.2/debian/modules/ngx_http_substitutions_filter_module
>
> > nginx -V will show configure arguments. You need to add mod_sec at
> > the beginning of whatever is in there.
>
>
>
>
> > On Wed, Dec 23, 2015 at 5:51 PM, Thierry <lenaigst at maelenn.org> wrote:
>
> > Hi,
> >
> > A bit lost ...
> > I know nothing concerning nginx, I am more confortable with Apache2.
> > I am using an email server who is using nginx on debian 8.
> > I would need to install modsecurity as module.
> > I have understood that I need to compile from the working directory of
> > nginx ....
> >
> > ./configure --add-module=/opt/ModSecurity-nginx
> >
> > But how to deal with it if nginx as been installed from binary (debian
> > package) ?
> >
> > I have followed these instructions:
> >
> > $ sudo dnf install gcc-c++ flex bison curl-devel curl yajl yajl-devel
> GeoIP-devel doxygen
> > $ cd /opt/
> > $ git clone https://github.com/SpiderLabs/ModSecurity
> > $ cd ModSecurity
> > $ git checkout libmodsecurity
> > $ sh build.sh
> > $ ./configure
> > $ make
> > $ make install
> > $ cd /opt/
> > $ git clone https://github.com/SpiderLabs/ModSecurity-nginx
> > $ cd /opt/Modsecurity-nginx
> > $ git checkout experimental
> > $ cd /opt/
> > *******************************************************************
> > $ wget http://nginx.org/download/nginx-1.9.2.tar.gz
> > $ tar -xvzf nginx-1.9.2.tar.gz
> > $ yum install zlib-devel
> > *******************************************************************
> > $ ./configure --add-module=/opt/ModSecurity-nginx
> >
> >
> >
> > Everything went fine until the last ./configure ....
> > I didn't apply what's between " *** " because my nginx server is
> > already installed and working.
> >
> > Any ideas ?
> >
> > Thx
> > --
> > Cordialement,
> > Thierry e-mail : lenaigst at maelenn.org
> >
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> >
>
>
>
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
--
*Anoop P Alias*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20151223/8f87f271/attachment.html>
More information about the nginx
mailing list