Help with nginx.conf

Jeffrey Walton noloader at gmail.com
Sat Nov 12 03:48:18 UTC 2022


On Fri, Nov 11, 2022 at 1:43 PM Gus Flowers Starkiller <
relectgustfs at gmail.com> wrote:
>
> Hi ! Thanks a lot for your explanation ! Well I've installed some Nginx
servers all cases like configured like Proxy Reverse, But, at first I
installed Nginx from pages different from Nginx.org but the source were get
from nginx too (i think) and cases like nginx.conf is happening, different
files with ngonx.org and other sources and for example that directories
like sites-available and sites-enabled are missing after installation:
> e.g. /etc/nginx/sites-available and /etc/nginx/sites-enabled are not in
installation from nginx.org and as you say I could configure them to my own
target, but in these cases I must install Nginx + ModSecurity + OWASP (CRS)
because we must have the most security network with web pages to publicate.
> So, is there any configuration that you could recommend me?
> Another point too, I read the book about Nginx+Modsecurity from these book
>
> And I couldn't find in which directories of linux is installed Nginx, in
my cases Nginx and OWASP is in /usr/local/src but in the moment where I
must compile Nginx there is error about module
> "./configure: error: ngx_http_modsecurity_module requires the ModSecurity
library."
>
> Well I hope all these words don't disturb you at all, please sorry and
any word you can tell me about this, I will be so grateful. Thanks a lot,
greetings from Argentina.

One comment about this:

    I must install Nginx + ModSecurity + OWASP (CRS) because we
    must have the most security network with web pages to
    publicate...

I help run a website and wiki. CRS was too aggressive in practice, and it
broke the wiki. We could not submit page edits. So we used modsecurity, but
we dropped the CRS gear.

Modsecurity alone will still provide basic protections, like MIME types,
some request protections, some header protection, some body protection,
some memory limits, etc. (See /etc/modsecurity/modsecurity.conf for the
details).

Here's what it looks like under Apache:

# cat /etc/apache2/mods-enabled/security2.conf
<IfModule security2_module>
        # Default Debian dir for modsecurity's persistent data
        SecDataDir /var/cache/modsecurity

        # Include all the *.conf files in /etc/modsecurity.
        IncludeOptional /etc/modsecurity/*.conf

        # Include OWASP ModSecurity CRS rules if installed
        # IncludeOptional /usr/share/modsecurity-crs/*.load
</IfModule>

I don't think I've ever run ModSecurity with Nginx, so I am not sure what
the configuration would look like.

This does not help you with Nginx, but here are the relevant packages for
Apache2:

# apt-cache search modsecurity
libapache2-mod-security2 - Tighten web applications security for Apache
libmodsecurity-dev - ModSecurity v3 library component (development files)
libmodsecurity3 - ModSecurity v3 library component
modsecurity-crs - OWASP ModSecurity Core Rule Set

'modsecurity-crs' is what we avoided due to the wiki. It is no longer
installed.

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20221111/6417b93f/attachment.htm>


More information about the nginx mailing list