How to patch and/or upgrade Nginx from source in production environment?

[edflecko]

Thank you for all of your input!

Ed

On Thu, Oct 13, 2022 at 5:54 PM PGNet Dev <pgnet.dev at gmail.com> wrote:

> > My primary driving reason for considering the deployment of Nginx from
> source is to use ModSecurity WAF with Nginx. I'm under the impression that
> it's much easier to use ModSecurity with Nginx when compiled from source.
>
> If ModSecurity is the issue ...
>
> There are old instructions easily found ON the nginx.com site,
>
>
> https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/
>
> for building it as a dynamic module, which can be separately built and
> added to a packaged nginx build.  not required to
> rebuild/repackage/reinstall nginx itself.  of course, you need to match
> source version to your pkg'd version.
>
> but note, NGINX is dumping ... er ... Transitioning to End-of-Life ...
> ModSecurity support,
>
>         F5 NGINX ModSecurity WAF Is Transitioning to End-of-Life
>
> https://www.nginx.com/blog/f5-nginx-modsecurity-waf-transitioning-to-eol/
>
> and that ModSecurity itself is on its way out,
>
>         Talking about ModSecurity and the new Coraza WAF
>
> https://coreruleset.org/20211222/talking-about-modsecurity-and-the-new-coraza-waf/
>
> but not quite dead yet.  in the interim, there's ModSecurity v3/master
>
>         https://github.com/SpiderLabs/ModSecurity
>
> , with a new architecture, and a specific Nginx connector
>
>         https://github.com/SpiderLabs/ModSecurity-nginx
>
> which can, similarly to the above, be built/added as a dynamic module, and
> still works well enough.
>
> and here's a useful tutorial for setting up Nginx + LibModsecurity
>
>         Configure LibModsecurity with Nginx on CentOS 8
>
> https://kifarunix.com/configure-libmodsecurity-with-nginx-on-centos-8/
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20221013/c1604172/attachment.htm>