How to patch and/or upgrade Nginx from source in production environment?
edflecko
edflecko at gmail.com
Thu Oct 13 20:19:14 UTC 2022
Thank you for all of your input!
Ed
On Thu, Oct 13, 2022 at 5:54 PM PGNet Dev <pgnet.dev at gmail.com> wrote:
> > My primary driving reason for considering the deployment of Nginx from
> source is to use ModSecurity WAF with Nginx. I'm under the impression that
> it's much easier to use ModSecurity with Nginx when compiled from source.
>
> If ModSecurity is the issue ...
>
> There are old instructions easily found ON the nginx.com site,
>
>
> https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/
>
> for building it as a dynamic module, which can be separately built and
> added to a packaged nginx build. not required to
> rebuild/repackage/reinstall nginx itself. of course, you need to match
> source version to your pkg'd version.
>
> but note, NGINX is dumping ... er ... Transitioning to End-of-Life ...
> ModSecurity support,
>
> F5 NGINX ModSecurity WAF Is Transitioning to End-of-Life
>
> https://www.nginx.com/blog/f5-nginx-modsecurity-waf-transitioning-to-eol/
>
> and that ModSecurity itself is on its way out,
>
> Talking about ModSecurity and the new Coraza WAF
>
> https://coreruleset.org/20211222/talking-about-modsecurity-and-the-new-coraza-waf/
>
> but not quite dead yet. in the interim, there's ModSecurity v3/master
>
> https://github.com/SpiderLabs/ModSecurity
>
> , with a new architecture, and a specific Nginx connector
>
> https://github.com/SpiderLabs/ModSecurity-nginx
>
> which can, similarly to the above, be built/added as a dynamic module, and
> still works well enough.
>
> and here's a useful tutorial for setting up Nginx + LibModsecurity
>
> Configure LibModsecurity with Nginx on CentOS 8
>
> https://kifarunix.com/configure-libmodsecurity-with-nginx-on-centos-8/
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20221013/c1604172/attachment.htm>
More information about the nginx
mailing list