theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update run.sh

Browse Source
This commit is contained in:
𝓙𝓾𝓵𝓲𝓸
2024-05-22 00:11:18 +02:00
committed by GitHub
parent 4bb4d34cba
commit 01244b0efb
1 changed files with 101 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
build/run.sh
+98 -21
View File
@@ -1,16 +1,17 @@
. ./versions . ./version
set -e
function reqs() { function reqs() {
apt-get update -y; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y apt-get update -y; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y
DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata dialog DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata dialog
apt-get install build-essential libssl-dev curl nano wget zip unzip sudo psmisc tar -y # apt-get purge nftables firewalld ufw -y; apt-get autoremove -y
apt-get -y install wget zip unzip build-essential libssl-dev curl nano git
# apt-get -y install iptables ipset
apt-get install libtool pkg-config make cmake automake autoconf -y apt-get install libtool pkg-config make cmake automake autoconf -y
apt-get install libyajl-dev ssdeep zlib1g-dev libxslt1-dev libgd-dev libgeoip-dev liblmdb-dev libfuzzy-dev libmaxminddb-dev liblua5.2-dev libcurl4-openssl-dev libxml2 libxml2-dev libpcre3-dev mercurial libpcre2-dev -y apt-get install libyajl-dev ssdeep zlib1g-dev libxslt1-dev libgd-dev libgeoip-dev liblmdb-dev libfuzzy-dev libmaxminddb-dev liblua5.2-dev libcurl4-openssl-dev libxml2 libxml2-dev libpcre3-dev mercurial libpcre2-dev libc-ares-dev libre2-dev -y
mkdir -p $LUA_SCRIPTS mkdir -p $LUA_SCRIPTS
} }
function clean_install() { function clean_install() {
rm -rf /opt/mod && mkdir -p /opt/mod mkdir -p /opt/mod
rm -rf /opt/nginx-*
# Nginx # Nginx
if [ ! -d /opt/nginx-${NGINX} ]; then if [ ! -d /opt/nginx-${NGINX} ]; then
@@ -21,9 +22,9 @@ function clean_install() {
# START OF SYSTEM REQUIRED LIBS # START OF SYSTEM REQUIRED LIBS
# ============================================================================================================ # ============================================================================================================
# OPENSSL # OPENSSL
if [ ! -d /opt/mod/openssl-OpenSSL_${SYSTEM_OPENSSL} ]; then if [ ! -d /opt/mod/openssl-opernssl-${SYSTEM_OPENSSL} ]; then
cd /opt/mod && wget https://github.com/openssl/openssl/archive/refs/tags/OpenSSL_${SYSTEM_OPENSSL}.tar.gz cd /opt/mod; wget https://github.com/quictls/openssl/archive/refs/tags/opernssl-${SYSTEM_OPENSSL}.tar.gz
cd /opt/mod && tar xf OpenSSL_${SYSTEM_OPENSSL}.tar.gz; rm -Rf OpenSSL_${SYSTEM_OPENSSL}.tar.gz cd /opt/mod && tar xf opernssl-${SYSTEM_OPENSSL}.tar.gz; rm -Rf opernssl-${SYSTEM_OPENSSL}.tar.gz
fi fi
# ZLIB # ZLIB
@@ -38,6 +39,7 @@ function clean_install() {
cd /opt/mod && tar xf v${SYSTEM_LUAJIT}.tar.gz && rm -Rf v${SYSTEM_LUAJIT}.tar.gz cd /opt/mod && tar xf v${SYSTEM_LUAJIT}.tar.gz && rm -Rf v${SYSTEM_LUAJIT}.tar.gz
if [ ! -d /usr/local/LuaJIT/include/luajit-2.1 ]; then if [ ! -d /usr/local/LuaJIT/include/luajit-2.1 ]; then
cd /opt/mod/luajit2-${SYSTEM_LUAJIT}/ && make clean && make install PREFIX=/usr/local/LuaJIT && ldconfig cd /opt/mod/luajit2-${SYSTEM_LUAJIT}/ && make clean && make install PREFIX=/usr/local/LuaJIT && ldconfig
# apt-get -y install liblua5.1-0-dev; apt-get -y install luarocks; luarocks install lua-resty-core
fi fi
fi fi
@@ -60,7 +62,7 @@ function clean_install() {
# LibInjection # LibInjection
if [ ! -d /opt/mod/libinjection ]; then if [ ! -d /opt/mod/libinjection ]; then
cd /opt/mod && git clone https://github.com/libinjection/libinjection.git cd /opt/mod && git clone https://github.com/libinjection/libinjection.git
cd /opt/mod/libinjection && ./autogen.sh && make -j`nproc` && make install cd /opt/mod/libinjection && ./autogen.sh && ./configure && make -j`nproc` && make install
fi fi
# END OF SYSTEM REQUIRED LIBS # END OF SYSTEM REQUIRED LIBS
# ============================================================================================================ # ============================================================================================================
@@ -72,6 +74,50 @@ function clean_install() {
if [ ! -d /opt/mod/lua-nginx-module-${NGX_MOD_LUA} ]; then if [ ! -d /opt/mod/lua-nginx-module-${NGX_MOD_LUA} ]; then
cd /opt/mod/; wget https://github.com/openresty/lua-nginx-module/archive/refs/tags/v${NGX_MOD_LUA}.tar.gz cd /opt/mod/; wget https://github.com/openresty/lua-nginx-module/archive/refs/tags/v${NGX_MOD_LUA}.tar.gz
cd /opt/mod/; tar xf v${NGX_MOD_LUA}.tar.gz; rm -Rf v${NGX_MOD_LUA}.tar.gz cd /opt/mod/; tar xf v${NGX_MOD_LUA}.tar.gz; rm -Rf v${NGX_MOD_LUA}.tar.gz
sed -i 's/cookies/cookie/g' /opt/mod/lua-nginx-module-${NGX_MOD_LUA}/src/ngx_http_lua_headers_in.c
fi
# NGX_LUA_CORE
if [ ! -d /opt/mod/lua-resty-core ]; then
cd /opt/mod/; git clone https://github.com/openresty/lua-resty-core.git
cd /opt/mod/lua-resty-core; make install PREFIX=${LUA_SCRIPTS}
fi
# NGX_LUA_LRUCACHE
if [ ! -d /opt/mod/lua-resty-lrucache ]; then
cd /opt/mod/; git clone https://github.com/openresty/lua-resty-lrucache.git
cd /opt/mod/lua-resty-lrucache; make install PREFIX=${LUA_SCRIPTS}
fi
# NGX_MOD_LUA_MYSQL
if [ ! -d /opt/mod/lua-resty-mysql-${NGX_MOD_LUA_MYSQL} ]; then
cd /opt/mod/; wget https://github.com/openresty/lua-resty-mysql/archive/refs/tags/v${NGX_MOD_LUA_MYSQL}.tar.gz
cd /opt/mod/; tar xf v${NGX_MOD_LUA_MYSQL}.tar.gz; rm -Rf v${NGX_MOD_LUA_MYSQL}.tar.gz
cd /opt/mod/lua-resty-mysql-${NGX_MOD_LUA_MYSQL} && make install PREFIX=${LUA_SCRIPTS}
fi
# NGX_MOD_LUA_SRCACHE
if [ ! -d /opt/mod/srcache-nginx-module-${NGX_MOD_LUA_SRCACHE} ]; then
cd /opt/mod/; wget https://github.com/openresty/srcache-nginx-module/archive/refs/tags/v${NGX_MOD_LUA_SRCACHE}.tar.gz
cd /opt/mod/; tar xf v${NGX_MOD_LUA_SRCACHE}.tar.gz; rm -Rf v${NGX_MOD_LUA_SRCACHE}.tar.gz
fi
# NGX_MOD_LUA_REDIS2
if [ ! -d /opt/mod/redis2-nginx-module ]; then
cd /opt/mod/; git clone --recursive https://github.com/openresty/redis2-nginx-module.git
fi
# NGX_MOD_LUA_LOCK 0.09
if [ ! -d /opt/mod/lua-resty-lock-${NGX_MOD_LUA_LOCK} ]; then
cd /opt/mod/; wget https://github.com/openresty/lua-resty-lock/archive/refs/tags/v${NGX_MOD_LUA_LOCK}.tar.gz
cd /opt/mod/; tar xf v${NGX_MOD_LUA_LOCK}.tar.gz; rm -Rf v${NGX_MOD_LUA_LOCK}.tar.gz
cd /opt/mod/lua-resty-lock-${NGX_MOD_LUA_LOCK} && make install PREFIX=${LUA_SCRIPTS}
fi
# NGX_MOD_LUA_CACHE
if [ ! -d /opt/mod/lua-resty-cache ]; then
cd /opt/mod/; git clone --branch feature-srcache --recursive https://github.com/lloydzhou/lua-resty-cache
cd /opt/mod/lua-resty-cache && make install PREFIX=${LUA_SCRIPTS}
fi fi
# NGX_MOD_DEVELKIT # NGX_MOD_DEVELKIT
@@ -110,14 +156,17 @@ function clean_install() {
cd /opt/mod/; tar xf v${NGX_MOD_SETMISC}.tar.gz; rm -Rf v${NGX_MOD_SETMISC}.tar.gz cd /opt/mod/; tar xf v${NGX_MOD_SETMISC}.tar.gz; rm -Rf v${NGX_MOD_SETMISC}.tar.gz
fi fi
# Testcookie
if [ ! -d /opt/mod/testcookie ]; then if [ ! -d /opt/mod/testcookie ]; then
cd /opt/mod/; git clone https://github.com/kyprizel/testcookie-nginx-module.git testcookie cd /opt/mod/; git clone https://github.com/kyprizel/testcookie-nginx-module.git testcookie
fi fi
# Brotli
if [ ! -d /opt/mod/ngx_brotli ]; then if [ ! -d /opt/mod/ngx_brotli ]; then
cd /opt/mod/; git clone https://github.com/google/ngx_brotli.git ngx_brotli; cd /opt/mod/ngx_brotli && git submodule update --init cd /opt/mod/; git clone https://github.com/google/ngx_brotli.git ngx_brotli; cd /opt/mod/ngx_brotli && git submodule update --init
fi fi
# Naxsi
if [ ! -d /opt/mod/naxsi ]; then if [ ! -d /opt/mod/naxsi ]; then
cd /opt/mod/; git clone --recurse-submodules https://github.com/wargio/naxsi.git naxsi cd /opt/mod/; git clone --recurse-submodules https://github.com/wargio/naxsi.git naxsi
fi fi
@@ -127,23 +176,27 @@ function clean_install() {
} }
test_nginx() { test_nginx() {
cd /opt/nginx-${NGINX} && LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" ./configure --with-compat \ cd /opt/nginx-${NGINX} && LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" CFLAGS=-fPIC CXXFLAGS=-fPIC ./configure --with-compat \
--user=nginx \ --user=nginx \
--group=nginx \ --group=nginx \
--sbin-path=/usr/sbin/nginx \ --sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \ --conf-path=/nginx/nginx.conf \
--modules-path=/nginx/modules \
--pid-path=/var/run/nginx.pid \ --pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \ --lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \ --error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \ --http-log-path=/var/log/nginx/access.log \
--with-openssl=/opt/mod/openssl-OpenSSL_${SYSTEM_OPENSSL} \ --with-openssl=/opt/mod/openssl-opernssl-${SYSTEM_OPENSSL} \
--with-openssl-opt=enable-tls1_3 \
--with-pcre \ --with-pcre \
--with-pcre-jit \
--with-pcre=/opt/mod/pcre2-pcre2-${SYSTEM_PCRE} \ --with-pcre=/opt/mod/pcre2-pcre2-${SYSTEM_PCRE} \
--with-zlib=/opt/mod/zlib \ --with-zlib=/opt/mod/zlib \
--with-threads \ --with-threads \
--with-file-aio \ --with-file-aio \
--with-http_ssl_module \ --with-http_ssl_module \
--with-http_v2_module \ --with-http_v2_module \
--with-http_v3_module \
--with-http_realip_module \ --with-http_realip_module \
--with-http_addition_module \ --with-http_addition_module \
--with-http_xslt_module \ --with-http_xslt_module \
@@ -174,6 +227,8 @@ test_nginx() {
--add-module=/opt/mod/ModSecurity-nginx-${NGX_MOD_MODSECURITY} \ --add-module=/opt/mod/ModSecurity-nginx-${NGX_MOD_MODSECURITY} \
--add-module=/opt/mod/naxsi/naxsi_src \ --add-module=/opt/mod/naxsi/naxsi_src \
--add-module=/opt/mod/nginx-http-flv-module-${NGX_MOD_HTTPFLV} \ --add-module=/opt/mod/nginx-http-flv-module-${NGX_MOD_HTTPFLV} \
--add-module=/opt/mod/srcache-nginx-module-${NGX_MOD_LUA_SRCACHE} \
--add-module=/opt/mod/redis2-nginx-module \
--add-module=/opt/mod/ngx_brotli \ --add-module=/opt/mod/ngx_brotli \
--add-module=/opt/mod/testcookie \ --add-module=/opt/mod/testcookie \
--with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \ --with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
@@ -181,23 +236,27 @@ test_nginx() {
make clean make clean
} }
function build() { function build() {
cd /opt/nginx-${NGINX} && LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" ./configure --with-compat \ cd /opt/nginx-${NGINX} && LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" CFLAGS=-fPIC CXXFLAGS=-fPIC ./configure --with-compat \
--user=nginx \ --user=nginx \
--group=nginx \ --group=nginx \
--sbin-path=/usr/sbin/nginx \ --sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \ --conf-path=/nginx/nginx.conf \
--modules-path=/nginx/modules \
--pid-path=/var/run/nginx.pid \ --pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \ --lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \ --error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \ --http-log-path=/var/log/nginx/access.log \
--with-openssl=/opt/mod/openssl-OpenSSL_${SYSTEM_OPENSSL} \ --with-openssl=/opt/mod/openssl-opernssl-${SYSTEM_OPENSSL} \
--with-openssl-opt=enable-tls1_3 \
--with-pcre \ --with-pcre \
--with-pcre-jit \
--with-pcre=/opt/mod/pcre2-pcre2-${SYSTEM_PCRE} \ --with-pcre=/opt/mod/pcre2-pcre2-${SYSTEM_PCRE} \
--with-zlib=/opt/mod/zlib \ --with-zlib=/opt/mod/zlib \
--with-threads \ --with-threads \
--with-file-aio \ --with-file-aio \
--with-http_ssl_module \ --with-http_ssl_module \
--with-http_v2_module \ --with-http_v2_module \
--with-http_v3_module \
--with-http_realip_module \ --with-http_realip_module \
--with-http_addition_module \ --with-http_addition_module \
--with-http_xslt_module \ --with-http_xslt_module \
@@ -224,21 +283,34 @@ function build() {
--add-module=/opt/mod/set-misc-nginx-module-${NGX_MOD_SETMISC} \ --add-module=/opt/mod/set-misc-nginx-module-${NGX_MOD_SETMISC} \
--add-module=/opt/mod/ngx_http_geoip2_module-${NGX_MOD_GEOIP2} \ --add-module=/opt/mod/ngx_http_geoip2_module-${NGX_MOD_GEOIP2} \
--add-module=/opt/mod/headers-more-nginx-module-${NGX_MOD_HEADERS_MORE} \ --add-module=/opt/mod/headers-more-nginx-module-${NGX_MOD_HEADERS_MORE} \
--add-module=/opt/mod/lua-nginx-module-${NGX_MOD_LUA} \
--add-module=/opt/mod/ModSecurity-nginx-${NGX_MOD_MODSECURITY} \ --add-module=/opt/mod/ModSecurity-nginx-${NGX_MOD_MODSECURITY} \
--add-module=/opt/mod/lua-nginx-module-${NGX_MOD_LUA} \
--add-module=/opt/mod/naxsi/naxsi_src \ --add-module=/opt/mod/naxsi/naxsi_src \
--add-module=/opt/mod/nginx-http-flv-module-${NGX_MOD_HTTPFLV} \ --add-module=/opt/mod/nginx-http-flv-module-${NGX_MOD_HTTPFLV} \
--add-module=/opt/mod/srcache-nginx-module-${NGX_MOD_LUA_SRCACHE} \
--add-module=/opt/mod/redis2-nginx-module \
--add-module=/opt/mod/ngx_brotli \ --add-module=/opt/mod/ngx_brotli \
--add-module=/opt/mod/testcookie \ --add-module=/opt/mod/testcookie \
--with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \ --with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
--with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib -Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" --with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib -Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -L/opt/mod/pcre2-pcre2-${SYSTEM_PCRE}/.libs -lpcre2-8 -L/lib/x86_64-linux-gnu -lpcre"
make -j`nproc` && make install && make clean make -j`nproc` && make install && make clean
unset NGINX
} }
function post_conf() { function post_build() {
useradd nginx; unset NGINX; rm -rf /nginx/*.default; useradd nginx; unset NGINX; rm -rf /nginx/*.default;
mkdir -p /nginx/live mkdir -p /nginx/live
mkdir -p /nginx/conf.d mkdir -p /nginx/conf.d
mkdir -p /nginx/config mkdir -p /nginx/config
mkdir -p /var/log/nginx
mkdir -p /nginx/modsec; curl -s https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules > /nginx/modsec/naxi.core
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/l7.conf > /nginx/modsec/l7.conf
curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Focal/nginx.conf > /nginx/nginx.conf
mkdir -p /nginx/live/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/default > /nginx/live/default
mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html
mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js
} }
# Handling command-line arguments # Handling command-line arguments
@@ -253,12 +325,17 @@ case "$1" in
build) build)
build build
;; ;;
postfix)
post_build
;;
*) *)
echo "Invalid option: $1" echo "Invalid option: $1"
echo "Usage: $0 {new|test|build}" echo "Usage: $0 {new|test|build|postfix}"
echo " new: Installs requirements, redownloads all modules and nginx (existing /opt/mod && /opt/nginx* will get deleted)" echo ""
echo " test: Test nginx configuration for errors" echo " new: will download all modules & nginx (if you change a version from file, simply rerun this to download that)"
echo " build: Compile nginx and install it on server" echo " test: Test nginx configuration"
echo " build: Build nginx, or Rebuild (mods/configs will not be redownloaded this will only build)"
echo " postfix: After first installation, run this to download nginx configs (it will replace nginx.conf if there already is one)"
exit 1 exit 1
;; ;;
esac esac