theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #28 from theraw/ubuntu22-lua-fix

Browse Source 
Ubuntu22 lua fix
This commit is contained in:
ƬHE ЯAW ☣
2022-12-29 03:37:53 +01:00
committed by GitHub
parent 83031c5cf3 af0624c015
commit d0afbccb09
38 changed files with 226 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+23 -52
View File
@@ -1,54 +1,25 @@
FROM ubuntu:20.04 # Ubuntu 22.04 image with lua/modsecurity lib, required deps and resty core scripts.
ARG NGINX="1.21.6" FROM theraw/the-world-is-yours:ubuntu2204-base
RUN apt-get update; apt-get update -y; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y
RUN set -eux; \ ARG NGINX="1.22.1"
export DEBIAN_FRONTEND=noninteractive; \ ARG JAMMY_VERSION_NGINX="1.22.1"
apt-get install -y \ ARG JAMMY_VERSION_LUA="2.1-20220915"
libtool \ ARG JAMMY_VERSION_NGX_LUA="0.10.22"
pkg-config \ ARG JAMMY_VERSION_NGX_RESTY_CORE="0.1.24"
sudo \ ARG JAMMY_VERSION_NGX_RESTY_LRUCACHE="0.13"
tzdata \ ARG JAMMY_VERSION_NGX_MODSECURITY="3.0.8"
wget \ ARG LUA_SCRIPTS="/usr/twiylua/"
curl \ ARG NGX_DEVEL_KIT="0.3.2"
zip \ ARG NGX_PAGESPEED="1.13.35.2"
unzip \ ARG NGX_PAGESPEED_PSOL="1.13.35.2-x64"
git \ ARG NGX_GEOIP2="3.4"
build-essential \ ARG NGX_MODSECURITY="1.0.3"
patch \ ARG NGX_HTTP_FLV="1.2.10"
libssl-dev \ ARG NGX_HEADERS_MORE="0.34"
bash \ ARG NGX_LUA="0.10.22"
supervisor \ ARG NGX_SET_MISC="0.33"
libyajl-dev \
ssdeep \ RUN cd /opt/ && wget https://nginx.org/download/nginx-${JAMMY_VERSION_NGINX}.tar.gz && tar xf nginx-${JAMMY_VERSION_NGINX}.tar.gz && rm -Rf nginx-${JAMMY_VERSION_NGINX}.tar.gz; cd /opt/nginx-${JAMMY_VERSION_NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch; cd /opt/nginx-${JAMMY_VERSION_NGINX} && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Jammy/Builder.sh > builder; bash builder; cd /opt/nginx-${JAMMY_VERSION_NGINX} && make -j`nproc`; cd /opt/nginx-${JAMMY_VERSION_NGINX} && make install; rm -Rf /nginx/*.default; useradd nginx && usermod -s /bin/false nginx
zlib1g-dev \ RUN mkdir -p /nginx/modules
libxslt1-dev \
libgd-dev \
libgeoip-dev \
liblmdb-dev \
libfuzzy-dev \
libmaxminddb-dev \
liblua5.2-dev \
libcurl4-openssl-dev \
libxml2 \
libxml2-dev \
libpcre3-dev \
python \
rsyslog \
systemd \
systemd-sysv \
; \
rm -rf /var/lib/apt/lists/*; \
:
RUN mkdir -p /opt/mod/ && cd /opt/mod && wget https://github.com/openresty/luajit2/archive/refs/tags/v2.1-20220310.tar.gz && cd /opt/mod && tar xf v2.1-20220310.tar.gz; rm -Rf v2.1-20220310.tar.gz && cd /opt/mod/luajit2-2.1-20220310/ && make install PREFIX=/usr/local/LuaJIT && ldconfig && rm -Rf /opt/mod/luajit2-2.1-20220310/; cd /opt/mod && git clone https://github.com/SpiderLabs/ModSecurity && cd /opt/mod/ModSecurity && sh build.sh && cd /opt/mod/ModSecurity && git submodule init && git submodule update && cd /opt/mod/ModSecurity && ./configure && make -j`nproc` && make install && rm -Rf /opt/mod/ModSecurity; curl -s https://raw.githubusercontent.com/gdraheim/docker-systemctl-replacement/v1.5.4260/files/docker/systemctl.py > /usr/bin/fake-systemctl
RUN set -eux; \
sed -i \
-e '/^\s*logg.error("the ..include. syntax is deprecated. Use x.service.d. drop-in files!")$/d' \
-e '/Loaded:/ s/({filename}, {enabled})/({filename}; {enabled})/' \
/usr/bin/fake-systemctl; \
chmod 755 /usr/bin/fake-systemctl; \
:
RUN dpkg-divert --divert /bin/systemctl.real --rename --add /bin/systemctl; ln -snf /usr/bin/fake-systemctl /bin/systemctl
RUN cd /opt/ && wget https://nginx.org/download/nginx-${NGINX}.tar.gz && tar xf nginx-${NGINX}.tar.gz && rm -Rf nginx-${NGINX}.tar.gz; cd /opt/nginx-${NGINX}; curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > /opt/nginx-${NGINX}/hpack_push.patch; cd /opt/nginx-${NGINX}; patch -p1 < /opt/nginx-${NGINX}/hpack_push.patch; cd /opt/nginx-${NGINX}; curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/builder > builder; bash builder; cd /opt/nginx-${NGINX} && make -j`nproc`; cd /opt/nginx-${NGINX} && make install; curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx.service.Focal > /lib/systemd/system/nginx.service; rm -Rf /nginx/*.default; useradd nginx && usermod -s /bin/false nginx
RUN mkdir -p /nginx/modules; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ndk_http_module.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_brotli_filter_module.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_brotli_static_module.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_flv_live_module.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_geoip2_module.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_headers_more_filter_module.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_js_module.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_lua_module.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_modsecurity_module.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_naxsi_module.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_set_misc_module.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_testcookie_access_module.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_pagespeed.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_stream_geoip2_module.so; cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_stream_js_module.so; mkdir -p /nginx/modsec; curl -s https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules > /nginx/modsec/naxi.core; curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/l7.conf > /nginx/modsec/l7.conf; curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf; curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf; curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping; curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx.conf > /nginx/nginx.conf; mkdir -p /nginx/live/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/default > /nginx/live/default; mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html; mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js
RUN curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/docker/supervisord.conf > /etc/supervisor/supervisord.conf RUN curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/docker/supervisord.conf > /etc/supervisor/supervisord.conf
CMD ["/usr/bin/supervisord","-c", "/etc/supervisor/supervisord.conf"] CMD ["/usr/bin/supervisord","-c", "/etc/supervisor/supervisord.conf"]
README.md
+9 -6
View File
@@ -10,15 +10,16 @@ Now easier then before, you will have to compile only Nginx, Rest of modules com
- [x] Naxsi Support. - [x] Naxsi Support.
- [x] Lua Support. - [x] Lua Support.
- [x] Cookie Based Challenge. - [x] Cookie Based Challenge.
- [x] [ALL MOD LIST](https://github.com/theraw/The-World-Is-Yours/tree/master/static/mod) - [x] [MOD LIST X Ubuntu 20.04](https://github.com/theraw/The-World-Is-Yours/tree/master/static/Focal/mod)
- [x] [View nginx compile options](https://github.com/theraw/The-World-Is-Yours/blob/master/static/builder) - [x] [MOD LIST X Ubuntu 22.04](https://github.com/theraw/The-World-Is-Yours/tree/master/static/Jammy/mod)
- [x] [View nginx compile options](https://github.com/theraw/The-World-Is-Yours/blob/master/static/Jammy/Builder.sh)
How do these 3 modules work together? Well L7 will block all or most of bots, however modSecurity and Naxsi take priority over cookie challenge! How do these 3 modules work together? L7 will block all or most of bots, ModSecurity and Naxsi take priority over cookie challenge!
So if its a offensive request that modsecurity or naxsi detect it as such then these 2 will deal with that request otherwise cookie challenge will appear. So if its a offensive request that Modsecurity or Naxsi detect it as such then these 2 will deal with that request otherwise cookie challenge will appear.
## INSTALLATION ## INSTALLATION
1. **`apt-get install build-essential libssl-dev curl nano wget zip unzip sudo git psmisc -y`** 1. **`apt-get update; apt-get -y install build-essential libssl-dev curl nano wget zip unzip sudo git psmisc tar`**
2. **`curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/install > install; bash install`** 2. **`curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/install > install; bash install`**
@@ -33,6 +34,8 @@ So if its a offensive request that modsecurity or naxsi detect it as such then t
=> --sbin-path = /usr/sbin/nginx => --sbin-path = /usr/sbin/nginx
=> --error-log-path = /var/log/nginx/error.log => --error-log-path = /var/log/nginx/error.log
LUA RESTY CORE SCRIPTS = /usr/twiylua/
// YOUR NGINX IS LOCATED AT /nginx NOT /etc/nginx // YOUR NGINX IS LOCATED AT /nginx NOT /etc/nginx
``` ```
@@ -40,7 +43,7 @@ So if its a offensive request that modsecurity or naxsi detect it as such then t
## KEEP IN MIND! ## KEEP IN MIND!
1. You're trading perfomance for security. 1. You're trading perfomance for security.
2. If your server provider does not have anti-ddos your IPTABLES will fail to keep the bans, and your server may be offline in cases of big attacks. 2. If your server provider does not have anti-ddos your IPTABLES will fail to keep the bans, and your server may be offline in cases of big attacks.
3. This is not a free script that will do everything for you. Read Modules Documentations about how to get the best out of them. 3. This is not a script that with one command your ddos problem is fixed, there's no such thing for L7 attacks as they change and new methods come out very often and no one has any ideas where your server is lacking security so this script is a basic thing more advanced protection require knowledge, monitoring logs, and applying filters in order to automatically ban attackers, this project is suggested to run with fail2ban + iptables.
## Contributors ## Contributors
install
+38 -38
View File
@@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/theraw-broken-lua/version > /tmp/version; source /tmp/version curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/version > /tmp/version; source /tmp/version
case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in
focal) focal)
if [ "$(whoami)" != "root" ] if [ "$(whoami)" != "root" ]
@@ -97,7 +97,7 @@ case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in
# Start # Start
unset NGINX unset NGINX
killall nginx killall nginx
adduser nginx --shell=/bin/false --no-create-home useradd nginx && usermod -s /bin/false nginx
systemctl enable nginx systemctl enable nginx
systemctl daemon-reload systemctl daemon-reload
systemctl enable nginx systemctl enable nginx
@@ -147,47 +147,47 @@ case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in
apt-get install libyajl-dev ssdeep zlib1g-dev libxslt1-dev libgd-dev libgeoip-dev liblmdb-dev libfuzzy-dev libmaxminddb-dev liblua5.2-dev libcurl4-openssl-dev libxml2 libxml2-dev libpcre3-dev -y apt-get install libyajl-dev ssdeep zlib1g-dev libxslt1-dev libgd-dev libgeoip-dev liblmdb-dev libfuzzy-dev libmaxminddb-dev liblua5.2-dev libcurl4-openssl-dev libxml2 libxml2-dev libpcre3-dev -y
mkdir -p /opt/mod/ mkdir -p /opt/mod/
#Luajit 2.1 cd /opt/mod && wget https://github.com/openresty/luajit2/archive/refs/tags/v${JAMMY_VERSION_LUA}.tar.gz
cd /opt/mod && wget https://github.com/openresty/luajit2/archive/refs/tags/v2.1-20220310.tar.gz cd /opt/mod && tar xf v${JAMMY_VERSION_LUA}.tar.gz && rm -Rf v${JAMMY_VERSION_LUA}.tar.gz
cd /opt/mod && tar xf v2.1-20220310.tar.gz; rm -Rf v2.1-20220310.tar.gz cd /opt/mod/luajit2-${JAMMY_VERSION_LUA}/ && make install PREFIX=/usr/local/LuaJIT && ldconfig
cd /opt/mod/luajit2-2.1-20220310/ && make install PREFIX=/usr/local/LuaJIT && ldconfig rm -Rf /opt/mod/luajit2-${JAMMY_VERSION_LUA}/
rm -Rf /opt/mod/luajit2-2.1-20220310/
# ModSecurity cd /opt/mod && wget https://github.com/SpiderLabs/ModSecurity/releases/download/v${JAMMY_VERSION_NGX_MODSECURITY}/modsecurity-v${JAMMY_VERSION_NGX_MODSECURITY}.tar.gz
cd /opt/mod && git clone https://github.com/SpiderLabs/ModSecurity cd /opt/mod && tar xf modsecurity-v${JAMMY_VERSION_NGX_MODSECURITY}.tar.gz; rm -Rf modsecurity-v${JAMMY_VERSION_NGX_MODSECURITY}.tar.gz
cd /opt/mod/ModSecurity/ && git checkout -b v3/master origin/v3/master cd /opt/mod/modsecurity-v${JAMMY_VERSION_NGX_MODSECURITY} && ./configure && make -j`nproc` && make install
cd /opt/mod/ModSecurity && sh build.sh
cd /opt/mod/ModSecurity && git submodule init && git submodule update cd /opt/mod && wget https://github.com/openresty/lua-resty-core/archive/refs/tags/v${JAMMY_VERSION_NGX_RESTY_CORE}.tar.gz
cd /opt/mod/ModSecurity && ./configure && make -j`nproc` && make install cd /opt/mod && tar xf v${JAMMY_VERSION_NGX_RESTY_CORE}.tar.gz && rm -Rf v${JAMMY_VERSION_NGX_RESTY_CORE}.tar.gz
cd /opt/mod/lua-resty-core-${JAMMY_VERSION_NGX_RESTY_CORE} && make install PREFIX=${LUA_SCRIPTS}
cd /opt/mod && wget https://github.com/openresty/lua-resty-lrucache/archive/refs/tags/v${JAMMY_VERSION_NGX_RESTY_LRUCACHE}.tar.gz
cd /opt/mod && tar xf v${JAMMY_VERSION_NGX_RESTY_LRUCACHE}.tar.gz && rm -Rf v${JAMMY_VERSION_NGX_RESTY_LRUCACHE}.tar.gz
cd /opt/mod/lua-resty-lrucache-${JAMMY_VERSION_NGX_RESTY_LRUCACHE} && make install PREFIX=${LUA_SCRIPTS}
# Nginx # Nginx
cd /opt/ && wget https://nginx.org/download/nginx-${NGINX}.tar.gz && tar xf nginx-${NGINX}.tar.gz && rm -Rf nginx-${NGINX}.tar.gz cd /opt/ && wget https://nginx.org/download/nginx-${JAMMY_VERSION_NGINX}.tar.gz && tar xf nginx-${JAMMY_VERSION_NGINX}.tar.gz && rm -Rf nginx-${JAMMY_VERSION_NGINX}.tar.gz
cd /opt/nginx-${NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch cd /opt/nginx-${JAMMY_VERSION_NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch
cd /opt/nginx-${NGINX} && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/builder > builder; bash builder cd /opt/nginx-${JAMMY_VERSION_NGINX} && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Jammy/Builder.sh > builder; bash builder
cd /opt/nginx-${NGINX} && make -j`nproc` cd /opt/nginx-${JAMMY_VERSION_NGINX} && make -j`nproc`
cd /opt/nginx-${NGINX} && make install cd /opt/nginx-${JAMMY_VERSION_NGINX} && make install
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx.service.Focal > /lib/systemd/system/nginx.service curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Jammy/nginx.service > /lib/systemd/system/nginx.service
rm -Rf /nginx/*.default rm -Rf /nginx/*.default
# Download Dynamic Modules # Download Dynamic Modules
mkdir -p /nginx/modules mkdir -p /nginx/modules
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ndk_http_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/Jammy/mod/ndk_http_module.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_brotli_filter_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/Jammy/mod/ngx_http_brotli_filter_module.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_brotli_static_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/Jammy/mod/ngx_http_brotli_static_module.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_flv_live_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/Jammy/mod/ngx_http_flv_live_module.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_geoip2_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/Jammy/mod/ngx_http_geoip2_module.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_headers_more_filter_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/Jammy/mod/ngx_http_headers_more_filter_module.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_js_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/Jammy/mod/ngx_http_lua_module.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_lua_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/Jammy/mod/ngx_http_modsecurity_module.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_modsecurity_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/Jammy/mod/ngx_http_naxsi_module.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_naxsi_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/Jammy/mod/ngx_http_set_misc_module.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_set_misc_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/Jammy/mod/ngx_http_testcookie_access_module.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_http_testcookie_access_module.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/Jammy/mod/ngx_pagespeed.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_pagespeed.so cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/Jammy/mod/ngx_stream_geoip2_module.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_stream_geoip2_module.so
cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_stream_js_module.so
#cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_php8-0.so
#cd /nginx/modules && wget https://github.com/theraw/The-World-Is-Yours/raw/master/static/mod/ngx_php8-1.so
# Fixes # Fixes
mkdir -p /nginx/modsec mkdir -p /nginx/modsec
@@ -196,7 +196,7 @@ case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in
curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx.conf > /nginx/nginx.conf curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Jammy/nginx.conf > /nginx/nginx.conf
mkdir -p /nginx/live/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/default > /nginx/live/default mkdir -p /nginx/live/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/default > /nginx/live/default
mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html
mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js
@@ -205,7 +205,7 @@ case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in
# Start # Start
unset NGINX unset NGINX
killall nginx killall nginx
adduser nginx --shell=/bin/false --no-create-home useradd nginx && usermod -s /bin/false nginx
systemctl enable nginx systemctl enable nginx
systemctl daemon-reload systemctl daemon-reload
systemctl enable nginx systemctl enable nginx
static/Focal/mod/Builder.sh
+1 -1
View File
@@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/version > /tmp/version; source /tmp/version curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/version > /tmp/version; source /tmp/version
sudo apt-get install libpcre2-dev mercurial -y; mkdir -p /opt/mod; mkdir -p /opt/nginx sudo apt-get install libpcre2-dev mercurial -y; mkdir -p /opt/mod
cd /opt/mod/; wget https://github.com/vision5/ngx_devel_kit/archive/refs/tags/v${NGX_DEVEL_KIT}.tar.gz cd /opt/mod/; wget https://github.com/vision5/ngx_devel_kit/archive/refs/tags/v${NGX_DEVEL_KIT}.tar.gz
cd /opt/mod/; tar xf v${NGX_DEVEL_KIT}.tar.gz; rm -Rf v${NGX_DEVEL_KIT}.tar.gz cd /opt/mod/; tar xf v${NGX_DEVEL_KIT}.tar.gz; rm -Rf v${NGX_DEVEL_KIT}.tar.gz
static/Focal/nginx.conf
+26 -21
View File
@@ -5,8 +5,10 @@ pid /var/run/nginx.pid;
worker_processes auto; worker_processes auto;
worker_rlimit_nofile 65535; worker_rlimit_nofile 65535;
load_module /nginx/modules/ngx_http_modsecurity_module.so; load_module /nginx/modules/ndk_http_module.so;
load_module /nginx/modules/ngx_http_lua_module.so;
load_module /nginx/modules/ngx_http_naxsi_module.so; load_module /nginx/modules/ngx_http_naxsi_module.so;
load_module /nginx/modules/ngx_http_modsecurity_module.so;
load_module /nginx/modules/ngx_http_testcookie_access_module.so; load_module /nginx/modules/ngx_http_testcookie_access_module.so;
events { events {
@@ -16,13 +18,16 @@ events {
} }
http { http {
# uncomment lua_package_path if you plan to use ngx-lua module.
# scripts path of resty-core and lrucache is /usr/twiylua
#lua_package_path "/usr/twiylua/lib/lua/?.lua;;";
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# =================== START L7 ========================= # # =================== LOAD LUA ========================= #
lua_package_path "/usr/twiylua/lib/lua/?.lua;;";
# =================== END LUA ========================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# =================== LOAD L7 ========================== #
include modsec/l7.conf; include modsec/l7.conf;
# ===================== END L7 ========================= # # =================== END L7 =========================== #
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
@@ -30,20 +35,6 @@ http {
log_format main '$remote_addr |==| $status |==| $request |==| $time_local'; log_format main '$remote_addr |==| $status |==| $request |==| $time_local';
# =================== END LOGS ========================= # # =================== END LOGS ========================= #
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== BACKENDS ======================== #
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Example Of Backend
#upstream varnish {
# zone tcp_servers 64k;
# server 10.10.10.39:80;
#}
# =================== END BACKENDS ===================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# ==================== GENERAL ========================= # # ==================== GENERAL ========================= #
@@ -66,7 +57,21 @@ http {
include /nginx/mime.types; include /nginx/mime.types;
# =================== END GENERAL ====================== # # =================== END GENERAL ====================== #
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== BACKENDS ======================== #
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Example Of Backend
#upstream varnish {
# zone tcp_servers 64k;
# server 10.10.10.39:80;
#}
# =================== END BACKENDS ===================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# ================ LOAD VHOST +CONFIGS ================= # # ================ LOAD VHOST +CONFIGS ================= #
include live/*; include live/*;
static/builder → static/Jammy/Builder.sh
+3 -4
View File
@@ -1,4 +1,4 @@
LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" ./configure --with-compat \ ./configure --with-compat \
--user=nginx \ --user=nginx \
--group=nginx \ --group=nginx \
--sbin-path=/usr/sbin/nginx \ --sbin-path=/usr/sbin/nginx \
@@ -7,8 +7,6 @@ LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-
--lock-path=/var/run/nginx.lock \ --lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \ --error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \ --http-log-path=/var/log/nginx/access.log \
--with-pcre \
--without-pcre2 \
--with-threads \ --with-threads \
--with-file-aio \ --with-file-aio \
--with-http_ssl_module \ --with-http_ssl_module \
@@ -36,4 +34,5 @@ LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-
--with-stream_realip_module \ --with-stream_realip_module \
--with-stream_geoip_module \ --with-stream_geoip_module \
--with-http_v2_hpack_enc \ --with-http_v2_hpack_enc \
--with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib" --with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
--with-ld-opt="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -lpcre"
static/Jammy/mod/Builder.sh
+89
View File
@@ -0,0 +1,89 @@
#!/bin/bash
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/version > /tmp/version; source /tmp/version
sudo apt-get install libpcre2-dev mercurial -y; mkdir -p /opt/mod
cd /opt/mod/; wget https://github.com/vision5/ngx_devel_kit/archive/refs/tags/v${NGX_DEVEL_KIT}.tar.gz
cd /opt/mod/; tar xf v${NGX_DEVEL_KIT}.tar.gz; rm -Rf v${NGX_DEVEL_KIT}.tar.gz
cd /opt/mod/; wget https://github.com/apache/incubator-pagespeed-ngx/archive/refs/tags/v${NGX_PAGESPEED}-stable.tar.gz
cd /opt/mod/; tar xf v${NGX_PAGESPEED}-stable.tar.gz; rm -Rf v${NGX_PAGESPEED}-stable.tar.gz
cd /opt/mod/incubator-pagespeed-ngx-${NGX_PAGESPEED}-stable; wget https://dl.google.com/dl/page-speed/psol/${NGX_PAGESPEED_PSOL}.tar.gz; tar xf ${NGX_PAGESPEED_PSOL}.tar.gz; rm -Rf tar xf ${NGX_PAGESPEED_PSOL}.tar.gz
cd /opt/mod/; wget https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/${NGX_GEOIP2}.tar.gz
cd /opt/mod/; tar xf ${NGX_GEOIP2}.tar.gz; rm -Rf ${NGX_GEOIP2}.tar.gz
cd /opt/mod/; wget https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${NGX_MODSECURITY}.tar.gz
cd /opt/mod/; tar xf v${NGX_MODSECURITY}.tar.gz; rm -Rf v${NGX_MODSECURITY}.tar.gz
cd /opt/mod/; wget https://github.com/winshining/nginx-http-flv-module/archive/refs/tags/v${NGX_HTTP_FLV}.tar.gz
cd /opt/mod/; tar xf v${NGX_HTTP_FLV}.tar.gz; rm -Rf v${NGX_HTTP_FLV}.tar.gz
cd /opt/mod/; wget https://github.com/openresty/headers-more-nginx-module/archive/refs/tags/v${NGX_HEADERS_MORE}.tar.gz
cd /opt/mod/; tar xf v${NGX_HEADERS_MORE}.tar.gz; rm -Rf v${NGX_HEADERS_MORE}.tar.gz
cd /opt/mod/; wget https://github.com/openresty/lua-nginx-module/archive/refs/tags/v${NGX_LUA}.tar.gz
cd /opt/mod/; tar xf v${NGX_LUA}.tar.gz; rm -Rf v${NGX_LUA}.tar.gz
cd /opt/mod/; wget https://github.com/openresty/set-misc-nginx-module/archive/refs/tags/v${NGX_SET_MISC}.tar.gz
cd /opt/mod/; tar xf v${NGX_SET_MISC}.tar.gz; rm -Rf v${NGX_SET_MISC}.tar.gz
cd /opt/mod/; git clone https://github.com/kyprizel/testcookie-nginx-module.git testcookie
cd /opt/mod/; git clone https://github.com/google/ngx_brotli.git ngx_brotli; cd /opt/mod/ngx_brotli && git submodule update --init
cd /opt/mod/; git clone --recurse-submodules https://github.com/wargio/naxsi.git naxsi
rm -Rf /opt/nginx-${NGINX}.tar.gz; cd /opt/; wget https://nginx.org/download/nginx-${NGINX}.tar.gz; tar xf nginx-${NGINX}.tar.gz; rm -Rf nginx-${NGINX}.tar.gz
cd /opt/nginx-${NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch
cd /opt/nginx-${NGINX}/
LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" ./configure --with-compat \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-http_v2_hpack_enc \
--with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
--with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -lpcre" \
--add-dynamic-module=/opt/mod/ngx_devel_kit-${NGX_DEVEL_KIT} \
--add-dynamic-module=/opt/mod/ModSecurity-nginx-${NGX_MODSECURITY} \
--add-dynamic-module=/opt/mod/headers-more-nginx-module-${NGX_HEADERS_MORE} \
--add-dynamic-module=/opt/mod/incubator-pagespeed-ngx-${NGX_PAGESPEED}-stable \
--add-dynamic-module=/opt/mod/lua-nginx-module-${NGX_LUA} \
--add-dynamic-module=/opt/mod/naxsi/naxsi_src \
--add-dynamic-module=/opt/mod/nginx-http-flv-module-${NGX_HTTP_FLV} \
--add-dynamic-module=/opt/mod/ngx_brotli \
--add-dynamic-module=/opt/mod/ngx_http_geoip2_module-${NGX_GEOIP2} \
--add-dynamic-module=/opt/mod/set-misc-nginx-module-${NGX_SET_MISC} \
--add-dynamic-module=/opt/mod/testcookie
make -j`nproc` modules
static/Jammy/mod/ndk_http_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_http_brotli_filter_module.so → static/Jammy/mod/ngx_http_brotli_filter_module.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_brotli_static_module.so
Executable
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_flv_live_module.so
Executable
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_geoip2_module.so
Executable
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_headers_more_filter_module.so
Executable
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_lua_module.so
Executable
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_modsecurity_module.so
Executable
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_naxsi_module.so
Executable
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_set_misc_module.so
Executable
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_testcookie_access_module.so
Executable
BIN
View File
Binary file not shown.
static/mod/ngx_pagespeed.so → static/Jammy/mod/ngx_pagespeed.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_stream_geoip2_module.so
Executable
BIN
View File
Binary file not shown.
static/nginx.conf → static/Jammy/nginx.conf
+29 -24
View File
@@ -1,13 +1,14 @@
# Suggestions? => https://github.com/theraw/The-World-Is-Yours/issues # Suggestions? => https://github.com/theraw/The-World-Is-Yours/issues
# Problems? => https://github.com/theraw/The-World-Is-Yours/issues # Problems? => https://github.com/theraw/The-World-Is-Yours/issues
# Errors? => https://github.com/theraw/The-World-Is-Yours/issues
user nginx; user nginx;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
worker_processes auto; worker_processes auto;
worker_rlimit_nofile 65535; worker_rlimit_nofile 65535;
load_module /nginx/modules/ngx_http_modsecurity_module.so; load_module /nginx/modules/ndk_http_module.so;
load_module /nginx/modules/ngx_http_lua_module.so;
load_module /nginx/modules/ngx_http_naxsi_module.so; load_module /nginx/modules/ngx_http_naxsi_module.so;
load_module /nginx/modules/ngx_http_modsecurity_module.so;
load_module /nginx/modules/ngx_http_testcookie_access_module.so; load_module /nginx/modules/ngx_http_testcookie_access_module.so;
events { events {
@@ -18,37 +19,27 @@ events {
http { http {
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# =================== START L7 ========================= # # =================== LOAD LUA ========================= #
# turn this 'on' if you want to use L7 For every domain hosted in your server lua_package_path "/usr/twiylua/lib/lua/?.lua;;";
# =================== END LUA ========================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# =================== LOAD L7 ========================== #
include modsec/l7.conf; include modsec/l7.conf;
# ===================== END L7 ========================= # # =================== END L7 =========================== #
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# ===================== LOGS =========================== # # ===================== LOGS =========================== #
log_format main '$remote_addr |==| $status |==| $request |==| $time_local'; log_format main '$remote_addr |==| $status |==| $request |==| $time_local';
# -------------------------------------------------------#
# =================== END LOGS ========================= # # =================== END LOGS ========================= #
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== BACKENDS ======================== #
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Example Of Backend
#upstream varnish {
# zone tcp_servers 64k;
# server 10.10.10.39:80;
#}
# =================== END BACKENDS ===================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# ==================== GENERAL ========================= # # ==================== GENERAL ========================= #
client_body_buffer_size 1M; client_body_buffer_size 2M;
client_header_buffer_size 1M; client_header_buffer_size 2M;
client_body_timeout 90s; client_body_timeout 90s;
client_header_timeout 90s; client_header_timeout 90s;
client_max_body_size 2M; client_max_body_size 2M;
@@ -66,9 +57,23 @@ http {
include /nginx/mime.types; include /nginx/mime.types;
# =================== END GENERAL ====================== # # =================== END GENERAL ====================== #
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# =================== LOAD CONFIGS ===================== # # ==================== BACKENDS ======================== #
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Example Of Backend
#upstream varnish {
# zone tcp_servers 64k;
# server 10.10.10.39:80;
#}
# =================== END BACKENDS ===================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ================ LOAD VHOST +CONFIGS ================= #
include live/*; include live/*;
include modsec/naxi.core; include modsec/naxi.core;
# =================== END CONFIGS ====================== # # =================== END CONFIGS ====================== #
static/nginx.service.Focal → static/Jammy/nginx.service
+1 -1
View File
@@ -1,5 +1,5 @@
[Nginx] [Nginx]
Description=The NGINX HTTP and reverse proxy server Description=The World Is Yours HTTP Server
After=syslog.target network-online.target remote-fs.target nss-lookup.target After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target Wants=network-online.target
static/mod/focal/mod_builder.sh
-74
View File
@@ -1,74 +0,0 @@
#!/bin/bash
export NGINX="1.22.1"
sudo apt-get install libpcre2-dev mercurial -y
cd /opt/mod/; git clone https://github.com/vision5/ngx_devel_kit.git ngx_devel_kit
cd /opt/mod/; git clone https://github.com/apache/incubator-pagespeed-ngx.git pagespeed
cd /opt/mod/; git clone https://github.com/leev/ngx_http_geoip2_module.git geoip2
cd /opt/mod/; git clone https://github.com/nbs-system/naxsi.git naxsi; cd /opt/mod/naxsi; git reset --hard 304e66d; wget https://patch-diff.githubusercontent.com/raw/nbs-system/naxsi/pull/598.patch; patch -p1 < 598.patch
cd /opt/mod/; git clone https://github.com/SpiderLabs/ModSecurity-nginx.git ModSecurity-nginx
cd /opt/mod/; git clone https://github.com/google/ngx_brotli.git ngx_brotli
cd /opt/mod/; git clone https://github.com/winshining/nginx-http-flv-module.git flv_mod
cd /opt/mod/; git clone https://github.com/openresty/headers-more-nginx-module.git headers_more
cd /opt/mod/; git clone https://github.com/openresty/lua-nginx-module.git lua
cd /opt/mod/; git clone https://github.com/openresty/set-misc-nginx-module.git misc
cd /opt/mod/; git clone https://github.com/kyprizel/testcookie-nginx-module.git testcookie
cd /opt/mod/; git clone --recurse-submodules https://github.com/wargio/naxsi.git naxsi
cd /opt/mod/ngx_brotli && git submodule update --init
cd /opt/mod/pagespeed; wget https://dl.google.com/dl/page-speed/psol/1.13.35.2-x64.tar.gz; tar -xzvf 1.13.35.2-x64.tar.gz; rm -Rf 1.13.35.2-x64.tar.gz
rm -Rf /opt/nginx-${NGINX}.tar.gz; cd /opt/; wget https://nginx.org/download/nginx-${NGINX}.tar.gz; tar xf nginx-${NGINX}.tar.gz; rm -Rf nginx-${NGINX}.tar.gz
cd /opt/nginx-${NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch
cd /opt/nginx-${NGINX}/
LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" ./configure --with-compat \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-pcre \
--without-pcre2 \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-http_v2_hpack_enc \
--with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib" \
--add-dynamic-module=/opt/mod/ngx_devel_kit \
--add-dynamic-module=/opt/mod/misc \
--add-dynamic-module=/opt/mod/naxsi/naxsi_src \
--add-dynamic-module=/opt/mod/ngx_brotli \
--add-dynamic-module=/opt/mod/pagespeed \
--add-dynamic-module=/opt/mod/geoip2 \
--add-dynamic-module=/opt/mod/ModSecurity-nginx \
--add-dynamic-module=/opt/mod/flv_mod \
--add-dynamic-module=/opt/mod/headers_more \
--add-dynamic-module=/opt/mod/njs/nginx \
--add-dynamic-module=/opt/mod/lua \
--add-dynamic-module=/opt/mod/testcookie
make -j`nproc` modules
static/mod/mod_builder.sh
-74
View File
@@ -1,74 +0,0 @@
#!/bin/bash
export NGINX="1.23.1"
sudo apt-get install libpcre2-dev mercurial -y
cd /opt/mod/; git clone https://github.com/vision5/ngx_devel_kit.git ngx_devel_kit
cd /opt/mod/; git clone https://github.com/apache/incubator-pagespeed-ngx.git pagespeed
cd /opt/mod/; git clone https://github.com/leev/ngx_http_geoip2_module.git geoip2
cd /opt/mod/; git clone https://github.com/nbs-system/naxsi.git naxsi; cd /opt/mod/naxsi; git reset --hard 304e66d; wget https://patch-diff.githubusercontent.com/raw/nbs-system/naxsi/pull/598.patch; patch -p1 < 598.patch
cd /opt/mod/; git clone https://github.com/SpiderLabs/ModSecurity-nginx.git ModSecurity-nginx
cd /opt/mod/; git clone https://github.com/google/ngx_brotli.git ngx_brotli
cd /opt/mod/; git clone https://github.com/winshining/nginx-http-flv-module.git flv_mod
cd /opt/mod/; git clone https://github.com/openresty/headers-more-nginx-module.git headers_more
cd /opt/mod/; hg clone http://hg.nginx.org/njs njs
cd /opt/mod/; git clone https://github.com/openresty/lua-nginx-module.git lua
cd /opt/mod/; git clone https://github.com/openresty/set-misc-nginx-module.git misc
cd /opt/mod/; git clone https://github.com/kyprizel/testcookie-nginx-module.git testcookie
cd /opt/mod/ngx_brotli && git submodule update --init
cd /opt/mod/pagespeed; wget https://dl.google.com/dl/page-speed/psol/1.13.35.2-x64.tar.gz; tar -xzvf 1.13.35.2-x64.tar.gz; rm -Rf 1.13.35.2-x64.tar.gz
rm -Rf /opt/nginx-${NGINX}.tar.gz; cd /opt/; wget https://nginx.org/download/nginx-${NGINX}.tar.gz; tar xf nginx-${NGINX}.tar.gz; rm -Rf nginx-${NGINX}.tar.gz
cd /opt/nginx-${NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch
cd /opt/nginx-${NGINX}/
LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" ./configure --with-compat \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-pcre \
--without-pcre2 \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-http_v2_hpack_enc \
--with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib" \
--add-dynamic-module=/opt/mod/ngx_devel_kit \
--add-dynamic-module=/opt/mod/misc \
--add-dynamic-module=/opt/mod/naxsi/naxsi_src \
--add-dynamic-module=/opt/mod/ngx_brotli \
--add-dynamic-module=/opt/mod/pagespeed \
--add-dynamic-module=/opt/mod/geoip2 \
--add-dynamic-module=/opt/mod/ModSecurity-nginx \
--add-dynamic-module=/opt/mod/flv_mod \
--add-dynamic-module=/opt/mod/headers_more \
--add-dynamic-module=/opt/mod/njs/nginx \
--add-dynamic-module=/opt/mod/lua \
--add-dynamic-module=/opt/mod/testcookie
make modules
static/mod/ndk_http_module.so
BIN
View File
Binary file not shown.
static/mod/ngx_http_brotli_static_module.so
BIN
View File
Binary file not shown.
static/mod/ngx_http_flv_live_module.so
BIN
View File
Binary file not shown.
static/mod/ngx_http_geoip2_module.so
BIN
View File
Binary file not shown.
static/mod/ngx_http_headers_more_filter_module.so
BIN
View File
Binary file not shown.
static/mod/ngx_http_js_module.so
BIN
View File
Binary file not shown.
static/mod/ngx_http_lua_module.so
BIN
View File
Binary file not shown.
static/mod/ngx_http_modsecurity_module.so
BIN
View File
Binary file not shown.
static/mod/ngx_http_naxsi_module.so
BIN
View File
Binary file not shown.
static/mod/ngx_http_set_misc_module.so
BIN
View File
Binary file not shown.
static/mod/ngx_http_testcookie_access_module.so
BIN
View File
Binary file not shown.
static/mod/ngx_stream_geoip2_module.so
BIN
View File
Binary file not shown.
static/mod/ngx_stream_js_module.so
BIN
View File
Binary file not shown.
version
+7
View File
@@ -10,6 +10,13 @@ export FOCAL_VERSION_NGX_RESTY_CORE="0.1.24"
export FOCAL_VERSION_NGX_RESTY_LRUCACHE="0.13" export FOCAL_VERSION_NGX_RESTY_LRUCACHE="0.13"
export FOCAL_VERSION_NGX_MODSECURITY="3.0.8" export FOCAL_VERSION_NGX_MODSECURITY="3.0.8"
export JAMMY_VERSION_NGINX="1.22.1"
export JAMMY_VERSION_LUA="2.1-20220915"
export JAMMY_VERSION_NGX_LUA="0.10.22"
export JAMMY_VERSION_NGX_RESTY_CORE="0.1.24"
export JAMMY_VERSION_NGX_RESTY_LRUCACHE="0.13"
export JAMMY_VERSION_NGX_MODSECURITY="3.0.8"
export NGX_DEVEL_KIT="0.3.2" export NGX_DEVEL_KIT="0.3.2"
export NGX_PAGESPEED="1.13.35.2" export NGX_PAGESPEED="1.13.35.2"
export NGX_PAGESPEED_PSOL="1.13.35.2-x64" export NGX_PAGESPEED_PSOL="1.13.35.2-x64"