theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: theraw/The-World-Is-Yours:0.0.1
Branches Tags
theraw/The-World-Is-Yours:master theraw/The-World-Is-Yours:raweb-upcoming-release theraw/The-World-Is-Yours:ffs theraw/The-World-Is-Yours:v2-1 theraw/The-World-Is-Yours:pcre-fix theraw/The-World-Is-Yours:docker theraw/The-World-Is-Yours:v3.0 theraw/The-World-Is-Yours:v2 theraw/The-World-Is-Yours:v2.0
theraw/The-World-Is-Yours:v1.27.4 theraw/The-World-Is-Yours:v1.26.0 theraw/The-World-Is-Yours:0.0.1
..
compare: theraw/The-World-Is-Yours:v2-1
Branches Tags
theraw/The-World-Is-Yours:master theraw/The-World-Is-Yours:raweb-upcoming-release theraw/The-World-Is-Yours:ffs theraw/The-World-Is-Yours:v2-1 theraw/The-World-Is-Yours:pcre-fix theraw/The-World-Is-Yours:docker theraw/The-World-Is-Yours:v3.0 theraw/The-World-Is-Yours:v2 theraw/The-World-Is-Yours:v2.0
theraw/The-World-Is-Yours:v1.27.4 theraw/The-World-Is-Yours:v1.26.0 theraw/The-World-Is-Yours:0.0.1

33 Commits
0.0.1 .. v2-1

Author SHA1 Message Date
𝓙𝓾𝓵𝓲𝓸 2e5b7df4c8 Update README.md 2024-05-22 03:01:58 +02:00
𝓙𝓾𝓵𝓲𝓸 134c3048a2 Update README.md 2024-05-22 03:01:39 +02:00
𝓙𝓾𝓵𝓲𝓸 b1ca949b49 Delete .github/workflows/docker-image.yml 2024-05-22 03:01:19 +02:00
𝓙𝓾𝓵𝓲𝓸 3c15da3e35 Update run.sh 2024-05-22 00:58:20 +02:00
𝓙𝓾𝓵𝓲𝓸 6758448534 Create default 2024-05-22 00:55:28 +02:00
𝓙𝓾𝓵𝓲𝓸 fe6e4c6d0c Delete static/default 2024-05-22 00:54:42 +02:00
𝓙𝓾𝓵𝓲𝓸 432ebd3ad7 Create nginx.conf 2024-05-22 00:54:24 +02:00
𝓙𝓾𝓵𝓲𝓸 d31bd00544 Delete static/Jammy/nginx.conf 2024-05-22 00:49:32 +02:00
𝓙𝓾𝓵𝓲𝓸 ae40bb737a Delete static/Jammy/mod directory 2024-05-22 00:49:24 +02:00
𝓙𝓾𝓵𝓲𝓸 25de9e247f Delete static/Focal/nginx.conf 2024-05-22 00:49:10 +02:00
𝓙𝓾𝓵𝓲𝓸 068a11acf5 Delete static/Focal/mod directory 2024-05-22 00:48:57 +02:00
𝓙𝓾𝓵𝓲𝓸 46fd3f371d Update index.html 2024-05-22 00:46:58 +02:00
𝓙𝓾𝓵𝓲𝓸 444e23648f Update default 2024-05-22 00:45:57 +02:00
𝓙𝓾𝓵𝓲𝓸 142468583e Update README.md 2024-05-22 00:42:54 +02:00
𝓙𝓾𝓵𝓲𝓸 45a172fb6b Update README.md 2024-05-22 00:42:05 +02:00
𝓙𝓾𝓵𝓲𝓸 1bf7898bd5 Update README.md 2024-05-22 00:41:08 +02:00
𝓙𝓾𝓵𝓲𝓸 99fe8e8793 Update README.md 2024-05-22 00:40:00 +02:00
𝓙𝓾𝓵𝓲𝓸 b2c326ac59 Update README.md 2024-05-22 00:33:59 +02:00
𝓙𝓾𝓵𝓲𝓸 9c757704e7 Update version 2024-05-22 00:14:01 +02:00
𝓙𝓾𝓵𝓲𝓸 8238550971 Update version 2024-05-22 00:13:33 +02:00
𝓙𝓾𝓵𝓲𝓸 01244b0efb Update run.sh 2024-05-22 00:11:18 +02:00
𝓙𝓾𝓵𝓲𝓸 4bb4d34cba Update README.md 2024-05-20 05:37:38 +02:00
𝓙𝓾𝓵𝓲𝓸 c5264a37b4 Update README.md 2024-05-20 05:37:17 +02:00
𝓙𝓾𝓵𝓲𝓸 1d5989a07e Update run.sh 2024-05-20 05:36:48 +02:00
ƬHE ЯAW ☣ b447fcc76c Update README.md 2024-03-06 00:40:56 +01:00
ƬHE ЯAW ☣ 20c045dbeb Update version 2024-03-06 00:39:38 +01:00
ƬHE ЯAW ☣ b9f9b236a0 Delete install 2024-03-06 00:38:50 +01:00
ƬHE ЯAW ☣ afdb697c37 Delete Dockerfile 2024-03-06 00:37:50 +01:00
ƬHE ЯAW ☣ 4cc4a9b7cc Create run.sh 2024-03-06 00:34:26 +01:00
ƬHE ЯAW ☣ 2f02f4b5f7 Update version 2024-01-30 02:02:44 +01:00
ƬHE ЯAW ☣ 33d5336a48 Update version 2023-09-02 20:44:37 +02:00
ƬHE ЯAW ☣ 2953575b1b not currently available. 2023-04-18 22:16:59 +02:00
ƬHE ЯAW ☣ df1651b1be added a premium version. 2023-03-22 05:06:21 +01:00
38 changed files with 450 additions and 918 deletions
Expand all files Collapse all files
.github/workflows/docker-image.yml
-18
View File
@@ -1,18 +0,0 @@
name: BobTheBuilder
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Build the Docker image
run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)
Dockerfile
-69
View File
@@ -1,69 +0,0 @@
# Ubuntu 22.04 image with lua/modsecurity lib, required deps and resty core scripts.
FROM theraw/the-world-is-yours:ubuntu2204-base
ARG NGINX="1.22.1"
ARG JAMMY_VERSION_NGINX="1.22.1"
ARG JAMMY_VERSION_LUA="2.1-20220915"
ARG JAMMY_VERSION_NGX_LUA="0.10.22"
ARG JAMMY_VERSION_NGX_RESTY_CORE="0.1.24"
ARG JAMMY_VERSION_NGX_RESTY_LRUCACHE="0.13"
ARG JAMMY_VERSION_NGX_MODSECURITY="3.0.8"
ARG JAMMY_PCRE="10.42"
ARG JAMMY_OPENSSL="3.0.2"
ARG JAMMY_ZLIB="1.2.13"
ARG LUA_SCRIPTS="/usr/twiylua/"
ARG NGX_DEVEL_KIT="0.3.2"
ARG NGX_PAGESPEED="1.13.35.2"
ARG NGX_PAGESPEED_PSOL="1.13.35.2-x64"
ARG NGX_GEOIP2="3.4"
ARG NGX_MODSECURITY="1.0.3"
ARG NGX_HTTP_FLV="1.2.10"
ARG NGX_HEADERS_MORE="0.34"
ARG NGX_LUA="0.10.22"
ARG NGX_SET_MISC="0.33"
RUN apt-get update; apt-get install supervisor make cmake automake autoconf unzip -y; cd /opt/mod && wget https://github.com/PCRE2Project/pcre2/archive/refs/tags/pcre2-${JAMMY_PCRE}.tar.gz; cd /opt/mod && tar xf pcre2-${JAMMY_PCRE}.tar.gz; rm -Rf pcre2-${JAMMY_PCRE}.tar.gz; cd /opt/mod/pcre2-pcre2-${JAMMY_PCRE} && ./autogen.sh; cd /opt/mod && wget https://github.com/openssl/openssl/archive/refs/tags/openssl-${JAMMY_OPENSSL}.tar.gz; cd /opt/mod && tar xf openssl-${JAMMY_OPENSSL}.tar.gz; rm -Rf openssl-${JAMMY_OPENSSL}.tar.gz; cd /opt/mod && wget http://zlib.net/zlib-${JAMMY_ZLIB}.tar.gz; cd /opt/mod && tar xf zlib-${JAMMY_ZLIB}.tar.gz; rm -Rf zlib-${JAMMY_ZLIB}.tar.gz; cd /opt/ && wget https://nginx.org/download/nginx-${JAMMY_VERSION_NGINX}.tar.gz && tar xf nginx-${JAMMY_VERSION_NGINX}.tar.gz && rm -Rf nginx-${JAMMY_VERSION_NGINX}.tar.gz && cd /opt/nginx-${JAMMY_VERSION_NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch
RUN cd /opt/nginx-${JAMMY_VERSION_NGINX} && ./configure --with-compat \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-openssl=/opt/mod/openssl-openssl-${JAMMY_OPENSSL} \
--with-pcre \
--with-pcre=/opt/mod/pcre2-pcre2-${JAMMY_PCRE} \
--with-zlib=/opt/mod/zlib-${JAMMY_ZLIB} \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-http_v2_hpack_enc \
--with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
--with-ld-opt="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie"
RUN cd /opt/nginx-${JAMMY_VERSION_NGINX} && make -j`nproc` && make install; curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Jammy/nginx.service > /lib/systemd/system/nginx.service; rm -Rf /nginx/*.default; useradd nginx && usermod -s /bin/false nginx; mkdir -p /nginx/modules && mkdir -p /tmp && cd /tmp && wget https://github.com/theraw/The-World-Is-Yours/archive/refs/heads/master.zip; unzip master.zip; rm -Rf master.zip; cp -a /tmp/The-World-Is-Yours-master/static/Jammy/mod/*.so /nginx/modules/; rm -Rf /tmp/The-World-Is-Yours-master; mkdir -p /nginx/modsec; curl -s https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules > /nginx/modsec/naxi.core; curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/l7.conf > /nginx/modsec/l7.conf; curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf; curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf; curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping; curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Jammy/nginx.conf > /nginx/nginx.conf; mkdir -p /nginx/live/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/default > /nginx/live/default; mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html; mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js; curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/docker/supervisord.conf > /etc/supervisor/supervisord.conf
CMD /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
README.md
+39 -30
View File
@@ -1,35 +1,35 @@
# Nginx L7 DDoS Protection! :boom: :zap: [![Docker Image CI](https://github.com/theraw/The-World-Is-Yours/workflows/BobTheBuilder/badge.svg?branch=master)](https://github.com/theraw/The-World-Is-Yours/actions/workflows/docker-image.yml) # Nginx L7 DDoS Protection! :boom: :zap:
Now easier then before, you will have to compile only Nginx, Rest of modules come pre-compiled.
![Simple](https://c.tenor.com/uYqsM9uIyuYAAAAC/simple-easy.gif) ![Simple](https://c.tenor.com/uYqsM9uIyuYAAAAC/simple-easy.gif)
- [x] Support Ubuntu 20.04. - [x] Support Ubuntu 22.04
- [x] Support Ubuntu 22.04.1 - [x] Latest Nginx 1.26.0
-- Security Dynamic Modules.
- [x] ModSecurity Support. - [x] ModSecurity Support.
- [x] Naxsi Support. - [x] Naxsi Support.
- [x] Lua Support. - [x] Lua Support.
- [x] Cookie Based Challenge. - [x] Cookie Based Challenge.
- [x] [MOD LIST X Ubuntu 20.04](https://github.com/theraw/The-World-Is-Yours/tree/master/static/Focal/mod) - [x] [Versions List](https://github.com/theraw/The-World-Is-Yours/blob/master/version)
- [x] [MOD LIST X Ubuntu 22.04](https://github.com/theraw/The-World-Is-Yours/tree/master/static/Jammy/mod)
- [x] [Versions](https://github.com/theraw/The-World-Is-Yours/blob/master/version)
How do these 3 modules work together? L7 will block all or most of bots, ModSecurity and Naxsi take priority over cookie challenge! ## Compile from source
So if its a offensive request that Modsecurity or Naxsi detect it as such then these 2 will deal with that request otherwise cookie challenge will appear. ```bash
apt-get -y install git && cd /root/ && git clone https://github.com/theraw/The-World-Is-Yours.git && cd The-World-Is-Yours/
## INSTALLATION bash build/run.sh new
bash build/run.sh build
bash build/run.sh postfix
```
1. **`apt-get update; apt-get -y install build-essential libssl-dev curl nano wget zip unzip sudo git psmisc tar`** If you want to try with a custom nginx version then, open `version` file and change versions then run
```bash
2. **`curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/install > install; bash install`** bash build/run.sh new
bash build/run.sh build
## OR RUN IN DOCKER ```
## Basic cli info
1. **`git clone https://github.com/theraw/The-World-Is-Yours.git; cd The-World-Is-Yours`** ```
bash build/run.sh new => Download all modules + nginx that are missing from /opt/. (If you make version changes to 'version' file then simply rerun this to download again)
2. **`docker build -t mybuild .`** bash build/run.sh build => This is going to simply compile nginx nothing else. (You can run this as many times as you need, its not going to replace configs)
bash build/run.sh postfix => This will redownload /nginx/nginx.conf everytime you run it. (Suggested to run only once when you install nginx via my repo for first time)
3. **`docker run -d mybuild`** ```
## Basic info. ## Basic info.
@@ -43,19 +43,28 @@ So if its a offensive request that Modsecurity or Naxsi detect it as such then t
=> --sbin-path = /usr/sbin/nginx => --sbin-path = /usr/sbin/nginx
=> --error-log-path = /var/log/nginx/error.log => --error-log-path = /var/log/nginx/error.log
LUA RESTY CORE SCRIPTS = /usr/twiylua/ LUA RESTY CORE SCRIPTS = /usr/nginx_lua
// YOUR NGINX IS LOCATED AT /nginx NOT /etc/nginx
``` ```
## How to install lua scripts
```
. /root/The-World-Is-Yours/version
cd /opt/mod/; git clone https://github.com/openresty/lua-resty-lrucache.git
cd /opt/mod/lua-resty-lrucache; make install PREFIX=${LUA_SCRIPTS}
nginx -s reload
```
# Support options.
- No free support for how to do things, please don't spam with questions in discord.
- Free support for installation related errors only, is included.
- Business inquiries, regarding anti-ddos protection or other security/optimization concerns you can contact me on : raw@dopehosting.net
## KEEP IN MIND!
1. You're trading perfomance for security.
2. If your server provider does not have anti-ddos your IPTABLES will fail to keep the bans, and your server may be offline in cases of big attacks.
3. This is not a script that with one command your ddos problem is fixed, there's no such thing for L7 attacks as they change and new methods come out very often and no one has any ideas where your server is lacking security so this script is a basic thing more advanced protection require knowledge, monitoring logs, and applying filters in order to automatically ban attackers, this project is suggested to run with fail2ban + iptables.
## Contributors ## Contributors
Feel free to submit a pull request.
Special thanks to the following contributors: Special thanks to the following contributors:
<!-- prettier-ignore-start --> <!-- prettier-ignore-start -->
build/run.sh
+341
View File
@@ -0,0 +1,341 @@
. ./version
set -e
function reqs() {
apt-get update -y; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y
DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata dialog
# apt-get purge nftables firewalld ufw -y; apt-get autoremove -y
apt-get -y install wget zip unzip build-essential libssl-dev curl nano git
# apt-get -y install iptables ipset
apt-get install libtool pkg-config make cmake automake autoconf -y
apt-get install libyajl-dev ssdeep zlib1g-dev libxslt1-dev libgd-dev libgeoip-dev liblmdb-dev libfuzzy-dev libmaxminddb-dev liblua5.2-dev libcurl4-openssl-dev libxml2 libxml2-dev libpcre3-dev mercurial libpcre2-dev libc-ares-dev libre2-dev -y
mkdir -p $LUA_SCRIPTS
}
function clean_install() {
mkdir -p /opt/mod
# Nginx
if [ ! -d /opt/nginx-${NGINX} ]; then
cd /opt/ && wget https://nginx.org/download/nginx-${NGINX}.tar.gz
tar xf nginx-${NGINX}.tar.gz && rm -Rf nginx-${NGINX}.tar.gz
fi
# START OF SYSTEM REQUIRED LIBS
# ============================================================================================================
# OPENSSL
if [ ! -d /opt/mod/openssl-opernssl-${SYSTEM_OPENSSL} ]; then
cd /opt/mod; wget https://github.com/quictls/openssl/archive/refs/tags/opernssl-${SYSTEM_OPENSSL}.tar.gz
cd /opt/mod && tar xf opernssl-${SYSTEM_OPENSSL}.tar.gz; rm -Rf opernssl-${SYSTEM_OPENSSL}.tar.gz
fi
# ZLIB
if [ ! -d /opt/mod/zlib ]; then
cd /opt/mod && wget http://zlib.net/current/zlib.tar.gz
cd /opt/mod && tar xf zlib.tar.gz; rm -Rf zlib.tar.gz; mv zlib-* zlib
fi
# SYSTEM_LUAJIT
if [ ! -d /opt/mod/luajit2-${SYSTEM_LUAJIT} ]; then
cd /opt/mod && wget https://github.com/openresty/luajit2/archive/refs/tags/v${SYSTEM_LUAJIT}.tar.gz
cd /opt/mod && tar xf v${SYSTEM_LUAJIT}.tar.gz && rm -Rf v${SYSTEM_LUAJIT}.tar.gz
if [ ! -d /usr/local/LuaJIT/include/luajit-2.1 ]; then
cd /opt/mod/luajit2-${SYSTEM_LUAJIT}/ && make clean && make install PREFIX=/usr/local/LuaJIT && ldconfig
# apt-get -y install liblua5.1-0-dev; apt-get -y install luarocks; luarocks install lua-resty-core
fi
fi
# SYSTEM_MODSECURITY
if [ ! -d /opt/mod/modsecurity-v${SYSTEM_MODSECURITY} ]; then
cd /opt/mod && wget https://github.com/SpiderLabs/ModSecurity/releases/download/v${SYSTEM_MODSECURITY}/modsecurity-v${SYSTEM_MODSECURITY}.tar.gz
cd /opt/mod && tar xf modsecurity-v${SYSTEM_MODSECURITY}.tar.gz; rm -Rf modsecurity-v${SYSTEM_MODSECURITY}.tar.gz
if [ ! -d /usr/local/modsecurity ]; then
cd /opt/mod/modsecurity-v${SYSTEM_MODSECURITY} && ./configure && make -j`nproc` && make install
fi
fi
# SYSTEM_PCRE
if [ ! -d /opt/mod/pcre2-pcre2-${SYSTEM_PCRE} ]; then
cd /opt/mod && wget https://github.com/PCRE2Project/pcre2/archive/refs/tags/pcre2-${SYSTEM_PCRE}.tar.gz
cd /opt/mod && tar xf pcre2-${SYSTEM_PCRE}.tar.gz; rm -Rf pcre2-${SYSTEM_PCRE}.tar.gz
cd /opt/mod/pcre2-pcre2-${SYSTEM_PCRE} && ./autogen.sh
fi
# LibInjection
if [ ! -d /opt/mod/libinjection ]; then
cd /opt/mod && git clone https://github.com/libinjection/libinjection.git
cd /opt/mod/libinjection && ./autogen.sh && ./configure && make -j`nproc` && make install
fi
# END OF SYSTEM REQUIRED LIBS
# ============================================================================================================
# START OF NGINX MODULES
# ============================================================================================================
# NGX_MOD_LUA
if [ ! -d /opt/mod/lua-nginx-module-${NGX_MOD_LUA} ]; then
cd /opt/mod/; wget https://github.com/openresty/lua-nginx-module/archive/refs/tags/v${NGX_MOD_LUA}.tar.gz
cd /opt/mod/; tar xf v${NGX_MOD_LUA}.tar.gz; rm -Rf v${NGX_MOD_LUA}.tar.gz
sed -i 's/cookies/cookie/g' /opt/mod/lua-nginx-module-${NGX_MOD_LUA}/src/ngx_http_lua_headers_in.c
fi
# NGX_LUA_CORE
if [ ! -d /opt/mod/lua-resty-core ]; then
cd /opt/mod/; git clone https://github.com/openresty/lua-resty-core.git
cd /opt/mod/lua-resty-core; make install PREFIX=${LUA_SCRIPTS}
fi
# NGX_LUA_LRUCACHE
if [ ! -d /opt/mod/lua-resty-lrucache ]; then
cd /opt/mod/; git clone https://github.com/openresty/lua-resty-lrucache.git
cd /opt/mod/lua-resty-lrucache; make install PREFIX=${LUA_SCRIPTS}
fi
# NGX_MOD_LUA_MYSQL
if [ ! -d /opt/mod/lua-resty-mysql-${NGX_MOD_LUA_MYSQL} ]; then
cd /opt/mod/; wget https://github.com/openresty/lua-resty-mysql/archive/refs/tags/v${NGX_MOD_LUA_MYSQL}.tar.gz
cd /opt/mod/; tar xf v${NGX_MOD_LUA_MYSQL}.tar.gz; rm -Rf v${NGX_MOD_LUA_MYSQL}.tar.gz
cd /opt/mod/lua-resty-mysql-${NGX_MOD_LUA_MYSQL} && make install PREFIX=${LUA_SCRIPTS}
fi
# NGX_MOD_LUA_SRCACHE
if [ ! -d /opt/mod/srcache-nginx-module-${NGX_MOD_LUA_SRCACHE} ]; then
cd /opt/mod/; wget https://github.com/openresty/srcache-nginx-module/archive/refs/tags/v${NGX_MOD_LUA_SRCACHE}.tar.gz
cd /opt/mod/; tar xf v${NGX_MOD_LUA_SRCACHE}.tar.gz; rm -Rf v${NGX_MOD_LUA_SRCACHE}.tar.gz
fi
# NGX_MOD_LUA_REDIS2
if [ ! -d /opt/mod/redis2-nginx-module ]; then
cd /opt/mod/; git clone --recursive https://github.com/openresty/redis2-nginx-module.git
fi
# NGX_MOD_LUA_LOCK 0.09
if [ ! -d /opt/mod/lua-resty-lock-${NGX_MOD_LUA_LOCK} ]; then
cd /opt/mod/; wget https://github.com/openresty/lua-resty-lock/archive/refs/tags/v${NGX_MOD_LUA_LOCK}.tar.gz
cd /opt/mod/; tar xf v${NGX_MOD_LUA_LOCK}.tar.gz; rm -Rf v${NGX_MOD_LUA_LOCK}.tar.gz
cd /opt/mod/lua-resty-lock-${NGX_MOD_LUA_LOCK} && make install PREFIX=${LUA_SCRIPTS}
fi
# NGX_MOD_LUA_CACHE
if [ ! -d /opt/mod/lua-resty-cache ]; then
cd /opt/mod/; git clone --branch feature-srcache --recursive https://github.com/lloydzhou/lua-resty-cache
cd /opt/mod/lua-resty-cache && make install PREFIX=${LUA_SCRIPTS}
fi
# NGX_MOD_DEVELKIT
if [ ! -d /opt/mod/ngx_devel_kit-${NGX_MOD_DEVELKIT} ]; then
cd /opt/mod/; wget https://github.com/vision5/ngx_devel_kit/archive/refs/tags/v${NGX_MOD_DEVELKIT}.tar.gz
cd /opt/mod/; tar xf v${NGX_MOD_DEVELKIT}.tar.gz; rm -Rf v${NGX_MOD_DEVELKIT}.tar.gz
fi
# NGX_MOD_GEOIP2
if [ ! -d /opt/mod/ngx_http_geoip2_module-${NGX_MOD_GEOIP2} ]; then
cd /opt/mod/; wget https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/${NGX_MOD_GEOIP2}.tar.gz
cd /opt/mod/; tar xf ${NGX_MOD_GEOIP2}.tar.gz; rm -Rf ${NGX_MOD_GEOIP2}.tar.gz
fi
# NGX_MOD_MODSECURITY
if [ ! -d /opt/mod/ModSecurity-nginx-${NGX_MOD_MODSECURITY} ]; then
cd /opt/mod/; wget https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${NGX_MOD_MODSECURITY}.tar.gz
cd /opt/mod/; tar xf v${NGX_MOD_MODSECURITY}.tar.gz; rm -Rf v${NGX_MOD_MODSECURITY}.tar.gz
fi
# NGX_MOD_HTTPFLV
if [ ! -d /opt/mod/nginx-http-flv-module-${NGX_MOD_HTTPFLV} ]; then
cd /opt/mod/; wget https://github.com/winshining/nginx-http-flv-module/archive/refs/tags/v${NGX_MOD_HTTPFLV}.tar.gz
cd /opt/mod/; tar xf v${NGX_MOD_HTTPFLV}.tar.gz; rm -Rf v${NGX_MOD_HTTPFLV}.tar.gz
fi
# NGX_MOD_HEADERS_MORE
if [ ! -d /opt/mod/headers-more-nginx-module-${NGX_MOD_HEADERS_MORE} ]; then
cd /opt/mod/; wget https://github.com/openresty/headers-more-nginx-module/archive/refs/tags/v${NGX_MOD_HEADERS_MORE}.tar.gz
cd /opt/mod/; tar xf v${NGX_MOD_HEADERS_MORE}.tar.gz; rm -Rf v${NGX_MOD_HEADERS_MORE}.tar.gz
fi
# NGX_MOD_SETMISC
if [ ! -d /opt/mod/set-misc-nginx-module-${NGX_MOD_SETMISC} ]; then
cd /opt/mod/; wget https://github.com/openresty/set-misc-nginx-module/archive/refs/tags/v${NGX_MOD_SETMISC}.tar.gz
cd /opt/mod/; tar xf v${NGX_MOD_SETMISC}.tar.gz; rm -Rf v${NGX_MOD_SETMISC}.tar.gz
fi
# Testcookie
if [ ! -d /opt/mod/testcookie ]; then
cd /opt/mod/; git clone https://github.com/kyprizel/testcookie-nginx-module.git testcookie
fi
# Brotli
if [ ! -d /opt/mod/ngx_brotli ]; then
cd /opt/mod/; git clone https://github.com/google/ngx_brotli.git ngx_brotli; cd /opt/mod/ngx_brotli && git submodule update --init
fi
# Naxsi
if [ ! -d /opt/mod/naxsi ]; then
cd /opt/mod/; git clone --recurse-submodules https://github.com/wargio/naxsi.git naxsi
fi
# END OF NGINX MODULES
# ============================================================================================================
}
test_nginx() {
cd /opt/nginx-${NGINX} && LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" CFLAGS=-fPIC CXXFLAGS=-fPIC ./configure --with-compat \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--modules-path=/nginx/modules \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-openssl=/opt/mod/openssl-opernssl-${SYSTEM_OPENSSL} \
--with-openssl-opt=enable-tls1_3 \
--with-pcre \
--with-pcre-jit \
--with-pcre=/opt/mod/pcre2-pcre2-${SYSTEM_PCRE} \
--with-zlib=/opt/mod/zlib \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_v3_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--add-module=/opt/mod/ngx_devel_kit-${NGX_MOD_DEVELKIT} \
--add-module=/opt/mod/set-misc-nginx-module-${NGX_MOD_SETMISC} \
--add-module=/opt/mod/ngx_http_geoip2_module-${NGX_MOD_GEOIP2} \
--add-module=/opt/mod/headers-more-nginx-module-${NGX_MOD_HEADERS_MORE} \
--add-module=/opt/mod/lua-nginx-module-${NGX_MOD_LUA} \
--add-module=/opt/mod/ModSecurity-nginx-${NGX_MOD_MODSECURITY} \
--add-module=/opt/mod/naxsi/naxsi_src \
--add-module=/opt/mod/nginx-http-flv-module-${NGX_MOD_HTTPFLV} \
--add-module=/opt/mod/srcache-nginx-module-${NGX_MOD_LUA_SRCACHE} \
--add-module=/opt/mod/redis2-nginx-module \
--add-module=/opt/mod/ngx_brotli \
--add-module=/opt/mod/testcookie \
--with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
--with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib -Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -L/opt/mod/pcre2-pcre2-${SYSTEM_PCRE}/.libs -lpcre2-8 -L/lib/x86_64-linux-gnu -lpcre"
make clean
}
function build() {
cd /opt/nginx-${NGINX} && LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" CFLAGS=-fPIC CXXFLAGS=-fPIC ./configure --with-compat \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--modules-path=/nginx/modules \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-openssl=/opt/mod/openssl-opernssl-${SYSTEM_OPENSSL} \
--with-openssl-opt=enable-tls1_3 \
--with-pcre \
--with-pcre-jit \
--with-pcre=/opt/mod/pcre2-pcre2-${SYSTEM_PCRE} \
--with-zlib=/opt/mod/zlib \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_v3_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--add-module=/opt/mod/ngx_devel_kit-${NGX_MOD_DEVELKIT} \
--add-module=/opt/mod/set-misc-nginx-module-${NGX_MOD_SETMISC} \
--add-module=/opt/mod/ngx_http_geoip2_module-${NGX_MOD_GEOIP2} \
--add-module=/opt/mod/headers-more-nginx-module-${NGX_MOD_HEADERS_MORE} \
--add-module=/opt/mod/ModSecurity-nginx-${NGX_MOD_MODSECURITY} \
--add-module=/opt/mod/lua-nginx-module-${NGX_MOD_LUA} \
--add-module=/opt/mod/naxsi/naxsi_src \
--add-module=/opt/mod/nginx-http-flv-module-${NGX_MOD_HTTPFLV} \
--add-module=/opt/mod/srcache-nginx-module-${NGX_MOD_LUA_SRCACHE} \
--add-module=/opt/mod/redis2-nginx-module \
--add-module=/opt/mod/ngx_brotli \
--add-module=/opt/mod/testcookie \
--with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
--with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib -Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -L/opt/mod/pcre2-pcre2-${SYSTEM_PCRE}/.libs -lpcre2-8 -L/lib/x86_64-linux-gnu -lpcre"
make -j`nproc` && make install && make clean
unset NGINX
}
function post_build() {
useradd nginx; unset NGINX; rm -rf /nginx/*.default;
mkdir -p /nginx/live
mkdir -p /nginx/conf.d
mkdir -p /nginx/config
mkdir -p /var/log/nginx
mkdir -p /nginx/modsec; curl -s https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules > /nginx/modsec/naxi.core
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/l7.conf > /nginx/modsec/l7.conf
curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx/nginx.conf > /nginx/nginx.conf
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx/live/default > /nginx/live/default
mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html
mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js
}
# Handling command-line arguments
case "$1" in
new)
reqs
clean_install
;;
test)
test_nginx
;;
build)
build
;;
postfix)
post_build
;;
*)
echo "Invalid option: $1"
echo "Usage: $0 {new|test|build|postfix}"
echo ""
echo " new: will download all modules & nginx (if you change a version from file, simply rerun this to download that)"
echo " test: Test nginx configuration"
echo " build: Build nginx, or Rebuild (mods/configs will not be redownloaded this will only build)"
echo " postfix: After first installation, run this to download nginx configs (it will replace nginx.conf if there already is one)"
exit 1
;;
esac
install
-297
View File
@@ -1,297 +0,0 @@
#!/bin/bash
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/version > /tmp/version; source /tmp/version
case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in
focal)
if [ "$(whoami)" != "root" ]
then
echo "You should Login as root to use this script!";
echo "Maybe you already have access for sudo, but commands aren't designed with sudo! so..";
echo "sudo -i";
exit 1
fi
if [ -d "/nginx/" ]; then
echo "We've detect a folder '/nginx/' which means"
echo "Maybe you have use this script before!"
echo "You can wipe old installation by executing!"
echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)"
echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*"
echo "then execute again bash install"
exit 1
fi
if [ -d "/etc/nginx" ]; then
echo "We've detect a folder '/etc/nginx' which means you already got nginx up and running!"
exit 1
fi
if [ -d "/opt/nginx/" ]; then
echo "DETECTED '/opt/nginx/'"
echo "Maybe script has already been used you need to start clean!"
echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)"
echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*"
echo "then execute again bash install"
exit 1
fi
apt-get update -y; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y
DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata
apt-get install libtool pkg-config make cmake automake autoconf -y
apt-get install libyajl-dev ssdeep zlib1g-dev libxslt1-dev libgd-dev libgeoip-dev liblmdb-dev libfuzzy-dev libmaxminddb-dev liblua5.2-dev libcurl4-openssl-dev libxml2 libxml2-dev libpcre3-dev -y
mkdir -p /opt/mod/
cd /opt/mod && wget https://github.com/openresty/luajit2/archive/refs/tags/v${FOCAL_VERSION_LUA}.tar.gz
cd /opt/mod && tar xf v${FOCAL_VERSION_LUA}.tar.gz && rm -Rf v${FOCAL_VERSION_LUA}.tar.gz
cd /opt/mod/luajit2-${FOCAL_VERSION_LUA}/ && make install PREFIX=/usr/local/LuaJIT && ldconfig
rm -Rf /opt/mod/luajit2-${FOCAL_VERSION_LUA}/
cd /opt/mod && wget https://github.com/SpiderLabs/ModSecurity/releases/download/v${FOCAL_VERSION_NGX_MODSECURITY}/modsecurity-v${FOCAL_VERSION_NGX_MODSECURITY}.tar.gz
cd /opt/mod && tar xf modsecurity-v${FOCAL_VERSION_NGX_MODSECURITY}.tar.gz; rm -Rf modsecurity-v${FOCAL_VERSION_NGX_MODSECURITY}.tar.gz
cd /opt/mod/modsecurity-v${FOCAL_VERSION_NGX_MODSECURITY} && ./configure && make -j`nproc` && make install
cd /opt/mod && wget https://github.com/openresty/lua-resty-core/archive/refs/tags/v${FOCAL_VERSION_NGX_RESTY_CORE}.tar.gz
cd /opt/mod && tar xf v${FOCAL_VERSION_NGX_RESTY_CORE}.tar.gz && rm -Rf v${FOCAL_VERSION_NGX_RESTY_CORE}.tar.gz
cd /opt/mod/lua-resty-core-${FOCAL_VERSION_NGX_RESTY_CORE} && make install PREFIX=${LUA_SCRIPTS}
cd /opt/mod && wget https://github.com/openresty/lua-resty-lrucache/archive/refs/tags/v${FOCAL_VERSION_NGX_RESTY_LRUCACHE}.tar.gz
cd /opt/mod && tar xf v${FOCAL_VERSION_NGX_RESTY_LRUCACHE}.tar.gz && rm -Rf v${FOCAL_VERSION_NGX_RESTY_LRUCACHE}.tar.gz
cd /opt/mod/lua-resty-lrucache-${FOCAL_VERSION_NGX_RESTY_LRUCACHE} && make install PREFIX=${LUA_SCRIPTS}
cd /opt/mod && wget https://github.com/PCRE2Project/pcre2/archive/refs/tags/pcre2-${FOCAL_PCRE}.tar.gz
cd /opt/mod && tar xf pcre2-${FOCAL_PCRE}.tar.gz; rm -Rf pcre2-${FOCAL_PCRE}.tar.gz
cd /opt/mod/pcre2-pcre2-${FOCAL_PCRE} && ./autogen.sh
#cd /opt/mod/pcre2-pcre2-${FOCAL_PCRE} && ./configure --prefix=/usr/local/pcre2_${FOCAL_PCRE} && make -j`nproc` && make install
cd /opt/mod && wget https://github.com/openssl/openssl/archive/refs/tags/OpenSSL_${FOCAL_OPENSSL}.tar.gz
cd /opt/mod && tar xf OpenSSL_${FOCAL_OPENSSL}.tar.gz; rm -Rf OpenSSL_${FOCAL_OPENSSL}.tar.gz
#cd /opt/mod/openssl-OpenSSL_${FOCAL_OPENSSL} && ./config --prefix=/usr/local/openssl_${FOCAL_OPENSSL} && make -j`nproc` && make install
cd /opt/mod && wget http://zlib.net/zlib-${FOCAL_ZLIB}.tar.gz
cd /opt/mod && tar xf zlib-${FOCAL_ZLIB}.tar.gz; rm -Rf zlib-${FOCAL_ZLIB}.tar.gz
#cd /opt/mod/zlib-${FOCAL_ZLIB} && ./configure --prefix=/usr/local/zlib-${FOCAL_ZLIB} && make -j`nproc` && make install
# Nginx
cd /opt/ && wget https://nginx.org/download/nginx-${FOCAL_VERSION_NGINX}.tar.gz && tar xf nginx-${FOCAL_VERSION_NGINX}.tar.gz && rm -Rf nginx-${FOCAL_VERSION_NGINX}.tar.gz
cd /opt/nginx-${FOCAL_VERSION_NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch
cd /opt/nginx-${FOCAL_VERSION_NGINX} && ./configure --with-compat \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-openssl=/opt/mod/openssl-OpenSSL_${FOCAL_OPENSSL} \
--with-pcre \
--with-pcre=/opt/mod/pcre2-pcre2-${FOCAL_PCRE} \
--with-zlib=/opt/mod/zlib-${FOCAL_ZLIB} \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-http_v2_hpack_enc \
--with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
--with-ld-opt="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie"
cd /opt/nginx-${FOCAL_VERSION_NGINX} && make -j`nproc`
cd /opt/nginx-${FOCAL_VERSION_NGINX} && make install
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Focal/nginx.service > /lib/systemd/system/nginx.service
rm -Rf /nginx/*.default
# Download Dynamic Modules
mkdir -p /nginx/modules; mkdir -p /tmp
cd /tmp && wget https://github.com/theraw/The-World-Is-Yours/archive/refs/heads/master.zip; unzip master.zip; rm -Rf master.zip; cp -a /tmp/The-World-Is-Yours-master/static/Focal/mod/*.so /nginx/modules/; rm -Rf /tmp/The-World-Is-Yours-master
# Fixes
mkdir -p /nginx/modsec; curl -s https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules > /nginx/modsec/naxi.core
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/l7.conf > /nginx/modsec/l7.conf
curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Focal/nginx.conf > /nginx/nginx.conf
mkdir -p /nginx/live/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/default > /nginx/live/default
mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html
mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js
# Start
unset NGINX
killall nginx
useradd nginx && usermod -s /bin/false nginx
systemctl enable nginx
systemctl daemon-reload
systemctl enable nginx
systemctl stop nginx
systemctl start nginx
;;
jammy)
if [ "$(whoami)" != "root" ]
then
echo "You should Login as root to use this script!";
echo "May you already have access for sudo, but commands aren't designed with sudo! so..";
echo "sudo -i";
exit 1
fi
if [ -d "/nginx/" ]; then
echo "We've detect a folder '/nginx/' which means"
echo "Maybe you have use this script before!"
echo "You wipe old installation by executing!"
echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)"
echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*"
echo "then execute again bash install"
exit 1
fi
if [ -d "/etc/nginx" ]; then
echo "We've detect a folder '/etc/nginx' which means"
echo "Maybe you have use this script before!"
echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)"
echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*"
echo "then execute again bash install"
exit 1
fi
if [ -d "/opt/nginx/" ]; then
echo "DETECTED '/opt/nginx/'"
echo "Maybe script has already been used you need to start clean!"
echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)"
echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*"
echo "then execute again bash install"
exit 1
fi
apt-get update -y; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y
DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata
apt-get install libtool pkg-config make cmake automake autoconf -y
apt-get install libyajl-dev ssdeep zlib1g-dev libxslt1-dev libgd-dev libgeoip-dev liblmdb-dev libfuzzy-dev libmaxminddb-dev liblua5.2-dev libcurl4-openssl-dev libxml2 libxml2-dev libpcre3-dev -y
mkdir -p /opt/mod/
cd /opt/mod && wget https://github.com/openresty/luajit2/archive/refs/tags/v${JAMMY_VERSION_LUA}.tar.gz
cd /opt/mod && tar xf v${JAMMY_VERSION_LUA}.tar.gz && rm -Rf v${JAMMY_VERSION_LUA}.tar.gz
cd /opt/mod/luajit2-${JAMMY_VERSION_LUA}/ && make install PREFIX=/usr/local/LuaJIT && ldconfig
rm -Rf /opt/mod/luajit2-${JAMMY_VERSION_LUA}/
cd /opt/mod && wget https://github.com/SpiderLabs/ModSecurity/releases/download/v${JAMMY_VERSION_NGX_MODSECURITY}/modsecurity-v${JAMMY_VERSION_NGX_MODSECURITY}.tar.gz
cd /opt/mod && tar xf modsecurity-v${JAMMY_VERSION_NGX_MODSECURITY}.tar.gz; rm -Rf modsecurity-v${JAMMY_VERSION_NGX_MODSECURITY}.tar.gz
cd /opt/mod/modsecurity-v${JAMMY_VERSION_NGX_MODSECURITY} && ./configure && make -j`nproc` && make install
cd /opt/mod && wget https://github.com/openresty/lua-resty-core/archive/refs/tags/v${JAMMY_VERSION_NGX_RESTY_CORE}.tar.gz
cd /opt/mod && tar xf v${JAMMY_VERSION_NGX_RESTY_CORE}.tar.gz && rm -Rf v${JAMMY_VERSION_NGX_RESTY_CORE}.tar.gz
cd /opt/mod/lua-resty-core-${JAMMY_VERSION_NGX_RESTY_CORE} && make install PREFIX=${LUA_SCRIPTS}
cd /opt/mod && wget https://github.com/openresty/lua-resty-lrucache/archive/refs/tags/v${JAMMY_VERSION_NGX_RESTY_LRUCACHE}.tar.gz
cd /opt/mod && tar xf v${JAMMY_VERSION_NGX_RESTY_LRUCACHE}.tar.gz && rm -Rf v${JAMMY_VERSION_NGX_RESTY_LRUCACHE}.tar.gz
cd /opt/mod/lua-resty-lrucache-${JAMMY_VERSION_NGX_RESTY_LRUCACHE} && make install PREFIX=${LUA_SCRIPTS}
cd /opt/mod && wget https://github.com/PCRE2Project/pcre2/archive/refs/tags/pcre2-${JAMMY_PCRE}.tar.gz
cd /opt/mod && tar xf pcre2-${JAMMY_PCRE}.tar.gz; rm -Rf pcre2-${JAMMY_PCRE}.tar.gz
cd /opt/mod/pcre2-pcre2-${JAMMY_PCRE} && ./autogen.sh
#cd /opt/mod/pcre2-pcre2-${JAMMY_PCRE} && ./configure --prefix=/usr/local/pcre2_${JAMMY_PCRE} && make -j`nproc` && make install
cd /opt/mod && wget https://github.com/openssl/openssl/archive/refs/tags/openssl-${JAMMY_OPENSSL}.tar.gz
cd /opt/mod && tar xf openssl-${JAMMY_OPENSSL}.tar.gz; rm -Rf openssl-${JAMMY_OPENSSL}.tar.gz
#cd /opt/mod/openssl-OpenSSL_${JAMMY_OPENSSL} && ./config --prefix=/usr/local/openssl_${JAMMY_OPENSSL} && make -j`nproc` && make install
cd /opt/mod && wget http://zlib.net/zlib-${JAMMY_ZLIB}.tar.gz
cd /opt/mod && tar xf zlib-${JAMMY_ZLIB}.tar.gz; rm -Rf zlib-${JAMMY_ZLIB}.tar.gz
#cd /opt/mod/zlib-${JAMMY_ZLIB} && ./configure --prefix=/usr/local/zlib-${JAMMY_ZLIB} && make -j`nproc` && make install
# Nginx
cd /opt/ && wget https://nginx.org/download/nginx-${JAMMY_VERSION_NGINX}.tar.gz && tar xf nginx-${JAMMY_VERSION_NGINX}.tar.gz && rm -Rf nginx-${JAMMY_VERSION_NGINX}.tar.gz
cd /opt/nginx-${JAMMY_VERSION_NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch
cd /opt/nginx-${JAMMY_VERSION_NGINX} && ./configure --with-compat \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-openssl=/opt/mod/openssl-openssl-${JAMMY_OPENSSL} \
--with-pcre \
--with-pcre=/opt/mod/pcre2-pcre2-${JAMMY_PCRE} \
--with-zlib=/opt/mod/zlib-${JAMMY_ZLIB} \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-http_v2_hpack_enc \
--with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
--with-ld-opt="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie"
cd /opt/nginx-${JAMMY_VERSION_NGINX} && make -j`nproc`
cd /opt/nginx-${JAMMY_VERSION_NGINX} && make install
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Jammy/nginx.service > /lib/systemd/system/nginx.service
rm -Rf /nginx/*.default
# Download Dynamic Modules
mkdir -p /nginx/modules; mkdir -p /tmp
cd /tmp && wget https://github.com/theraw/The-World-Is-Yours/archive/refs/heads/master.zip; unzip master.zip; rm -Rf master.zip; cp -a /tmp/The-World-Is-Yours-master/static/Jammy/mod/*.so /nginx/modules/; rm -Rf /tmp/The-World-Is-Yours-master
# Fixes
mkdir -p /nginx/modsec
curl -s https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules > /nginx/modsec/naxi.core
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/l7.conf > /nginx/modsec/l7.conf
curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Jammy/nginx.conf > /nginx/nginx.conf
mkdir -p /nginx/live/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/default > /nginx/live/default
mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html
mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js
# Start
unset NGINX
killall nginx
useradd nginx && usermod -s /bin/false nginx
systemctl enable nginx
systemctl daemon-reload
systemctl enable nginx
systemctl stop nginx
systemctl start nginx
;;
esac
static/Focal/mod/Builder.sh
-177
View File
@@ -1,177 +0,0 @@
#!/bin/bash
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/version > /tmp/version; source /tmp/version
sudo apt-get install libpcre2-dev mercurial -y; mkdir -p /opt/mod
if [ ! -d /opt/mod/ngx_devel_kit-${NGX_DEVEL_KIT} ]; then
cd /opt/mod/; wget https://github.com/vision5/ngx_devel_kit/archive/refs/tags/v${NGX_DEVEL_KIT}.tar.gz
cd /opt/mod/; tar xf v${NGX_DEVEL_KIT}.tar.gz; rm -Rf v${NGX_DEVEL_KIT}.tar.gz
fi
if [ ! -d /opt/mod/incubator-pagespeed-ngx-${NGX_PAGESPEED}-stable ]; then
cd /opt/mod/; wget https://github.com/apache/incubator-pagespeed-ngx/archive/refs/tags/v${NGX_PAGESPEED}-stable.tar.gz
cd /opt/mod/; tar xf v${NGX_PAGESPEED}-stable.tar.gz; rm -Rf v${NGX_PAGESPEED}-stable.tar.gz
cd /opt/mod/incubator-pagespeed-ngx-${NGX_PAGESPEED}-stable; wget https://dl.google.com/dl/page-speed/psol/${NGX_PAGESPEED_PSOL}.tar.gz; tar xf ${NGX_PAGESPEED_PSOL}.tar.gz; rm -Rf tar xf ${NGX_PAGESPEED_PSOL}.tar.gz
fi
if [ ! -d /opt/mod/ngx_http_geoip2_module-${NGX_GEOIP2} ]; then
cd /opt/mod/; wget https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/${NGX_GEOIP2}.tar.gz
cd /opt/mod/; tar xf ${NGX_GEOIP2}.tar.gz; rm -Rf ${NGX_GEOIP2}.tar.gz
fi
if [ ! -d /opt/mod/ModSecurity-nginx-${NGX_MODSECURITY} ]; then
cd /opt/mod/; wget https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${NGX_MODSECURITY}.tar.gz
cd /opt/mod/; tar xf v${NGX_MODSECURITY}.tar.gz; rm -Rf v${NGX_MODSECURITY}.tar.gz
fi
if [ ! -d /opt/mod/nginx-http-flv-module-${NGX_HTTP_FLV} ]; then
cd /opt/mod/; wget https://github.com/winshining/nginx-http-flv-module/archive/refs/tags/v${NGX_HTTP_FLV}.tar.gz
cd /opt/mod/; tar xf v${NGX_HTTP_FLV}.tar.gz; rm -Rf v${NGX_HTTP_FLV}.tar.gz
fi
if [ ! -d /opt/mod/headers-more-nginx-module-${NGX_HEADERS_MORE} ]; then
cd /opt/mod/; wget https://github.com/openresty/headers-more-nginx-module/archive/refs/tags/v${NGX_HEADERS_MORE}.tar.gz
cd /opt/mod/; tar xf v${NGX_HEADERS_MORE}.tar.gz; rm -Rf v${NGX_HEADERS_MORE}.tar.gz
fi
if [ ! -d /opt/mod/lua-nginx-module-${NGX_LUA} ]; then
cd /opt/mod/; wget https://github.com/openresty/lua-nginx-module/archive/refs/tags/v${NGX_LUA}.tar.gz
cd /opt/mod/; tar xf v${NGX_LUA}.tar.gz; rm -Rf v${NGX_LUA}.tar.gz
fi
if [ ! -d /opt/mod/set-misc-nginx-module-${NGX_SET_MISC} ]; then
cd /opt/mod/; wget https://github.com/openresty/set-misc-nginx-module/archive/refs/tags/v${NGX_SET_MISC}.tar.gz
cd /opt/mod/; tar xf v${NGX_SET_MISC}.tar.gz; rm -Rf v${NGX_SET_MISC}.tar.gz
fi
if [ ! -d /opt/mod/testcookie ]; then
cd /opt/mod/; git clone https://github.com/kyprizel/testcookie-nginx-module.git testcookie
fi
if [ ! -d /opt/mod/ngx_brotli ]; then
cd /opt/mod/; git clone https://github.com/google/ngx_brotli.git ngx_brotli; cd /opt/mod/ngx_brotli && git submodule update --init
fi
if [ ! -d /opt/mod/naxsi ]; then
cd /opt/mod/; git clone --recurse-submodules https://github.com/wargio/naxsi.git naxsi
fi
if [ ! -d /opt/mod/pcre2-pcre2-${FOCAL_PCRE} ]; then
cd /opt/mod && wget https://github.com/PCRE2Project/pcre2/archive/refs/tags/pcre2-${FOCAL_PCRE}.tar.gz
cd /opt/mod && tar xf pcre2-${FOCAL_PCRE}.tar.gz; rm -Rf pcre2-${FOCAL_PCRE}.tar.gz
cd /opt/mod/pcre2-pcre2-${FOCAL_PCRE} && ./autogen.sh
fi
if [ ! -d /opt/mod/openssl-OpenSSL_${FOCAL_OPENSSL} ]; then
cd /opt/mod && wget https://github.com/openssl/openssl/archive/refs/tags/OpenSSL_${FOCAL_OPENSSL}.tar.gz
cd /opt/mod && tar xf OpenSSL_${FOCAL_OPENSSL}.tar.gz; rm -Rf OpenSSL_${FOCAL_OPENSSL}.tar.gz
fi
if [ ! -d /opt/mod/zlib-${FOCAL_ZLIB} ]; then
cd /opt/mod && wget http://zlib.net/zlib-${FOCAL_ZLIB}.tar.gz
cd /opt/mod && tar xf zlib-${FOCAL_ZLIB}.tar.gz; rm -Rf zlib-${FOCAL_ZLIB}.tar.gz
fi
rm -Rf /opt/nginx-${FOCAL_VERSION_NGINX}; cd /opt/; wget https://nginx.org/download/nginx-${FOCAL_VERSION_NGINX}.tar.gz; tar xf nginx-${FOCAL_VERSION_NGINX}.tar.gz; rm -Rf nginx-${FOCAL_VERSION_NGINX}.tar.gz
cd /opt/nginx-${FOCAL_VERSION_NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch
cd /opt/nginx-${FOCAL_VERSION_NGINX}/
LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" ./configure --with-compat \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-openssl=/opt/mod/openssl-OpenSSL_${FOCAL_OPENSSL} \
--with-pcre \
--with-pcre=/opt/mod/pcre2-pcre2-${FOCAL_PCRE} \
--with-zlib=/opt/mod/zlib-${FOCAL_ZLIB} \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-http_v2_hpack_enc \
--with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
--with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" \
--add-dynamic-module=/opt/mod/ngx_devel_kit-${NGX_DEVEL_KIT} \
--add-dynamic-module=/opt/mod/ModSecurity-nginx-${NGX_MODSECURITY} \
--add-dynamic-module=/opt/mod/headers-more-nginx-module-${NGX_HEADERS_MORE} \
--add-dynamic-module=/opt/mod/incubator-pagespeed-ngx-${NGX_PAGESPEED}-stable \
--add-dynamic-module=/opt/mod/naxsi/naxsi_src \
--add-dynamic-module=/opt/mod/nginx-http-flv-module-${NGX_HTTP_FLV} \
--add-dynamic-module=/opt/mod/ngx_brotli \
--add-dynamic-module=/opt/mod/ngx_http_geoip2_module-${NGX_GEOIP2} \
--add-dynamic-module=/opt/mod/set-misc-nginx-module-${NGX_SET_MISC} \
--add-dynamic-module=/opt/mod/testcookie
make -j`nproc` modules
rm -Rf /nginx/modules/*.so; cp /opt/nginx-${FOCAL_VERSION_NGINX}/objs/*.so /nginx/modules/
cd /opt/nginx-${FOCAL_VERSION_NGINX}/
LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" ./configure --with-compat \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-openssl=/opt/mod/openssl-OpenSSL_${FOCAL_OPENSSL} \
--with-zlib=/opt/mod/zlib-${FOCAL_ZLIB} \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-http_v2_hpack_enc \
--with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
--with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -lpcre" \
--add-dynamic-module=/opt/mod/ngx_devel_kit-${NGX_DEVEL_KIT} \
--add-dynamic-module=/opt/mod/lua-nginx-module-${NGX_LUA}
make -j`nproc` modules
cp /opt/nginx-${FOCAL_VERSION_NGINX}/objs/*.so /nginx/modules/
static/Focal/mod/ndk_http_module.so
BIN
View File
Binary file not shown.
static/Focal/mod/ngx_http_brotli_filter_module.so
BIN
View File
Binary file not shown.
static/Focal/mod/ngx_http_brotli_static_module.so
BIN
View File
Binary file not shown.
static/Focal/mod/ngx_http_flv_live_module.so
BIN
View File
Binary file not shown.
static/Focal/mod/ngx_http_geoip2_module.so
BIN
View File
Binary file not shown.
static/Focal/mod/ngx_http_headers_more_filter_module.so
BIN
View File
Binary file not shown.
static/Focal/mod/ngx_http_lua_module.so
BIN
View File
Binary file not shown.
static/Focal/mod/ngx_http_modsecurity_module.so
BIN
View File
Binary file not shown.
static/Focal/mod/ngx_http_naxsi_module.so
BIN
View File
Binary file not shown.
static/Focal/mod/ngx_http_set_misc_module.so
BIN
View File
Binary file not shown.
static/Focal/mod/ngx_http_testcookie_access_module.so
BIN
View File
Binary file not shown.
static/Focal/mod/ngx_pagespeed.so
BIN
View File
Binary file not shown.
static/Focal/mod/ngx_stream_geoip2_module.so
BIN
View File
Binary file not shown.
static/Jammy/mod/Builder.sh
-177
View File
@@ -1,177 +0,0 @@
#!/bin/bash
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/version > /tmp/version; source /tmp/version
sudo apt-get install libpcre2-dev mercurial -y; mkdir -p /opt/mod
if [ ! -d /opt/mod/ngx_devel_kit-${NGX_DEVEL_KIT} ]; then
cd /opt/mod/; wget https://github.com/vision5/ngx_devel_kit/archive/refs/tags/v${NGX_DEVEL_KIT}.tar.gz
cd /opt/mod/; tar xf v${NGX_DEVEL_KIT}.tar.gz; rm -Rf v${NGX_DEVEL_KIT}.tar.gz
fi
if [ ! -d /opt/mod/incubator-pagespeed-ngx-${NGX_PAGESPEED}-stable ]; then
cd /opt/mod/; wget https://github.com/apache/incubator-pagespeed-ngx/archive/refs/tags/v${NGX_PAGESPEED}-stable.tar.gz
cd /opt/mod/; tar xf v${NGX_PAGESPEED}-stable.tar.gz; rm -Rf v${NGX_PAGESPEED}-stable.tar.gz
cd /opt/mod/incubator-pagespeed-ngx-${NGX_PAGESPEED}-stable; wget https://dl.google.com/dl/page-speed/psol/${NGX_PAGESPEED_PSOL}.tar.gz; tar xf ${NGX_PAGESPEED_PSOL}.tar.gz; rm -Rf tar xf ${NGX_PAGESPEED_PSOL}.tar.gz
fi
if [ ! -d /opt/mod/ngx_http_geoip2_module-${NGX_GEOIP2} ]; then
cd /opt/mod/; wget https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/${NGX_GEOIP2}.tar.gz
cd /opt/mod/; tar xf ${NGX_GEOIP2}.tar.gz; rm -Rf ${NGX_GEOIP2}.tar.gz
fi
if [ ! -d /opt/mod/ModSecurity-nginx-${NGX_MODSECURITY} ]; then
cd /opt/mod/; wget https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${NGX_MODSECURITY}.tar.gz
cd /opt/mod/; tar xf v${NGX_MODSECURITY}.tar.gz; rm -Rf v${NGX_MODSECURITY}.tar.gz
fi
if [ ! -d /opt/mod/nginx-http-flv-module-${NGX_HTTP_FLV} ]; then
cd /opt/mod/; wget https://github.com/winshining/nginx-http-flv-module/archive/refs/tags/v${NGX_HTTP_FLV}.tar.gz
cd /opt/mod/; tar xf v${NGX_HTTP_FLV}.tar.gz; rm -Rf v${NGX_HTTP_FLV}.tar.gz
fi
if [ ! -d /opt/mod/headers-more-nginx-module-${NGX_HEADERS_MORE} ]; then
cd /opt/mod/; wget https://github.com/openresty/headers-more-nginx-module/archive/refs/tags/v${NGX_HEADERS_MORE}.tar.gz
cd /opt/mod/; tar xf v${NGX_HEADERS_MORE}.tar.gz; rm -Rf v${NGX_HEADERS_MORE}.tar.gz
fi
if [ ! -d /opt/mod/lua-nginx-module-${NGX_LUA} ]; then
cd /opt/mod/; wget https://github.com/openresty/lua-nginx-module/archive/refs/tags/v${NGX_LUA}.tar.gz
cd /opt/mod/; tar xf v${NGX_LUA}.tar.gz; rm -Rf v${NGX_LUA}.tar.gz
fi
if [ ! -d /opt/mod/set-misc-nginx-module-${NGX_SET_MISC} ]; then
cd /opt/mod/; wget https://github.com/openresty/set-misc-nginx-module/archive/refs/tags/v${NGX_SET_MISC}.tar.gz
cd /opt/mod/; tar xf v${NGX_SET_MISC}.tar.gz; rm -Rf v${NGX_SET_MISC}.tar.gz
fi
if [ ! -d /opt/mod/testcookie ]; then
cd /opt/mod/; git clone https://github.com/kyprizel/testcookie-nginx-module.git testcookie
fi
if [ ! -d /opt/mod/ngx_brotli ]; then
cd /opt/mod/; git clone https://github.com/google/ngx_brotli.git ngx_brotli; cd /opt/mod/ngx_brotli && git submodule update --init
fi
if [ ! -d /opt/mod/naxsi ]; then
cd /opt/mod/; git clone --recurse-submodules https://github.com/wargio/naxsi.git naxsi
fi
if [ ! -d /opt/mod/pcre2-pcre2-${JAMMY_PCRE} ]; then
cd /opt/mod && wget https://github.com/PCRE2Project/pcre2/archive/refs/tags/pcre2-${JAMMY_PCRE}.tar.gz
cd /opt/mod && tar xf pcre2-${JAMMY_PCRE}.tar.gz; rm -Rf pcre2-${JAMMY_PCRE}.tar.gz
cd /opt/mod/pcre2-pcre2-${JAMMY_PCRE} && ./autogen.sh
fi
if [ ! -d /opt/mod/openssl-openssl-${JAMMY_OPENSSL} ]; then
cd /opt/mod && wget https://github.com/openssl/openssl/archive/refs/tags/openssl-${JAMMY_OPENSSL}.tar.gz
cd /opt/mod && tar xf openssl-${JAMMY_OPENSSL}.tar.gz; rm -Rf openssl-${JAMMY_OPENSSL}.tar.gz
fi
if [ ! -d /opt/mod/zlib-${JAMMY_ZLIB} ]; then
cd /opt/mod && wget http://zlib.net/zlib-${JAMMY_ZLIB}.tar.gz
cd /opt/mod && tar xf zlib-${JAMMY_ZLIB}.tar.gz; rm -Rf zlib-${JAMMY_ZLIB}.tar.gz
fi
rm -Rf /opt/nginx-${JAMMY_VERSION_NGINX}; cd /opt/; wget https://nginx.org/download/nginx-${JAMMY_VERSION_NGINX}.tar.gz; tar xf nginx-${JAMMY_VERSION_NGINX}.tar.gz; rm -Rf nginx-${JAMMY_VERSION_NGINX}.tar.gz
cd /opt/nginx-${JAMMY_VERSION_NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch
cd /opt/nginx-${JAMMY_VERSION_NGINX}/
LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" ./configure --with-compat \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-openssl=/opt/mod/openssl-openssl-${JAMMY_OPENSSL} \
--with-pcre \
--with-pcre=/opt/mod/pcre2-pcre2-${JAMMY_PCRE} \
--with-zlib=/opt/mod/zlib-${JAMMY_ZLIB} \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-http_v2_hpack_enc \
--with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
--with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie" \
--add-dynamic-module=/opt/mod/ngx_devel_kit-${NGX_DEVEL_KIT} \
--add-dynamic-module=/opt/mod/ModSecurity-nginx-${NGX_MODSECURITY} \
--add-dynamic-module=/opt/mod/headers-more-nginx-module-${NGX_HEADERS_MORE} \
--add-dynamic-module=/opt/mod/incubator-pagespeed-ngx-${NGX_PAGESPEED}-stable \
--add-dynamic-module=/opt/mod/naxsi/naxsi_src \
--add-dynamic-module=/opt/mod/nginx-http-flv-module-${NGX_HTTP_FLV} \
--add-dynamic-module=/opt/mod/ngx_brotli \
--add-dynamic-module=/opt/mod/ngx_http_geoip2_module-${NGX_GEOIP2} \
--add-dynamic-module=/opt/mod/set-misc-nginx-module-${NGX_SET_MISC} \
--add-dynamic-module=/opt/mod/testcookie
make -j`nproc` modules
rm -Rf /nginx/modules/*.so; cp /opt/nginx-${JAMMY_VERSION_NGINX}/objs/*.so /nginx/modules/
cd /opt/nginx-${JAMMY_VERSION_NGINX}/
LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" ./configure --with-compat \
--user=nginx \
--group=nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-openssl=/opt/mod/openssl-openssl-${JAMMY_OPENSSL} \
--with-zlib=/opt/mod/zlib-${JAMMY_ZLIB} \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-http_v2_hpack_enc \
--with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
--with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -lpcre" \
--add-dynamic-module=/opt/mod/ngx_devel_kit-${NGX_DEVEL_KIT} \
--add-dynamic-module=/opt/mod/lua-nginx-module-${NGX_LUA}
make -j`nproc` modules
cp /opt/nginx-${JAMMY_VERSION_NGINX}/objs/*.so /nginx/modules/
static/Jammy/mod/ndk_http_module.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_brotli_filter_module.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_brotli_static_module.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_flv_live_module.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_geoip2_module.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_headers_more_filter_module.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_lua_module.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_modsecurity_module.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_naxsi_module.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_set_misc_module.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_http_testcookie_access_module.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_pagespeed.so
BIN
View File
Binary file not shown.
static/Jammy/mod/ngx_stream_geoip2_module.so
BIN
View File
Binary file not shown.
static/Jammy/nginx.conf
-81
View File
@@ -1,81 +0,0 @@
# Suggestions? => https://github.com/theraw/The-World-Is-Yours/issues
# Problems? => https://github.com/theraw/The-World-Is-Yours/issues
user nginx;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;
load_module /nginx/modules/ndk_http_module.so;
load_module /nginx/modules/ngx_http_lua_module.so;
load_module /nginx/modules/ngx_http_naxsi_module.so;
load_module /nginx/modules/ngx_http_modsecurity_module.so;
load_module /nginx/modules/ngx_http_testcookie_access_module.so;
events {
multi_accept on;
use epoll;
worker_connections 65535;
}
http {
# ////////////////////////////////////////////////////// #
# =================== LOAD LUA ========================= #
lua_package_path "/usr/twiylua/lib/lua/?.lua;;";
# =================== END LUA ========================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# =================== LOAD L7 ========================== #
include modsec/l7.conf;
# =================== END L7 =========================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== LOGS =========================== #
log_format main '$remote_addr |==| $status |==| $request |==| $time_local';
# =================== END LOGS ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== GENERAL ========================= #
client_body_buffer_size 2M;
client_header_buffer_size 2M;
client_body_timeout 90s;
client_header_timeout 90s;
client_max_body_size 2M;
keepalive_timeout 15s;
port_in_redirect off;
sendfile on;
server_names_hash_bucket_size 6969;
server_name_in_redirect off;
server_tokens off;
tcp_nodelay on;
tcp_nopush on;
types_hash_max_size 2048;
resolver 8.8.8.8 8.8.4.4;
default_type application/octet-stream;
include /nginx/mime.types;
# =================== END GENERAL ====================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== BACKENDS ======================== #
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Example Of Backend
#upstream varnish {
# zone tcp_servers 64k;
# server 10.10.10.39:80;
#}
# =================== END BACKENDS ===================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ================ LOAD VHOST +CONFIGS ================= #
include live/*;
include modsec/naxi.core;
# =================== END CONFIGS ====================== #
# ////////////////////////////////////////////////////// #
}
static/index.html
+1 -1
View File
@@ -1,5 +1,5 @@
<html> <html>
<center><h1>NGINX-AS-WEB-FIREWALL Default Page!?</h1></center> <center><h1>Congratulations</h1></center>
<center><h2>If you can see this that means your installation was successful!</h2></center> <center><h2>If you can see this that means your installation was successful!</h2></center>
<center><h2>Thank You For Using This Project, For Issues or suggestion Post them on <a href="https://github.com/theraw/The-World-Is-Yours" target="_blank">(Github)</a></h2></center> <center><h2>Thank You For Using This Project, For Issues or suggestion Post them on <a href="https://github.com/theraw/The-World-Is-Yours" target="_blank">(Github)</a></h2></center>
</html> </html>
static/default → static/nginx/live/default
+8
View File
@@ -23,9 +23,17 @@
index index.html index.htm; index index.html index.htm;
} }
location /lua-test {
default_type 'text/plain';
content_by_lua_block {
ngx.say('Hello, world!')
}
}
location /denied/ { location /denied/ {
return 403; return 403;
} }
#error_page 404 /404.html; #error_page 404 /404.html;
# redirect server error pages to the static page /50x.html # redirect server error pages to the static page /50x.html
static/Focal/nginx.conf → static/nginx/nginx.conf
+5 -29
View File
@@ -5,12 +5,6 @@ pid /var/run/nginx.pid;
worker_processes auto; worker_processes auto;
worker_rlimit_nofile 65535; worker_rlimit_nofile 65535;
load_module /nginx/modules/ndk_http_module.so;
load_module /nginx/modules/ngx_http_lua_module.so;
load_module /nginx/modules/ngx_http_naxsi_module.so;
load_module /nginx/modules/ngx_http_modsecurity_module.so;
load_module /nginx/modules/ngx_http_testcookie_access_module.so;
events { events {
multi_accept on; multi_accept on;
use epoll; use epoll;
@@ -18,25 +12,18 @@ events {
} }
http { http {
# ////////////////////////////////////////////////////// #
# =================== LOAD LUA ========================= # # =================== LOAD LUA ========================= #
lua_package_path "/usr/twiylua/lib/lua/?.lua;;"; lua_package_path "/usr/nginx_lua/lib/lua/?.lua";
# =================== END LUA ========================== # # =================== END LUA ========================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# =================== LOAD L7 ========================== # # =================== LOAD L7 ========================== #
include modsec/l7.conf; include modsec/l7.conf;
# =================== END L7 =========================== # # =================== END L7 =========================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== LOGS =========================== # # ===================== LOGS =========================== #
log_format main '$remote_addr |==| $status |==| $request |==| $time_local'; log_format main 'DATE: $time_local FROM: $remote_addr | STATUS: $status | TO: $request | CACHE: $upstream_cache_status | A: $http_user_agent';
# =================== END LOGS ========================= # # =================== END LOGS ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== GENERAL ========================= # # ==================== GENERAL ========================= #
client_body_buffer_size 2M; client_body_buffer_size 2M;
client_header_buffer_size 2M; client_header_buffer_size 2M;
@@ -52,30 +39,19 @@ http {
tcp_nodelay on; tcp_nodelay on;
tcp_nopush on; tcp_nopush on;
types_hash_max_size 2048; types_hash_max_size 2048;
resolver 8.8.8.8 8.8.4.4; resolver 1.1.1.1 1.0.0.1;
default_type application/octet-stream; default_type application/octet-stream;
include /nginx/mime.types; include /nginx/mime.types;
# =================== END GENERAL ====================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== BACKENDS ======================== #
map $http_upgrade $connection_upgrade { map $http_upgrade $connection_upgrade {
default upgrade; default upgrade;
'' close; '' close;
} }
# Example Of Backend # =================== END GENERAL ====================== #
#upstream varnish {
# zone tcp_servers 64k;
# server 10.10.10.39:80;
#}
# =================== END BACKENDS ===================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ================ LOAD VHOST +CONFIGS ================= # # ================ LOAD VHOST +CONFIGS ================= #
include live/*; include live/*;
include conf.d/*;
include modsec/naxi.core; include modsec/naxi.core;
# =================== END CONFIGS ====================== # # =================== END CONFIGS ====================== #
# ////////////////////////////////////////////////////// #
} }
version
+48 -31
View File
@@ -1,34 +1,51 @@
#!/bin/bash export NGINX="1.26.0"
#unless custom use default
export NGINX="1.22.1"
export LUA_SCRIPTS="/usr/twiylua/"
export FOCAL_VERSION_NGINX="1.22.1" export LUA_SCRIPTS="/usr/nginx_lua/"
export FOCAL_VERSION_LUA="2.1-20220915"
export FOCAL_VERSION_NGX_LUA="0.10.22"
export FOCAL_VERSION_NGX_RESTY_CORE="0.1.24"
export FOCAL_VERSION_NGX_RESTY_LRUCACHE="0.13"
export FOCAL_VERSION_NGX_MODSECURITY="3.0.8"
export FOCAL_PCRE="10.42"
export FOCAL_OPENSSL="1_1_1f"
export FOCAL_ZLIB="1.2.13"
export JAMMY_VERSION_NGINX="1.22.1" # https://github.com/openresty/lua-nginx-module/tags
export JAMMY_VERSION_LUA="2.1-20220915" export NGX_MOD_LUA="0.10.26"
export JAMMY_VERSION_NGX_LUA="0.10.22"
export JAMMY_VERSION_NGX_RESTY_CORE="0.1.24"
export JAMMY_VERSION_NGX_RESTY_LRUCACHE="0.13"
export JAMMY_VERSION_NGX_MODSECURITY="3.0.8"
export JAMMY_PCRE="10.42"
export JAMMY_OPENSSL="3.0.2"
export JAMMY_ZLIB="1.2.13"
export NGX_DEVEL_KIT="0.3.2" # https://github.com/vision5/ngx_devel_kit/tags
export NGX_PAGESPEED="1.13.35.2" export NGX_MOD_DEVELKIT="0.3.3"
export NGX_PAGESPEED_PSOL="1.13.35.2-x64"
export NGX_GEOIP2="3.4" # https://github.com/leev/ngx_http_geoip2_module/releases
export NGX_MODSECURITY="1.0.3" export NGX_MOD_GEOIP2="3.4"
export NGX_HTTP_FLV="1.2.10"
export NGX_HEADERS_MORE="0.34" # https://github.com/owasp-modsecurity/ModSecurity-nginx/releases
export NGX_LUA="0.10.22" export NGX_MOD_MODSECURITY="1.0.3"
export NGX_SET_MISC="0.33"
# https://github.com/winshining/nginx-http-flv-module/releases
export NGX_MOD_HTTPFLV="1.2.11"
# https://github.com/openresty/headers-more-nginx-module/tags
export NGX_MOD_HEADERS_MORE="0.37"
# https://github.com/openresty/set-misc-nginx-module/releases
export NGX_MOD_SETMISC="0.33"
# https://github.com/openresty/lua-resty-core/tags
export LUA_SCRIPTS_RESTYCORE="0.1.28"
# https://github.com/openresty/lua-resty-lrucache/tags
export LUA_SCRIPTS_LRUCACHE="0.13"
# https://github.com/openresty/luajit2/tags
export SYSTEM_LUAJIT="2.1-20231117"
# https://github.com/PCRE2Project/pcre2/releases
export SYSTEM_PCRE="10.43"
# https://github.com/openssl/openssl
export SYSTEM_OPENSSL="3.1.5-quic1"
# https://github.com/SpiderLabs/ModSecurity/releases
export SYSTEM_MODSECURITY="3.0.12"
# https://github.com/openresty/lua-resty-mysql/tags
export NGX_MOD_LUA_MYSQL="0.27"
# https://github.com/openresty/lua-resty-lock/tags
export NGX_MOD_LUA_LOCK="0.09"
# https://github.com/openresty/srcache-nginx-module/tags
export NGX_MOD_LUA_SRCACHE="0.33"