由于宝塔的Nginx添加第三方模块的程序有些玄学问题
总是会丢一些参数导致无法正常安装,所以才有这篇经过我2天的折腾总结出来的教程
首先非常感谢ngx_waf及其作者ADD-SP,也正是在作者的协助下我才完成了安装。
此教程安装环境为 Centos7 aaPanel Linux panel 6.8.12 Nginx1.19.8
安装过程
- 安装宝塔,并且安装Nginx,选择编译安装
- 安装同时准备ngx_waf需要的软件
yum -y update
yum -y install libtool
yum -y install https://archives.fedoraproject.org/pub/archive/fedora/linux/updates/23/x86_64/b/bison-3.0.4-3.fc23.x86_64.rpm
yum -y install gcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel pcre-devel git libcurl libcurl-devel
cd /usr/local/src
git clone https://github.com/jedisct1/libsodium.git --branch stable
cd libsodium
./configure --prefix=/usr/local/libsodium --with-pic
make
make install
# 安装 libmaxminddb
cd /usr/local/src
wget https://github.com/maxmind/libmaxminddb/releases/download/1.6.0/libmaxminddb-1.6.0.tar.gz -O libmaxminddb.tar.gz
mkdir libmaxminddb
tar -zxf "libmaxminddb.tar.gz" -C libmaxminddb --strip-components=1
cd libmaxminddb
./configure --prefix=/usr/local/libmaxminddb
make
make install
# 安装 ModSecurity v3
cd /usr/local/src
git clone -b v3.0.6 https://github.com/SpiderLabs/ModSecurity.git
cd ModSecurity
chmod +x build.sh
./build.sh
git submodule init
git submodule update
./configure --prefix=/usr/local/modsecurity --with-maxmind=/usr/local/libmaxminddb
make
make install
3.通过shell引入环境变量
export LIB_UTHASH=/www/server/nginx/src/uthash
export LIB_SODIUM=/usr/local/libsodium
export LIB_MODSECURITY=/usr/local/modsecurity
- 在宝塔Nginx安装完成后,下载ngx_waf源码(此处为Current 版)
cd /www/server/nginx/src
git clone -b current https://github.com/ADD-SP/ngx_waf.git
rm -rf /usr/local/src/ngx_waf
cp -r ngx_waf /usr/local/src/ngx_waf
cd ngx_waf
git clone -b v1.7.15 https://github.com/DaveGamble/cJSON.git lib/cjson
git clone -b v2.3.0 https://github.com/troydhanson/uthash.git lib/uthash
cd /www/server/nginx/src
切换目录,开始配置
运行nginx -V
记录configure arguments:
后的所有内容
下文中将使用ARG
来代替这块内容
运行
./configure ARG --add-module=/www/server/nginx/src/ngx_waf --with-cc-opt='-std=gnu99 -Wno-sign-compare -Wno-error'
#编译
make
#停止Nginx
service nginx stop
#移除原Nginx
rm -rf /www/server/nginx/sbin/nginx
#复制新的Nginx
cp /www/server/nginx/src/objs/nginx /www/server/nginx/sbin/
#启动Nginx
service nginx start
#查看是否已编译新的模块 --add-module=/www/server/nginx/src/ngx_waf
nginx -V
其他更多说明参考作者文档https://docs.addesp.com/ngx_waf/zh-cn/
Comments | NOTHING