My primary driving reason for considering the deployment of Nginx from source
is to use ModSecurity WAF with Nginx. I'm under the impression that it's much
easier to use ModSecurity with Nginx when compiled from source.
If ModSecurity is the issue ...
There are old instructions easily found ON the nginx.com site,
https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/
for building it as a dynamic module, which can be separately built and added to
a packaged nginx build. not required to rebuild/repackage/reinstall nginx
itself. of course, you need to match source version to your pkg'd version.
but note, NGINX is dumping ... er ... Transitioning to End-of-Life ...
ModSecurity support,
F5 NGINX ModSecurity WAF Is Transitioning to End-of-Life
https://www.nginx.com/blog/f5-nginx-modsecurity-waf-transitioning-to-eol/
and that ModSecurity itself is on its way out,
Talking about ModSecurity and the new Coraza WAF
https://coreruleset.org/20211222/talking-about-modsecurity-and-the-new-coraza-waf/
but not quite dead yet. in the interim, there's ModSecurity v3/master
https://github.com/SpiderLabs/ModSecurity
, with a new architecture, and a specific Nginx connector
https://github.com/SpiderLabs/ModSecurity-nginx
which can, similarly to the above, be built/added as a dynamic module, and
still works well enough.
and here's a useful tutorial for setting up Nginx + LibModsecurity
Configure LibModsecurity with Nginx on CentOS 8
https://kifarunix.com/configure-libmodsecurity-with-nginx-on-centos-8/
_______________________________________________
nginx mailing list -- [email protected]
To unsubscribe send an email to [email protected]
