diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default index ba6913b..ac66cc2 100644 --- a/etc/nginx/sites-available/default +++ b/etc/nginx/sites-available/default @@ -172,8 +172,8 @@ server { location /lcp { try_files $uri $uri/ /index.php?$args; - # Uncomment to enable naxsi on this location - #include /etc/nginx/naxsi.rules; + # Uncomment to enable naxsi WAF. + #include /etc/nginx/includes/naxsi.rules; # Uncomment to enable auto index #autoindex on; diff --git a/etc/nginx/sites-available/default-ssl b/etc/nginx/sites-available/default-ssl index 8b51e75..00a0deb 100644 --- a/etc/nginx/sites-available/default-ssl +++ b/etc/nginx/sites-available/default-ssl @@ -180,8 +180,8 @@ server { location /lcp { try_files $uri $uri/ /index.php?$args; - # Uncomment to enable naxsi on this location - #include /etc/nginx/naxsi.rules; + # Uncomment to enable naxsi WAF. + #include /etc/nginx/includes/naxsi.rules; # Uncomment to enable auto index #autoindex on; diff --git a/etc/nginx/vhost/site_boxbilling.conf b/etc/nginx/vhost/site_boxbilling.conf index 36ab6ea..ce63f99 100644 --- a/etc/nginx/vhost/site_boxbilling.conf +++ b/etc/nginx/vhost/site_boxbilling.conf @@ -6,11 +6,8 @@ try_files $uri $uri/ @rewrite; location @rewrite { rewrite ^/(.*)$ /index.php?_url=/$1; - # Uncomment to enable CORS. - #include /etc/nginx/includes/cors.conf - # Uncomment to enable naxsi WAF. - #include /etc/nginx/naxsi.rules + #include /etc/nginx/includes/naxsi.rules # Uncomment to enable CORS widely. #include /etc/nginx/includes/cors.conf; diff --git a/etc/nginx/vhost/site_codeigniter.conf b/etc/nginx/vhost/site_codeigniter.conf index b34e1eb..025efec 100644 --- a/etc/nginx/vhost/site_codeigniter.conf +++ b/etc/nginx/vhost/site_codeigniter.conf @@ -4,8 +4,8 @@ location / { try_files $uri $uri/ /index.php?$is_args$args; - # Uncomment to enable naxsi on this location - #include /etc/nginx/naxsi.rules + # Uncomment to enable naxsi WAF. + #include /etc/nginx/includes/naxsi.rules # Uncomment to enable CORS widely. #include /etc/nginx/includes/cors.conf; diff --git a/etc/nginx/vhost/site_default.conf b/etc/nginx/vhost/site_default.conf index 3cd2105..bcad7ab 100644 --- a/etc/nginx/vhost/site_default.conf +++ b/etc/nginx/vhost/site_default.conf @@ -4,8 +4,8 @@ location / { try_files $uri $uri/ /index.php?$args; - # Uncomment to enable naxsi on this location - #include /etc/nginx/naxsi.rules + # Uncomment to enable naxsi WAF. + #include /etc/nginx/includes/naxsi.rules # Uncomment to enable CORS widely. #include /etc/nginx/includes/cors.conf; diff --git a/etc/nginx/vhost/site_drupal.conf b/etc/nginx/vhost/site_drupal.conf index 4d04bcf..bad9ed9 100644 --- a/etc/nginx/vhost/site_drupal.conf +++ b/etc/nginx/vhost/site_drupal.conf @@ -5,8 +5,8 @@ location / { # try_files $uri $uri/ @rewrite; # For Drupal <= 6 try_files $uri $uri/ /index.php?$query_string; # For Drupal >= 7 - # Uncomment to enable naxsi on this location - #include /etc/nginx/naxsi.rules + # Uncomment to enable naxsi WAF. + #include /etc/nginx/includes/naxsi.rules # Uncomment to enable CORS widely. #include /etc/nginx/includes/cors.conf; diff --git a/etc/nginx/vhost/site_laravel.conf b/etc/nginx/vhost/site_laravel.conf index 603b2dd..b9f9300 100644 --- a/etc/nginx/vhost/site_laravel.conf +++ b/etc/nginx/vhost/site_laravel.conf @@ -5,8 +5,8 @@ location / { # try to serve file directly, fallback to index.php try_files $uri $uri/ /index.php?$query_string; - # Uncomment to enable naxsi on this location - #include /etc/nginx/naxsi.rules + # Uncomment to enable naxsi WAF. + #include /etc/nginx/includes/naxsi.rules # Uncomment to enable CORS widely. #include /etc/nginx/includes/cors.conf; diff --git a/etc/nginx/vhost/site_mautic.conf b/etc/nginx/vhost/site_mautic.conf index 4ec5f50..45f1a05 100644 --- a/etc/nginx/vhost/site_mautic.conf +++ b/etc/nginx/vhost/site_mautic.conf @@ -10,8 +10,8 @@ rewrite ^/(vendor|translations|build)/.* /index.php break; location / { try_files $uri $uri/ /index.php$is_args$args; - # Uncomment to enable naxsi on this location - #include /etc/nginx/naxsi.rules + # Uncomment to enable naxsi WAF. + #include /etc/nginx/includes/naxsi.rules # Uncomment to enable CORS widely. #include /etc/nginx/includes/cors.conf; diff --git a/etc/nginx/vhost/site_phalcon.conf b/etc/nginx/vhost/site_phalcon.conf index 0e379fa..24f7e07 100644 --- a/etc/nginx/vhost/site_phalcon.conf +++ b/etc/nginx/vhost/site_phalcon.conf @@ -6,8 +6,8 @@ try_files $uri $uri/ @rewrite; location @rewrite { rewrite ^/(.*)$ /index.php?_url=/$1; - # Uncomment to enable naxsi on this location - #include /etc/nginx/naxsi.rules + # Uncomment to enable naxsi WAF. + #include /etc/nginx/includes/naxsi.rules # Uncomment to enable CORS widely. #include /etc/nginx/includes/cors.conf; diff --git a/etc/nginx/vhost/site_roundcube.conf b/etc/nginx/vhost/site_roundcube.conf index 10a6260..472c0a5 100644 --- a/etc/nginx/vhost/site_roundcube.conf +++ b/etc/nginx/vhost/site_roundcube.conf @@ -4,8 +4,8 @@ location / { try_files $uri $uri/ /index.php?$args; - # Uncomment to enable naxsi on this location - #include /etc/nginx/naxsi.rules + # Uncomment to enable naxsi WAF. + #include /etc/nginx/includes/naxsi.rules # Uncomment to enable CORS widely. #include /etc/nginx/includes/cors.conf; diff --git a/etc/nginx/vhost/site_sendy.conf b/etc/nginx/vhost/site_sendy.conf index c847ab4..398d09f 100644 --- a/etc/nginx/vhost/site_sendy.conf +++ b/etc/nginx/vhost/site_sendy.conf @@ -13,8 +13,8 @@ location / { rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; } - # Uncomment to enable naxsi on this location - #include /etc/nginx/naxsi.rules + # Uncomment to enable naxsi WAF. + #include /etc/nginx/includes/naxsi.rules # Uncomment to enable CORS widely. #include /etc/nginx/includes/cors.conf; diff --git a/etc/nginx/vhost/site_symfony.conf b/etc/nginx/vhost/site_symfony.conf index 163b33c..91e0cbe 100644 --- a/etc/nginx/vhost/site_symfony.conf +++ b/etc/nginx/vhost/site_symfony.conf @@ -5,8 +5,8 @@ location / { # try to serve file directly, fallback to app.php try_files $uri $uri/ /app.php$is_args$args; - # Uncomment to enable naxsi on this location - #include /etc/nginx/naxsi.rules + # Uncomment to enable naxsi WAF. + #include /etc/nginx/includes/naxsi.rules # Uncomment to enable CORS widely. #include /etc/nginx/includes/cors.conf; diff --git a/etc/nginx/vhost/site_wordpress.conf b/etc/nginx/vhost/site_wordpress.conf index e46ed39..2807959 100644 --- a/etc/nginx/vhost/site_wordpress.conf +++ b/etc/nginx/vhost/site_wordpress.conf @@ -4,8 +4,8 @@ location / { try_files $uri $uri/ /index.php?$args; - # Uncomment to enable naxsi on this location - #include /etc/nginx/naxsi.rules + # Uncomment to enable naxsi WAF. + #include /etc/nginx/includes/naxsi.rules # Uncomment to enable CORS widely. #include /etc/nginx/includes/cors.conf; diff --git a/scripts/install_nginx.sh b/scripts/install_nginx.sh index bdbe0c9..2fc1543 100755 --- a/scripts/install_nginx.sh +++ b/scripts/install_nginx.sh @@ -239,14 +239,12 @@ function init_nginx_install() { # Nginx Memc - An extended version of the standard memcached module. if "${NGX_HTTP_MEMCACHED}"; then - echo "Adding ngx-http-memcached module..." - #EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-http-memcached") + warning "ngx-http-memcached module is not supported." fi # NGX_HTTP_NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX. if "${NGX_HTTP_NAXSI}"; then echo "Adding ngx-http-naxsi (Web Application Firewall) module..." - #EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-http-naxsi") if [[ "${SELECTED_REPO}" == "myguard" ]]; then EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-http-naxsi") fi @@ -327,21 +325,21 @@ function init_nginx_install() { EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-mail") fi - # Nchan, pub/sub queuing server + # Nchan, pub/sub queuing server. if "${NGX_NCHAN}"; then echo "Adding ngx-nchan (Pub/Sub) module..." EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-nchan") fi # Nginx mod PageSpeed. - if "${NGX_PAGESPEED}"; then - echo "Adding ngx-pagespeed module..." - if [[ "${SELECTED_REPO}" == "myguard" ]]; then - EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-pagespeed") - else - error "{$SELECTED_REPO} doesn't have libnginx-mod-pagespeed module. Skipped..." - fi - fi + #if "${NGX_PAGESPEED}"; then + # echo "Adding ngx-pagespeed module..." + # if [[ "${SELECTED_REPO}" == "myguard" ]]; then + # EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-pagespeed") + # else + # error "{$SELECTED_REPO} doesn't have libnginx-mod-pagespeed module. Skipped..." + # fi + #fi # NGINX-based Media Streaming Server. if "${NGX_RTMP}"; then @@ -1292,33 +1290,32 @@ function init_nginx_install() { fi fi - NGX_PAGESPEED_VERSION=${NGX_PAGESPEED_VERSION:-"latest-stable"} + #NGX_PAGESPEED_VERSION=${NGX_PAGESPEED_VERSION:-"latest-stable"} NGX_BUILD_EXTRA_ARGS=() # Workaround for NPS issue https://github.com/apache/incubator-pagespeed-ngx/issues/1752 - if ! version_older_than "${NGINX_RELEASE_VERSION}" "1.22.99"; then - NGX_PAGESPEED_VERSION="latest-stable" + #if ! version_older_than "${NGINX_RELEASE_VERSION}" "1.22.99"; then + # NGX_PAGESPEED_VERSION="latest-stable" # --psol-from-source - NGX_BUILD_EXTRA_ARGS+=("-t Release") - fi + # NGX_BUILD_EXTRA_ARGS+=("-t Release") + #fi # Workaround for Building on newer glibc (eg. Ubuntu 21.10 and above) # issue https://github.com/apache/incubator-pagespeed-ngx/issues/1743 - if [[ "${RELEASE_NAME}" == "bookworm" || "${RELEASE_NAME}" == "jammy" ]]; then - export PSOL_BINARY_URL && \ - PSOL_BINARY_URL="https://www.tiredofit.nl/psol-jammy.tar.gz" - NGX_BUILD_EXTRA_ARGS+=("--psol-binary-file=${PSOL_BINARY_URL}") - else - NGX_BUILD_EXTRA_ARGS+=("--psol-from-source") - fi + #if [[ "${RELEASE_NAME}" == "bookworm" || "${RELEASE_NAME}" == "jammy" ]]; then + # export PSOL_BINARY_URL && \ + # PSOL_BINARY_URL="https://www.tiredofit.nl/psol-jammy.tar.gz" + # NGX_BUILD_EXTRA_ARGS+=("--psol-binary-file=${PSOL_BINARY_URL}") + #else + # NGX_BUILD_EXTRA_ARGS+=("--psol-from-source") + #fi - [[ "${NGX_PAGESPEED}" == true ]] && NGX_BUILD_EXTRA_ARGS+=("--ngx-pagespeed=${NGX_PAGESPEED_VERSION}") - [[ "${NGINX_DYNAMIC_MODULE}" == true ]] && NGX_BUILD_EXTRA_ARGS+=("--dynamic-module") - [[ "${DRYRUN}" == true ]] && NGX_BUILD_EXTRA_ARGS+=("--dryrun") + #[[ "${NGX_PAGESPEED}" == true ]] && NGX_BUILD_EXTRA_ARGS+=("--ngx-pagespeed=${NGX_PAGESPEED_VERSION}") + #[[ "${NGINX_DYNAMIC_MODULE}" == true ]] && NGX_BUILD_EXTRA_ARGS+=("--dynamic-module") + #[[ "${DRYRUN}" == true ]] && NGX_BUILD_EXTRA_ARGS+=("--dryrun") # Build Nginx from source. run bash "${BUILD_DIR}/build_nginx.sh" -y "${NGX_BUILD_EXTRA_ARGS[@]}" -b "${BUILD_DIR}" \ - --ngx-pagespeed-version="${NGX_PAGESPEED_VERSION}" \ --nginx-version="${NGINX_RELEASE_VERSION}" --additional-nginx-configure-arguments="${NGX_CONFIGURE_ARGS[*]}" echo "Configuring Nginx extra modules..." @@ -1481,11 +1478,11 @@ function init_nginx_install() { > /etc/nginx/modules-available/mod-nchan.conf" fi - if [[ -f /usr/lib/nginx/modules/ngx_pagespeed.so && \ - ! -f /etc/nginx/modules-available/mod-pagespeed.conf ]]; then - run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_pagespeed.so\";' \ - > /etc/nginx/modules-available/mod-pagespeed.conf" - fi + #if [[ -f /usr/lib/nginx/modules/ngx_pagespeed.so && \ + # ! -f /etc/nginx/modules-available/mod-pagespeed.conf ]]; then + # run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_pagespeed.so\";' \ + # > /etc/nginx/modules-available/mod-pagespeed.conf" + #fi #if [[ -f /usr/lib/nginx/modules/ngx_rtmp_module.so && \ # ! -f /etc/nginx/modules-available/mod-rtmp.conf ]]; then @@ -1679,11 +1676,11 @@ function init_nginx_install() { /etc/nginx/modules-enabled/60-mod-nchan.conf fi - if [[ "${NGX_PAGESPEED}" && \ - -f /etc/nginx/modules-available/mod-pagespeed.conf ]]; then - run ln -fs /etc/nginx/modules-available/mod-pagespeed.conf \ - /etc/nginx/modules-enabled/60-mod-pagespeed.conf - fi + #if [[ "${NGX_PAGESPEED}" && \ + # -f /etc/nginx/modules-available/mod-pagespeed.conf ]]; then + # run ln -fs /etc/nginx/modules-available/mod-pagespeed.conf \ + # /etc/nginx/modules-enabled/60-mod-pagespeed.conf + #fi local MOD_STREAM_ENABLED=false @@ -1828,11 +1825,11 @@ EOL fi # Enable PageSpeed config. - if [[ "${NGX_PAGESPEED}" == true && \ - -f /etc/nginx/modules-enabled/60-mod-pagespeed.conf ]]; then - run sed -i "s|#include\ /etc/nginx/mod_pagespeed|include\ /etc/nginx/mod_pagespeed|g" \ - /etc/nginx/nginx.conf - fi + #if [[ "${NGX_PAGESPEED}" == true && \ + # -f /etc/nginx/modules-enabled/60-mod-pagespeed.conf ]]; then + # run sed -i "s|#include\ /etc/nginx/mod_pagespeed|include\ /etc/nginx/mod_pagespeed|g" \ + # /etc/nginx/nginx.conf + #fi # Allow server IP to fastCGI cache purge remotely. ALLOWED_SERVER_IP=$(get_ip_private)