• SupportTutorial

  • How to compile and install third-party modules in aaPanel nginx

Third-party module examples: Geoip2

Step 1:
Select compile and install Nginx

Step 2:
Click Add custom module and fill in the corresponding information

--add-module=/tmp/ngx_http_geoip2_module

yum install libmaxminddb-devel -y
git clone https://github.com/leev/ngx_http_geoip2_module.git /tmp/ngx_http_geoip2_module

Prefix script: Before compiling nginx, the commands in it are executed first, and the commands are separated by newlines.

Here we first install the Geoip2 dependency, and then use git to clone Geoip2 to the / tmp directory

After clicking submit, the submitted module information will be saved

Step 3:
Select the module you need to compile Click Submit again to start the installation

After the installation is complete, we can check whether the module has been compiled on the command line

Step 4:
Download the geoip2 core library and save it to the specified directory
https://dev.maxmind.com/geoip/geoip2/geolite2/
We download the GeoLite2-City and GeoLite2-Country databases

After downloading, upload it to the server and decompress the database ( .mmdb ) file to /tmp (note that this is only for testing, please store it in another directory)

Step 5:
Now we set the rules to test
Set to block IP access outside China

Open Nginx Manager --> config
Add the following code under http

geoip2 /tmp/GeoLite2-Country.mmdb {
    $geoip2_data_country_code country iso_code;
}
map $geoip2_data_country_code $allowed_country {
    default yes;
    CN no;
}

Step 6:
Activate rules under the site you need to set
if ($allowed_country = yes) { return 403; }

Try to visit the site

    thank you very much for this tutorial was what I was looking for.

    3 years later

    the tutorial is good, but for some reason nginx compiles without geoip, I checked with versions 1.18, 1.21, 1.22

    2 years later

    aaPanel_Kern ok, next quetion, how if i added 2 different modules?

    --add-module=/tmp/ngx_http_geoip2_module
--add-module=/tmp/mod_sec_nginx

yum install libmaxminddb-devel -y
git clone https://github.com/leev/ngx_http_geoip2_module.git /tmp/ngx_http_geoip2_module
git clone https://github.com/owasp-modsecurity/ModSecurity-nginx /www/server/ngx_mod_sec

    it's like that?

        3 months later

        ModSecurity Nginx & OWASP

        Step 1:

        Name

        modsec_nginx

        Details

        modsecuriry_nginx

        Parameter

        --add-module=/opt/ModSecurity-nginx

        Prefix script

        apt install gcc make build-essential autoconf automake libtool libcurl4-openssl-dev liblua5.3-dev libfuzzy-dev ssdeep gettext pkg-config libgeoip-dev libyajl-dev doxygen libpcre++-dev libpcre2-16-0 libpcre2-dev libpcre2-posix3 zlib1g zlib1g-dev -y

cd /opt && sudo git clone https://github.com/owasp-modsecurity/ModSecurity.git
cd ModSecurity

git submodule init
git submodule update

./build.sh
./configure

make
make install

git clone https://github.com/owasp-modsecurity/ModSecurity-nginx.git /opt/ModSecurity-nginx

        Step 2:

        Open terminal

        cp /opt/ModSecurity/modsecurity.conf-recommended /www/server/nginx/modsecurity.conf
cp /opt/ModSecurity/unicode.mapping /www/server/nginx/unicode.mapping

git clone https://github.com/coreruleset/coreruleset.git /www/server/nginx/owasp-crs
cp /www/server/nginx/owasp-crs/crs-setup.conf{.example,}

        Step 3:

        Change SecRuleEngine to On /www/server/nginx/modsecurity.conf

        SecRuleEngine On

        Also update insert this configuration on bottom line to load owasp crs

        Include owasp-crs/crs-setup.conf
Include owasp-crs/rules/*.conf

        Step 4:

        Add this to your web config Go to Website >> Select Domain >> Config

        modsecurity on;
modsecurity_rules_file /www/server/nginx/modsecurity.conf;
        Connect with us: 📨 Telegram 💬 Discord Email: support@aapanel.com