Third-party module examples: Geoip2 Step 1: Select compile and install Nginx Step 2: Click Add custom module and fill in the corresponding information --add-module=/tmp/ngx_http_geoip2_module yum install libmaxminddb-devel -y git clone https://github.com/leev/ngx_http_geoip2_module.git /tmp/ngx_http_geoip2_module if(window.hljsLoader && !document.currentScript.parentNode.hasAttribute('data-s9e-livepreview-onupdate')) { window.hljsLoader.highlightBlocks(document.currentScript.parentNode); } Prefix script: Before compiling nginx, the commands in it are executed first, and the commands are separated by newlines. Here we first install the Geoip2 dependency, and then use git to clone Geoip2 to the / tmp directory After clicking submit, the submitted module information will be saved Step 3: Select the module you need to compile Click Submit again to start the installation After the installation is complete, we can check whether the module has been compiled on the command line Step 4: Download the geoip2 core library and save it to the specified directory https://dev.maxmind.com/geoip/geoip2/geolite2/ We download the GeoLite2-City and GeoLite2-Country databases After downloading, upload it to the server and decompress the database ( .mmdb ) file to /tmp (note that this is only for testing, please store it in another directory) Step 5: Now we set the rules to test Set to block IP access outside China Open Nginx Manager --> config Add the following code under http geoip2 /tmp/GeoLite2-Country.mmdb { $geoip2_data_country_code country iso_code; } map $geoip2_data_country_code $allowed_country { default yes; CN no; } if(window.hljsLoader && !document.currentScript.parentNode.hasAttribute('data-s9e-livepreview-onupdate')) { window.hljsLoader.highlightBlocks(document.currentScript.parentNode); } Step 6: Activate rules under the site you need to set if ($allowed_country = yes) { return 403; } Try to visit the site

thank you very much for this tutorial was what I was looking for.

How to compile and install third-party modules in aaPanel nginx

sawamura

the tutorial is good, but for some reason nginx compiles without geoip, I checked with versions 1.18, 1.21, 1.22

aaP_mdestafadilah_simrs

aaPanel_Jose where add custom module in nginx installed?

aaPanel_Kern

When installing nginx, choose to compile and add it during installation.

aaP_mdestafadilah_simrs

aaPanel_Kern so, i must re-installing again?

aaP_mdestafadilah_simrs

aaPanel_Kern can we do --add-module withou re-installing nginx?

aaPanel_Kern

No, you need to reinstall it

aaP_mdestafadilah_simrs

aaPanel_Kern ok, i will re-installing again, but what about other configuration before? it's lost?

aaPanel_Kern

The website configuration will not be deleted, but all files under /www/server/nginx will be deleted.

aaP_mdestafadilah_simrs

aaPanel_Kern i mean in website project like below.

aaPanel_Kern

will not be deleted

aaP_mdestafadilah_simrs

aaPanel_Kern ok, next quetion, how if i added 2 different modules?

--add-module=/tmp/ngx_http_geoip2_module
--add-module=/tmp/mod_sec_nginx

yum install libmaxminddb-devel -y
git clone https://github.com/leev/ngx_http_geoip2_module.git /tmp/ngx_http_geoip2_module
git clone https://github.com/owasp-modsecurity/ModSecurity-nginx /www/server/ngx_mod_sec

it's like that?

aaPanel_Kern

You can add them separately, pay attention to the path

aaP_mdestafadilah_simrs

aaPanel_Kern like that?

aaP_anta.samanta168

ModSecurity Nginx & OWASP

Step 1:

Name

modsec_nginx

Details

modsecuriry_nginx

Parameter

--add-module=/opt/ModSecurity-nginx

Prefix script

apt install gcc make build-essential autoconf automake libtool libcurl4-openssl-dev liblua5.3-dev libfuzzy-dev ssdeep gettext pkg-config libgeoip-dev libyajl-dev doxygen libpcre++-dev libpcre2-16-0 libpcre2-dev libpcre2-posix3 zlib1g zlib1g-dev -y

cd /opt && sudo git clone https://github.com/owasp-modsecurity/ModSecurity.git
cd ModSecurity

git submodule init
git submodule update

./build.sh
./configure

make
make install

git clone https://github.com/owasp-modsecurity/ModSecurity-nginx.git /opt/ModSecurity-nginx

Step 2:

Open terminal

cp /opt/ModSecurity/modsecurity.conf-recommended /www/server/nginx/modsecurity.conf
cp /opt/ModSecurity/unicode.mapping /www/server/nginx/unicode.mapping

git clone https://github.com/coreruleset/coreruleset.git /www/server/nginx/owasp-crs
cp /www/server/nginx/owasp-crs/crs-setup.conf{.example,}

Step 3:

Change SecRuleEngine to On /www/server/nginx/modsecurity.conf

SecRuleEngine On

Also update insert this configuration on bottom line to load owasp crs

Include owasp-crs/crs-setup.conf
Include owasp-crs/rules/*.conf

Step 4:

Add this to your web config Go to Website >> Select Domain >> Config

modsecurity on;
modsecurity_rules_file /www/server/nginx/modsecurity.conf;