准备文件:! d1 O" c$ A% k s
wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz: s4 I5 r/ Y8 q
tar xvzf openssl-1.1.0f.tar.gz
1 F! D I% X+ b, fwget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.41.tar.gz. a8 j7 q4 P( A/ n. l9 l6 O
tar xvzf pcre-8.41.tar.gz
; m% p4 {. ]% t9 x( {0 a" o. \" }+ w# A; l; `
wget http://nginx.org/download/nginx-1.13.6.tar.gz# _7 J+ w& x& r u+ B$ r9 m# p1 G
tart xvzf nginx-1.13.6.tar.gz- k* N& n: ?$ J3 J4 A
/ N) m6 W" j, a5 P! W- B8 a" p8 D$ Z
wget https://github.com/openresty/sregex/archive/master.zip @* S* K; n- k/ Q- ]6 ]# h
mv master.zip replace-filter-nginx-module-master.zip
$ B/ _9 q" y- E4 t1 G+ [' r* _' ]unzip replace-filter-nginx-module-master.zip' b& T3 b- d. C4 _7 r" C( u
6 z& n# m5 x/ a+ ]2 e) ^) K" a, W8 C* r
安装sregex
: }( `" w2 k |+ y- g5 w[replace-filter-nginx-module-master关键词替换模块需要这个东西,如果不喜欢可以用ngx_http_substitutions_filter_module这个关键字替换模块]6 F, V4 H) S! p+ Z! b7 t g# {
wget https://github.com/openresty/sregex/archive/master.zip# K, h7 m% c- D# V
mv master.zip sregex.zip
! h5 @- Q9 V7 a4 Z/ r' b9 qunzip sregex.zip
( Q/ K5 k" I1 e) F x) Ocd sregex* C" S/ h* X/ H* }6 D! M6 a
make && make installln -s /usr/lib/libsregex.so.0 /usr/local/lib/libsregex.so.0.0.1 #按实际情况调整
2 e' H( H! O1 h; F# ^, Nldconfig; ~' n3 J6 a7 X( m
% r3 C5 _7 m& W; [& }# e, Y7 o安装modsecurity
: d2 D7 ]4 t* [% _# D; q『依赖的包:pcre httpd-devel libxml2 apr 视情况安装。yum install httpd-devel apr apr-util-devel apr-devel pcre pcre-devel libxml2 libxml2-devel)』2 V( d- w/ q8 [$ k$ u
git clone https://github.com/SpiderLabs/ModSecurity.git mod_security
6 }+ Z T- T( h2 D6 K( Mcd mod_security4 b2 F% z# b% R$ L: u
./autogen.sh 4 j; Z( N3 {) H, L7 A, x$ B
./configure --enable-standalone-module
( d ]2 {' |+ y! |4 T) A7 hmake
' ] Z) a6 [! J p( A/ W2 Q3 B; ~9 ~" z6 ?
4 ^# {1 S" V; R1 p4 H安装nginx
6 [9 p, M, x# }0 Y5 l6 Jcd nginx-1.13.6; L- ]; F8 L% ?( V* v
% H* F# N4 R9 @1 `) \. j0 n[Bash shell] 纯文本查看 复制代码 ./configure \
--user=www \
--group=www \
--prefix=/www/webserver/nginx-1.13.6 \
--sbin-path=/www/webserver/nginx-1.13.6/sbin/nginx \
--pid-path=/www/webserver/nginx-1.13.6/logs/nginx.pid \
--conf-path=/www/webserver/nginx-1.13.6/conf/nginx.conf \
--error-log-path=/www/webserver/nginx-1.13.6/logs/error.log \
--http-log-path=/www/webserver/nginx-1.13.6/logs/access.log \
--http-client-body-temp-path=/www/webserver/nginx-1.13.6/temp/client \
--http-proxy-temp-path=/www/webserver/nginx-1.13.6/temp/proxy \
--http-fastcgi-temp-path=/www/webserver/nginx-1.13.6/temp/fcgi \
--http-scgi-temp-path=/www/webserver/nginx-1.13.6/temp/scgi \
--http-uwsgi-temp-path=/www/webserver/nginx-1.13.6/temp/uwsgi \
--with-http_flv_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_gzip_static_module \
--with-pcre=/root/pcre-8.41 \
--with-http_sub_module \
--add-module=/root/replace-filter-nginx-module-master \
--add-module=/root/mod_security/nginx/modsecurity \
--with-openssl=/root/openssl-1.1.0f
/ l9 t( J$ @: [make
! M; p/ N5 J+ r( U, wmake install
+ t. p$ c$ f& A
1 ]) Y: o; [( u% L5 Y$ C注:--with-ipv6 已经被移除默认支持ipv6, --with-http_spdy 已经被移除合并到--with-http_v2_module7 E1 n! h2 h) H, O/ a
* k8 }# _3 w5 }% W/ N$ S- `8 {& D# l) j
|* k9 O2 T3 p# q; {+ Q+ R. u. T( j3 n: }$ |. I
- B) d. f& t& r
( l/ J7 |( n; n f! X: _; O8 u: X3 }, Q# r* g% q
. c8 }; O4 _; n6 N; y: d% s% o% C5 `+ o" m0 j0 ~9 p: c& B1 Z5 r
|