准备文件:3 H! x# i: ~- P
wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz
0 Y1 y! _1 E8 O$ m6 b# O, Itar xvzf openssl-1.1.0f.tar.gz
$ \% B) f* `! c( J+ W; cwget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.41.tar.gz$ B+ l+ _8 G( g. d! r i
tar xvzf pcre-8.41.tar.gz3 k' v* r! ~* R( W! O4 s
" s/ Q. m. I' h3 n8 z0 u( g4 gwget http://nginx.org/download/nginx-1.13.6.tar.gz! _ B- t6 D/ ]8 @4 D
tart xvzf nginx-1.13.6.tar.gz$ P0 Z. \ U7 t8 x- j) T- i- v. t
; P9 o! Q/ u6 l1 D
wget https://github.com/openresty/sregex/archive/master.zip5 J9 y C7 r' c" I# z+ z& e
mv master.zip replace-filter-nginx-module-master.zip. ~ D8 q+ {9 t5 k( F; w1 q
unzip replace-filter-nginx-module-master.zip/ K, l7 R9 }, p+ l8 [
( Z; Q' S d5 z, e' ]7 V: g
安装sregex
' W* \1 B, a8 v: z$ g0 F# q& O2 E[replace-filter-nginx-module-master关键词替换模块需要这个东西,如果不喜欢可以用ngx_http_substitutions_filter_module这个关键字替换模块]! ?" O3 O5 }; D) c" F
wget https://github.com/openresty/sregex/archive/master.zip! ^+ O% {& L6 i* f: u
mv master.zip sregex.zip
: k7 K6 g0 E. Dunzip sregex.zip. R: T! K* A1 N( J- U
cd sregex' ?1 ~' ]. u% O" `
make && make installln -s /usr/lib/libsregex.so.0 /usr/local/lib/libsregex.so.0.0.1 #按实际情况调整1 @+ [& M. C; [9 }. D R
ldconfig& P$ E4 C2 K( ?, k& H
+ A! i3 N. n6 |5 I
安装modsecurity
1 F+ J2 h# E) X( A3 z) R, ^( ]『依赖的包:pcre httpd-devel libxml2 apr 视情况安装。yum install httpd-devel apr apr-util-devel apr-devel pcre pcre-devel libxml2 libxml2-devel)』. Z& |2 R! g0 p/ V* h- S
git clone https://github.com/SpiderLabs/ModSecurity.git mod_security
1 |- n' F4 z) ]cd mod_security
' n& h/ w& i. B+ t) c& W./autogen.sh : D8 z# i3 V7 D" g
./configure --enable-standalone-module1 \! B! G) s+ ?' U7 y& P% }- t
make$ K, T3 o( e( A
! ] Y7 j! y; Z, n7 T" }, c9 x/ T3 j1 o" U3 J! w2 t
安装nginx+ R0 b5 \& Z- M* r+ u6 Z
cd nginx-1.13.62 P5 M) V7 I! ]
) X M, z5 g0 H: T; f' X8 L' Z
[Bash shell] 纯文本查看 复制代码 ./configure \
--user=www \
--group=www \
--prefix=/www/webserver/nginx-1.13.6 \
--sbin-path=/www/webserver/nginx-1.13.6/sbin/nginx \
--pid-path=/www/webserver/nginx-1.13.6/logs/nginx.pid \
--conf-path=/www/webserver/nginx-1.13.6/conf/nginx.conf \
--error-log-path=/www/webserver/nginx-1.13.6/logs/error.log \
--http-log-path=/www/webserver/nginx-1.13.6/logs/access.log \
--http-client-body-temp-path=/www/webserver/nginx-1.13.6/temp/client \
--http-proxy-temp-path=/www/webserver/nginx-1.13.6/temp/proxy \
--http-fastcgi-temp-path=/www/webserver/nginx-1.13.6/temp/fcgi \
--http-scgi-temp-path=/www/webserver/nginx-1.13.6/temp/scgi \
--http-uwsgi-temp-path=/www/webserver/nginx-1.13.6/temp/uwsgi \
--with-http_flv_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_gzip_static_module \
--with-pcre=/root/pcre-8.41 \
--with-http_sub_module \
--add-module=/root/replace-filter-nginx-module-master \
--add-module=/root/mod_security/nginx/modsecurity \
--with-openssl=/root/openssl-1.1.0f , r! P. w% r$ d9 x# s, T% J" e
make$ Q" P- p+ P2 b! ~8 o
make install
) m+ Y/ a! V$ k" q, B% I" `
& T0 [1 x' _! G/ Y注:--with-ipv6 已经被移除默认支持ipv6, --with-http_spdy 已经被移除合并到--with-http_v2_module$ U! Z$ Y/ A; k$ z6 H' }" ?
; A( n9 s$ N. B9 e% E
, B+ X0 a6 _' h* d
4 P$ E, e" O, n: n% V
0 Z7 a8 J5 j' _4 z3 g$ B! g/ h7 c6 o
5 D. W( I z# d/ W4 O8 }
* D# r+ w* s+ l* j) K. T0 e" l" j& `9 O4 h1 u5 _9 Z( r
" O6 Q7 d$ _ G+ O& ] d$ {: T( q
' |5 Q6 Z6 j7 h6 k" F2 s& s
|