HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Suggest HOWTO (http://www.howtoforge.com/forums/forumdisplay.php?f=9)
-   -   Looking for: ngxpagespeed and naxsi tuts (http://www.howtoforge.com/forums/showthread.php?t=60341)

Ovidiu 26th January 2013 23:58

Looking for: ngxpagespeed and naxsi tuts
 
I've just switched to using nginx in conjunction with ISPCFG3 and am looking for tutorials to implement ngxpagespeed (the equivalent of mod_pagespeed for apache2; still in alpha) and naxsi (the equivalent of mod_security for apache2)

Both of them seem to need to necessitate a manual build (there is a nginx-naxsi package for Debian but it lacks several features of nginx-full)

MaddinXx 27th January 2013 21:38

Quote:

Originally Posted by Ovidiu (Post 291187)
I've just switched to using nginx in conjunction with ISPCFG3 and am looking for tutorials to implement ngxpagespeed (the equivalent of mod_pagespeed for apache2; still in alpha) and naxsi (the equivalent of mod_security for apache2)

Both of them seem to need to necessitate a manual build (there is a nginx-naxsi package for Debian but it lacks several features of nginx-full)

So you need nginx-full features and it would not be helpful to have a manual on how to use it with nginx-naxsi package, right? Because using the nginx-naxsi package I could provide you with information, but not on how to compile a custom version (but it shouldn't be that hard - it's simply adding it during nginx build as an extra module).

Let me know :)

Ovidiu 28th January 2013 07:26

Thanks for the feedback :-)

Well, my info relies on this: http://wiki.debian.org/Nginx
furtehr down the page you see a comparison of nginx-light, nginx-full and nginx-naxsi and I need some additional features to nginx-naxsi, i.e. the map and the cache purge feature.

If I found a good tutorial/how-to for compiling nginx by hand I'd be comfortable doing so.
My main concern about manually compiling is that I would have to compile nginx and forgetting to add some "module" I need.

I'm slightly confused about the nginx-extras package, it seems to contain everything. How is it meant to use? Can one install the nginx-extras and nginx-naxsi together and then have all those features available? If so, this would mean no extra compiling would be necessary.

MaddinXx 28th January 2013 09:40

Well then, I guess it would be smartest to just compile a version including the modules you guess to need and see if everything works as expected - and if not, just compile a new version with additional features.

I've recently read a bit about nginx and dynamic module loading is neither implementer nor is it sure, if it will ever be implemented...so installing every nginx package @ debain is it's own nginx version.

Ovidiu 29th January 2013 00:08

I don't really understand your statement here:
Quote:

Originally Posted by MaddinXx (Post 291217)
so installing every nginx package @ debain is it's own nginx version.

what do you mean by that? one has to decide i.e. if I try to install nginx-naxsi the other installed nginx versions are automatically removed:

Code:

apt-get install nginx-naxsi -u -s
Reading package lists... Done
Building dependency tree     
Reading state information... Done
The following packages will be REMOVED:
  nginx nginx-full
The following NEW packages will be installed:
  nginx-naxsi
0 upgraded, 1 newly installed, 2 to remove and 0 not upgraded.

btw. do you have a good tutorial/how-to/link on how to compile nginx by hand?

MaddinXx 29th January 2013 09:02

yes, you can only have one version of nginx installed. To compare it with Apache, you can install single modules using apt/yum or whatever, because Apache allows you do load them dynamically (e.g. it can load .so modules from a given directory for example).

Because nginx does not allow that, every single nginx package will uninstall all others - because it does not only include some modules, but a whole nginx (since it does not allow dynamic module loading).

Hmmm, the one from pagespeed seems detailed enough: https://github.com/pagespeed/ngx_pagespeed

The ./configure, make and make install process is always the same - the important things are the parameters (like in the guide above, how they add modules).

Just be brave, you'll manage it :)

MaddinXx 2nd February 2013 15:34

Ovidiu: Today I tried compiling nginx from source by my own, here's a little how-to: https://gist.github.com/4697563

It's a minimal setup for my reverse proxy. To add more modules like pagespeed, just repeat the steps for them and make sure to install additional packages they rely on (that's the hardest thing I came across... hehe)

Greetz

Ovidiu 4th February 2013 10:38

Slowly working towards this. Can you have a look at this? https://docs.google.com/spreadsheet/...4UGU2YVE#gid=0

Does the DEFAULT column mean those modules are automatically compiled if I don't specifically exclude them with a --without-XXX switch?
If yes, that means I need a general compile command, exclude the ones I don't need and add the ones I want?

MaddinXx 4th February 2013 13:20

Hi

You can get a list of all? available configure options using ./configure --help - this will print you a nice list.

everything that is --without means it is included by default, everything with --with means you need to declare it, to be included.

pretty cool SpreadSheet! yes, you can disable all under category "enabled by default" with --without and enable all from "disabled by default" with --with. But I'd go with the output from ./configure --help as it seems that the SpreadSheet isn't up-to-date.

Ovidiu 7th February 2013 10:26

Ok, this is what I used for now:

Code:

./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/access.log --user=www-data --group=www-data --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --without-http_uwsgi_module --without-http_scgi_module --without-http_memcached_module --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_geoip_module --with-http_dav_module --add-module=/root/ngnx-compiling/nginx_modules/naxsi-core-0.49/naxsi_src/  --add-module=/root/ngnx-compiling/nginx_modules/headers-more-nginx-module-0.19 --add-module=/root/ngnx-compiling/nginx_modules/masterzen-nginx-upload-progress-module-a788dea --add-module=/root/ngnx-compiling/nginx_modules/mod_strip  --add-module=/root/ngnx-compiling/nginx_modules/nginx_upload_module-2.2.0 --add-module=/root/ngnx-compiling/nginx_modules/ngx_cache_purge-2.0 --add-module=/root/ngnx-compiling/nginx_modules/ngx_pagespeed-master
I simply made a backup copy of my originally installed Debian nginx flavor before doing the make install so basically I am still using all my old configs and the original init script.

So far so good. Now on to some testing.

AND I have no idea how to compile or use naxsi-ui - any hints?

###edit####
I also uncommented include /etc/nginx/naxsi_core.rules; in /etc/nginx/nginx.conf but I need some more info, i.e. do I manually insert a
Quote:

location /RequestDenied {
proxy_pass http://127.0.0.1:4242;
}
}
where do I forward denied requests? Any suggestions? what happens if I don't include it?
Do I need any other configuration for rules?


All times are GMT +2. The time now is 07:25.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.