Looking for: ngxpagespeed and naxsi tuts

Discussion in 'Suggest HOWTO' started by Ovidiu, Jan 26, 2013.

  1. Ovidiu

    Ovidiu Active Member

    I've just switched to using nginx in conjunction with ISPCFG3 and am looking for tutorials to implement ngxpagespeed (the equivalent of mod_pagespeed for apache2; still in alpha) and naxsi (the equivalent of mod_security for apache2)

    Both of them seem to need to necessitate a manual build (there is a nginx-naxsi package for Debian but it lacks several features of nginx-full)
     
  2. MaddinXx

    MaddinXx Member HowtoForge Supporter

    So you need nginx-full features and it would not be helpful to have a manual on how to use it with nginx-naxsi package, right? Because using the nginx-naxsi package I could provide you with information, but not on how to compile a custom version (but it shouldn't be that hard - it's simply adding it during nginx build as an extra module).

    Let me know :)
     
  3. Ovidiu

    Ovidiu Active Member

    Thanks for the feedback :)

    Well, my info relies on this: http://wiki.debian.org/Nginx
    furtehr down the page you see a comparison of nginx-light, nginx-full and nginx-naxsi and I need some additional features to nginx-naxsi, i.e. the map and the cache purge feature.

    If I found a good tutorial/how-to for compiling nginx by hand I'd be comfortable doing so.
    My main concern about manually compiling is that I would have to compile nginx and forgetting to add some "module" I need.

    I'm slightly confused about the nginx-extras package, it seems to contain everything. How is it meant to use? Can one install the nginx-extras and nginx-naxsi together and then have all those features available? If so, this would mean no extra compiling would be necessary.
     
  4. MaddinXx

    MaddinXx Member HowtoForge Supporter

    Well then, I guess it would be smartest to just compile a version including the modules you guess to need and see if everything works as expected - and if not, just compile a new version with additional features.

    I've recently read a bit about nginx and dynamic module loading is neither implementer nor is it sure, if it will ever be implemented...so installing every nginx package @ debain is it's own nginx version.
     
  5. Ovidiu

    Ovidiu Active Member

    I don't really understand your statement here:
    what do you mean by that? one has to decide i.e. if I try to install nginx-naxsi the other installed nginx versions are automatically removed:

    Code:
    apt-get install nginx-naxsi -u -s
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    The following packages will be REMOVED:
      nginx nginx-full
    The following NEW packages will be installed:
      nginx-naxsi
    0 upgraded, 1 newly installed, 2 to remove and 0 not upgraded.
    btw. do you have a good tutorial/how-to/link on how to compile nginx by hand?
     
  6. MaddinXx

    MaddinXx Member HowtoForge Supporter

    yes, you can only have one version of nginx installed. To compare it with Apache, you can install single modules using apt/yum or whatever, because Apache allows you do load them dynamically (e.g. it can load .so modules from a given directory for example).

    Because nginx does not allow that, every single nginx package will uninstall all others - because it does not only include some modules, but a whole nginx (since it does not allow dynamic module loading).

    Hmmm, the one from pagespeed seems detailed enough: https://github.com/pagespeed/ngx_pagespeed

    The ./configure, make and make install process is always the same - the important things are the parameters (like in the guide above, how they add modules).

    Just be brave, you'll manage it :)
     
  7. MaddinXx

    MaddinXx Member HowtoForge Supporter

    Ovidiu: Today I tried compiling nginx from source by my own, here's a little how-to: https://gist.github.com/4697563

    It's a minimal setup for my reverse proxy. To add more modules like pagespeed, just repeat the steps for them and make sure to install additional packages they rely on (that's the hardest thing I came across... hehe)

    Greetz
     
  8. Ovidiu

    Ovidiu Active Member

  9. MaddinXx

    MaddinXx Member HowtoForge Supporter

    Hi

    You can get a list of all? available configure options using ./configure --help - this will print you a nice list.

    everything that is --without means it is included by default, everything with --with means you need to declare it, to be included.

    pretty cool SpreadSheet! yes, you can disable all under category "enabled by default" with --without and enable all from "disabled by default" with --with. But I'd go with the output from ./configure --help as it seems that the SpreadSheet isn't up-to-date.
     
  10. Ovidiu

    Ovidiu Active Member

    Ok, this is what I used for now:

    Code:
    ./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/access.log --user=www-data --group=www-data --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --without-http_uwsgi_module --without-http_scgi_module --without-http_memcached_module --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_geoip_module --with-http_dav_module --add-module=/root/ngnx-compiling/nginx_modules/naxsi-core-0.49/naxsi_src/  --add-module=/root/ngnx-compiling/nginx_modules/headers-more-nginx-module-0.19 --add-module=/root/ngnx-compiling/nginx_modules/masterzen-nginx-upload-progress-module-a788dea --add-module=/root/ngnx-compiling/nginx_modules/mod_strip  --add-module=/root/ngnx-compiling/nginx_modules/nginx_upload_module-2.2.0 --add-module=/root/ngnx-compiling/nginx_modules/ngx_cache_purge-2.0 --add-module=/root/ngnx-compiling/nginx_modules/ngx_pagespeed-master
    I simply made a backup copy of my originally installed Debian nginx flavor before doing the make install so basically I am still using all my old configs and the original init script.

    So far so good. Now on to some testing.

    AND I have no idea how to compile or use naxsi-ui - any hints?

    ###edit####
    I also uncommented include /etc/nginx/naxsi_core.rules; in /etc/nginx/nginx.conf but I need some more info, i.e. do I manually insert a
    where do I forward denied requests? Any suggestions? what happens if I don't include it?
    Do I need any other configuration for rules?
     
    Last edited: Feb 7, 2013

Share This Page