Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

linux - nginx install on Debian

Browse Source
This commit is contained in:
bunkerity 2021-06-17 21:33:16 +02:00
parent f880e5e2aa
commit 43d2097d14
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
1 changed files with 70 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
helpers/install.sh
View File

@ -39,7 +39,7 @@ function do_and_check_cmd() {
if [ "$CHANGE_DIR" != "" ] ; then if [ "$CHANGE_DIR" != "" ] ; then
cd "$CHANGE_DIR" cd "$CHANGE_DIR"
fi fi
output=$($* 2>&1) output=$("$@" 2>&1)
ret="$?" ret="$?"
if [ $ret -ne 0 ] ; then if [ $ret -ne 0 ] ; then
echo "[!] Error from command : $*" echo "[!] Error from command : $*"
@ -50,6 +50,38 @@ function do_and_check_cmd() {
return 0 return 0
} }
function get_nginx_signing_key() {
key="-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH
W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I
QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE
fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt
97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5
XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg
a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoAhsDBgsJCAcDAgYV
CAIJCgsEFgIDAQIeAQIXgAUCV2K1+AUJGB4fQQAKCRCr9b2Ce9m/YloaB/9XGrol
kocm7l/tsVjaBQCteXKuwsm4XhCuAQ6YAwA1L1UheGOG/aa2xJvrXE8X32tgcTjr
KoYoXWcdxaFjlXGTt6jV85qRguUzvMOxxSEM2Dn115etN9piPl0Zz+4rkx8+2vJG
F+eMlruPXg/zd88NvyLq5gGHEsFRBMVufYmHtNfcp4okC1klWiRIRSdp4QY1wdrN
1O+/oCTl8Bzy6hcHjLIq3aoumcLxMjtBoclc/5OTioLDwSDfVx7rWyfRhcBzVbwD
oe/PD08AoAA6fxXvWjSxy+dGhEaXoTHjkCbz/l6NxrK3JFyauDgU4K4MytsZ1HDi
MgMW8hZXxszoICTTiQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S
YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx
JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/
Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk
RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J
SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf
Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6
cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f
YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y
Va3l3WuB+rgKjsQ=
=EWWI
-----END PGP PUBLIC KEY BLOCK-----"
echo "$key"
}
# Variables # Variables
NTASK=$(nproc) NTASK=$(nproc)
@ -59,18 +91,6 @@ if [ $(id -u) -ne 0 ] ; then
exit 1 exit 1
fi fi
# Check if nginx is present
NGINX_VERSION="$(nginx -V 2>&1 | sed -rn 's~^nginx version: nginx/(.*)$~\1~p')"
if [ "$NGINX_VERSION" = "" ] ; then
# TODO : install nginx from official repo
echo "[!] nginx is not installed"
exit 2
fi
echo "[*] Detected nginx version ${NGINX_VERSION}"
if [ "$NGINX_VERSION" != "1.20.1" ] ; then
echo "/!\\ Warning : we recommend you to use nginx v1.20.1 /!\\"
fi
# Create /tmp/bunkerized-nginx # Create /tmp/bunkerized-nginx
echo "[*] Prepare /tmp/bunkerized-nginx" echo "[*] Prepare /tmp/bunkerized-nginx"
if [ -e "/tmp/bunkerized-nginx" ] ; then if [ -e "/tmp/bunkerized-nginx" ] ; then
@ -85,12 +105,37 @@ if [ -e "/opt/bunkerized-nginx" ] ; then
fi fi
do_and_check_cmd mkdir /opt/bunkerized-nginx do_and_check_cmd mkdir /opt/bunkerized-nginx
# TODO : detect OS
OS="debian"
# Check nginx version
NGINX_VERSION="$(nginx -V 2>&1 | sed -rn 's~^nginx version: nginx/(.*)$~\1~p')"
# Add nginx official repo and install
if [ "$NGINX_VERSION" = "" ] ; then
if [ "$OS" = "debian" ] ; then
echo "[*] Add nginx official repository"
do_and_check_cmd apt update
do_and_check_cmd apt install -y curl gnupg2 ca-certificates lsb-release software-properties-common
get_nginx_signing_key > /tmp/bunkerized-nginx/nginx_signing.key
do_and_check_cmd cp /tmp/bunkerized-nginx/nginx_signing.key /etc/apt/trusted.gpg.d/nginx_signing.asc
do_and_check_cmd add-apt-repository "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx"
do_and_check_cmd apt update
echo "[*] Install nginx"
do_and_check_cmd apt install -y nginx
fi
NGINX_VERSION="$(nginx -V 2>&1 | sed -rn 's~^nginx version: nginx/(.*)$~\1~p')"
fi
echo "[*] Detected nginx version ${NGINX_VERSION}"
if [ "$NGINX_VERSION" != "1.20.1" ] ; then
echo "/!\\ Warning : we recommend you to use nginx v1.20.1, you should uninstall your nginx version and run this script again ! /!\\"
fi
# Install dependencies # Install dependencies
# TODO : detect Linux flavor # TODO : detect Linux flavor
echo "[*] Update packet list" echo "[*] Update packet list"
do_and_check_cmd apt update do_and_check_cmd apt update
echo "[*] Install dependencies" echo "[*] Install dependencies"
DEBIAN_DEPS="git autoconf pkg-config libpcre++-dev automake libtool g++ make liblua5.1-0-dev libgd-dev lua5.1 libssl-dev wget" DEBIAN_DEPS="git autoconf pkg-config libpcre++-dev automake libtool g++ make liblua5.1-0-dev libgd-dev lua5.1 libssl-dev wget libmaxminddb-dev libbrotli-dev gnupg"
do_and_check_cmd apt install -y $DEBIAN_DEPS do_and_check_cmd apt install -y $DEBIAN_DEPS
# TODO : is it the same for other distro ? # TODO : is it the same for other distro ?
cp -r /usr/include/lua5.1/* /usr/include cp -r /usr/include/lua5.1/* /usr/include
@ -239,8 +284,8 @@ if [ ! -d /usr/local/lib/lua/crowdsec ] ; then
do_and_check_cmd mkdir /usr/local/lib/lua/crowdsec do_and_check_cmd mkdir /usr/local/lib/lua/crowdsec
fi fi
do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-cs-bouncer/lib/* /usr/local/lib/lua/crowdsec do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-cs-bouncer/lib/* /usr/local/lib/lua/crowdsec
sed -i 's/require "lrucache"/require "resty.lrucache"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua do_and_check_cmd sed -i 's/require "lrucache"/require "resty.lrucache"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
sed -i 's/require "config"/require "crowdsec.config"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua do_and_check_cmd sed -i 's/require "config"/require "crowdsec.config"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
# Download and install lua-resty-iputils # Download and install lua-resty-iputils
echo "[*] Clone hamishforbes/lua-resty-iputils" echo "[*] Clone hamishforbes/lua-resty-iputils"
@ -252,6 +297,14 @@ CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-iputils" do_and_check_cmd make LUA_L
# TODO : check GPG signature # TODO : check GPG signature
echo "[*] Download nginx-${NGINX_VERSION}.tar.gz" echo "[*] Download nginx-${NGINX_VERSION}.tar.gz"
do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz"
do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz.asc" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz.asc"
get_nginx_signing_key > /tmp/bunkerized-nginx/nginx_signing.key
gpg --import /tmp/bunkerized-nginx/nginx_signing.key
check=$(gpg --verify /tmp/nginx-${NGINX_VERSION}.tar.gz.asc /tmp/nginx-${NGINX_VERSION}.tar.gz 2>&1 | grep "^gpg: Good signature from ")
if [ "$check" = "" ] ; then
echo "[!] Wrong signature from nginx source !!!"
exit 1
fi
CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xvzf nginx-${NGINX_VERSION}.tar.gz CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xvzf nginx-${NGINX_VERSION}.tar.gz
# Compile dynamic modules # Compile dynamic modules
@ -264,7 +317,7 @@ if [ $? -ne 0 ] ; then
echo "configure failed" echo "configure failed"
exit 1 exit 1
fi fi
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib/" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd make -j $NTASK modules
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib/nginx/modules CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib/nginx/modules
# We're done # We're done