diff --git a/helpers/install.sh b/helpers/install.sh
new file mode 100644
index 0000000..e04d745
--- /dev/null
+++ b/helpers/install.sh
@@ -0,0 +1,212 @@
+#!/bin/bash
+
+function git_secure_checkout() {
+	if [ "$CHANGE_DIR" != "" ] ; then
+		cd "$CHANGE_DIR"
+	fi
+	path="$1"
+	commit="$2"
+	cd "$path"
+	output="$(git checkout "${commit}^{commit}" 2>&1)"
+	if [ $? -ne 0 ] ; then
+		echo "[!] Commit hash $commit is absent from submodules $path !"
+		echo "$output"
+		exit 4
+	fi
+}
+
+function git_secure_clone() {
+	cd /tmp/bunkerized-nginx
+	repo="$1"
+	commit="$2"
+	folder="$(echo "$repo" | sed -E "s@https://github.com/.*/(.*)\.git@\1@")"
+	output="$(git clone "$repo" 2>&1)"
+	if [ $? -ne 0 ] ; then
+		echo "[!] Error cloning $1"
+		echo "$output"
+		exit 2
+	fi
+	cd "$folder"
+	output="$(git checkout "${commit}^{commit}" 2>&1)"
+	if [ $? -ne 0 ] ; then
+		echo "[!] Commit hash $commit is absent from repository $repo"
+		echo "$output"
+		exit 3
+	fi
+}
+
+function do_and_check_cmd() {
+	if [ "$CHANGE_DIR" != "" ] ; then
+		cd "$CHANGE_DIR"
+	fi
+	output=$($* 2>&1)
+	ret="$?"
+	if [ $ret -ne 0 ] ; then
+		echo "[!] Error from command : $*"
+		echo "$output"
+		exit $ret
+	fi
+	#echo $output
+	return 0
+}
+
+# Variables
+NTASK=$(nproc)
+NGINX_VERSION="${NGINX_VERSION-1.20.1}"
+
+# Check if we are root
+if [ $(id -u) -ne 0 ] ; then
+	echo "[!] Run me as root"
+	exit 1
+fi
+
+# Create /tmp/bunkerized-nginx
+echo "[*] Prepare /tmp/bunkerized-nginx"
+if [ -e "/tmp/bunkerized-nginx" ] ; then
+	do_and_check_cmd rm -rf /tmp/bunkerized-nginx
+fi
+do_and_check_cmd mkdir /tmp/bunkerized-nginx
+
+# Create /opt/bunkerized-nginx
+echo "[*] Prepare /opt/bunkerized-nginx"
+if [ -e "/opt/bunkerized-nginx" ] ; then
+	do_and_check_cmd rm -rf /opt/bunkerized-nginx
+fi
+do_and_check_cmd mkdir /opt/bunkerized-nginx
+
+# Install dependencies
+echo "[*] Update packet list"
+do_and_check_cmd apt update
+echo "[*] Install dependencies"
+do_and_check_cmd apt install -y git autoconf pkg-config libpcre++-dev automake libtool g++ make
+
+# Download, compile and install ModSecurity
+echo "[*] Clone SpiderLabs/ModSecurity"
+git_secure_clone https://github.com/SpiderLabs/ModSecurity.git 753145fbd1d6751a6b14fdd700921eb3cc3a1d35
+echo "[*] Compile and install ModSecurity"
+# temp fix : Debian run it twice
+cd /tmp/bunkerized-nginx/ModSecurity && ./build.sh > /dev/null 2>&1
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd sh build.sh
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd git submodule init
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd git submodule update
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout bindings/python 47a6925df187f96e4593afab18dc92d5f22bd4d5
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout others/libinjection bf234eb2f385b969c4f803b35fda53cffdd93922
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout test/test-cases/secrules-language-tests d03f4c1e930440df46c1faa37d820a919704d9da
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd ./configure --enable-static=no --disable-doxygen-doc --disable-dependency-tracking --disable-examples
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd make -j $NTASK
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd make install-strip
+
+# Download and install OWASP Core Rule Set
+echo "[*] Clone coreruleset/coreruleset"
+git_secure_clone https://github.com/coreruleset/coreruleset.git 7776fe23f127fd2315bad0e400bdceb2cabb97dc
+echo "[*] Install coreruleset"
+do_and_check_cmd mkdir /opt/bunkerized-nginx/crs
+do_and_check_cmd cp -r /tmp/bunkerized-nginx/coreruleset/rules /opt/bunkerized-nginx/crs/
+do_and_check_cmd cp /tmp/bunkerized-nginx/coreruleset/crs-setup.conf.example /opt/bunkerized-nginx/crs.conf
+
+# Download ModSecurity-nginx module
+echo "[*] Clone SpiderLabs/ModSecurity-nginx"
+git_secure_clone https://github.com/SpiderLabs/ModSecurity-nginx.git 2497e6ac654d0b117b9534aa735b757c6b11c84f
+
+# Download headers more module
+echo "[*] Clone openresty/headers-more-nginx-module"
+git_secure_clone https://github.com/openresty/headers-more-nginx-module.git d6d7ebab3c0c5b32ab421ba186783d3e5d2c6a17
+
+# Download GeoIP moduke
+echo "[*] Clone leev/ngx_http_geoip2_module"
+git_secure_clone https://github.com/leev/ngx_http_geoip2_module.git 1cabd8a1f68ea3998f94e9f3504431970f848fbf
+
+# Download cookie flag module
+echo "[*] Clone AirisX/nginx_cookie_flag_module"
+git_secure_clone https://github.com/AirisX/nginx_cookie_flag_module.git c4ff449318474fbbb4ba5f40cb67ccd54dc595d4
+
+# Download brotli module
+echo "[*] Clone google/ngx_brotli"
+git_secure_clone https://github.com/google/ngx_brotli.git 9aec15e2aa6feea2113119ba06460af70ab3ea62
+
+# Download lua-nginx module
+git_secure_clone https://github.com/openresty/lua-nginx-module.git 2d23bc4f0a29ed79aaaa754c11bffb1080aa44ba
+
+# Download, compile and install luajit2
+echo "[*] Clone openresty/luajit2"
+git_secure_clone https://github.com/openresty/luajit2.git fe32831adcb3f5fe9259a9ce404fc54e1399bba3
+echo "[*] Compile luajit2"
+CHANGE_DIR="/tmp/bunkerized-nginx/luajit2" do_and_check_cmd make -j $NTASK
+echo "[*] Install luajit2"
+CHANGE_DIR="/tmp/bunkerized-nginx/luajit2" do_and_check_cmd make install
+
+# Download and install lua-resty-core
+git_secure_clone https://github.com/openresty/lua-resty-core.git b7d0a681bb41e6e3f29e8ddc438ef26fd819bb19
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-core" do_and_check_cmd make install
+
+# Download and install lua-resty-lrucache
+git_secure_clone https://github.com/openresty/lua-resty-lrucache.git b2035269ac353444ac65af3969692bcae4fc1605
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-lrucache" do_and_check_cmd make install
+
+# Download and install lua-resty-dns
+git_secure_clone https://github.com/openresty/lua-resty-dns.git 24c9a69808aedfaf029ae57707cdef75d83e2d19
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-dns" do_and_check_cmd make install
+
+# Download and install lua-resty-session
+git_secure_clone https://github.com/bungle/lua-resty-session.git f300870ce4eee3f4903e0565c589f1faf0c1c5aa
+do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-resty-session/lib/resty/* /usr/local/lib/lua/resty
+
+# Download and install lua-resty-random
+git_secure_clone https://github.com/bungle/lua-resty-random.git 17b604f7f7dd217557ca548fc1a9a0d373386480
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-random" do_and_check_cmd make install
+
+# Download and install lua-resty-string
+git_secure_clone https://github.com/openresty/lua-resty-string.git 9a543f8531241745f8814e8e02475351042774ec
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-string" do_and_check_cmd make install
+
+# Download, compile and install lua-cjson
+git_secure_clone https://github.com/openresty/lua-cjson.git 0df488874f52a881d14b5876babaa780bb6200ee
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make -j $NTASK
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make install
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make install-extra
+
+# Download, compile and install lua-gd
+git_secure_clone https://github.com/ittner/lua-gd.git 2ce8e478a8591afd71e607506bc8c64b161bbd30
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make -j $NTASK
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make INSTALL_PATH=/usr/local/lib/lua/5.1 install
+
+# Download and install lua-resty-http
+git_secure_clone https://github.com/ledgetech/lua-resty-http.git 984fdc26054376384e3df238fb0f7dfde01cacf1
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-http" do_and_check_cmd make install
+
+# Download and install lualogging
+git_secure_clone https://github.com/Neopallium/lualogging.git cadc4e8fd652be07a65b121a3e024838db330c15
+do_and_check_cmd cp -r /tmp/bunkerized-nginx/lualogging/src/* /usr/local/lib/lua
+
+# Download, compile and install luasocket
+git_secure_clone https://github.com/diegonehab/luasocket.git 5b18e475f38fcf28429b1cc4b17baee3b9793a62
+CHANGE_DIR="/tmp/bunkerized-nginx/luasocket" do_and_check_cmd make -j $NTASK
+CHANGE_DIR="/tmp/bunkerized-nginx/luasocket" do_and_check_cmd make CDIR_linux=lib/lua/5.1 LDIR_linux=lib/lua install
+
+# Download, compile and install luasec
+git_secure_clone https://github.com/brunoos/luasec.git c6704919bdc85f3324340bdb35c2795a02f7d625
+CHANGE_DIR="/tmp/bunkerized-nginx/luasec" do_and_check_cmd make linux -j $NTASK
+CHANGE_DIR="/tmp/bunkerized-nginx/luasec" do_and_check_cmd make LUACPATH=/usr/local/lib/lua/5.1 LUAPATH=/usr/local/lib/lua install
+
+# Download and install lua-cs-bouncer
+git_secure_clone https://github.com/crowdsecurity/lua-cs-bouncer.git 3c235c813fc453dcf51a391bc9e9a36ca77958b0
+do_and_check_cmd mkdir /usr/local/lib/lua/crowdsec
+do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-cs-bouncer/lib/* /usr/local/lib/lua/crowdsec
+do_and_check_cmd sed -i 's/require "lrucache"/require "resty.lrucache"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
+do_and_check_cmd sed -i 's/require "config"/require "crowdsec.config"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
+
+# Download and install lua-resty-iputils
+git_secure_clone https://github.com/hamishforbes/lua-resty-iputils.git 3151d6485e830421266eee5c0f386c32c835dba4
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-iputils" do_and_check_cmd make LUA_LIB_DIR=/usr/local/lib/lua install
+
+# Download nginx and decompress sources
+# TODO : check GPG signature
+do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz"
+CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xvzf nginx-${NGINX_VERSION}.tar.gz
+
+# Compile dynamic modules
+CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
+CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
+CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd ./configure "$CONFARGS" --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli
+CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules
+CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib/nginx/modules