diff --git a/Dockerfile b/Dockerfile
index f22d65b..dc51d7e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,28 +1,14 @@
 FROM nginx:1.20.1-alpine
 
-COPY helpers/dependencies.sh /tmp/dependencies.sh
-RUN apk add --no-cache bash && \
-    chmod +x /tmp/dependencies.sh && \
-    /tmp/dependencies.sh && \
-    rm -f /tmp/dependencies.sh
+COPY helpers/install.sh /tmp/install.sh
+RUN chmod +x /tmp/install.sh && \
+    /tmp/install.sh && \
+    rm -f /tmp/install.sh
 
-RUN apk add --no-cache certbot bash libmaxminddb libgcc lua yajl libstdc++ openssl py3-pip && \
-    pip3 install jinja2
-
-COPY gen/ /opt/bunkerized-nginx/gen
-COPY entrypoint/ /opt/bunkerized-nginx/entrypoint
-COPY confs/ /opt/bunkerized-nginx/confs
-COPY scripts/ /opt/bunkerized-nginx/scripts
-COPY lua/ /usr/local/lib/lua
-COPY antibot/ /opt/bunkerized-nginx/antibot
-COPY defaults/ /opt/bunkerized-nginx/defaults
-COPY settings.json /opt/bunkerized-nginx
-COPY misc/cron /etc/crontabs/nginx
-
-COPY prepare.sh /tmp/prepare.sh
-RUN chmod +x /tmp/prepare.sh && \
-    /tmp/prepare.sh && \
-    rm -f /tmp/prepare.sh
+COPY helpers/docker.sh /tmp/docker.sh
+RUN chmod +x /tmp/docker.sh && \
+    /tmp/docker.sh && \
+    rm -f /tmp/docker.sh
 
 # Fix CVE-2021-22901, CVE-2021-22898, CVE-2021-22897 and CVE-2021-33560
 RUN apk add "curl>=7.77.0-r0" "libgcrypt>=1.8.8-r0"
diff --git a/helpers/dependencies.sh b/helpers/dependencies.sh
deleted file mode 100644
index 13bffcd..0000000
--- a/helpers/dependencies.sh
+++ /dev/null
@@ -1,584 +0,0 @@
-#!/bin/bash
-
-function git_secure_checkout() {
-	if [ "$CHANGE_DIR" != "" ] ; then
-		cd "$CHANGE_DIR"
-	fi
-	path="$1"
-	commit="$2"
-	cd "$path"
-	output="$(git checkout "${commit}^{commit}" 2>&1)"
-	if [ $? -ne 0 ] ; then
-		echo "[!] Commit hash $commit is absent from submodules $path !"
-		echo "$output"
-		cleanup
-		exit 4
-	fi
-}
-
-function git_secure_clone() {
-	cd /tmp/bunkerized-nginx
-	repo="$1"
-	commit="$2"
-	folder="$(echo "$repo" | sed -E "s@https://github.com/.*/(.*)\.git@\1@")"
-	output="$(git clone "$repo" 2>&1)"
-	if [ $? -ne 0 ] ; then
-		echo "[!] Error cloning $1"
-		echo "$output"
-		cleanup
-		exit 2
-	fi
-	cd "$folder"
-	output="$(git checkout "${commit}^{commit}" 2>&1)"
-	if [ $? -ne 0 ] ; then
-		echo "[!] Commit hash $commit is absent from repository $repo"
-		echo "$output"
-		cleanup
-		exit 3
-	fi
-}
-
-function secure_download() {
-	cd /tmp/bunkerized-nginx
-	link="$1"
-	file="$2"
-	hash="$3"
-	output="$(wget -q -O "$file" "$link" 2>&1)"
-	if [ $? -ne 0 ] ; then
-		echo "[!] Error downloading $link"
-		echo "$output"
-		cleanup
-		exit 5
-	fi
-	check="$(sha512sum "$file" | cut -d ' ' -f 1)"
-	if [ "$check" != "$hash" ] ; then
-		echo "[!] Wrong hash from file $link (expected $hash got $check)"
-		cleanup
-		exit 6
-	fi
-}
-
-function do_and_check_cmd() {
-	if [ "$CHANGE_DIR" != "" ] ; then
-		cd "$CHANGE_DIR"
-	fi
-	output=$("$@" 2>&1)
-	ret="$?"
-	if [ $ret -ne 0 ] ; then
-		echo "[!] Error from command : $*"
-		echo "$output"
-		cleanup
-		exit $ret
-	fi
-	#echo $output
-	return 0
-}
-
-function cleanup() {
-	echo "[*] Cleaning /tmp/bunkerized-nginx"
-	rm -rf /tmp/bunkerized-nginx
-}
-
-function get_sign_repo_key() {
-	key="-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2.0.22 (GNU/Linux)
-
-mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH
-W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I
-QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE
-fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt
-97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5
-XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg
-a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoAhsDBgsJCAcDAgYV
-CAIJCgsEFgIDAQIeAQIXgAUCV2K1+AUJGB4fQQAKCRCr9b2Ce9m/YloaB/9XGrol
-kocm7l/tsVjaBQCteXKuwsm4XhCuAQ6YAwA1L1UheGOG/aa2xJvrXE8X32tgcTjr
-KoYoXWcdxaFjlXGTt6jV85qRguUzvMOxxSEM2Dn115etN9piPl0Zz+4rkx8+2vJG
-F+eMlruPXg/zd88NvyLq5gGHEsFRBMVufYmHtNfcp4okC1klWiRIRSdp4QY1wdrN
-1O+/oCTl8Bzy6hcHjLIq3aoumcLxMjtBoclc/5OTioLDwSDfVx7rWyfRhcBzVbwD
-oe/PD08AoAA6fxXvWjSxy+dGhEaXoTHjkCbz/l6NxrK3JFyauDgU4K4MytsZ1HDi
-MgMW8hZXxszoICTTiQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S
-YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx
-JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/
-Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk
-RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J
-SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf
-Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6
-cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f
-YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y
-Va3l3WuB+rgKjsQ=
-=EWWI
------END PGP PUBLIC KEY BLOCK-----"
-	echo "$key"
-}
-
-function get_sign_repo_key_rsa() {
-	key="-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/hT2Chq4hhn+zasCn1gv
-N3AVdNYGm4FVkJmWzHBc3lvoTLIMR1uoopg9EbH2faBG3yQjxtAkUme6aauaSmpm
-LNvhCfENsrDhRx8KRqwNgvM8jQLOCEMZ2WSGxE4HEsBbQ7p9F4qj8D2YMrl1ZvTw
-Gy2UW3wc5vMEf90lsoKmQQS3UJOUxHw0fhJ8vzNUVUeMQpRAjjRfVAQdnoxXSNSw
-+OQD2z9obDf6YhQclNbe8itoKRckbfe1sxh5/TFef0y+wJkTzOKXK9yWnJrQp8V3
-gmfJy6nnaErhxbocMg55QG7vCNejuV0a384ax0SRTNSZyIhps2Yuswbx9CLX8l+r
-bQIDAQAB
------END PUBLIC KEY-----"
-	echo "$key"
-}
-
-function get_sign_source_keys() {
-	keys="-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.11 (FreeBSD)
-
-mQENBE7SKu8BCADQo6x4ZQfAcPlJMLmL8zBEBUS6GyKMMMDtrTh3Yaq481HB54oR
-0cpKL05Ff9upjrIzLD5TJUCzYYM9GQOhguDUP8+ZU9JpSz3yO2TvH7WBbUZ8FADf
-hblmmUBLNgOWgLo3W+FYhl3mz1GFS2Fvid6Tfn02L8CBAj7jxbjL1Qj/OA/WmLLc
-m6BMTqI7IBlYW2vyIOIHasISGiAwZfp0ucMeXXvTtt14LGa8qXVcFnJTdwbf03AS
-ljhYrQnKnpl3VpDAoQt8C68YCwjaNJW59hKqWB+XeIJ9CW98+EOAxLAFszSyGanp
-rCqPd0numj9TIddjcRkTA/ZbmCWK+xjpVBGXABEBAAG0IU1heGltIERvdW5pbiA8
-bWRvdW5pbkBtZG91bmluLnJ1PokBOAQTAQIAIgUCTtIq7wIbAwYLCQgHAwIGFQgC
-CQoLBBYCAwECHgECF4AACgkQUgqZk6HAUvj+iwf/b4FS6zVzJ5T0v1vcQGD4ZzXe
-D5xMC4BJW414wVMU15rfX7aCdtoCYBNiApPxEd7SwiyxWRhRA9bikUq87JEgmnyV
-0iYbHZvCvc1jOkx4WR7E45t1Mi29KBoPaFXA9X5adZkYcOQLDxa2Z8m6LGXnlF6N
-tJkxQ8APrjZsdrbDvo3HxU9muPcq49ydzhgwfLwpUs11LYkwB0An9WRPuv3jporZ
-/XgI6RfPMZ5NIx+FRRCjn6DnfHboY9rNF6NzrOReJRBhXCi6I+KkHHEnMoyg8XET
-9lVkfHTOl81aIZqrAloX3/00TkYWyM2zO9oYpOg6eUFCX/Lw4MJZsTcT5EKVxIhG
-BBARAgAGBQJO01Y/AAoJEOzw6QssFyCDVyQAn3qwTZlcZgyyzWu9Cs8gJ0CXREaS
-AJ92QjGLT9DijTcbB+q9OS/nl16Z/IhGBBARAgAGBQJO02JDAAoJEKk3YTmlJMU+
-P64AnjCKEXFelSVMtgefJk3+vpyt3QX1AKCH9M3MbTWPeDUL+MpULlfdyfvjj7kB
-DQRO0irvAQgA0LjCc8S6oZzjiap2MjRNhRFA5BYjXZRZBdKF2VP74avt2/RELq8G
-W0n7JWmKn6vvrXabEGLyfkCngAhTq9tJ/K7LPx/bmlO5+jboO/1inH2BTtLiHjAX
-vicXZk3oaZt2Sotx5mMI3yzpFQRVqZXsi0LpUTPJEh3oS8IdYRjslQh1A7P5hfCZ
-wtzwb/hKm8upODe/ITUMuXeWfLuQj/uEU6wMzmfMHb+jlYMWtb+v98aJa2FODeKP
-mWCXLa7bliXp1SSeBOEfIgEAmjM6QGlDx5sZhr2Ss2xSPRdZ8DqD7oiRVzmstX1Y
-oxEzC0yXfaefC7SgM0nMnaTvYEOYJ9CH3wARAQABiQEfBBgBAgAJBQJO0irvAhsM
-AAoJEFIKmZOhwFL4844H/jo8icCcS6eOWvnen7lg0FcCo1fIm4wW3tEmkQdchSHE
-CJDq7pgTloN65pwB5tBoT47cyYNZA9eTfJVgRc74q5cexKOYrMC3KuAqWbwqXhkV
-s0nkWxnOIidTHSXvBZfDFA4Idwte94Thrzf8Pn8UESudTiqrWoCBXk2UyVsl03gJ
-blSJAeJGYPPeo+Yj6m63OWe2+/S2VTgmbPS/RObn0Aeg7yuff0n5+ytEt2KL51gO
-QE2uIxTCawHr12PsllPkbqPk/PagIttfEJqn9b0CrqPC3HREePb2aMJ/Ctw/76CO
-wn0mtXeIXLCTvBmznXfaMKllsqbsy2nCJ2P2uJjOntw=
-=Tavt
------END PGP PUBLIC KEY BLOCK-----
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBF4TqFoBEADNbls05thIAYVVKdMDRdtzGk7HXGqx60u/kh4BL9HskUpyYFTp
-N07RJ1TyyusfD7I3skuGHvtQhqdTwHPDEPL5qrAnHps9XWUQrtU7hflcIKt43iDe
-TvfVVhN0nPir2++C4qvNnrC/UCisyz00H/I9mobl2qzyKyLT8BnUBVuXDfOTlUCY
-oF4z5BieOMvg1DZNKFDnK67ZuO4JXgtMlu4Q3tFd7qSWCWGuCuAGgn6eWFYMzCbB
-rPyBYwb7xyycQzqmJiD7Qm9OeVHmZj5rG5hGM14MyTSUVJle0U+CJCF9lmfVuR/c
-ySy7WmQgIg327x5Y5xa3pKZAvIAycnDabAk/08p59BG7UdAi2S7+2SicAH89/81V
-g4BI4mZp+IuxaP+S+ckaRf1CUvRAJuLTqUeBSuOzjag+ibD6rqusuZ1MZqLxnXyu
-gAztNDcmEFa/pqp5bgWbrlTF6zKt4cQf+a/JqFGatsfSzmrIyIZ6GEqgb8oXDDIt
-Z1AqsTfp6ZBC1vITE9+b0zBw6qq/nGD0Iq47Vp1VxmlxmnoeR4ir8z/oSukPulLU
-K3IqkmRNGEilINrtBt5jFbBlx8kwdCYvxEF6ymibBBqvwwv65jrrKheBQm+HrrVS
-aMQmo4Qzj/h/ZLL9KENHibNwUypJnvwEvw0YkAyjICvoNzDUsM+92+B/ewARAQAB
-tCFNYXhpbSBLb25vdmFsb3YgPG1heGltQG5naW54LmNvbT6JAlcEEwEKAEECGwMF
-CwkIBwMFFQoJCAsFFgIDAQACHgECF4ACGQEWIQRB25JxPTv0v/PukQacXn+i9Ul3
-1AUCXhgw1wUJBagi/QAKCRCcXn+i9Ul31LltD/40KNFPvDaORz35udrm0cyVIgbI
-lq7Vswfo5JIr8MyJ+VKJFQ2n2JiQT8QbX52Sy5P80ktSAFqcT3vtWB7bI6RfJ8Jx
-YM/w3XKnNMoUt7Q/cqZK5Ra/csmaCWqP4UVUvUBjHvly0MpnE1kxEDUglrcyVKjt
-fxB/GXeUpKOELXG44zvW2CP9Mce0FbDxrh8iCai9MK+2oSt1aJV+gONLWscRgsc7
-6q9/4KUXByt0qxScYPRQRIaxpIA8sCno21owcMOf8aQtun6Ytf+UIovl9DmK2pRm
-Ifc2JruW1Jx2r7z955ZFNgTA380jEL85dWbgbHF/pYPlwcTCnaAf294kefjrX9DN
-rejbZZ3Fh2QGs0tWW5+wncVWndq4jLQTeamUdzw5MPpOh+bZoHT+7z1PDGWe+PIn
-DTbfaFYL7MsXwScMUsexKLOoDO6KKpZjcsw9/b5JsJmP73ZEj02BjRudapObiRxm
-MtDl8Zmpg7ZUqMHEuUzyEyI5nSWu4njjrWJO0CnsjLpv2UxAbxDn1NGc/DoyxM1l
-4SQv4AJuSLo1x7PTRb9V9HkWqxXf+yCkNpV9UjmlrH104gWL6sof6rX8Jo6k+Sz+
-yyQHcVbrJ95Y3hQU7QMMnotzVbL7BRtWMtDYTp7q+gYbZ0s+YRXjaHcA5IuV65tM
-tEPwGpOCofQ2avkdqIhdBBARCgAdFiEEZVBsAu/CUPG3o9aU7PDpCywXIIMFAl4T
-qXUACgkQ7PDpCywXIIN5CQCgyNFrUBGlUvH9QlDSE/umzoyXW/UAn0ve2/HzpMVN
-uPMAAgnHYE2R0eiEtCNNYXhpbSBLb25vdmFsb3YgPG1heGltQEZyZWVCU0Qub3Jn
-PokCVAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBEHbknE9O/S/
-8+6RBpxef6L1SXfUBQJeGDDXBQkFqCL9AAoJEJxef6L1SXfUJ/IQALtwaB7mlBUB
-NdzqQRIZAVSnJZ2w6+Iul7Ax4gKrqWj6SvL/5jEdZm65D0kjxJIHq+dO+lJIMLzp
-rBkfZ0kkxOPQ1rw/QR31qHLAibknrwIQQVtzFvVg4iW7IZefx6WGbJJC5IbjBUBf
-HATqbXmMAcLILh9+t4q7Qvwi2b8ZIsC37cktthad7j4kvXqV5BJ4I+PoDT0CcW48
-wgTfMwhib52pLMu3Ghk56kwHBtYSHUDrA4KWRzRHxQ+RoUXLIdtmMRbp8ztwBMJZ
-+J/9TLrb3YHUidS3l2nE55l9dJZycCU2EOAhJMbFKbmfW/9we/Sm+vnoALGExepl
-FgdGz2NTqPA4ha2y2rBC73TSkfM+4amIrr6kSbeofjQL/w5+fhxAvM5oXuzffPK9
-8IR31d66JUTjeueobguzh9ApeHElmihimRJk0KP+NVAMNCIZmlMuOXHPwnCajcBh
-Sh9kFGy6tPPPZYQOHSm5KvyjIJDfmkFfJ5ybazkmsGhZMzQs4ZHItC1jf0vYCqsr
-d3eVEQesy5nDlSC2lWK84R+J+qTL82ZbCc/VZMniCBCC9xIvEOU9gtIH+58vF8dq
-l/jTmGp2h1/kHlJfn0cnxKJDzn2IG16jqR7VdWQEO5hjEMaZdxhM1jPGRdkM82fB
-Wwv8BLBpgBstyQlxJ/NNO5+dCtZYWRcviF0EEBEKAB0WIQRlUGwC78JQ8bej1pTs
-8OkLLBcggwUCXhOpbwAKCRDs8OkLLBcgg/jfAKCO7DIiB2DGBfLCFftmyuZJN2A6
-ZgCfV/cclX++mLyiyYqr2BXnrQk4NVG5Ag0EXhOoWgEQAOmkirptbymUR2JP9DrP
-e7aELbUw4bcMx4/nQo1QyKxjDhUdgUui4OiqxmhMjT2IlgFvcYsMeLiYGa/EdBkd
-Yq4DtEwc++2eybFQA1z6Hrk+sxdd8neN4azUa5sqVvUwenQ7UMPclSQJaE1nVGCZ
-KKVyNsK36RJrE0JfdmE1zKZFWmTCTZ/D/hTCq+hjMpCV+VWFaz3h4S+XsZiBgLB4
-+zmyHjyU6E+ecELvAHoXwMbAPiFzzms824Fc1BKHjnc8BBzfUVdIBGhxOVNHDSj3
-oxPsiBnuvSlQMlGx0YNLw/tTfw+CFOot5o/KIq9svUp8W9mdj6kKaqBLNxpjHbhQ
-yvVSK7O5uS62emMHkRwgu1tmP98d3bGlXRn+S+2MCuyqdFaK40B6vnkPnXpl5ggE
-w8JoH11ahNeJ5tX8/JpX/0aQmapt7CKwcgELJap+Qp8i/MFXef7FK/nE0lFIL95o
-l9uthd/beX6dz/EEw61lC17Opd3y0N+Dy+eJ0wbULdgKrblZ0PxsumLeICGLs7/P
-O9/3nQHJRjmFaVG10t5bL/77gvQ4l7HcuLS1GGHh+RM6EsFuuiqI+aFcDFyRITli
-g0QRq4y/C6nqhTWEyYriIi8Dq6JxXisklC1WvSIgPwq1/msmrbiKcJZFPoNtMVtO
-dzL3naM5IWOa290R541GjkEVABEBAAGJAjwEGAEKACYCGwwWIQRB25JxPTv0v/Pu
-kQacXn+i9Ul31AUCXhgw/QUJBagjIwAKCRCcXn+i9Ul31MQDEACeO6ZBLEWswuyU
-RErntoHkY6wIkpfMiERjgfqbNkrdBgXg8dT7kPsXFEtv3ZccjPbsRecJaXdmwGab
-mp9MUDYG3SiqgFNriJTv2WECzgYKrZQg38JVwfl7OHPaV2fwZvG56a4qKpIZ3wIg
-4acfEPkHQ2ygpKnEJD4IsEK225PtYq5lmNfntvDhbuTPh2vY8T9w0udGCzp4JS60
-zLeGGat+52PislEtrSa2B7zSMzGmOqDidaDbEfzdzL+IteZHWDGmYNQ8yICIv6Wj
-A80k7uhzDWJf5RMQSNybBykrlWSooaVrBWHgDky5ldAQjDtVrMkBpzglH8FQ44i+
-la9caRDfw0Lfxg52vV4eXtpSHAYx3cFREEW9xpTOwOE7Qg0JyHAkUKNb8DJgyehC
-BjSeeiMFiZX1plyYFrUAB8dVXi9Z7kqOjTpfYU6kAxDXzQhlqqgYRwoFJQcsQ1Ll
-jKptAs6glmDx8dJcjUrK/eH24GGg46eGv2wxY4+sItXfLQ2oeU4uh/vORjvgeeNp
-er4z5KLuKxwgpaobavtRZmZSZdGrdC93Si27dpSRiWYn1csoTxG0zZhUVFFW68I4
-I5PIdJwblvxayVKdg0aVW/RwDsOLH0twVxwnOPSjLPEB2IwGnlX6rN38cRnibPXM
-yh4LsaVRdhbFe9aNd/O5iNgDcQtCUg==
-=/pFc
------END PGP PUBLIC KEY BLOCK-----
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.11 (FreeBSD)
-
-mQENBE5E4vkBCADPkWWzk7W5cXOqeZ1ULNSj8nt5azbYjfQ8OyR2AaDW8J7oazYH
-reIHKid5uZVJxwr1uLoMloGiYTdy4XYIF2WcOfDnjNGumrAT0Nd4Kdax/pHr5Pdp
-jFsO4BkHyWk/5/zDCijyoGYLBR6I8hqn+WDuLG/sTtVuTWkUeOlfxb2eZdLyZ3oP
-5T5FXtWTpKvr2y7RGshmS6EJnjiVvvErdbNItFXghqvBBaFOJaS2PRBEO9RfKpti
-i+eS/cmlrm+Tjv44EPfQyLtAmCQ8uqfL50uIKEp6/dsC/OVJ6JlJOYl4j90DX7vB
-TJaOyUm4s+BLF2BK+Ow8+s+B6jQ5noa/o16NABEBAAG0IFNlcmdleSBCdWRuZXZp
-dGNoIDxzYkBuZ2lueC5jb20+iQE+BBMBAgAoBQJOROQ6AhsDBQkJZgGABgsJCAcD
-AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCmT9Wxets5qEQgB/43Mxmiy7DjXEbxIYkC
-9xPC4kf1X+bHkJ9BtAgaYDQewjtQ7vS98TKJBibm3l4egmBjFWjCpL8845n966+u
-XDqrDWJtOPUXvSEQNXGlijDGSxxpdK2dxDOKIOC8nIlZq/Xz/Uqjb2ZrszmYK2LD
-IHI1mN9HdI6aTt41QbtG0nkaPPgv3MEvxSMVCzVddroyPXvf/ErT4OSYU+dqJhH+
-SBIezuF0suzH/siCksbSBZHIst5rggpjsZvijP5YFH/hpEsR+tKXo9EFk49xn9Ou
-WdmpOEs7CKDbTApkh9XN/Pk5nJQ/HIDuW8pkgzf2wxNWlMSYw6xnozDkeIqpJcDD
-4niqiEYEEBECAAYFAk5OYocACgkQ7PDpCywXIIMKtQCfaAl2rvbEImu6MnDR32KG
-HTDH2TEAoNeWrSlavyFzbSQka53E9Gs6gF63tCBTZXJnZXkgQnVkbmV2aXRjaCA8
-c2JAd2FlbWUubmV0PokBQQQTAQIAKwIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYC
-AwECHgECF4AFAk5OR38CGQEACgkQpk/VsXrbOagPmAf/QmIEDkkiovc1MgQ81lh4
-eeHfvtptb+U4GVCu07DQUR9kEtN6Jqi65gKb95fEztI14PpX+euiWrc/RlnsxWc0
-jYF0UmyacWLN6oHPoxlCK5+7zyoz5UTNrYGkTfWfcNtTU509CEZRClBNjMZOTZjP
-QhdR+Ce6tngRcQvMGNaLjJkKuY7vPh6FjT5oqxpnEIRTsWq6bUaeCXm7j9x0as1Z
-w1E5D5it3Ug3VlAe58jFJmRgatOsWznKuNoLRjQ2Chp2ce+dLgXriuJMrvEsn5S4
-dImUGL5DVYWDVZNG+r85XnOhMfKG308pZby1uzFvD+j3P6yMj1tpaCAAi5lUkHh6
-bIhGBBARAgAGBQJOTmJ/AAoJEOzw6QssFyCDH50AoMyJPvPDTYXK5KHOlPYPZQ5M
-OuCAAJ9zQ/3hKedm3xCLGl4Y6hjxJNlUTbkBDQROROL5AQgAuGIfx9aVOOXVdj8b
-XvjBQt+UkBURYGACHFQ69w71Aupsg9pZ7FgwgVKxnoNlmRag8sInjQbs3M/lS0sB
-dg75zZ7Ph7aPev8RAqdtX5+xxvujv1cmkFBExFuC5Wp/Yfzk/lPWZR4vXZrTpRiF
-PLMlRu0CEJFqoqPPygGFar02Q7rO+da35pxAuYrOWGM7MNr8H/vk13+GiqniBQCa
-uSoWwZQzaEdG5VGgm/vAwPzO+Cbam3r+Hs7OieykAy8fv+B+qhHn8Vc/520iGvdO
-IAKpxl6oZrkbNL/wozOOLZni7iWl30C43ujxPiGRlg/YotHmhlnMic85QKyakXCS
-WXI/JQARAQABiQElBBgBAgAPBQJOROL5AhsMBQkJZgGAAAoJEKZP1bF62zmoGCwH
-/2a6zlu4Jwmv21vuroaAzECV8gp1luBeagn23EgMMukYhkbwLtL/0twAHmZlkpzl
-atfq/EH2PgOasl2biJixqp7o9V7Uw6PS5JoY+1IrLEurG+FU2TN/Ysp12al4Z0Hh
-p4yBRSEikISO9gkeUThixDPX1PjCpx8G/ZYqk+8jRCcDgWsUc/WV3VGPht68oDd7
-56/hfQYc/V3eJmm5WYLVGV7Q69tGtp6D09SpoeqCD2K77auEBRVJ4jaT4B2/EfSb
-x6y7Dy4Oxm8TBOQ2EZw2vEixKxtEt86/oBtLUkqVockPq/Ek9AL+KzT6VR1xU+Cm
-CoHAyoqJeb/xLBwuKWg0/4U=
-=iFlP
------END PGP PUBLIC KEY BLOCK-----"
-	echo "$keys"
-}
-
-# Variables
-NTASK=$(nproc)
-
-# Check if we are root
-if [ $(id -u) -ne 0 ] ; then
-	echo "[!] Run me as root"
-	exit 1
-fi
-
-# Detect OS
-OS=""
-if [ "$(grep Debian /etc/os-release)" != "" ] ; then
-	OS="debian"
-elif [ "$(grep Ubuntu /etc/os-release)" != "" ] ; then
-	OS="ubuntu"
-elif [ "$(grep CentOS /etc/os-release)" != "" ] ; then
-	OS="centos"
-elif [ "$(grep Alpine /etc/os-release)" != "" ] ; then
-	OS="alpine"
-fi
-if [ "$OS" = "" ] ; then
-	echo "[!] Unsupported Operating System"
-	exit 1
-fi
-
-# Create /tmp/bunkerized-nginx
-echo "[*] Prepare /tmp/bunkerized-nginx"
-if [ -e "/tmp/bunkerized-nginx" ] ; then
-	do_and_check_cmd rm -rf /tmp/bunkerized-nginx
-fi
-do_and_check_cmd mkdir /tmp/bunkerized-nginx
-
-# Create /opt/bunkerized-nginx
-echo "[*] Prepare /opt/bunkerized-nginx"
-if [ -e "/opt/bunkerized-nginx" ] ; then
-	do_and_check_cmd rm -rf /opt/bunkerized-nginx
-fi
-do_and_check_cmd mkdir /opt/bunkerized-nginx
-
-# Check nginx version
-NGINX_VERSION="$(nginx -V 2>&1 | sed -rn 's~^nginx version: nginx/(.*)$~\1~p')"
-# Add nginx official repo and install
-if [ "$NGINX_VERSION" = "" ] ; then
-	get_sign_repo_key > /tmp/bunkerized-nginx/nginx_signing.key
-	if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
-		echo "[*] Add nginx official repository"
-		do_and_check_cmd cp /tmp/bunkerized-nginx/nginx_signing.key /etc/apt/trusted.gpg.d/nginx_signing.asc
-		do_and_check_cmd apt update
-		DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y gnupg2 ca-certificates lsb-release software-properties-common
-		do_and_check_cmd add-apt-repository "deb http://nginx.org/packages/${OS} $(lsb_release -cs) nginx"
-		do_and_check_cmd apt update
-		echo "[*] Install nginx"
-		DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y nginx
-	elif [ "$OS" = "centos" ] ; then
-		echo "[*] Add nginx official repository"
-		do_and_check_cmd yum install -y yum-utils
-		cp /tmp/bunkerized-nginx/nginx_signing.key /etc/pki/rpm-gpg/RPM-GPG-KEY-nginx
-		do_and_check_cmd rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-nginx
-		repo="[nginx-stable]
-name=nginx stable repo
-baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-nginx
-enabled=1
-module_hotfixes=true"
-		echo "$repo" > /etc/yum.repos.d/nginx.repo
-		echo "[*] Install nginx"
-		do_and_check_cmd yum install -y nginx
-	elif [ "$OS" = "alpine" ] ; then
-		echo "[*] Add nginx official repository"
-		get_sign_repo_key_rsa > /etc/apk/keys/nginx_signing.rsa.pub
-		echo "@nginx http://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories
-		echo "[*] Install nginx"
-		do_and_check_cmd apk add nginx@nginx
-	fi
-	NGINX_VERSION="$(nginx -V 2>&1 | sed -rn 's~^nginx version: nginx/(.*)$~\1~p')"
-fi
-echo "[*] Detected nginx version ${NGINX_VERSION}"
-if [ "$NGINX_VERSION" != "1.20.1" ] ; then
-	echo "/!\\ Warning : we recommend you to use nginx v1.20.1, you should uninstall your nginx version and run this script again ! /!\\"
-fi
-
-# Install dependencies
-echo "[*] Update packet list"
-if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
-	do_and_check_cmd apt update
-fi
-echo "[*] Install dependencies"
-if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
-	DEBIAN_DEPS="git autoconf pkg-config libpcre++-dev automake libtool g++ make liblua5.1-0-dev libgd-dev lua5.1 libssl-dev wget libbrotli-dev gnupg"
-	DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y $DEBIAN_DEPS
-	do_and_check_cmd cp -r /usr/include/lua5.1/* /usr/include
-elif [ "$OS" = "centos" ] ; then
-	do_and_check_cmd yum install -y epel-release
-	CENTOS_DEPS="git autoconf pkg-config pcre-devel automake libtool gcc-c++ make lua-devel gd-devel lua openssl-devel wget brotli-devel gnupg"
-	do_and_check_cmd yum install -y $CENTOS_DEPS
-elif [ "$OS" = "alpine" ] ; then
-	ALPINE_DEPS="git build autoconf libtool automake git geoip-dev yajl-dev g++ gcc curl-dev libxml2-dev pcre-dev make linux-headers musl-dev lua-dev gd-dev gnupg brotli-dev openssl-dev"
-	do_and_check_cmd apk add --no-cache --virtual build $ALPINE_DEPS
-fi
-
-# Download, compile and install libmaxminddb
-echo "[*] Download maxmind/libmaxminddb"
-secure_download "https://github.com/maxmind/libmaxminddb/releases/download/1.6.0/libmaxminddb-1.6.0.tar.gz" "libmaxminddb-1.6.0.tar.gz" "9394e8dd959982d4ef5d15a928d32700722ed9d6c9988d9cc1bf2f4e67de0a53cc6987e90aaef3a6926c9ff36ac378f7a1fe47818fda4f5a3a22539210b2d004"
-CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xzf libmaxminddb-1.6.0.tar.gz
-echo "[*] Compile and install libmaxminddb"
-CHANGE_DIR="/tmp/bunkerized-nginx/libmaxminddb-1.6.0" do_and_check_cmd ./configure
-CHANGE_DIR="/tmp/bunkerized-nginx/libmaxminddb-1.6.0" do_and_check_cmd make -j $NTASK
-CHANGE_DIR="/tmp/bunkerized-nginx/libmaxminddb-1.6.0" do_and_check_cmd make install
-if [ "$OS" = "centos" ] ; then
-	do_and_check_cmd cp -P /usr/local/lib/libmaxminddb* /lib64/
-fi
-
-# Download, compile and install ModSecurity
-echo "[*] Clone SpiderLabs/ModSecurity"
-git_secure_clone https://github.com/SpiderLabs/ModSecurity.git bf881a4eda343d37629e39ede5e28b70dc4067c0
-echo "[*] Compile and install ModSecurity"
-# temp fix : Debian run it twice
-cd /tmp/bunkerized-nginx/ModSecurity && ./build.sh > /dev/null 2>&1
-CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd sh build.sh
-CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd git submodule init
-CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd git submodule update
-CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout bindings/python 47a6925df187f96e4593afab18dc92d5f22bd4d5
-CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout others/libinjection bf234eb2f385b969c4f803b35fda53cffdd93922
-CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout test/test-cases/secrules-language-tests d03f4c1e930440df46c1faa37d820a919704d9da
-CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd ./configure --disable-doxygen-doc --disable-dependency-tracking --disable-examples
-CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd make -j $NTASK
-CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd make install-strip
-
-# Download and install OWASP Core Rule Set
-echo "[*] Clone coreruleset/coreruleset"
-git_secure_clone https://github.com/coreruleset/coreruleset.git 18703f1bc47e9c4ec4096853d5fb4e2a204a07a2
-echo "[*] Install coreruleset"
-do_and_check_cmd mkdir /opt/bunkerized-nginx/crs
-do_and_check_cmd cp -r /tmp/bunkerized-nginx/coreruleset/rules/* /opt/bunkerized-nginx/crs
-do_and_check_cmd cp /tmp/bunkerized-nginx/coreruleset/crs-setup.conf.example /opt/bunkerized-nginx/crs-setup.conf
-
-# Download ModSecurity-nginx module
-echo "[*] Clone SpiderLabs/ModSecurity-nginx"
-git_secure_clone https://github.com/SpiderLabs/ModSecurity-nginx.git 2497e6ac654d0b117b9534aa735b757c6b11c84f
-
-# Download headers more module
-echo "[*] Clone openresty/headers-more-nginx-module"
-git_secure_clone https://github.com/openresty/headers-more-nginx-module.git f85af9649b858e21b400a2150a4c7b8ebd36e921
-
-# Download GeoIP moduke
-echo "[*] Clone leev/ngx_http_geoip2_module"
-git_secure_clone https://github.com/leev/ngx_http_geoip2_module.git 1cabd8a1f68ea3998f94e9f3504431970f848fbf
-
-# Download cookie flag module
-echo "[*] Clone AirisX/nginx_cookie_flag_module"
-git_secure_clone https://github.com/AirisX/nginx_cookie_flag_module.git c4ff449318474fbbb4ba5f40cb67ccd54dc595d4
-
-# Download brotli module
-echo "[*] Clone google/ngx_brotli"
-git_secure_clone https://github.com/google/ngx_brotli.git 9aec15e2aa6feea2113119ba06460af70ab3ea62
-
-# Download lua-nginx module
-git_secure_clone https://github.com/openresty/lua-nginx-module.git 9007d673e28938f5dfa7720438991e22b794d225
-
-# Download, compile and install luajit2
-echo "[*] Clone openresty/luajit2"
-git_secure_clone https://github.com/openresty/luajit2.git 5ff674c5d9b75d6018994dfac3ce38aab3b8db12
-echo "[*] Compile luajit2"
-CHANGE_DIR="/tmp/bunkerized-nginx/luajit2" do_and_check_cmd make -j $NTASK
-echo "[*] Install luajit2"
-CHANGE_DIR="/tmp/bunkerized-nginx/luajit2" do_and_check_cmd make install
-if [ "$OS" = "centos" ] ; then
-	do_and_check_cmd cp -P /usr/local/lib/libluajit* /lib64/
-fi
-
-# Download and install lua-resty-core
-echo "[*] Clone openresty/lua-resty-core"
-git_secure_clone https://github.com/openresty/lua-resty-core.git 12f26310a35e45c37157420f7e1f395a0e36e457
-echo "[*] Install lua-resty-core"
-CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-core" do_and_check_cmd make install
-
-# Download and install lua-resty-lrucache
-echo "[*] Clone openresty/lua-resty-lrucache"
-git_secure_clone https://github.com/openresty/lua-resty-lrucache.git f20bb8ac9489ba87d90d78f929552c2eab153caa
-echo "[*] Install lua-resty-lrucache"
-CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-lrucache" do_and_check_cmd make install
-
-# Download and install lua-resty-dns
-echo "[*] Clone openresty/lua-resty-dns"
-git_secure_clone https://github.com/openresty/lua-resty-dns.git 869d2fbb009b6ada93a5a10cb93acd1cc12bd53f
-echo "[*] Install lua-resty-dns"
-CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-dns" do_and_check_cmd make install
-
-# Download and install lua-resty-session
-echo "[*] Clone bungle/lua-resty-session"
-git_secure_clone https://github.com/bungle/lua-resty-session.git 2cd1f8484fdd429505ac33abf7a44adda1f367bf
-echo "[*] Install lua-resty-session"
-do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-resty-session/lib/resty/* /usr/local/lib/lua/resty
-
-# Download and install lua-resty-random
-echo "[*] Clone bungle/lua-resty-random"
-git_secure_clone https://github.com/bungle/lua-resty-random.git 17b604f7f7dd217557ca548fc1a9a0d373386480
-echo "[*] Install lua-resty-random"
-CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-random" do_and_check_cmd make install
-
-# Download and install lua-resty-string
-echo "[*] Clone openresty/lua-resty-string"
-git_secure_clone https://github.com/openresty/lua-resty-string.git 3624678ca1c7c32e2fb16c18b7511863e074d542
-echo "[*] Install lua-resty-string"
-CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-string" do_and_check_cmd make install
-
-# Download, compile and install lua-cjson
-echo "[*] Clone openresty/lua-cjson"
-git_secure_clone https://github.com/openresty/lua-cjson.git 0df488874f52a881d14b5876babaa780bb6200ee
-echo "[*] Compile lua-cjson"
-CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make -j $NTASK
-echo "[*] Install lua-cjson"
-CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make install
-CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make install-extra
-
-# Download, compile and install lua-gd
-echo "[*] Clone ittner/lua-gd"
-git_secure_clone https://github.com/ittner/lua-gd.git 2ce8e478a8591afd71e607506bc8c64b161bbd30
-echo "[*] Compile lua-gd"
-if [ "$OS" = "centos" ] ; then
-	CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make LUAPKG=lua LUABIN=lua -j $NTASK
-else
-	CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make -j $NTASK
-fi
-echo "[*] Install lua-gd"
-CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make INSTALL_PATH=/usr/local/lib/lua/5.1 install
-
-# Download and install lua-resty-http
-echo "[*] Clone ledgetech/lua-resty-http"
-git_secure_clone https://github.com/ledgetech/lua-resty-http.git 9bf951dfe162dd9710a0e1f4525738d4902e9d20
-echo "[*] Install lua-resty-http"
-CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-http" do_and_check_cmd make install
-
-# Download and install lualogging
-echo "[*] Clone Neopallium/lualogging"
-git_secure_clone https://github.com/lunarmodules/lualogging.git 5973188a1f8fc31abd98aceed2a4853986d779e9
-echo "[*] Install lualogging"
-do_and_check_cmd cp -r /tmp/bunkerized-nginx/lualogging/src/* /usr/local/lib/lua
-
-# Download, compile and install luasocket
-echo "[*] Clone diegonehab/luasocket"
-git_secure_clone https://github.com/diegonehab/luasocket.git 5b18e475f38fcf28429b1cc4b17baee3b9793a62
-echo "[*] Compile luasocket"
-CHANGE_DIR="/tmp/bunkerized-nginx/luasocket" do_and_check_cmd make -j $NTASK
-echo "[*] Install luasocket"
-CHANGE_DIR="/tmp/bunkerized-nginx/luasocket" do_and_check_cmd make CDIR_linux=lib/lua/5.1 LDIR_linux=lib/lua install
-
-# Download, compile and install luasec
-echo "[*] Clone brunoos/luasec"
-git_secure_clone https://github.com/brunoos/luasec.git d5df31561751ec0d4098dfc09c92ece215a56a5a
-echo "[*] Compile luasec"
-CHANGE_DIR="/tmp/bunkerized-nginx/luasec" do_and_check_cmd make linux -j $NTASK
-echo "[*] Install luasec"
-CHANGE_DIR="/tmp/bunkerized-nginx/luasec" do_and_check_cmd make LUACPATH=/usr/local/lib/lua/5.1 LUAPATH=/usr/local/lib/lua install
-
-# Download and install lua-cs-bouncer
-echo "[*] Clone crowdsecurity/lua-cs-bouncer"
-git_secure_clone https://github.com/crowdsecurity/lua-cs-bouncer.git 3c235c813fc453dcf51a391bc9e9a36ca77958b0
-echo "[*] Install lua-cs-bouncer"
-if [ ! -d /usr/local/lib/lua/crowdsec ] ; then
-	do_and_check_cmd mkdir /usr/local/lib/lua/crowdsec
-fi
-do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-cs-bouncer/lib/* /usr/local/lib/lua/crowdsec
-do_and_check_cmd sed -i 's/require "lrucache"/require "resty.lrucache"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
-do_and_check_cmd sed -i 's/require "config"/require "crowdsec.config"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
-
-# Download and install lua-resty-iputils
-echo "[*] Clone hamishforbes/lua-resty-iputils"
-git_secure_clone https://github.com/hamishforbes/lua-resty-iputils.git 3151d6485e830421266eee5c0f386c32c835dba4
-echo "[*] Install lua-resty-iputils"
-CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-iputils" do_and_check_cmd make LUA_LIB_DIR=/usr/local/lib/lua install
-
-# Download nginx and decompress sources
-echo "[*] Download nginx-${NGINX_VERSION}.tar.gz"
-do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz"
-do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz.asc" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz.asc"
-get_sign_source_keys > /tmp/bunkerized-nginx/nginx.key
-do_and_check_cmd gpg --import /tmp/bunkerized-nginx/nginx.key
-check=$(gpg --verify /tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz.asc /tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz 2>&1 | grep "^gpg: Good signature from ")
-if [ "$check" = "" ] ; then
-	echo "[!] Wrong signature from nginx source !!!"
-	cleanup
-	exit 1
-fi
-CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xvzf nginx-${NGINX_VERSION}.tar.gz
-
-# Compile dynamic modules
-echo "[*] Compile dynamic modules"
-CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
-CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
-echo "\#/bin/sh" > "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
-echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli" >> "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
-do_and_check_cmd chmod +x "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
-CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure-fix.sh
-CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules
-if [ ! -d "/usr/lib/nginx/modules" ] ; then
-	do_and_check_cmd mkdir -p /usr/lib/nginx/modules
-fi
-do_and_check_cmd chown -R root:root /usr/lib/nginx
-do_and_check_cmd chmod -R 755 /usr/lib/nginx
-CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib/nginx/modules
-do_and_check_cmd chmod 744 /usr/lib/nginx/modules/*
-
-# We're done
-if [ "$OS" = "alpine" ] ; then
-	apk del build > /dev/null 2>&1
-fi
-cleanup
-echo "[*] Dependencies for bunkerized-nginx successfully installed !"
-exit 0
diff --git a/helpers/docker.sh b/helpers/docker.sh
new file mode 100644
index 0000000..a1fb9fd
--- /dev/null
+++ b/helpers/docker.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+# prepare /www
+mkdir /www
+chown -R root:nginx /www
+chmod -R 770 /www
+
+# prepare /acme-challenge
+mkdir /acme-challenge
+chown root:nginx /acme-challenge
+chmod 770 /acme-challenge
+
+# prepare /cache
+mkdir /cache
+chown root:nginx /cache
+chmod 770 /cache
+
+# prepare /plugins
+mkdir /plugins
+chown root:nginx /plugins
+chmod 770 /plugins
+
+# prepare symlinks
+folders="www http-confs server-confs modsec-confs modsec-crs-confs cache pre-server-confs acme-challenge plugins"
+for folder in $folders ; do
+	if [ -e "/opt/bunkerized-nginx/$folder" ] ; then
+		rm -rf "/opt/bunkerized-nginx/$folder"
+	fi
+	ln -s "/$folder" "/opt/bunkerized-nginx/$folder"
+done
+
+# prepare /var/log
+rm -f /var/log/nginx/*
+ln -s /proc/1/fd/2 /var/log/nginx/error.log
+ln -s /proc/1/fd/2 /var/log/nginx/modsec_audit.log
+ln -s /proc/1/fd/1 /var/log/nginx/access.log
+ln -s /proc/1/fd/1 /var/log/nginx/jobs.log
diff --git a/helpers/install.sh b/helpers/install.sh
index 477c536..d0ef886 100644
--- a/helpers/install.sh
+++ b/helpers/install.sh
@@ -1,5 +1,21 @@
 #!/bin/bash
 
+function git_secure_checkout() {
+	if [ "$CHANGE_DIR" != "" ] ; then
+		cd "$CHANGE_DIR"
+	fi
+	path="$1"
+	commit="$2"
+	cd "$path"
+	output="$(git checkout "${commit}^{commit}" 2>&1)"
+	if [ $? -ne 0 ] ; then
+		echo "[!] Commit hash $commit is absent from submodules $path !"
+		echo "$output"
+		cleanup
+		exit 4
+	fi
+}
+
 function git_secure_clone() {
 	cd /tmp/bunkerized-nginx
 	repo="$1"
@@ -22,6 +38,26 @@ function git_secure_clone() {
 	fi
 }
 
+function secure_download() {
+	cd /tmp/bunkerized-nginx
+	link="$1"
+	file="$2"
+	hash="$3"
+	output="$(wget -q -O "$file" "$link" 2>&1)"
+	if [ $? -ne 0 ] ; then
+		echo "[!] Error downloading $link"
+		echo "$output"
+		cleanup
+		exit 5
+	fi
+	check="$(sha512sum "$file" | cut -d ' ' -f 1)"
+	if [ "$check" != "$hash" ] ; then
+		echo "[!] Wrong hash from file $link (expected $hash got $check)"
+		cleanup
+		exit 6
+	fi
+}
+
 function do_and_check_cmd() {
 	if [ "$CHANGE_DIR" != "" ] ; then
 		cd "$CHANGE_DIR"
@@ -43,6 +79,201 @@ function cleanup() {
 	rm -rf /tmp/bunkerized-nginx
 }
 
+function get_sign_repo_key() {
+	key="-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH
+W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I
+QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE
+fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt
+97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5
+XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg
+a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoAhsDBgsJCAcDAgYV
+CAIJCgsEFgIDAQIeAQIXgAUCV2K1+AUJGB4fQQAKCRCr9b2Ce9m/YloaB/9XGrol
+kocm7l/tsVjaBQCteXKuwsm4XhCuAQ6YAwA1L1UheGOG/aa2xJvrXE8X32tgcTjr
+KoYoXWcdxaFjlXGTt6jV85qRguUzvMOxxSEM2Dn115etN9piPl0Zz+4rkx8+2vJG
+F+eMlruPXg/zd88NvyLq5gGHEsFRBMVufYmHtNfcp4okC1klWiRIRSdp4QY1wdrN
+1O+/oCTl8Bzy6hcHjLIq3aoumcLxMjtBoclc/5OTioLDwSDfVx7rWyfRhcBzVbwD
+oe/PD08AoAA6fxXvWjSxy+dGhEaXoTHjkCbz/l6NxrK3JFyauDgU4K4MytsZ1HDi
+MgMW8hZXxszoICTTiQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S
+YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx
+JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/
+Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk
+RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J
+SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf
+Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6
+cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f
+YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y
+Va3l3WuB+rgKjsQ=
+=EWWI
+-----END PGP PUBLIC KEY BLOCK-----"
+	echo "$key"
+}
+
+function get_sign_repo_key_rsa() {
+	key="-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/hT2Chq4hhn+zasCn1gv
+N3AVdNYGm4FVkJmWzHBc3lvoTLIMR1uoopg9EbH2faBG3yQjxtAkUme6aauaSmpm
+LNvhCfENsrDhRx8KRqwNgvM8jQLOCEMZ2WSGxE4HEsBbQ7p9F4qj8D2YMrl1ZvTw
+Gy2UW3wc5vMEf90lsoKmQQS3UJOUxHw0fhJ8vzNUVUeMQpRAjjRfVAQdnoxXSNSw
++OQD2z9obDf6YhQclNbe8itoKRckbfe1sxh5/TFef0y+wJkTzOKXK9yWnJrQp8V3
+gmfJy6nnaErhxbocMg55QG7vCNejuV0a384ax0SRTNSZyIhps2Yuswbx9CLX8l+r
+bQIDAQAB
+-----END PUBLIC KEY-----"
+	echo "$key"
+}
+
+function get_sign_source_keys() {
+	keys="-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.11 (FreeBSD)
+
+mQENBE7SKu8BCADQo6x4ZQfAcPlJMLmL8zBEBUS6GyKMMMDtrTh3Yaq481HB54oR
+0cpKL05Ff9upjrIzLD5TJUCzYYM9GQOhguDUP8+ZU9JpSz3yO2TvH7WBbUZ8FADf
+hblmmUBLNgOWgLo3W+FYhl3mz1GFS2Fvid6Tfn02L8CBAj7jxbjL1Qj/OA/WmLLc
+m6BMTqI7IBlYW2vyIOIHasISGiAwZfp0ucMeXXvTtt14LGa8qXVcFnJTdwbf03AS
+ljhYrQnKnpl3VpDAoQt8C68YCwjaNJW59hKqWB+XeIJ9CW98+EOAxLAFszSyGanp
+rCqPd0numj9TIddjcRkTA/ZbmCWK+xjpVBGXABEBAAG0IU1heGltIERvdW5pbiA8
+bWRvdW5pbkBtZG91bmluLnJ1PokBOAQTAQIAIgUCTtIq7wIbAwYLCQgHAwIGFQgC
+CQoLBBYCAwECHgECF4AACgkQUgqZk6HAUvj+iwf/b4FS6zVzJ5T0v1vcQGD4ZzXe
+D5xMC4BJW414wVMU15rfX7aCdtoCYBNiApPxEd7SwiyxWRhRA9bikUq87JEgmnyV
+0iYbHZvCvc1jOkx4WR7E45t1Mi29KBoPaFXA9X5adZkYcOQLDxa2Z8m6LGXnlF6N
+tJkxQ8APrjZsdrbDvo3HxU9muPcq49ydzhgwfLwpUs11LYkwB0An9WRPuv3jporZ
+/XgI6RfPMZ5NIx+FRRCjn6DnfHboY9rNF6NzrOReJRBhXCi6I+KkHHEnMoyg8XET
+9lVkfHTOl81aIZqrAloX3/00TkYWyM2zO9oYpOg6eUFCX/Lw4MJZsTcT5EKVxIhG
+BBARAgAGBQJO01Y/AAoJEOzw6QssFyCDVyQAn3qwTZlcZgyyzWu9Cs8gJ0CXREaS
+AJ92QjGLT9DijTcbB+q9OS/nl16Z/IhGBBARAgAGBQJO02JDAAoJEKk3YTmlJMU+
+P64AnjCKEXFelSVMtgefJk3+vpyt3QX1AKCH9M3MbTWPeDUL+MpULlfdyfvjj7kB
+DQRO0irvAQgA0LjCc8S6oZzjiap2MjRNhRFA5BYjXZRZBdKF2VP74avt2/RELq8G
+W0n7JWmKn6vvrXabEGLyfkCngAhTq9tJ/K7LPx/bmlO5+jboO/1inH2BTtLiHjAX
+vicXZk3oaZt2Sotx5mMI3yzpFQRVqZXsi0LpUTPJEh3oS8IdYRjslQh1A7P5hfCZ
+wtzwb/hKm8upODe/ITUMuXeWfLuQj/uEU6wMzmfMHb+jlYMWtb+v98aJa2FODeKP
+mWCXLa7bliXp1SSeBOEfIgEAmjM6QGlDx5sZhr2Ss2xSPRdZ8DqD7oiRVzmstX1Y
+oxEzC0yXfaefC7SgM0nMnaTvYEOYJ9CH3wARAQABiQEfBBgBAgAJBQJO0irvAhsM
+AAoJEFIKmZOhwFL4844H/jo8icCcS6eOWvnen7lg0FcCo1fIm4wW3tEmkQdchSHE
+CJDq7pgTloN65pwB5tBoT47cyYNZA9eTfJVgRc74q5cexKOYrMC3KuAqWbwqXhkV
+s0nkWxnOIidTHSXvBZfDFA4Idwte94Thrzf8Pn8UESudTiqrWoCBXk2UyVsl03gJ
+blSJAeJGYPPeo+Yj6m63OWe2+/S2VTgmbPS/RObn0Aeg7yuff0n5+ytEt2KL51gO
+QE2uIxTCawHr12PsllPkbqPk/PagIttfEJqn9b0CrqPC3HREePb2aMJ/Ctw/76CO
+wn0mtXeIXLCTvBmznXfaMKllsqbsy2nCJ2P2uJjOntw=
+=Tavt
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF4TqFoBEADNbls05thIAYVVKdMDRdtzGk7HXGqx60u/kh4BL9HskUpyYFTp
+N07RJ1TyyusfD7I3skuGHvtQhqdTwHPDEPL5qrAnHps9XWUQrtU7hflcIKt43iDe
+TvfVVhN0nPir2++C4qvNnrC/UCisyz00H/I9mobl2qzyKyLT8BnUBVuXDfOTlUCY
+oF4z5BieOMvg1DZNKFDnK67ZuO4JXgtMlu4Q3tFd7qSWCWGuCuAGgn6eWFYMzCbB
+rPyBYwb7xyycQzqmJiD7Qm9OeVHmZj5rG5hGM14MyTSUVJle0U+CJCF9lmfVuR/c
+ySy7WmQgIg327x5Y5xa3pKZAvIAycnDabAk/08p59BG7UdAi2S7+2SicAH89/81V
+g4BI4mZp+IuxaP+S+ckaRf1CUvRAJuLTqUeBSuOzjag+ibD6rqusuZ1MZqLxnXyu
+gAztNDcmEFa/pqp5bgWbrlTF6zKt4cQf+a/JqFGatsfSzmrIyIZ6GEqgb8oXDDIt
+Z1AqsTfp6ZBC1vITE9+b0zBw6qq/nGD0Iq47Vp1VxmlxmnoeR4ir8z/oSukPulLU
+K3IqkmRNGEilINrtBt5jFbBlx8kwdCYvxEF6ymibBBqvwwv65jrrKheBQm+HrrVS
+aMQmo4Qzj/h/ZLL9KENHibNwUypJnvwEvw0YkAyjICvoNzDUsM+92+B/ewARAQAB
+tCFNYXhpbSBLb25vdmFsb3YgPG1heGltQG5naW54LmNvbT6JAlcEEwEKAEECGwMF
+CwkIBwMFFQoJCAsFFgIDAQACHgECF4ACGQEWIQRB25JxPTv0v/PukQacXn+i9Ul3
+1AUCXhgw1wUJBagi/QAKCRCcXn+i9Ul31LltD/40KNFPvDaORz35udrm0cyVIgbI
+lq7Vswfo5JIr8MyJ+VKJFQ2n2JiQT8QbX52Sy5P80ktSAFqcT3vtWB7bI6RfJ8Jx
+YM/w3XKnNMoUt7Q/cqZK5Ra/csmaCWqP4UVUvUBjHvly0MpnE1kxEDUglrcyVKjt
+fxB/GXeUpKOELXG44zvW2CP9Mce0FbDxrh8iCai9MK+2oSt1aJV+gONLWscRgsc7
+6q9/4KUXByt0qxScYPRQRIaxpIA8sCno21owcMOf8aQtun6Ytf+UIovl9DmK2pRm
+Ifc2JruW1Jx2r7z955ZFNgTA380jEL85dWbgbHF/pYPlwcTCnaAf294kefjrX9DN
+rejbZZ3Fh2QGs0tWW5+wncVWndq4jLQTeamUdzw5MPpOh+bZoHT+7z1PDGWe+PIn
+DTbfaFYL7MsXwScMUsexKLOoDO6KKpZjcsw9/b5JsJmP73ZEj02BjRudapObiRxm
+MtDl8Zmpg7ZUqMHEuUzyEyI5nSWu4njjrWJO0CnsjLpv2UxAbxDn1NGc/DoyxM1l
+4SQv4AJuSLo1x7PTRb9V9HkWqxXf+yCkNpV9UjmlrH104gWL6sof6rX8Jo6k+Sz+
+yyQHcVbrJ95Y3hQU7QMMnotzVbL7BRtWMtDYTp7q+gYbZ0s+YRXjaHcA5IuV65tM
+tEPwGpOCofQ2avkdqIhdBBARCgAdFiEEZVBsAu/CUPG3o9aU7PDpCywXIIMFAl4T
+qXUACgkQ7PDpCywXIIN5CQCgyNFrUBGlUvH9QlDSE/umzoyXW/UAn0ve2/HzpMVN
+uPMAAgnHYE2R0eiEtCNNYXhpbSBLb25vdmFsb3YgPG1heGltQEZyZWVCU0Qub3Jn
+PokCVAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBEHbknE9O/S/
+8+6RBpxef6L1SXfUBQJeGDDXBQkFqCL9AAoJEJxef6L1SXfUJ/IQALtwaB7mlBUB
+NdzqQRIZAVSnJZ2w6+Iul7Ax4gKrqWj6SvL/5jEdZm65D0kjxJIHq+dO+lJIMLzp
+rBkfZ0kkxOPQ1rw/QR31qHLAibknrwIQQVtzFvVg4iW7IZefx6WGbJJC5IbjBUBf
+HATqbXmMAcLILh9+t4q7Qvwi2b8ZIsC37cktthad7j4kvXqV5BJ4I+PoDT0CcW48
+wgTfMwhib52pLMu3Ghk56kwHBtYSHUDrA4KWRzRHxQ+RoUXLIdtmMRbp8ztwBMJZ
++J/9TLrb3YHUidS3l2nE55l9dJZycCU2EOAhJMbFKbmfW/9we/Sm+vnoALGExepl
+FgdGz2NTqPA4ha2y2rBC73TSkfM+4amIrr6kSbeofjQL/w5+fhxAvM5oXuzffPK9
+8IR31d66JUTjeueobguzh9ApeHElmihimRJk0KP+NVAMNCIZmlMuOXHPwnCajcBh
+Sh9kFGy6tPPPZYQOHSm5KvyjIJDfmkFfJ5ybazkmsGhZMzQs4ZHItC1jf0vYCqsr
+d3eVEQesy5nDlSC2lWK84R+J+qTL82ZbCc/VZMniCBCC9xIvEOU9gtIH+58vF8dq
+l/jTmGp2h1/kHlJfn0cnxKJDzn2IG16jqR7VdWQEO5hjEMaZdxhM1jPGRdkM82fB
+Wwv8BLBpgBstyQlxJ/NNO5+dCtZYWRcviF0EEBEKAB0WIQRlUGwC78JQ8bej1pTs
+8OkLLBcggwUCXhOpbwAKCRDs8OkLLBcgg/jfAKCO7DIiB2DGBfLCFftmyuZJN2A6
+ZgCfV/cclX++mLyiyYqr2BXnrQk4NVG5Ag0EXhOoWgEQAOmkirptbymUR2JP9DrP
+e7aELbUw4bcMx4/nQo1QyKxjDhUdgUui4OiqxmhMjT2IlgFvcYsMeLiYGa/EdBkd
+Yq4DtEwc++2eybFQA1z6Hrk+sxdd8neN4azUa5sqVvUwenQ7UMPclSQJaE1nVGCZ
+KKVyNsK36RJrE0JfdmE1zKZFWmTCTZ/D/hTCq+hjMpCV+VWFaz3h4S+XsZiBgLB4
++zmyHjyU6E+ecELvAHoXwMbAPiFzzms824Fc1BKHjnc8BBzfUVdIBGhxOVNHDSj3
+oxPsiBnuvSlQMlGx0YNLw/tTfw+CFOot5o/KIq9svUp8W9mdj6kKaqBLNxpjHbhQ
+yvVSK7O5uS62emMHkRwgu1tmP98d3bGlXRn+S+2MCuyqdFaK40B6vnkPnXpl5ggE
+w8JoH11ahNeJ5tX8/JpX/0aQmapt7CKwcgELJap+Qp8i/MFXef7FK/nE0lFIL95o
+l9uthd/beX6dz/EEw61lC17Opd3y0N+Dy+eJ0wbULdgKrblZ0PxsumLeICGLs7/P
+O9/3nQHJRjmFaVG10t5bL/77gvQ4l7HcuLS1GGHh+RM6EsFuuiqI+aFcDFyRITli
+g0QRq4y/C6nqhTWEyYriIi8Dq6JxXisklC1WvSIgPwq1/msmrbiKcJZFPoNtMVtO
+dzL3naM5IWOa290R541GjkEVABEBAAGJAjwEGAEKACYCGwwWIQRB25JxPTv0v/Pu
+kQacXn+i9Ul31AUCXhgw/QUJBagjIwAKCRCcXn+i9Ul31MQDEACeO6ZBLEWswuyU
+RErntoHkY6wIkpfMiERjgfqbNkrdBgXg8dT7kPsXFEtv3ZccjPbsRecJaXdmwGab
+mp9MUDYG3SiqgFNriJTv2WECzgYKrZQg38JVwfl7OHPaV2fwZvG56a4qKpIZ3wIg
+4acfEPkHQ2ygpKnEJD4IsEK225PtYq5lmNfntvDhbuTPh2vY8T9w0udGCzp4JS60
+zLeGGat+52PislEtrSa2B7zSMzGmOqDidaDbEfzdzL+IteZHWDGmYNQ8yICIv6Wj
+A80k7uhzDWJf5RMQSNybBykrlWSooaVrBWHgDky5ldAQjDtVrMkBpzglH8FQ44i+
+la9caRDfw0Lfxg52vV4eXtpSHAYx3cFREEW9xpTOwOE7Qg0JyHAkUKNb8DJgyehC
+BjSeeiMFiZX1plyYFrUAB8dVXi9Z7kqOjTpfYU6kAxDXzQhlqqgYRwoFJQcsQ1Ll
+jKptAs6glmDx8dJcjUrK/eH24GGg46eGv2wxY4+sItXfLQ2oeU4uh/vORjvgeeNp
+er4z5KLuKxwgpaobavtRZmZSZdGrdC93Si27dpSRiWYn1csoTxG0zZhUVFFW68I4
+I5PIdJwblvxayVKdg0aVW/RwDsOLH0twVxwnOPSjLPEB2IwGnlX6rN38cRnibPXM
+yh4LsaVRdhbFe9aNd/O5iNgDcQtCUg==
+=/pFc
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.11 (FreeBSD)
+
+mQENBE5E4vkBCADPkWWzk7W5cXOqeZ1ULNSj8nt5azbYjfQ8OyR2AaDW8J7oazYH
+reIHKid5uZVJxwr1uLoMloGiYTdy4XYIF2WcOfDnjNGumrAT0Nd4Kdax/pHr5Pdp
+jFsO4BkHyWk/5/zDCijyoGYLBR6I8hqn+WDuLG/sTtVuTWkUeOlfxb2eZdLyZ3oP
+5T5FXtWTpKvr2y7RGshmS6EJnjiVvvErdbNItFXghqvBBaFOJaS2PRBEO9RfKpti
+i+eS/cmlrm+Tjv44EPfQyLtAmCQ8uqfL50uIKEp6/dsC/OVJ6JlJOYl4j90DX7vB
+TJaOyUm4s+BLF2BK+Ow8+s+B6jQ5noa/o16NABEBAAG0IFNlcmdleSBCdWRuZXZp
+dGNoIDxzYkBuZ2lueC5jb20+iQE+BBMBAgAoBQJOROQ6AhsDBQkJZgGABgsJCAcD
+AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCmT9Wxets5qEQgB/43Mxmiy7DjXEbxIYkC
+9xPC4kf1X+bHkJ9BtAgaYDQewjtQ7vS98TKJBibm3l4egmBjFWjCpL8845n966+u
+XDqrDWJtOPUXvSEQNXGlijDGSxxpdK2dxDOKIOC8nIlZq/Xz/Uqjb2ZrszmYK2LD
+IHI1mN9HdI6aTt41QbtG0nkaPPgv3MEvxSMVCzVddroyPXvf/ErT4OSYU+dqJhH+
+SBIezuF0suzH/siCksbSBZHIst5rggpjsZvijP5YFH/hpEsR+tKXo9EFk49xn9Ou
+WdmpOEs7CKDbTApkh9XN/Pk5nJQ/HIDuW8pkgzf2wxNWlMSYw6xnozDkeIqpJcDD
+4niqiEYEEBECAAYFAk5OYocACgkQ7PDpCywXIIMKtQCfaAl2rvbEImu6MnDR32KG
+HTDH2TEAoNeWrSlavyFzbSQka53E9Gs6gF63tCBTZXJnZXkgQnVkbmV2aXRjaCA8
+c2JAd2FlbWUubmV0PokBQQQTAQIAKwIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYC
+AwECHgECF4AFAk5OR38CGQEACgkQpk/VsXrbOagPmAf/QmIEDkkiovc1MgQ81lh4
+eeHfvtptb+U4GVCu07DQUR9kEtN6Jqi65gKb95fEztI14PpX+euiWrc/RlnsxWc0
+jYF0UmyacWLN6oHPoxlCK5+7zyoz5UTNrYGkTfWfcNtTU509CEZRClBNjMZOTZjP
+QhdR+Ce6tngRcQvMGNaLjJkKuY7vPh6FjT5oqxpnEIRTsWq6bUaeCXm7j9x0as1Z
+w1E5D5it3Ug3VlAe58jFJmRgatOsWznKuNoLRjQ2Chp2ce+dLgXriuJMrvEsn5S4
+dImUGL5DVYWDVZNG+r85XnOhMfKG308pZby1uzFvD+j3P6yMj1tpaCAAi5lUkHh6
+bIhGBBARAgAGBQJOTmJ/AAoJEOzw6QssFyCDH50AoMyJPvPDTYXK5KHOlPYPZQ5M
+OuCAAJ9zQ/3hKedm3xCLGl4Y6hjxJNlUTbkBDQROROL5AQgAuGIfx9aVOOXVdj8b
+XvjBQt+UkBURYGACHFQ69w71Aupsg9pZ7FgwgVKxnoNlmRag8sInjQbs3M/lS0sB
+dg75zZ7Ph7aPev8RAqdtX5+xxvujv1cmkFBExFuC5Wp/Yfzk/lPWZR4vXZrTpRiF
+PLMlRu0CEJFqoqPPygGFar02Q7rO+da35pxAuYrOWGM7MNr8H/vk13+GiqniBQCa
+uSoWwZQzaEdG5VGgm/vAwPzO+Cbam3r+Hs7OieykAy8fv+B+qhHn8Vc/520iGvdO
+IAKpxl6oZrkbNL/wozOOLZni7iWl30C43ujxPiGRlg/YotHmhlnMic85QKyakXCS
+WXI/JQARAQABiQElBBgBAgAPBQJOROL5AhsMBQkJZgGAAAoJEKZP1bF62zmoGCwH
+/2a6zlu4Jwmv21vuroaAzECV8gp1luBeagn23EgMMukYhkbwLtL/0twAHmZlkpzl
+atfq/EH2PgOasl2biJixqp7o9V7Uw6PS5JoY+1IrLEurG+FU2TN/Ysp12al4Z0Hh
+p4yBRSEikISO9gkeUThixDPX1PjCpx8G/ZYqk+8jRCcDgWsUc/WV3VGPht68oDd7
+56/hfQYc/V3eJmm5WYLVGV7Q69tGtp6D09SpoeqCD2K77auEBRVJ4jaT4B2/EfSb
+x6y7Dy4Oxm8TBOQ2EZw2vEixKxtEt86/oBtLUkqVockPq/Ek9AL+KzT6VR1xU+Cm
+CoHAyoqJeb/xLBwuKWg0/4U=
+=iFlP
+-----END PGP PUBLIC KEY BLOCK-----"
+	echo "$keys"
+}
+
+# Variables
+NTASK=$(nproc)
+
 # Check if we are root
 if [ $(id -u) -ne 0 ] ; then
 	echo "[!] Run me as root"
@@ -65,15 +296,61 @@ if [ "$OS" = "" ] ; then
 	exit 1
 fi
 
-# Remove /tmp/bunkerized-nginx
+# Create /tmp/bunkerized-nginx
+echo "[*] Prepare /tmp/bunkerized-nginx"
 if [ -e "/tmp/bunkerized-nginx" ] ; then
 	do_and_check_cmd rm -rf /tmp/bunkerized-nginx
 fi
+do_and_check_cmd mkdir /tmp/bunkerized-nginx
 
-# Check /opt/bunkerized-nginx
-if [ ! -d "/opt/bunkerized-nginx" ] ; then
-	echo "[!] Missing /opt/bunkerized-nginx directory, did you run the dependencies script ?"
-	exit 1
+# Create /opt/bunkerized-nginx
+echo "[*] Prepare /opt/bunkerized-nginx"
+if [ -e "/opt/bunkerized-nginx" ] ; then
+	do_and_check_cmd rm -rf /opt/bunkerized-nginx
+fi
+do_and_check_cmd mkdir /opt/bunkerized-nginx
+
+# Check nginx version
+NGINX_VERSION="$(nginx -V 2>&1 | sed -rn 's~^nginx version: nginx/(.*)$~\1~p')"
+# Add nginx official repo and install
+if [ "$NGINX_VERSION" = "" ] ; then
+	get_sign_repo_key > /tmp/bunkerized-nginx/nginx_signing.key
+	if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
+		echo "[*] Add nginx official repository"
+		do_and_check_cmd cp /tmp/bunkerized-nginx/nginx_signing.key /etc/apt/trusted.gpg.d/nginx_signing.asc
+		do_and_check_cmd apt update
+		DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y gnupg2 ca-certificates lsb-release software-properties-common
+		do_and_check_cmd add-apt-repository "deb http://nginx.org/packages/${OS} $(lsb_release -cs) nginx"
+		do_and_check_cmd apt update
+		echo "[*] Install nginx"
+		DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y nginx
+	elif [ "$OS" = "centos" ] ; then
+		echo "[*] Add nginx official repository"
+		do_and_check_cmd yum install -y yum-utils
+		cp /tmp/bunkerized-nginx/nginx_signing.key /etc/pki/rpm-gpg/RPM-GPG-KEY-nginx
+		do_and_check_cmd rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-nginx
+		repo="[nginx-stable]
+name=nginx stable repo
+baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-nginx
+enabled=1
+module_hotfixes=true"
+		echo "$repo" > /etc/yum.repos.d/nginx.repo
+		echo "[*] Install nginx"
+		do_and_check_cmd yum install -y nginx
+	elif [ "$OS" = "alpine" ] ; then
+		echo "[*] Add nginx official repository"
+		get_sign_repo_key_rsa > /etc/apk/keys/nginx_signing.rsa.pub
+		echo "@nginx http://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories
+		echo "[*] Install nginx"
+		do_and_check_cmd apk add nginx@nginx
+	fi
+	NGINX_VERSION="$(nginx -V 2>&1 | sed -rn 's~^nginx version: nginx/(.*)$~\1~p')"
+fi
+echo "[*] Detected nginx version ${NGINX_VERSION}"
+if [ "$NGINX_VERSION" != "1.20.1" ] ; then
+	echo "/!\\ Warning : we recommend you to use nginx v1.20.1, you should uninstall your nginx version and run this script again ! /!\\"
 fi
 
 # Install dependencies
@@ -81,7 +358,236 @@ echo "[*] Update packet list"
 if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
 	do_and_check_cmd apt update
 fi
-echo "[*] Install dependencies"
+echo "[*] Install compilation dependencies"
+if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
+	DEBIAN_DEPS="git autoconf pkg-config libpcre++-dev automake libtool g++ make liblua5.1-0-dev libgd-dev lua5.1 libssl-dev wget libbrotli-dev gnupg"
+	DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y $DEBIAN_DEPS
+	do_and_check_cmd cp -r /usr/include/lua5.1/* /usr/include
+elif [ "$OS" = "centos" ] ; then
+	do_and_check_cmd yum install -y epel-release
+	CENTOS_DEPS="git autoconf pkg-config pcre-devel automake libtool gcc-c++ make lua-devel gd-devel lua openssl-devel wget brotli-devel gnupg"
+	do_and_check_cmd yum install -y $CENTOS_DEPS
+elif [ "$OS" = "alpine" ] ; then
+	ALPINE_DEPS="git build autoconf libtool automake git geoip-dev yajl-dev g++ gcc curl-dev libxml2-dev pcre-dev make linux-headers musl-dev lua-dev gd-dev gnupg brotli-dev openssl-dev"
+	do_and_check_cmd apk add --no-cache --virtual build $ALPINE_DEPS
+fi
+
+# Download, compile and install libmaxminddb
+echo "[*] Download maxmind/libmaxminddb"
+secure_download "https://github.com/maxmind/libmaxminddb/releases/download/1.6.0/libmaxminddb-1.6.0.tar.gz" "libmaxminddb-1.6.0.tar.gz" "9394e8dd959982d4ef5d15a928d32700722ed9d6c9988d9cc1bf2f4e67de0a53cc6987e90aaef3a6926c9ff36ac378f7a1fe47818fda4f5a3a22539210b2d004"
+CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xzf libmaxminddb-1.6.0.tar.gz
+echo "[*] Compile and install libmaxminddb"
+CHANGE_DIR="/tmp/bunkerized-nginx/libmaxminddb-1.6.0" do_and_check_cmd ./configure
+CHANGE_DIR="/tmp/bunkerized-nginx/libmaxminddb-1.6.0" do_and_check_cmd make -j $NTASK
+CHANGE_DIR="/tmp/bunkerized-nginx/libmaxminddb-1.6.0" do_and_check_cmd make install
+if [ "$OS" = "centos" ] ; then
+	do_and_check_cmd cp -P /usr/local/lib/libmaxminddb* /lib64/
+fi
+
+# Download, compile and install ModSecurity
+echo "[*] Clone SpiderLabs/ModSecurity"
+git_secure_clone https://github.com/SpiderLabs/ModSecurity.git bf881a4eda343d37629e39ede5e28b70dc4067c0
+echo "[*] Compile and install ModSecurity"
+# temp fix : Debian run it twice
+cd /tmp/bunkerized-nginx/ModSecurity && ./build.sh > /dev/null 2>&1
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd sh build.sh
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd git submodule init
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd git submodule update
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout bindings/python 47a6925df187f96e4593afab18dc92d5f22bd4d5
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout others/libinjection bf234eb2f385b969c4f803b35fda53cffdd93922
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" git_secure_checkout test/test-cases/secrules-language-tests d03f4c1e930440df46c1faa37d820a919704d9da
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd ./configure --disable-doxygen-doc --disable-dependency-tracking --disable-examples
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd make -j $NTASK
+CHANGE_DIR="/tmp/bunkerized-nginx/ModSecurity" do_and_check_cmd make install-strip
+
+# Download and install OWASP Core Rule Set
+echo "[*] Clone coreruleset/coreruleset"
+git_secure_clone https://github.com/coreruleset/coreruleset.git 18703f1bc47e9c4ec4096853d5fb4e2a204a07a2
+echo "[*] Install coreruleset"
+do_and_check_cmd mkdir /opt/bunkerized-nginx/crs
+do_and_check_cmd cp -r /tmp/bunkerized-nginx/coreruleset/rules/* /opt/bunkerized-nginx/crs
+do_and_check_cmd cp /tmp/bunkerized-nginx/coreruleset/crs-setup.conf.example /opt/bunkerized-nginx/crs-setup.conf
+
+# Download ModSecurity-nginx module
+echo "[*] Clone SpiderLabs/ModSecurity-nginx"
+git_secure_clone https://github.com/SpiderLabs/ModSecurity-nginx.git 2497e6ac654d0b117b9534aa735b757c6b11c84f
+
+# Download headers more module
+echo "[*] Clone openresty/headers-more-nginx-module"
+git_secure_clone https://github.com/openresty/headers-more-nginx-module.git f85af9649b858e21b400a2150a4c7b8ebd36e921
+
+# Download GeoIP moduke
+echo "[*] Clone leev/ngx_http_geoip2_module"
+git_secure_clone https://github.com/leev/ngx_http_geoip2_module.git 1cabd8a1f68ea3998f94e9f3504431970f848fbf
+
+# Download cookie flag module
+echo "[*] Clone AirisX/nginx_cookie_flag_module"
+git_secure_clone https://github.com/AirisX/nginx_cookie_flag_module.git c4ff449318474fbbb4ba5f40cb67ccd54dc595d4
+
+# Download brotli module
+echo "[*] Clone google/ngx_brotli"
+git_secure_clone https://github.com/google/ngx_brotli.git 9aec15e2aa6feea2113119ba06460af70ab3ea62
+
+# Download lua-nginx module
+git_secure_clone https://github.com/openresty/lua-nginx-module.git 9007d673e28938f5dfa7720438991e22b794d225
+
+# Download, compile and install luajit2
+echo "[*] Clone openresty/luajit2"
+git_secure_clone https://github.com/openresty/luajit2.git 5ff674c5d9b75d6018994dfac3ce38aab3b8db12
+echo "[*] Compile luajit2"
+CHANGE_DIR="/tmp/bunkerized-nginx/luajit2" do_and_check_cmd make -j $NTASK
+echo "[*] Install luajit2"
+CHANGE_DIR="/tmp/bunkerized-nginx/luajit2" do_and_check_cmd make install
+if [ "$OS" = "centos" ] ; then
+	do_and_check_cmd cp -P /usr/local/lib/libluajit* /lib64/
+fi
+
+# Download and install lua-resty-core
+echo "[*] Clone openresty/lua-resty-core"
+git_secure_clone https://github.com/openresty/lua-resty-core.git 12f26310a35e45c37157420f7e1f395a0e36e457
+echo "[*] Install lua-resty-core"
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-core" do_and_check_cmd make install
+
+# Download and install lua-resty-lrucache
+echo "[*] Clone openresty/lua-resty-lrucache"
+git_secure_clone https://github.com/openresty/lua-resty-lrucache.git f20bb8ac9489ba87d90d78f929552c2eab153caa
+echo "[*] Install lua-resty-lrucache"
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-lrucache" do_and_check_cmd make install
+
+# Download and install lua-resty-dns
+echo "[*] Clone openresty/lua-resty-dns"
+git_secure_clone https://github.com/openresty/lua-resty-dns.git 869d2fbb009b6ada93a5a10cb93acd1cc12bd53f
+echo "[*] Install lua-resty-dns"
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-dns" do_and_check_cmd make install
+
+# Download and install lua-resty-session
+echo "[*] Clone bungle/lua-resty-session"
+git_secure_clone https://github.com/bungle/lua-resty-session.git 2cd1f8484fdd429505ac33abf7a44adda1f367bf
+echo "[*] Install lua-resty-session"
+do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-resty-session/lib/resty/* /usr/local/lib/lua/resty
+
+# Download and install lua-resty-random
+echo "[*] Clone bungle/lua-resty-random"
+git_secure_clone https://github.com/bungle/lua-resty-random.git 17b604f7f7dd217557ca548fc1a9a0d373386480
+echo "[*] Install lua-resty-random"
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-random" do_and_check_cmd make install
+
+# Download and install lua-resty-string
+echo "[*] Clone openresty/lua-resty-string"
+git_secure_clone https://github.com/openresty/lua-resty-string.git 3624678ca1c7c32e2fb16c18b7511863e074d542
+echo "[*] Install lua-resty-string"
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-string" do_and_check_cmd make install
+
+# Download, compile and install lua-cjson
+echo "[*] Clone openresty/lua-cjson"
+git_secure_clone https://github.com/openresty/lua-cjson.git 0df488874f52a881d14b5876babaa780bb6200ee
+echo "[*] Compile lua-cjson"
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make -j $NTASK
+echo "[*] Install lua-cjson"
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make install
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-cjson" do_and_check_cmd make install-extra
+
+# Download, compile and install lua-gd
+echo "[*] Clone ittner/lua-gd"
+git_secure_clone https://github.com/ittner/lua-gd.git 2ce8e478a8591afd71e607506bc8c64b161bbd30
+echo "[*] Compile lua-gd"
+if [ "$OS" = "centos" ] ; then
+	CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make LUAPKG=lua LUABIN=lua -j $NTASK
+else
+	CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make -j $NTASK
+fi
+echo "[*] Install lua-gd"
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-gd" do_and_check_cmd make INSTALL_PATH=/usr/local/lib/lua/5.1 install
+
+# Download and install lua-resty-http
+echo "[*] Clone ledgetech/lua-resty-http"
+git_secure_clone https://github.com/ledgetech/lua-resty-http.git 9bf951dfe162dd9710a0e1f4525738d4902e9d20
+echo "[*] Install lua-resty-http"
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-http" do_and_check_cmd make install
+
+# Download and install lualogging
+echo "[*] Clone Neopallium/lualogging"
+git_secure_clone https://github.com/lunarmodules/lualogging.git 5973188a1f8fc31abd98aceed2a4853986d779e9
+echo "[*] Install lualogging"
+do_and_check_cmd cp -r /tmp/bunkerized-nginx/lualogging/src/* /usr/local/lib/lua
+
+# Download, compile and install luasocket
+echo "[*] Clone diegonehab/luasocket"
+git_secure_clone https://github.com/diegonehab/luasocket.git 5b18e475f38fcf28429b1cc4b17baee3b9793a62
+echo "[*] Compile luasocket"
+CHANGE_DIR="/tmp/bunkerized-nginx/luasocket" do_and_check_cmd make -j $NTASK
+echo "[*] Install luasocket"
+CHANGE_DIR="/tmp/bunkerized-nginx/luasocket" do_and_check_cmd make CDIR_linux=lib/lua/5.1 LDIR_linux=lib/lua install
+
+# Download, compile and install luasec
+echo "[*] Clone brunoos/luasec"
+git_secure_clone https://github.com/brunoos/luasec.git d5df31561751ec0d4098dfc09c92ece215a56a5a
+echo "[*] Compile luasec"
+CHANGE_DIR="/tmp/bunkerized-nginx/luasec" do_and_check_cmd make linux -j $NTASK
+echo "[*] Install luasec"
+CHANGE_DIR="/tmp/bunkerized-nginx/luasec" do_and_check_cmd make LUACPATH=/usr/local/lib/lua/5.1 LUAPATH=/usr/local/lib/lua install
+
+# Download and install lua-cs-bouncer
+echo "[*] Clone crowdsecurity/lua-cs-bouncer"
+git_secure_clone https://github.com/crowdsecurity/lua-cs-bouncer.git 3c235c813fc453dcf51a391bc9e9a36ca77958b0
+echo "[*] Install lua-cs-bouncer"
+if [ ! -d /usr/local/lib/lua/crowdsec ] ; then
+	do_and_check_cmd mkdir /usr/local/lib/lua/crowdsec
+fi
+do_and_check_cmd cp -r /tmp/bunkerized-nginx/lua-cs-bouncer/lib/* /usr/local/lib/lua/crowdsec
+do_and_check_cmd sed -i 's/require "lrucache"/require "resty.lrucache"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
+do_and_check_cmd sed -i 's/require "config"/require "crowdsec.config"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
+
+# Download and install lua-resty-iputils
+echo "[*] Clone hamishforbes/lua-resty-iputils"
+git_secure_clone https://github.com/hamishforbes/lua-resty-iputils.git 3151d6485e830421266eee5c0f386c32c835dba4
+echo "[*] Install lua-resty-iputils"
+CHANGE_DIR="/tmp/bunkerized-nginx/lua-resty-iputils" do_and_check_cmd make LUA_LIB_DIR=/usr/local/lib/lua install
+
+# Download nginx and decompress sources
+echo "[*] Download nginx-${NGINX_VERSION}.tar.gz"
+do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz"
+do_and_check_cmd wget -O "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz.asc" "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz.asc"
+get_sign_source_keys > /tmp/bunkerized-nginx/nginx.key
+do_and_check_cmd gpg --import /tmp/bunkerized-nginx/nginx.key
+check=$(gpg --verify /tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz.asc /tmp/bunkerized-nginx/nginx-${NGINX_VERSION}.tar.gz 2>&1 | grep "^gpg: Good signature from ")
+if [ "$check" = "" ] ; then
+	echo "[!] Wrong signature from nginx source !!!"
+	cleanup
+	exit 1
+fi
+CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xvzf nginx-${NGINX_VERSION}.tar.gz
+
+# Compile dynamic modules
+echo "[*] Compile dynamic modules"
+CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
+CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
+echo "\#/bin/sh" > "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
+echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli" >> "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
+do_and_check_cmd chmod +x "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
+CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure-fix.sh
+CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules
+if [ ! -d "/usr/lib/nginx/modules" ] ; then
+	do_and_check_cmd mkdir -p /usr/lib/nginx/modules
+fi
+do_and_check_cmd chown -R root:root /usr/lib/nginx
+do_and_check_cmd chmod -R 755 /usr/lib/nginx
+CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib/nginx/modules
+do_and_check_cmd chmod 744 /usr/lib/nginx/modules/*
+
+# Remove alpine build dependencies
+if [ "$OS" = "alpine" ] ; then
+	apk del build > /dev/null 2>&1
+fi
+cleanup
+echo "[*] Dependencies for bunkerized-nginx successfully installed !"
+
+# Install dependencies
+echo "[*] Update packet list"
+if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
+	do_and_check_cmd apt update
+fi
+echo "[*] Install runtime dependencies"
 if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
 	DEBIAN_DEPS="git cron curl python3 python3-pip procps"
 	DEBIAN_FRONTEND=noninteractive do_and_check_cmd apt install -y $DEBIAN_DEPS
@@ -89,10 +595,10 @@ elif [ "$OS" = "centos" ] ; then
 	do_and_check_cmd yum install -y epel-release
 	CENTOS_DEPS="git crontabs curl python3 python3-pip procps"
 	do_and_check_cmd yum install -y $CENTOS_DEPS
+elif [ "$OS" = "alpine" ] ; then
+	ALPINE_DEPS="certbot bash libmaxminddb libgcc lua yajl libstdc++ openssl py3-pip"
+	do_and_check_cmd apk add --no-cache $ALPINE_DEPS
 fi
-do_and_check_cmd pip3 install --upgrade pip
-do_and_check_cmd pip3 install jinja2 certbot docker requests flask gunicorn
-do_and_check_cmd pip3 install cryptography --upgrade
 
 # Clone the repo
 echo "[*] Clone bunkerity/bunkerized-nginx"
@@ -101,6 +607,15 @@ echo "[*] Clone bunkerity/bunkerized-nginx"
 CHANGE_DIR="/tmp" do_and_check_cmd git clone https://github.com/bunkerity/bunkerized-nginx.git
 CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd git checkout dev
 
+# Install Python dependencies
+echo "[*] Install python dependencies"
+do_and_check_cmd pip3 install --upgrade pip
+do_and_check_cmd pip3 install -r /tmp/bunkerized-nginx/gen/requirements.txt
+if [ "$OS" != "alpine" ] ; then
+	do_and_check_cmd pip3 install -r /tmp/bunkerized-nginx/ui/requirements.txt
+fi
+do_and_check_cmd pip3 install cryptography --upgrade
+
 # Copy generator
 echo "[*] Copy generator"
 do_and_check_cmd cp -r /tmp/bunkerized-nginx/gen /opt/bunkerized-nginx
@@ -134,9 +649,11 @@ echo "[*] Copy settings"
 do_and_check_cmd cp /tmp/bunkerized-nginx/settings.json /opt/bunkerized-nginx
 
 # Copy UI
-echo "[*] Copy UI"
-do_and_check_cmd cp -r /tmp/bunkerized-nginx/ui /opt/bunkerized-nginx
-do_and_check_cmd cp /tmp/bunkerized-nginx/ui/bunkerized-nginx-ui.service /etc/systemd/system
+if [ "$OS" != "alpine" ] ; then
+	echo "[*] Copy UI"
+	do_and_check_cmd cp -r /tmp/bunkerized-nginx/ui /opt/bunkerized-nginx
+	do_and_check_cmd cp /tmp/bunkerized-nginx/ui/bunkerized-nginx-ui.service /etc/systemd/system
+fi
 
 # Copy bunkerized-nginx
 echo "[*] Copy bunkerized-nginx"
@@ -222,8 +739,10 @@ do_and_check_cmd chown -R nginx:nginx /etc/nginx
 do_and_check_cmd find /etc/nginx -type f -exec chmod 0774 {} \;
 do_and_check_cmd find /etc/nginx -type d -exec chmod 0775 {} \;
 # Set permissions for /etc/systemd/system/bunkerized-nginx-ui.service
-do_and_check_cmd chown root:root /etc/systemd/system/bunkerized-nginx-ui.service
-do_and_check_cmd chmod 744 /etc/systemd/system/bunkerized-nginx-ui.service
+if [ "$OS" != "alpine" ] ; then
+	do_and_check_cmd chown root:root /etc/systemd/system/bunkerized-nginx-ui.service
+	do_and_check_cmd chmod 744 /etc/systemd/system/bunkerized-nginx-ui.service
+fi
 
 # Prepare log files and folders
 echo "[*] Prepare log files and folders"
@@ -269,10 +788,15 @@ do_and_check_cmd chmod 770 /var/lib/letsencrypt
 # Install cron
 echo "[*] Add jobs to crontab"
 if [ "$OS" = "debian" ] || [ "$OS" = "ubuntu" ] ; then
-	do_and_check_cmd cp /tmp/bunkerized-nginx/misc/cron /var/spool/cron/crontabs/nginx
+	CRON_PATH="/var/spool/cron/crontabs/nginx"
 elif [ "$OS" = "centos" ] ; then
-	do_and_check_cmd cp /tmp/bunkerized-nginx/misc/cron /var/spool/cron/nginx
+	CRON_PATH="/var/spool/cron/nginx"
+elif [ "$OS" = "alpine" ] ; then
+	CRON_PATH="/etc/crontabs/nginx"
 fi
+do_and_check_cmd cp /tmp/bunkerized-nginx/misc/cron "$CRON_PATH"
+do_and_check_cmd chown root:nginx "$CRON_PATH"
+do_and_check_cmd chmod 740 "$CRON_PATH"
 
 # Download abusers list
 echo "[*] Download abusers list"
@@ -295,10 +819,10 @@ echo "[*] Download user agents list"
 do_and_check_cmd /opt/bunkerized-nginx/scripts/user-agents.sh
 
 # Download geoip database
-echo "[*] Download proxies list"
+echo "[*] Download geoip DB"
 do_and_check_cmd /opt/bunkerized-nginx/scripts/geoip.sh
 
 # We're done
 echo "[*] Remove temp files"
 do_and_check_cmd rm -rf /tmp/bunkerized-nginx
-echo "[*] bunkerized-nginx successfully installed !"
\ No newline at end of file
+echo "[*] bunkerized-nginx successfully installed !"
diff --git a/prepare.sh b/prepare.sh
deleted file mode 100644
index f2dac38..0000000
--- a/prepare.sh
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/sh
-
-# prepare /www
-mkdir /www
-chown -R root:nginx /www
-chmod -R 770 /www
-
-# prepare /opt
-chown -R root:nginx /opt
-find /opt -type f -exec chmod 0740 {} \;
-find /opt -type d -exec chmod 0750 {} \;
-chmod ugo+x /opt/bunkerized-nginx/entrypoint/* /opt/bunkerized-nginx/scripts/*
-chmod ugo+x /opt/bunkerized-nginx/gen/main.py
-chmod 770 /opt/bunkerized-nginx
-chmod 440 /opt/bunkerized-nginx/settings.json
-
-# prepare /etc/nginx
-chown -R root:nginx /etc/nginx
-chmod -R 770 /etc/nginx
-
-# prepare /var/log
-rm -f /var/log/nginx/*
-chown root:nginx /var/log/nginx
-chmod -R 770 /var/log/nginx
-ln -s /proc/1/fd/2 /var/log/nginx/error.log
-ln -s /proc/1/fd/2 /var/log/nginx/modsec_audit.log
-ln -s /proc/1/fd/1 /var/log/nginx/access.log
-ln -s /proc/1/fd/1 /var/log/nginx/jobs.log
-mkdir /var/log/letsencrypt
-chown nginx:nginx /var/log/letsencrypt
-chmod 770 /var/log/letsencrypt
-
-# prepare /acme-challenge
-mkdir /acme-challenge
-chown root:nginx /acme-challenge
-chmod 770 /acme-challenge
-
-# prepare /etc/letsencrypt
-mkdir /etc/letsencrypt
-chown root:nginx /etc/letsencrypt
-chmod 770 /etc/letsencrypt
-
-# prepare /var/lib/letsencrypt
-mkdir /var/lib/letsencrypt
-chown root:nginx /var/lib/letsencrypt
-chmod 770 /var/lib/letsencrypt
-
-# prepare /usr/local/lib/lua
-chown -R root:nginx /usr/local/lib/lua
-chmod 770 /usr/local/lib/lua
-find /usr/local/lib/lua -type f -name "*.lua" -exec chmod 0760 {} \;
-find /usr/local/lib/lua -type d -exec chmod 0770 {} \;
-
-# prepare /cache
-mkdir /cache
-chown root:nginx /cache
-chmod 770 /cache
-
-# prepare /etc/crontabs/nginx
-chown root:nginx /etc/crontabs/nginx
-chmod 440 /etc/crontabs/nginx
-
-# prepare /plugins
-mkdir /plugins
-chown root:nginx /plugins
-chmod 770 /plugins
-
-# prepare symlinks
-ln -s /www /opt/bunkerized-nginx/www
-ln -s /http-confs /opt/bunkerized-nginx/http-confs
-ln -s /server-confs /opt/bunkerized-nginx/server-confs
-ln -s /modsec-confs /opt/bunkerized-nginx/modsec-confs
-ln -s /modsec-crs-confs /opt/bunkerized-nginx/modsec-crs-confs
-ln -s /cache /opt/bunkerized-nginx/cache
-ln -s /pre-server-confs /opt/bunkerized-nginx/pre-server-confs
-ln -s /acme-challenge /opt/bunkerized-nginx/acme-challenge
-ln -s /plugins /opt/bunkerized-nginx/plugins
diff --git a/tests/linux.sh b/tests/linux.sh
index 5d64761..cc9d5a1 100755
--- a/tests/linux.sh
+++ b/tests/linux.sh
@@ -14,22 +14,6 @@ if [ $? -ne 0 ] ; then
 	exit 1
 fi
 
-echo "[*] Copy dependencies.sh"
-docker cp helpers/dependencies.sh "$id:/tmp"
-if [ $? -ne 0 ] ; then
-	echo "[!] docker cp failed"
-	cleanup "$id"
-	exit 2
-fi
-
-echo "[*] Exec dependencies.sh"
-docker exec "$id" /bin/bash -c 'chmod +x /tmp/dependencies.sh && /tmp/dependencies.sh'
-if [ $? -ne 0 ] ; then
-	echo "[!] docker exec failed"
-	cleanup "$id"
-	exit 3
-fi
-
 echo "[*] Copy install.sh"
 docker cp helpers/install.sh "$id:/tmp"
 if [ $? -ne 0 ] ; then