How to Install and Configure NAXSI Nginx GeoIP on Centos 7

How to Install and Configure NAXSI Nginx GeoIP on Centos 7 - Hello everyone, again I made an article about installation, this time I will share a story from my experience when installing Nginx, which is installed with Naxsi for the firewall and added with the geoip module.

How to Install and Configure NAXSI Nginx GeoIP on Centos 7

Preparation

Before installing, make sure that your OS has the required dependencies installed, you can install everything below.

# yum install gcc gcc-c++ cmake ncurses ncurses-devel libxml2 libxml2-devel zlib zlib-devel gd gd-devel openssl openssl-devel curl curl-devel libtool pcre pcre-devel wget unzip -y

If you fail to install, make sure you have configured the local repository first. After the dependencies are installed, let's create a folder to store the files that will be downloaded so that they are tidier. 

# mkdir -p /home/master
# cd /home/master

Download this file in the way below.

# wget http://nginx.org/download/nginx-1.15.2.tar.gz
# wget https://github.com/nbs-system/naxsi/archive/master.zip

Extract all files that have been downloaded earlier.

# tar -xzvf nginx-1.15.2.tar.gz
# unzip master.zip

For installation needs you also have to create these two folders.

# mkdir -p /usr/local/nginx/fastcgi
# mkdir -p /usr/local/nginx/body

Installing

# cd /home/master/nginx-1.15.2

# ./configure --conf-path=/usr/local/nginx/conf/nginx.conf \
--add-module=../naxsi-master/naxsi_src/ \
--error-log-path=/var/log/nginx/error.log \
--http-client-body-temp-path=/usr/local/nginx/body \
--http-fastcgi-temp-path=/usr/local/nginx/fastcgi \
--http-uwsgi-temp-path=/usr/local/nginx/uwsgi \
--http-scgi-temp-path=/usr/local/nginx/scgi \
--http-log-path=/var/log/nginx/access.log \
--http-proxy-temp-path=/usr/local/nginx/proxy \
--lock-path=/var/run/nginx.lock \
--pid-path=/var/run/nginx.pid \
--with-http_ssl_module \
--with-http_ssl_module \
--with-http_addition_module \
--with-http_realip_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_geoip_module \
--without-mail_pop3_module \
--without-mail_smtp_module \
--without-mail_imap_module \
--without-http_uwsgi_module \
--without-http_scgi_module \'
--without-http_ssi_module \
--sbin-path=/usr/sbin/nginx \
--prefix=/usr/local/nginx

# make
# make install

After it is installed you have to create a user nginx to run the service, because in the previous step I did not enter it directly so I needed to manually create that user.

# adduser --system --no-create-home --user-group -s /sbin/nologin nginx

We continue to copy the rules from nginx-naxsi that we downloaded earlier.

# cd /home/master/naxsi-master/naxsi_config
# mkdir -p /usr/local/nginx/conf/rules/
# cp naxsi_core.rules /usr/local/nginx/conf/rules

We are also required to install the geoip.

# yum install GeoIP-data.noarch -y 

Configure

Call the rules that we copied earlier into nginx.conf

# vi /usr/local/nginx/conf/nginx.conf

http {
 …
 include /usr/local/nginx/conf/rules/naxsi_core.rules;
 …
}

After everything is done let's make this service run with the systemctl command.

# vi /lib/systemd/system/nginx.service

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target

# systemctl daemon-reload
# nginx-t
# systemctl restart nginx

Trying

nginx-naxsi