How to Install and Configure NAXSI Nginx GeoIP on Centos 7
How to Install and Configure NAXSI Nginx GeoIP on Centos 7 - Hello everyone, again I made an article about installation, this time I will share a story from my experience when installing Nginx, which is installed with Naxsi for the firewall and added with the geoip module.
![]() |
How to Install and Configure NAXSI Nginx GeoIP on Centos 7 |
Preparation
Before installing, make sure that your OS has the required dependencies installed, you can install everything below.
# yum install gcc gcc-c++ cmake ncurses ncurses-devel libxml2 libxml2-devel zlib zlib-devel gd gd-devel openssl openssl-devel curl curl-devel libtool pcre pcre-devel wget unzip -y
If you fail to install, make sure you have configured the local repository first. After the dependencies are installed, let's create a folder to store the files that will be downloaded so that they are tidier.
# mkdir -p /home/master # cd /home/master
Download this file in the way below.
# wget http://nginx.org/download/nginx-1.15.2.tar.gz # wget https://github.com/nbs-system/naxsi/archive/master.zip
Extract all files that have been downloaded earlier.
# tar -xzvf nginx-1.15.2.tar.gz # unzip master.zip
For installation needs you also have to create these two folders.
# mkdir -p /usr/local/nginx/fastcgi # mkdir -p /usr/local/nginx/body
Installing
# cd /home/master/nginx-1.15.2
# ./configure --conf-path=/usr/local/nginx/conf/nginx.conf \ --add-module=../naxsi-master/naxsi_src/ \ --error-log-path=/var/log/nginx/error.log \ --http-client-body-temp-path=/usr/local/nginx/body \ --http-fastcgi-temp-path=/usr/local/nginx/fastcgi \ --http-uwsgi-temp-path=/usr/local/nginx/uwsgi \ --http-scgi-temp-path=/usr/local/nginx/scgi \ --http-log-path=/var/log/nginx/access.log \ --http-proxy-temp-path=/usr/local/nginx/proxy \ --lock-path=/var/run/nginx.lock \ --pid-path=/var/run/nginx.pid \ --with-http_ssl_module \ --with-http_ssl_module \ --with-http_addition_module \ --with-http_realip_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_geoip_module \ --without-mail_pop3_module \ --without-mail_smtp_module \ --without-mail_imap_module \ --without-http_uwsgi_module \ --without-http_scgi_module \' --without-http_ssi_module \ --sbin-path=/usr/sbin/nginx \ --prefix=/usr/local/nginx
# make # make install
After it is installed you have to create a user nginx to run the service, because in the previous step I did not enter it directly so I needed to manually create that user.
# adduser --system --no-create-home --user-group -s /sbin/nologin nginx
We continue to copy the rules from nginx-naxsi that we downloaded earlier.
# cd /home/master/naxsi-master/naxsi_config # mkdir -p /usr/local/nginx/conf/rules/ # cp naxsi_core.rules /usr/local/nginx/conf/rules
We are also required to install the geoip.
# yum install GeoIP-data.noarch -y
Configure
Call the rules that we copied earlier into nginx.conf
# vi /usr/local/nginx/conf/nginx.conf
http {
…
include /usr/local/nginx/conf/rules/naxsi_core.rules;
…
}
After everything is done let's make this service run with the systemctl command.
# vi /lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
# systemctl daemon-reload # nginx-t # systemctl restart nginx
Post a Comment for "How to Install and Configure NAXSI Nginx GeoIP on Centos 7"
Post a Comment