Skip to content Skip to sidebar Skip to footer

How to Install and Configure NAXSI Nginx GeoIP on Centos 7

Hello everyone, again I made an article about installation, this time I will share a story from my experience when installing Nginx, which is installed with Naxsi for the firewall and added with the geoip module.

How to Install and Configure NAXSI Nginx GeoIP on Centos 7
How to Install and Configure NAXSI Nginx GeoIP on Centos 7


Before installing, make sure that your OS has the required dependencies installed, you can install everything below.

# yum install gcc gcc-c++ cmake ncurses ncurses-devel libxml2 libxml2-devel zlib zlib-devel gd gd-devel openssl openssl-devel curl curl-devel libtool pcre pcre-devel wget unzip -y

After the dependencies are installed, let's create a folder to store the files that will be downloaded so that they are tidier.

# mkdir -p /home/master
# cd /home/master

Download this file in the way below.

# wget
# wget

Extract all files that have been downloaded earlier.

# tar -xzvf nginx-1.15.2.tar.gz
# unzip

For installation needs you also have to create these two folders.

# mkdir -p /usr/local/nginx/fastcgi
# mkdir -p /usr/local/nginx/body


# cd /home/master/nginx-1.15.2
# ./configure --conf-path=/usr/local/nginx/conf/nginx.conf \
--add-module=../naxsi-master/naxsi_src/ \
--error-log-path=/var/log/nginx/error.log \
--http-client-body-temp-path=/usr/local/nginx/body \
--http-fastcgi-temp-path=/usr/local/nginx/fastcgi \
--http-uwsgi-temp-path=/usr/local/nginx/uwsgi \
--http-scgi-temp-path=/usr/local/nginx/scgi \
--http-log-path=/var/log/nginx/access.log \
--http-proxy-temp-path=/usr/local/nginx/proxy \
--lock-path=/var/run/nginx.lock \
--pid-path=/var/run/ \
--with-http_ssl_module \
--with-http_ssl_module \
--with-http_addition_module \
--with-http_realip_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_geoip_module \
--without-mail_pop3_module \
--without-mail_smtp_module \
--without-mail_imap_module \
--without-http_uwsgi_module \
--without-http_scgi_module \'
--without-http_ssi_module \
--sbin-path=/usr/sbin/nginx \
# make
# make install

After it is installed you have to create a user nginx to run the service, because in the previous step I did not enter it directly so I needed to manually create that user.

# adduser --system --no-create-home --user-group -s /sbin/nologin nginx

We continue to copy the rules from nginx-naxsi that we downloaded earlier.

# cd /home/master/naxsi-master/naxsi_config
# mkdir -p /usr/local/nginx/conf/rules/
# cp naxsi_core.rules /usr/local/nginx/conf/rules

We are also required to install the geoip.

# yum install GeoIP-data.noarch -y 


Call the rules that we copied earlier into nginx.conf

# vi /usr/local/nginx/conf/nginx.conf

http {
 include /usr/local/nginx/conf/rules/naxsi_core.rules;

After everything is done let's make this service run with the systemctl command.

# vi /lib/systemd/system/nginx.service

Description=The NGINX HTTP and reverse proxy server
ExecStartPre=/usr/sbin/nginx -t
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID

# systemctl daemon-reload
# nginx-t
# systemctl restart nginx



Bangkit Ade Saputra
Bangkit Ade Saputra Hard-working professional with experience and a proven knowledge of operating system, server architecture and system configuration.

Post a Comment for "How to Install and Configure NAXSI Nginx GeoIP on Centos 7"