Created
November 22, 2024 22:39
-
-
Save MuriloChianfa/5125ec8fef39b3e38fcc86fbc2e1faed to your computer and use it in GitHub Desktop.
Build TempestaFW inside a Rocky 9 Linux, modded Kernel, and all tempesta Kernel modules.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# All commands was runned using the root user | |
# Building TempestaFW modded Kernel | |
cd /root | |
dnf -y install ncurses-devel openssl-devel elfutils-libelf-devel python3 git make flex bison gcc gcc-c++ boost-devel openssl-devel bc fakeroot dwarves elfutils-libelf-devel cmake elfutils-libelf-devel libdwarf-devel elfutils-devel elfutils-devel gnome-software tar | |
git clone --depth 1 https://github.com/tempesta-tech/linux-5.10.35-tfw | |
cd linux-5.10.35-tfw/ | |
cp /boot/config-$(uname -r) .config | |
sed -i 's/CONFIG_SYSTEM_TRUSTED_KEYRING/#CONFIG_SYSTEM_TRUSTED_KEYRING/g' ./.config | |
sed -i 's/CONFIG_SYSTEM_TRUSTED_KEYS/#CONFIG_SYSTEM_TRUSTED_KEYS/g' ./.config | |
sed -i 's/CONFIG_DEFAULT_SECURITY_SELINUX/#CONFIG_DEFAULT_SECURITY_SELINUX/g' ./.config | |
sed -i 's/CONFIG_LSM=/#CONFIG_LSM=/g' ./.config | |
sed -i 's/CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0/CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC=y\nCONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=1/g' ./.config | |
make olddefconfig | |
git clone https://git.kernel.org/pub/scm/devel/pahole/pahole.git | |
cd pahole/ | |
git checkout v1.22 | |
./buildcmd.sh | |
cd build && rm /usr/local/bin/pahole && cp pahole /usr/local/bin/pahole | |
cd ../.. | |
make -j$(nproc) | |
make modules_install | |
make install | |
reboot | |
# Building Tempesta-FW Kernel modules | |
cd /root | |
git clone --depth=1 https://github.com/tempesta-tech/tempesta | |
cd tempesta | |
make | |
yum install iptables-services iptables-utils | |
systemctl disable --now firewalld | |
cp /root/tempesta/pkg/debian/tempesta-fw.service /etc/systemd/system/ | |
sed -i 's/TFW_PATH=.*/TFW_PATH=\/root\/tempesta\/fw"/g' /etc/systemd/system/tempesta-fw.service | |
sed -i 's/TDB_PATH=.*/TDB_PATH=\/root\/tempesta\/db\/core"/g' /etc/systemd/system/tempesta-fw.service | |
sed -i 's/TLS_PATH=.*/TLS_PATH=\/root\/tempesta\/tls"/g' /etc/systemd/system/tempesta-fw.service | |
sed -i 's/LIB_PATH=.*/LIB_PATH=\/root\/tempesta\/lib"/g' /etc/systemd/system/tempesta-fw.service | |
sed -i 's/lib\/tempesta/root\/tempesta/g' /etc/systemd/system/tempesta-fw.service | |
mkdir -p /etc/tempesta/ | |
cp /root/tempesta/etc/tempesta_fw.conf /etc/tempesta/ | |
cat <<EOF > /etc/tempesta/tempesta_fw.conf | |
access_log on; | |
listen 0.0.0.0:8080; | |
listen [::0]:8081; | |
cache 0; | |
server 192.168.0.15:80; | |
vhost example.com { | |
proxy_pass default; | |
sticky { | |
sticky_sessions allow_failover; | |
sess_lifetime 60; | |
} | |
} | |
EOF | |
systemctl daemon-reload | |
systemctl enable --now tempesta-fw |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment