neuronsoverflow · December 13, 2020 00:46 · neuronsoverflow · Dec 13, 2020
diff --git a/nginx_upgrade.sh b/nginx_upgrade.sh
 #! /bin/bash

 if grep -q nginx
 then
        cd /opt
        rm -rf ssdeep
        git clone https://github.com/ssdeep-project/ssdeep
        cd ssdeep/
        ./bootstrap
        ./configure
        make
        make install

        cd /opt
        rm -rf ModSecurity
        git clone https://github.com/SpiderLabs/ModSecurity
        cd ModSecurity
        git checkout -b v3/master origin/v3/master
        git submodule init
        git submodule update
        sh build.sh
        ./configure
        make
        make install

        cd /opt
        rm -rf ModSecurity-nginx
        git clone https://github.com/SpiderLabs/ModSecurity-nginx

        cd /opt
        rm -rf ngx_http_geoip2_module
        wget https://github.com/leev/ngx_http_geoip2_module/archive/master.tar.gz 
        mv master.tar.gz ngx_http_geoip2_module.tar.gz
        tar -zxvf ngx_http_geoip2_module.tar.gz

        cd /opt
        nginxv_old=$(nginx -v 2>&1 |  grep -o '[0-9.]' | tr -d "\n")
        rm -rf ${nginxv_old}
        
        nginxv=$(apt-cache policy nginx | grep Candidate | egrep -o '^[^-]+' |  grep -o '[0-9.]' | tr -d "\n")
        cd /opt
        wget http://nginx.org/download/nginx-${nginxv}.tar.gz
        tar -zxvf nginx-${nginxv}.tar.gz
        cd nginx-${nginxv}
        ./configure --with-compat --add-dynamic-module=../ModSecurity-nginx --add-dynamic-module=../ngx_http_geoip2_module-master
        make modules
        cp objs/ngx_http_modsecurity_module.so /usr/share/nginx/modules/
        cp objs/ngx_http_geoip2_module.so /usr/lib/nginx/modules/
 fi
diff --git a/unattended-upgrade-and-geoip2-conf.sh b/unattended-upgrade-and-geoip2-conf.sh
 #!/bin/bash
 cat << 'EOF' > /etc/apt/apt.conf.d/99-nginx
 DPkg::Pre-Install-Pkgs {~/.scripts/nginx_upgrade.sh";};
 DPkg::Tools::Options::~/.scripts/nginx_upgrade.sh::Version "1";
 EOF

 # Add script nginx_upgrade.sh
 mkdir -p ~/.scripts
 chmod +x ~/.scripts/nginx_upgrade.sh

 # GEOIP2 Maxmind install
 sudo add-apt-repository ppa:maxmind/ppa
 apt update
 apt install libmaxminddb0 libmaxminddb-dev mmdb-bin geoipupdate
 apt install libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev

 echo "58 13 * * 5 /usr/local/bin/geoipupdate >> /dev/null 2>&1" >> /etc/crontab

 # Get a Account ID and License Key for personnal usage (free)
 ## FAQ Generate license key
 ## https://support.maxmind.com/account-faq/license-keys/how-do-i-generate-a-license-key/

 ## Login direct link
 ### https://www.maxmind.com/en/accounts/current/license-key

 echo "AccountID XXXXXX" >> /etc/GeoIP.conf
 echo "LicenseKey XXXXXXXXXXXXXXXX" >> /etc/GeoIP.conf

 geoipupdate
diff --git a/use-geoip2-for-country-blocking b/use-geoip2-for-country-blocking
 # Load compiled modules
 load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;
 load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;

 # Add conf to http vars
 http {
      ...
      geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
          auto_reload 60m;
          $geoip2_metadata_country_build metadata build_epoch;
          $geoip2_data_country_code country iso_code;
          $geoip2_data_country_name country names en;
      }

      geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
          auto_reload 60m;
          $geoip2_metadata_city_build metadata build_epoch;
          $geoip2_data_city_name city names en;
      }

      fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
      fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
      fastcgi_param CITY_NAME    $geoip2_data_city_name;

      map $geoip2_data_country_code $domain_xyz_allowed_country {
          default yes;
          BG no;
      }
      
      ...
      # Add conf to server location part
      server {
              location / {
                  if ($domain_xyz_allowed_country = no) {
                      return 444;
                  }
              }

              location / {
                  if ($domain_xyz_allowed_country = no) {
                      return 444;
                  }
              }
              
            ...
            # End server
            }
      
      # End http
      }
	#! /bin/bash

	if grep -q nginx
	then
	cd /opt
	rm -rf ssdeep
	git clone https://github.com/ssdeep-project/ssdeep
	cd ssdeep/
	./bootstrap
	./configure
	make
	make install

	cd /opt
	rm -rf ModSecurity
	git clone https://github.com/SpiderLabs/ModSecurity
	cd ModSecurity
	git checkout -b v3/master origin/v3/master
	git submodule init
	git submodule update
	sh build.sh
	./configure
	make
	make install

	cd /opt
	rm -rf ModSecurity-nginx
	git clone https://github.com/SpiderLabs/ModSecurity-nginx

	cd /opt
	rm -rf ngx_http_geoip2_module
	wget https://github.com/leev/ngx_http_geoip2_module/archive/master.tar.gz
	mv master.tar.gz ngx_http_geoip2_module.tar.gz
	tar -zxvf ngx_http_geoip2_module.tar.gz

	cd /opt
	nginxv_old=$(nginx -v 2>&1 \| grep -o '[0-9.]' \| tr -d "\n")
	rm -rf ${nginxv_old}

	nginxv=$(apt-cache policy nginx \| grep Candidate \| egrep -o '^[^-]+' \| grep -o '[0-9.]' \| tr -d "\n")
	cd /opt
	wget http://nginx.org/download/nginx-${nginxv}.tar.gz
	tar -zxvf nginx-${nginxv}.tar.gz
	cd nginx-${nginxv}
	./configure --with-compat --add-dynamic-module=../ModSecurity-nginx --add-dynamic-module=../ngx_http_geoip2_module-master
	make modules
	cp objs/ngx_http_modsecurity_module.so /usr/share/nginx/modules/
	cp objs/ngx_http_geoip2_module.so /usr/lib/nginx/modules/
	fi
	#!/bin/bash
	cat << 'EOF' > /etc/apt/apt.conf.d/99-nginx
	DPkg::Pre-Install-Pkgs {~/.scripts/nginx_upgrade.sh";};
	DPkg::Tools::Options::~/.scripts/nginx_upgrade.sh::Version "1";
	EOF

	# Add script nginx_upgrade.sh
	mkdir -p ~/.scripts
	chmod +x ~/.scripts/nginx_upgrade.sh

	# GEOIP2 Maxmind install
	sudo add-apt-repository ppa:maxmind/ppa
	apt update
	apt install libmaxminddb0 libmaxminddb-dev mmdb-bin geoipupdate
	apt install libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev

	echo "58 13 * * 5 /usr/local/bin/geoipupdate >> /dev/null 2>&1" >> /etc/crontab

	# Get a Account ID and License Key for personnal usage (free)
	## FAQ Generate license key
	## https://support.maxmind.com/account-faq/license-keys/how-do-i-generate-a-license-key/

	## Login direct link
	### https://www.maxmind.com/en/accounts/current/license-key

	echo "AccountID XXXXXX" >> /etc/GeoIP.conf
	echo "LicenseKey XXXXXXXXXXXXXXXX" >> /etc/GeoIP.conf

	geoipupdate
	# Load compiled modules
	load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;
	load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;

	# Add conf to http vars
	http {
	...
	geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
	auto_reload 60m;
	$geoip2_metadata_country_build metadata build_epoch;
	$geoip2_data_country_code country iso_code;
	$geoip2_data_country_name country names en;
	}

	geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
	auto_reload 60m;
	$geoip2_metadata_city_build metadata build_epoch;
	$geoip2_data_city_name city names en;
	}

	fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
	fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
	fastcgi_param CITY_NAME $geoip2_data_city_name;

	map $geoip2_data_country_code $domain_xyz_allowed_country {
	default yes;
	BG no;
	}

	...
	# Add conf to server location part
	server {
	location / {
	if ($domain_xyz_allowed_country = no) {
	return 444;
	}
	}

	location / {
	if ($domain_xyz_allowed_country = no) {
	return 444;
	}
	}

	...
	# End server
	}

	# End http
	}