Static Nginx 带 Modsecurity
[英]Static Nginx with Modsecurity
问题描述
Trying to add Modsecurity v3.0.4 in to Nginx v1.19.9 but running in to some errors I do not understand.
尝试将 Modsecurity v3.0.4 添加到 Nginx v1.19.9 但遇到一些我不明白的错误。 There are MANY errors similar to the ones I pasted below but did not include them all.有许多错误类似于我在下面粘贴的错误,但并未包括所有错误。 My intention is to create a static Nginx binary and not use the dynamic Modsecurity module.我的意图是创建一个 static Nginx 二进制文件,而不使用动态 Modsecurity 模块。 Thanks for any help.谢谢你的帮助。
Dockerfile Dockerfile
FROM alpine:latest as build
#Define build argument for version
ARG NGNX_VERSION=1.19.8
ARG PCRE_VERSION=8.44
ARG OSSL_VERSION=1.1.1k
ARG ZLIB_VERSION=1.2.11
ARG GEO_DB_RELEASE=2021-04
ARG MODSEC_BRANCH=v3.0.4
ARG OWASP_BRANCH=v3.3/master
# Set working directory
WORKDIR /tmp
RUN echo "Installing Dependencies" && \
apk add --no-cache --virtual general-dependencies \
autoconf \
automake \
byacc \
build-base \
gnupg \
perl \
linux-headers \
pcre-dev \
wget \
geoip-dev \
curl-dev \
flex \
g++ \
gcc \
geoip-dev \
git \
libc-dev \
libmaxminddb-dev \
libstdc++ \
libtool \
libxml2-dev \
linux-headers \
lmdb-dev \
make \
openssl-dev \
pcre-dev \
yajl-dev \
zlib-dev
# Clone and compile modsecurity. Binary will be located in /usr/local/modsecurity
RUN echo "Installing ModSec Library" && \
git clone -b ${MODSEC_BRANCH} --depth 1 https://github.com/SpiderLabs/ModSecurity && \
git -C /tmp/ModSecurity submodule update --init --recursive && \
(cd "/tmp/ModSecurity" && \
./build.sh && \
./configure --with-lmdb && \
make -j 10 && \
make install \
)
# Retrieve required packages
RUN echo 'Cloning Modsec Nginx Connector, GeoIP, ModSec OWASP Rules, and download/extract nginx and GeoIP databases' && \
git clone -b master --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git && \
git clone -b ${OWASP_BRANCH} --depth 1 https://github.com/coreruleset/coreruleset.git /usr/local/owasp-modsecurity-crs && \
wget -q https://www.openssl.org/source/openssl-$OSSL_VERSION.tar.gz && \
tar -xzf openssl-$OSSL_VERSION.tar.gz && \
wget -q https://ftp.pcre.org/pub/pcre/pcre-$PCRE_VERSION.tar.bz2 && \
tar -xjf pcre-$PCRE_VERSION.tar.bz2 && \
wget -q http://zlib.net/zlib-$ZLIB_VERSION.tar.gz && \
tar -xzf zlib-$ZLIB_VERSION.tar.gz && \
wget -q http://nginx.org/download/nginx-$NGNX_VERSION.tar.gz && \
tar -xzf nginx-$NGNX_VERSION.tar.gz
# Install Nginx with PCRE, OpenSSL, Geomod, Zlib
RUN set -x && \
cd /tmp/nginx-$NGNX_VERSION && \
./configure \
--with-compat \
--with-ld-opt="-static" \
--with-pcre=/tmp/pcre-${PCRE_VERSION} \
--with-zlib=/tmp/zlib-${ZLIB_VERSION} \
--with-openssl=/tmp/openssl-${OSSL_VERSION} \
--with-http_realip_module \
--with-http_v2_module \
--add-module=/tmp/ModSecurity-nginx \
--with-http_ssl_module && \
make -j 10 && \
make install && \
strip /usr/local/nginx/sbin/nginx && \
apk del general-dependencies
# Symlink access and error logs to /dev/stdout and /dev/stderr, in
# order to make use of Docker's logging mechanism
RUN ln -sf /dev/stdout /usr/local/nginx/logs/access.log && \
ln -sf /dev/stderr /usr/local/nginx/logs/error.log
RUN addgroup -S nginx && adduser -S -G nginx nginx
Failures occur during the Nginx make section. Nginx 制造部分发生故障。 There are many similar to these.与这些类似的还有很多。
/usr/include/c++/10.2.1/bits/basic_string.tcc:225: undefined reference to `std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_S_copy_chars(char*, char const*, char const*)'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/include/c++/10.2.1/bits/basic_string.tcc:219: undefined reference to `std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_create(unsigned long&, unsigned long)'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/include/c++/10.2.1/bits/basic_string.tcc:212: undefined reference to `std::__throw_logic_error(char const*)'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(lt5-libmodsecurity_la-rule.o): in function `_GLOBAL__sub_I_rule.cc':
/usr/include/c++/10.2.1/iostream:74: undefined reference to `std::ios_base::Init::Init()'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(lt5-libmodsecurity_la-rule.o): in function `__static_initialization_and_destruction_0':
/usr/include/c++/10.2.1/iostream:74: undefined reference to `std::ios_base::Init::~Init()'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/local/modsecurity/lib/libmodsecurity.a(lt5-libmodsecurity_la-rule.o): in function `__static_initialization_and_destruction_0':
/tmp/ModSecurity/src/variables/rule.cc:23: undefined reference to `std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string()'
collect2: error: ld returned 1 exit status
make[1]: *** [objs/Makefile:267: objs/nginx] Error 1
1 个解决方案
解决方案1
0 2021-04-19 10:20:59
OWASP ModSecurity Core Rule Set project here. OWASP ModSecurity 核心规则集项目在这里。
I've never attempted a static compile, but I suggest you ask the question on the modsecurity mailinglist or on the specific modsecurity developer mailinglist.我从未尝试过 static 编译,但我建议您在 modsecurity 邮件列表或特定的 modsecurity 开发人员邮件列表中提问。
https://sourceforge.net/p/mod-security/mailman/ https://sourceforge.net/p/mod-security/mailman/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何在Ubuntu上编译modsecurity? - How to compile modsecurity on Ubuntu?
静态寿命 - static lifetime
静态和内联 - static and inline
将静态库与静态库链接 - Link static library with static library
static extern vs extern static - static extern vs extern static
简单的nginx if语句在C中 - simple nginx if statement in C
静态库 - Static libraries
静态常数 - Static constants
static 内联与内联 static - static inline vs inline static
Static 指针 - Static pointers
相关标签