Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migration to official nginx role #2

Draft
wants to merge 13 commits into
base: main
Choose a base branch
from
Draft

Migration to official nginx role #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
5c9ce49
feat: ensure all compiling deps are present
oyale Jan 18, 2023
5874733
feat: load modsecurity module via nginx_conf role
oyale Jan 18, 2023
a1d9c7b
.
oyale Jan 18, 2023
871503c
debug: comment out old code
oyale Jan 18, 2023
79c746a
feat: official role instead old one
oyale Jan 18, 2023
76ecb8b
feat: ensure all compiling deps are present
oyale Jan 18, 2023
7fd20d5
feat: load modsecurity module via nginx_conf role
oyale Jan 18, 2023
c3755c1
debug: comment out old code
oyale Jan 18, 2023
81a72b2
feat: official role instead old one
oyale Jan 18, 2023
247d569
Merge branch 'migration-to-official-nginx' of github.com:coopdevs/ngi…
jordiisidro Jan 23, 2023
f9b499a
feat: move modsecurity module location to inventory
oyale Jan 23, 2023
98b9c0c
Merge branch 'migration-to-official-nginx' of github.com:coopdevs/ngi…
jordiisidro Jan 23, 2023
42f04f1
reexecutar nginxinc.nginx despres de configurar modsec
jordiisidro Jan 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 18 additions & 4 deletions defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,29 @@ nginx_modsec3_crs_version: v3.4/dev
nginx_modsec3_crs3_force_compile: True
nginx_modsec3_crs3_block_mode: True
nginx_modsec3_crs3_debian_pre_reqs:
- libgeoip-dev
- libcurl4-openssl-dev
- liblua5.2-dev
- libyajl-dev
- libxml2-dev
- libpcre3-dev
- libpcre++-dev
- ssdeep
- libfuzzy-dev
- git
- m4
- git
- g++
- apt-utils
- autoconf
- automake
- build-essential
- libcurl4-openssl-dev
- libgeoip-dev
- liblmdb-dev
- libpcre++-dev
- libtool
- libxml2-dev
- libyajl-dev
- pkgconf
- wget
- zlib1g-dev

nginx_modsec3_crs3_debian_compiler_reqs:
- build-essential
Expand All @@ -39,3 +52,4 @@ nginx_modsec3_crs3_redhat_compiler_reqs:

nginx_official_repo: True
nginx_official_repo_mainline: True

36 changes: 18 additions & 18 deletions tasks/compile.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,19 +85,19 @@
- "make modules"
when: not modsec3_nginx_present or nginx_modsec3_crs3_force_compile

- name: import nginx role Debian/Ubuntu vars
include_vars:
file: "../jdauphant.nginx/vars/Debian.yml"
when:
- ansible_os_family == "Debian"
#- nginx_python_selinux_pkgs is not defined

- name: import nginx role Redhat/Centos vars
include_vars:
file: "../jdauphant.nginx/vars/Redhat.yml"
when:
- ansible_os_family == "Redhat"
#- nginx_python_selinux_pkgs is not defined
# - name: import nginx role Debian/Ubuntu vars
# include_vars:
# file: "../jdauphant.nginx/vars/Debian.yml"
# when:
# - ansible_os_family == "Debian"
# #- nginx_python_selinux_pkgs is not defined

# - name: import nginx role Redhat/Centos vars
# include_vars:
# file: "../jdauphant.nginx/vars/Redhat.yml"
# when:
# - ansible_os_family == "Redhat"
# #- nginx_python_selinux_pkgs is not defined

- name: Copy Modsecurity-nginx module to Nginx modules folder
copy:
Expand All @@ -106,11 +106,11 @@
remote_src: yes
when: not modsec3_nginx_present or nginx_modsec3_crs3_force_compile

- name: Enable module in Nginx
template:
src: 50-mod-http-modsecurity.conf.j2
dest: "{{ nginx_conf_dir }}/modules-enabled/50-mod-http-modsecurity.conf"
when: not modsec3_nginx_present or nginx_modsec3_crs3_force_compile
# - name: Enable module in Nginx
# template:
# src: 50-mod-http-modsecurity.conf.j2
# dest: "{{ nginx_conf_dir }}/conf.d/50-mod-http-modsecurity.conf"
# when: not modsec3_nginx_present or nginx_modsec3_crs3_force_compile

- name: Create folder for Modsec config and rules
file:
Expand Down
34 changes: 19 additions & 15 deletions tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,25 +33,23 @@
state: present
when: ansible_os_family == "Redhat"

- name: Run Nginx SElinux tasks
include_role:
name: jdauphant.nginx
tasks_from: selinux.yml
allow_duplicates: yes
when: ansible_selinux and ansible_selinux.status == "enabled"
# - name: Run Nginx SElinux tasks
# include_role:
# name: nginxinc.nginx
# tasks_from: selinux.yml
# allow_duplicates: yes
# when: ansible_selinux and ansible_selinux.status == "enabled"

- name: Run Nginx official repo tasks
include_role:
name: jdauphant.nginx
tasks_from: nginx-official-repo.yml
allow_duplicates: yes
name: nginxinc.nginx
when: nginx_official_repo == True

- name: Run Nginx install packages tasks
include_role:
name: jdauphant.nginx
tasks_from: installation.packages.yml
allow_duplicates: yes
# - name: Run Nginx install packages tasks
# include_role:
# name: jdauphant.nginx
# tasks_from: installation.packages.yml
# allow_duplicates: yes
# when: nginx_installation_type == "packages"

- name: Get the rpm or apt package facts
Expand Down Expand Up @@ -97,7 +95,7 @@

- name: Configure Nginx now that the Modsec module is built
import_role:
name: jdauphant.nginx
name: nginxinc.nginx_config

- name: Check which packages were installed for Debian/Ubuntu
shell: dpkg-query -l > /tmp/after.txt
Expand All @@ -117,3 +115,9 @@
name: "{{ installed.stdout_lines }}"
state: absent
when: installed is defined and (nginx_modsec3_crs3_keep is undefined or not nginx_modsec3_crs3_keep)


- name: Run Nginx official repo tasks
include_role:
name: nginxinc.nginx
when: nginx_official_repo == True