-
Notifications
You must be signed in to change notification settings - Fork 295
Open
Description
Hi guys, so i try to build nginx with mod security with command look like this :
export TENGINE_VERSION=3.1.0
export YAJL_VERSION=2.1.0
export MODSEC_VERSION=v3.0.12
export MODSEC_NGX_VERSION=v1.0.3
export TEMP_DIR=/mnt/data/ehe/wrapper-tengine/install
export MODSECURITY_INC="/usr/local/modsecurity/include/"
export MODSECURITY_LIB="/usr/local/modsecurity/lib/"
mkdir -p ${TEMP_DIR} \
&& curl -fsSL https://github.com/openresty/luajit2/archive/${LUAJIT_VERSION}.tar.gz -o luajit.tar.gz \
&& tar zxf luajit.tar.gz -C ${TEMP_DIR} \
&& cd ${TEMP_DIR}/luajit2-${LUAJIT_VERSION#v} \
&& make -j4 && make install -j4 \
&& export LUAJIT_INC=/usr/local/include/luajit-2.1 \
&& export LUAJIT_LIB=/usr/local/lib \
&& ln -sf luajit /usr/local/bin/luajit \
&& cd .. \
&& curl -fsSL https://github.com/lloyd/yajl/archive/refs/tags/${YAJL_VERSION}.tar.gz -o yajl.tar.gz \
&& tar zxf yajl.tar.gz -C ${TEMP_DIR} \
&& cd ${TEMP_DIR}/yajl-${YAJL_VERSION} \
&& ./configure && make && make -j4 install -j4 \
&& ldconfig /usr/local/lib \
# rm -Rf ${TEMP_DIR}/modsecurity-${MODSEC_VERSION} \
git clone --depth 1 -b v3/master --single-branch https://github.com/owasp-modsecurity/ModSecurity ${TEMP_DIR}/modsecurity-${MODSEC_VERSION} \
&& cd ${TEMP_DIR}/modsecurity-${MODSEC_VERSION} \
&& git submodule init \
&& git submodule update \
&& ./build.sh \
&& ./configure \
&& make -j4 \
&& make install -j4
cd ${TEMP_DIR}/tengine-${TENGINE_VERSION} \
&& MODSECURITY_INC="/usr/local/modsecurity/include/" MODSECURITY_LIB="/usr/local/modsecurity/lib/" ./configure --with-ld-opt="-lpcre" --prefix=/etc/nginx --sbin-path=/usr/sbin \
--error-log-path=/var/log/nginx/error.log \
--conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx.pid \
--add-dynamic-module=${TEMP_DIR}/modsecurity-nginx-${MODSEC_NGX_VERSION} \
--with-compat \
&& make -j4 && make install -j4
but it always give me this error
checking for ModSecurity library in "/usr/local/modsecurity/lib/" and "/usr/local/modsecurity/include/" (specified by the MODSECURITY_LIB and MODSECURITY_INC env) ... not found
./configure: error: ngx_http_modsecurity_module requires the ModSecurity library and MODSECURITY_LIB is defined as "/usr/local/modsecurity/lib/" and MODSECURITY_INC (path for modsecurity.h) "/usr/local/modsecurity/include/", but we cannot find ModSecurity there.
i already follow the steps in repository and even execute steps that suggested like :
libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/var/lib/snapd/snap/bin:/sbin" ldconfig -n /usr/local/modsecurity/lib
----------------------------------------------------------------------
Libraries have been installed in:
/usr/local/modsecurity/lib
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the 'LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the 'LD_RUN_PATH' environment variable
during linking
- use the '-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to '/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages
and this is the directory of modsecurity looks like :
/usr/local/modsecurity
├── bin
│ └── modsec-rules-check
├── include
│ └── modsecurity
│ ├── actions
│ │ └── action.h
│ ├── anchored_set_variable.h
│ ├── anchored_set_variable_translation_proxy.h
│ ├── anchored_variable.h
│ ├── audit_log.h
│ ├── collection
│ │ ├── collection.h
│ │ └── collections.h
│ ├── debug_log.h
│ ├── intervention.h
│ ├── modsecurity.h
│ ├── reading_logs_via_rule_message.h
│ ├── rule.h
│ ├── rule_marker.h
│ ├── rule_message.h
│ ├── rules_exceptions.h
│ ├── rules.h
│ ├── rules_set.h
│ ├── rules_set_phases.h
│ ├── rules_set_properties.h
│ ├── rule_unconditional.h
│ ├── rule_with_actions.h
│ ├── rule_with_operator.h
│ ├── transaction.h
│ ├── variable_origin.h
│ └── variable_value.h
└── lib
├── libmodsecurity.a
├── libmodsecurity.la
├── libmodsecurity.so -> libmodsecurity.so.3.0.12
├── libmodsecurity.so.3 -> libmodsecurity.so.3.0.12
├── libmodsecurity.so.3.0.12
└── pkgconfig
└── modsecurity.pc
any other suggestion regarding this issues?
Activity
bijancot commentedon Aug 22, 2024
Found something regarding this issue. It's look like issue only appear when i using build from source modsecurity. all working well if i using package from repo.
Any other suggestion to solve this issue in case install and download from repos cannot be done some times?
Best Regards,
bijancot
airween commentedon Oct 17, 2024
Hi @bijancot,
you should try to pass CFLAGS when you build Tengine and ModSecurity connector:
bijancot commentedon Oct 17, 2024
Thank's for the suggestion. Would try it soon
evgeny-bushuev-incountry commentedon Dec 23, 2024
Have the same issue on alpine-3.21 when configure nginx from source:
when I configure nginx on alpine-3.20 it ends up successfully:
logopk commentedon May 31, 2025
I can add a me too on debian bookworm in a docker-compose build. I have tried all the above suggestions with
ENV MODSECURITY_INC /usr/local/modsecurity/include/
ENV MODSECURITY_LIB /usr/local/modsecurity/lib/
ENV CFLAGS -I/usr/local/modsecurity/headers -L/usr/local/modsecurity/lib
I am trying too build nginx with opnessl 3.5 to get PQC ciphers...