Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhanced Playbook #3

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Enhanced Playbook #3

wants to merge 2 commits into from

Conversation

nicolasjulian
Copy link

Hey there,

Hope you're doing well! Just wanted to say thanks for creating these playbooks – they're really great.

By the way, I made some tweaks to get them up and running with Ubuntu 22.04.3 LTS. Everything seems to work smoothly on my end. Here’s the setup I used for testing:

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.3 LTS"

Cheers 🍻

@nicolasjulian
Update compatibitly with ubuntu 22.04
ef38cdd 
Tested on
```
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.3 LTS"
PRETTY_NAME="Ubuntu 22.04.3 LTS"
```
@nicolasjulian
Update core ruleset version and dependecy
78d3183
@perryk
Copy link
Owner

perryk commented Jan 15, 2024

Oh nice, thanks for the contributions.

As soon as I have a chance to review I'll look to merge these.

In the past I've kept things a little more enterprise linux orientated than ubuntu, but these days I'm keen to have support and use both.

@perryk
Copy link
Owner

perryk commented Jan 19, 2024

In order to compile with the http geoip module I needed to add the following to the Debian pre-reqs:

- libgeoip-dev

Do you know if this the preferred library to use for this ?

Perhaps there are better ones with better databases of locations etc ?

There are existing pre-req packages which are providing a libmaxminddb library ?

@nicolasjulian
Copy link
Author

In order to compile with the http geoip module I needed to add the following to the Debian pre-reqs:

- libgeoip-dev

Do you know if this the preferred library to use for this ?

Perhaps there are better ones with better databases of locations etc ?

There are existing pre-req packages which are providing a libmaxminddb library ?

Yes, i changes the libgeoip-dev to libmaxminddb cause it's have more wider community support.

@uqperryk
Copy link
Contributor

Ok, so maybe line 62 of task/compile.yml should be ?

--without-http_geo_module

instead of:

--with-http_geoip_module=dynamic

Then download and compile mod-geoip2 in a similar fashion to as we doing for modsecurity ?

Or have it installed from a repo package, such as libnginx-mod-http-geoip2 for ubuntu (but that assumes you are using ubuntu packages for nginx, not the official repo.

Unless I have missed something ?

@nicolasjulian
Copy link
Author

So, to use MaxMind GeoIP inside the nginx configuration we need geoip_ syntax.

It's only going to be available if we are enabling the --with-http_geoip_module=dynamic

Enables building the ngx_http_geoip_module module that creates variables depending on the client IP address and the precompiled MaxMind databases. This module is not built by default.

  1. https://nginx.org/en/docs/configure.html
  2. https://nginx.org/en/docs/http/ngx_http_geoip_module.html

@perryk
Copy link
Owner

perryk commented Jan 23, 2024

On a freshly built VM and using the role from your repo there is an error which stops the role from finishing:

configuring additional dynamic modules
adding module in ../../ModSecurity-nginx
checking for ModSecurity library ... not found
checking for ModSecurity library in /usr/local/modsecurity ... found
 + ngx_http_modsecurity_module was configured
checking for PCRE library ... found
checking for PCRE JIT support ... found
checking for zlib library ... found
checking for GeoIP library ... not found
checking for GeoIP library in /usr/local/ ... not found
checking for GeoIP library in /usr/pkg/ ... not found
checking for GeoIP library in /opt/local/ ... not found

./configure: error: the GeoIP module requires the GeoIP library.
You can either do not enable the module or install the library.

I can either not enable the module or install the old library, either of these work to allow the role to complete.

What changes would you recommend ?

If using nginx from Ubuntu repos, there is a package named "libnginx-mod-http-geoip2" which provides a GeoIP2 module.

Otherwise building it from source looks like it will want this code: https://github.com/leev/ngx_http_geoip2_module

@perryk
Copy link
Owner

perryk commented Jan 23, 2024

I've tested with building the GeoIP2 module from source, it wasn't much to add to the role.

I assume nginx configuration to use GeoIP2 is actually a little different to using GeoIP ?

@nicolasjulian
Copy link
Author

Hello, yes forget to mention we need the libnginx-mod-http-geoip2 package.

@perryk
Copy link
Owner

perryk commented Mar 5, 2024

I've made some changes which incorporated most of your updates/fixes.

This role now has options to build the GeoIP and/or the MaxMind Nginx modules :)

For anyone, please let me know if you find any issues since these changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nicolasjulian @perryk @uqperryk