Home Explore Help
Sign In
joker
/
oneinstack
mirror of https://github.com/oneinstack/oneinstack/
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add ngx_lua_waf

lj2007331@gmail.com 6 years ago
parent
fb6e78ae2d
commit
b66b273c9e
6 changed files with 177 additions and 11 deletions
Split View Show Diff Stats
  1. 14 2
      addons.sh
  2. 1 1
      include/apache-2.2.sh
  3. 1 1
      include/apache-2.4.sh
  4. 2 2
      include/check_download.sh
  5. 154 0
      include/ngx_lua_waf.sh
  6. 5 5
      versions.txt

+ 14 - 2
addons.sh
View File 

@@ -53,6 +53,8 @@ IPADDR_COUNTRY=`./include/get_ipaddr_state.py $PUBLIC_IPADDR | awk '{print $1}'`
 
 
 . ./include/python.sh
 
 
+. ./include/ngx_lua_waf.sh
 
+
 
 # Check PHP
 
 if [ -e "${php_install_dir}/bin/phpize" ]; then
 
   phpExtensionDir=$(${php_install_dir}/bin/php-config --extension-dir)
 
@@ -178,8 +180,8 @@ What Are You Doing?
 
 \t${CMSG} q${CEND}. Exit
 
 "
 
   read -p "Please input the correct option: " Number
 
-  if [[ ! "${Number}" =~ ^[1-9,q]$|^10$ ]]; then
 
-    echo "${CFAILURE}input error! Please only input 1~10 and q${CEND}"
 
+  if [[ ! "${Number}" =~ ^[1-9,q]$|^1[0-1]$ ]]; then
 
+    echo "${CFAILURE}input error! Please only input 1~11 and q${CEND}"
 
   else
 
     case "${Number}" in
 
       1)
 
@@ -546,6 +548,16 @@ EOF
 
           Uninstall_fail2ban
 
         fi
 
         ;;
 
+      11)
 
+        ACTION_FUN
 
+        if [ "${ACTION}" = '1' ]; then
 
+          [ -e "${nginx_install_dir}/sbin/nginx" ] && Nginx_lua_waf
 
+          [ -e "${tengine_install_dir}/sbin/nginx" ] && Tengine_lua_waf
 
+          enable_lua_waf
 
+        else
 
+          disable_lua_waf
 
+        fi
 
+        ;;
 
       q)
 
         exit
 
         ;;

+ 1 - 1
include/apache-2.2.sh
View File 

@@ -41,7 +41,7 @@ Install_Apache22() {
 
 
   sed -i "s@^User daemon@User ${run_user}@" ${apache_install_dir}/conf/httpd.conf
 
   sed -i "s@^Group daemon@Group ${run_user}@" ${apache_install_dir}/conf/httpd.conf
 
-  if [ "${nginx_option}" == '4' -a ! -e "${web_install_dir}/sbin/nginx" ]; then
 
+  if [[ ! ${nginx_option} =~ ^[1-3]$ ]] && [ ! -e "${web_install_dir}/sbin/nginx" ]; then
 
     sed -i 's/^#ServerName www.example.com:80/ServerName 0.0.0.0:80/' ${apache_install_dir}/conf/httpd.conf
 
     TMP_PORT=80
 
   elif [[ ${nginx_option} =~ ^[1-3]$ ]] || [ -e "${web_install_dir}/sbin/nginx" ]; then

+ 1 - 1
include/apache-2.4.sh
View File 

@@ -64,7 +64,7 @@ Install_Apache24() {
 
 
   sed -i "s@^User daemon@User ${run_user}@" ${apache_install_dir}/conf/httpd.conf
 
   sed -i "s@^Group daemon@Group ${run_user}@" ${apache_install_dir}/conf/httpd.conf
 
-  if [ "${nginx_option}" == '4' -a ! -e "${web_install_dir}/sbin/nginx" ]; then
 
+  if [[ ! ${nginx_option} =~ ^[1-3]$ ]] && [ ! -e "${web_install_dir}/sbin/nginx" ]; then
 
     sed -i 's/^#ServerName www.example.com:80/ServerName 0.0.0.0:80/' ${apache_install_dir}/conf/httpd.conf
 
     TMP_PORT=80
 
   elif [[ ${nginx_option} =~ ^[1-3]$ ]] || [ -e "${web_install_dir}/sbin/nginx" ]; then

+ 2 - 2
include/check_download.sh
View File 

@@ -14,7 +14,7 @@ checkDownload() {
 
   echo "Download openSSL..."
 
   src_url=https://www.openssl.org/source/openssl-${openssl_ver}.tar.gz && Download_src
 
   echo "Download cacert.pem..."
 
-  src_url=http://curl.haxx.se/ca/cacert.pem && Download_src
 
+  src_url=https://curl.haxx.se/ca/cacert.pem && Download_src
 
 
   # Web
 
   if [ "${web_yn}" == 'y' ]; then
 
@@ -791,7 +791,7 @@ checkDownload() {
 
     src_url=https://launchpad.net/libmemcached/1.0/${libmemcached_ver}/+download/libmemcached-${libmemcached_ver}.tar.gz && Download_src
 
   fi
 
 
-  if [[ ${nginx_option} =~ ^[1-3]$ ]] || [ "$db_yn" == 'y' -a "${db_option}" != '10' ]; then
 
+  if [[ ${nginx_option} =~ ^[1-3]$ ]] || [ "${db_yn}" == 'y' ]; then
 
     echo "Download jemalloc..."
 
     src_url=${mirrorLink}/jemalloc-${jemalloc_ver}.tar.bz2 && Download_src
 
   fi

+ 154 - 0
include/ngx_lua_waf.sh
View File 

@@ -0,0 +1,154 @@
 
+#!/bin/bash
 
+# Author:  yeho <lj2007331 AT gmail.com>
 
+# BLOG:  https://blog.linuxeye.cn
 
+#
 
+# Notes: OneinStack for CentOS/RadHat 6+ Debian 6+ and Ubuntu 12+
 
+#
 
+# Project home page:
 
+#       https://oneinstack.com
 
+#       https://github.com/lj2007331/oneinstack
 
+
 
+Nginx_lua_waf() {
 
+  pushd ${oneinstack_dir}/src > /dev/null
 
+  [ ! -e "${nginx_install_dir}/sbin/nginx" ] && echo "${CWARNING}Nginx is not installed on your system! ${CEND}" && exit 1
 
+  if [ -e "/usr/local/lib/libluajit-5.1.so.2.1.0" ]; then
 
+    [ -e "/usr/local/lib/libluajit-5.1.so.2.0.5" ] && find /usr/local -name *luajit* | xargs rm -rf
 
+    src_url=http://mirrors.linuxeye.com/oneinstack/src/LuaJIT-2.1.0-beta3.tar.gz && Download_src
 
+    tar xzf LuaJIT-2.1.0-beta3.tar.gz
 
+    pushd LuaJIT-2.1.0-beta3
 
+    make && make install
 
+    popd > /dev/null
 
+  fi
 
+  if [ -e "/usr/local/lib/lua/5.1/cjson.so" ]; then
 
+    src_url=http://mirrors.linuxeye.com/oneinstack/src/lua-cjson-2.1.0.6.tar.gz && Download_src
 
+    tar xzf lua-cjson-2.1.0.6.tar.gz
 
+    pushd lua-cjson-2.1.0.6
 
+    make && make install
 
+    popd > /dev/null
 
+  fi
 
+  ${nginx_install_dir}/sbin/nginx -V &> $$
 
+  nginx_configure_args_tmp=`cat $$ | grep 'configure arguments:' | awk -F: '{print $2}'`
 
+  rm -rf $$
 
+  nginx_configure_args=`echo ${nginx_configure_args_tmp} | sed "s@--with-openssl=../openssl-...... @--with-openssl=../openssl-${openssl_ver} @" | sed "s@--with-pcre=../pcre-.... @--with-pcre=../pcre-${pcre_ver} @"`
 
+  if [ -z "`grep lua-nginx-module ${nginx_configure_args}`" ]; then
 
+    src_url=http://nginx.org/download/nginx-${nginx_ver}.tar.gz && Download_src
 
+    src_url=https://www.openssl.org/source/openssl-${openssl_ver}.tar.gz && Download_src
 
+    src_url=http://mirrors.linuxeye.com/oneinstack/src/pcre-${pcre_ver}.tar.gz && Download_src
 
+    src_url=http://mirrors.linuxeye.com/oneinstack/src/ngx_devel_kit.tar.gz && Download_src
 
+    src_url=http://mirrors.linuxeye.com/oneinstack/src/lua-nginx-module.tar.gz && Download_src
 
+    tar xzf nginx-${nginx_ver}.tar.gz
 
+    tar xzf openssl-${openssl_ver}.tar.gz
 
+    tar xzf pcre-${pcre_ver}.tar.gz
 
+    tar xzf ngx_devel_kit.tar.gz
 
+    tar xzf lua-nginx-module.tar.gz
 
+    pushd nginx-${nginx_ver}
 
+    make clean
 
+    sed -i 's@CFLAGS="$CFLAGS -g"@#CFLAGS="$CFLAGS -g"@' auto/cc/gcc # close debug
 
+    ./configure ${nginx_configure_args} --add-module=../lua-nginx-module --add-module=../ngx_devel_kit
 
+    make -j ${THREAD}
 
+    if [ -f "objs/nginx" ]; then
 
+      /bin/mv ${nginx_install_dir}/sbin/nginx{,`date +%m%d`}
 
+      /bin/cp objs/nginx ${nginx_install_dir}/sbin/nginx
 
+      kill -USR2 `cat /var/run/nginx.pid`
 
+      sleep 1
 
+      kill -QUIT `cat /var/run/nginx.pid.oldbin`
 
+      popd > /dev/null
 
+      echo "${CSUCCESS}lua-nginx-module installed successfully! ${CEND}"
 
+      rm -rf nginx-${nginx_ver}
 
+    else
 
+      echo "${CFAILURE}lua-nginx-module install failed! ${CEND}"
 
+    fi
 
+  fi
 
+  popd > /dev/null
 
+}
 
+
 
+Tengine_lua_waf() {
 
+  pushd ${oneinstack_dir}/src > /dev/null
 
+  [ ! -e "${tengine_install_dir}/sbin/nginx" ] && echo "${CWARNING}Tengine is not installed on your system! ${CEND}" && exit 1
 
+  if [ -e "/usr/local/lib/libluajit-5.1.so.2.1.0" ]; then
 
+    [ -e "/usr/local/lib/libluajit-5.1.so.2.0.5" ] && find /usr/local -name *luajit* | xargs rm -rf
 
+    src_url=http://mirrors.linuxeye.com/oneinstack/src/LuaJIT-2.1.0-beta3.tar.gz && Download_src
 
+    tar xzf LuaJIT-2.1.0-beta3.tar.gz
 
+    pushd LuaJIT-2.1.0-beta3
 
+    make && make install
 
+    popd > /dev/null
 
+  fi
 
+  if [ -e "/usr/local/lib/lua/5.1/cjson.so" ]; then
 
+    src_url=http://mirrors.linuxeye.com/oneinstack/src/lua-cjson-2.1.0.6.tar.gz && Download_src
 
+    tar xzf lua-cjson-2.1.0.6.tar.gz
 
+    pushd lua-cjson-2.1.0.6
 
+    make && make install
 
+    popd > /dev/null
 
+  fi
 
+  ${tengine_install_dir}/sbin/nginx -V &> $$
 
+  tengine_configure_args_tmp=`cat $$ | grep 'configure arguments:' | awk -F: '{print $2}'`
 
+  rm -rf $$
 
+  tengine_configure_args=`echo ${tengine_configure_args_tmp} | sed "s@--with-openssl=../openssl-...... @--with-openssl=../openssl-${openssl_ver} @" | sed "s@--with-pcre=../pcre-.... @--with-pcre=../pcre-${pcre_ver} @"`
 
+  if [ -z "`grep lua ${tengine_configure_args}`" ]; then
 
+    src_url=http://tengine.taobao.org/download/tengine-${tengine_ver}.tar.gz && Download_src
 
+    src_url=https://www.openssl.org/source/openssl-${openssl_ver}.tar.gz && Download_src
 
+    src_url=http://mirrors.linuxeye.com/oneinstack/src/pcre-${pcre_ver}.tar.gz && Download_src
 
+    src_url=http://mirrors.linuxeye.com/oneinstack/src/ngx_devel_kit.tar.gz && Download_src
 
+    tar xzf nginx-${nginx_ver}.tar.gz
 
+    tar xzf openssl-${openssl_ver}.tar.gz
 
+    tar xzf pcre-${pcre_ver}.tar.gz
 
+    tar xzf ngx_devel_kit.tar.gz
 
+    pushd tengine-${tengine_ver}
 
+    make clean
 
+    sed -i 's@CFLAGS="$CFLAGS -g"@#CFLAGS="$CFLAGS -g"@' auto/cc/gcc # close debug
 
+    ./configure ${tengine_configure_args} --with-http_lua_module --add-module=../ngx_devel_kit
 
+    make -j ${THREAD}
 
+    if [ -f "objs/nginx" ]; then
 
+      /bin/mv ${tengine_install_dir}/sbin/nginx{,`date +%m%d`}
 
+      /bin/mv ${tengine_install_dir}/sbin/dso_tool{,`date +%m%d`}
 
+      /bin/mv ${tengine_install_dir}/modules{,`date +%m%d`}
 
+      /bin/cp objs/nginx ${tengine_install_dir}/sbin/nginx
 
+      /bin/cp objs/dso_tool ${tengine_install_dir}/sbin/dso_tool
 
+      chmod +x ${tengine_install_dir}/sbin/*
 
+      make install
 
+      kill -USR2 `cat /var/run/nginx.pid`
 
+      sleep 1
 
+      kill -QUIT `cat /var/run/nginx.pid.oldbin`
 
+      popd > /dev/null
 
+      echo "${CSUCCESS}lua_module installed successfully! ${CEND}"
 
+      rm -rf tengine-${tengine_ver}
 
+    else
 
+      echo "${CFAILURE}lua_module install failed! ${CEND}"
 
+    fi
 
+  fi
 
+  popd > /dev/null
 
+}
 
+
 
+enable_lua_waf() {
 
+  pushd ${oneinstack_dir}/src > /dev/null
 
+  . ../include/check_dir.sh
 
+  src_url=http://mirrors.linuxeye.com/oneinstack/src/ngx_lua_waf.tar.gz && Download_src
 
+  tar xzf ngx_lua_waf.tar.gz -C ${web_install_dir}/conf
 
+  sed -i "s@/usr/local/nginx@${web_install_dir}@g" ${web_install_dir}/conf/waf.conf
 
+  sed -i "s@/usr/local/nginx@${web_install_dir}@" ${web_install_dir}/conf/waf/config.lua
 
+  sed -i "s@/data/wwwlogs@${wwwlogs_dir}@" ${web_install_dir}/conf/waf/config.lua
 
+  [ -n "`grep 'include waf.conf;' ${web_install_dir}/conf/nginx.conf`" ] && sed -i "s@include vhost/*.conf;@include vhost/*.conf;\n  include waf.conf;@" ${web_install_dir}/conf/nginx.conf
 
+  ${web_install_dir}/sbin/nginx -t
 
+  if [ $? -eq 0 ]; then
 
+    service nginx reload
 
+    echo "${CSUCCESS}ngx_lua_waf enabled successfully! ${CEND}"
 
+  else
 
+    echo "${CFAILURE}ngx_lua_waf enable failed! ${CEND}"
 
+  fi
 
+  popd > /dev/null
 
+}
 
+
 
+disable_lua_waf() {
 
+  pushd ${oneinstack_dir}/src > /dev/null
 
+  . ../include/check_dir.sh
 
+  sed -i '/include waf.conf;/d' ${web_install_dir}/conf/nginx.conf
 
+  ${web_install_dir}/sbin/nginx -t
 
+  if [ $? -eq 0 ]; then
 
+    rm -rf ${web_install_dir}/conf/{waf,waf.conf}
 
+    service nginx reload
 
+    echo "${CSUCCESS}ngx_lua_waf disabled successfully! ${CEND}"
 
+  else
 
+    echo "${CFAILURE}ngx_lua_waf disable failed! ${CEND}"
 
+  fi
 
+  popd > /dev/null
 
+}

+ 5 - 5
versions.txt
View File 

@@ -25,7 +25,7 @@ mysql55_ver=5.5.60
 
 
 mariadb103_ver=10.3.7
 
 mariadb102_ver=10.2.15
 
-mariadb101_ver=10.1.33
 
+mariadb101_ver=10.1.34
 
 mariadb100_ver=10.0.35
 
 mariadb55_ver=5.5.60
 
 
@@ -46,8 +46,8 @@ jdk17_ver=1.7.0_80
 
 jdk16_ver=1.6.0_45
 
 
 # PHP
 
-php72_ver=7.2.6
 
-php71_ver=7.1.18
 
+php72_ver=7.2.7
 
+php71_ver=7.1.19
 
 php70_ver=7.0.30
 
 php56_ver=5.6.36
 
 php55_ver=5.5.38
 
@@ -61,7 +61,7 @@ mcrypt_ver=2.6.8
 
 mhash_ver=0.9.9.9
 
 libsodium_ver=1.0.16
 
 argon2_ver=20171227
 
-imagemagick_ver=6.9.10-0
 
+imagemagick_ver=6.9.10-2
 
 imagick_ver=3.4.3
 
 graphicsmagick_ver=1.3.28
 
 gmagick_for_php7_ver=2.0.5RC1
 
@@ -93,7 +93,7 @@ mongodb_pecl_ver=1.4.4
 
 mongo_pecl_ver=1.6.16
 
 
 # phpMyadmin
 
-phpmyadmin_ver=4.8.1
 
+phpmyadmin_ver=4.8.2
 
 phpmyadmin_oldver=4.4.15.10
 
 
 # jemalloc