This is a quick guide on how to install nginx with mod_security and enable core rules set, this setup can also be used to protect your backend servers by running nginx as reverse proxy and achieve both greater performance and security.
The initial setup:
On Fedora:On EL6:
# cd /etc/yum.repo.d/
# curl -O 'http://repos.fedorapeople.org/repos/athmane/nginx-mod_security/fedora-nginx-mod_security.repo'
Install the packages:
# cd /etc/yum.repo.d/
# curl -O 'http://repos.fedorapeople.org/repos/athmane/nginx-mod_security/epel-nginx-mod_security.repo'
# yum install nginx mod_security_crs
Make sure you get the version of nginx with mod_security (it has modsec_VERSION in release tag).
Generate mod_security rules:
# cp /etc/nginx/mod_security.conf /etc/nginx/mod_security.conf.default
# cat /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf \
/etc/httpd/modsecurity.d/activated_rules/modsecurity_*.conf >> /etc/nginx/mod_security.conf
# cp /etc/httpd/modsecurity.d/activated_rules/modsecurity_*.data /etc/nginx/
NB. I'll think of a better way to handle Core rules set in nginx.
Start nginx:
On Fedora:
On EL6:
# systemctl start nginx
# service nginx start