I've just switched to using nginx in conjunction with ISPCFG3 and am looking for tutorials to implement ngxpagespeed (the equivalent of mod_pagespeed for apache2; still in alpha) and naxsi (the equivalent of mod_security for apache2) Both of them seem to need to necessitate a manual build (there is a nginx-naxsi package for Debian but it lacks several features of nginx-full)
So you need nginx-full features and it would not be helpful to have a manual on how to use it with nginx-naxsi package, right? Because using the nginx-naxsi package I could provide you with information, but not on how to compile a custom version (but it shouldn't be that hard - it's simply adding it during nginx build as an extra module). Let me know
Thanks for the feedback Well, my info relies on this: http://wiki.debian.org/Nginx furtehr down the page you see a comparison of nginx-light, nginx-full and nginx-naxsi and I need some additional features to nginx-naxsi, i.e. the map and the cache purge feature. If I found a good tutorial/how-to for compiling nginx by hand I'd be comfortable doing so. My main concern about manually compiling is that I would have to compile nginx and forgetting to add some "module" I need. I'm slightly confused about the nginx-extras package, it seems to contain everything. How is it meant to use? Can one install the nginx-extras and nginx-naxsi together and then have all those features available? If so, this would mean no extra compiling would be necessary.
Well then, I guess it would be smartest to just compile a version including the modules you guess to need and see if everything works as expected - and if not, just compile a new version with additional features. I've recently read a bit about nginx and dynamic module loading is neither implementer nor is it sure, if it will ever be implemented...so installing every nginx package @ debain is it's own nginx version.
I don't really understand your statement here: what do you mean by that? one has to decide i.e. if I try to install nginx-naxsi the other installed nginx versions are automatically removed: Code: apt-get install nginx-naxsi -u -s Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: nginx nginx-full The following NEW packages will be installed: nginx-naxsi 0 upgraded, 1 newly installed, 2 to remove and 0 not upgraded. btw. do you have a good tutorial/how-to/link on how to compile nginx by hand?
yes, you can only have one version of nginx installed. To compare it with Apache, you can install single modules using apt/yum or whatever, because Apache allows you do load them dynamically (e.g. it can load .so modules from a given directory for example). Because nginx does not allow that, every single nginx package will uninstall all others - because it does not only include some modules, but a whole nginx (since it does not allow dynamic module loading). Hmmm, the one from pagespeed seems detailed enough: https://github.com/pagespeed/ngx_pagespeed The ./configure, make and make install process is always the same - the important things are the parameters (like in the guide above, how they add modules). Just be brave, you'll manage it
Ovidiu: Today I tried compiling nginx from source by my own, here's a little how-to: https://gist.github.com/4697563 It's a minimal setup for my reverse proxy. To add more modules like pagespeed, just repeat the steps for them and make sure to install additional packages they rely on (that's the hardest thing I came across... hehe) Greetz
Slowly working towards this. Can you have a look at this? https://docs.google.com/spreadsheet/ccc?key=0AjuNPnOoex7SdG5fUkhfc3BCSjJQbVVrQTg4UGU2YVE#gid=0 Does the DEFAULT column mean those modules are automatically compiled if I don't specifically exclude them with a --without-XXX switch? If yes, that means I need a general compile command, exclude the ones I don't need and add the ones I want?
Hi You can get a list of all? available configure options using ./configure --help - this will print you a nice list. everything that is --without means it is included by default, everything with --with means you need to declare it, to be included. pretty cool SpreadSheet! yes, you can disable all under category "enabled by default" with --without and enable all from "disabled by default" with --with. But I'd go with the output from ./configure --help as it seems that the SpreadSheet isn't up-to-date.
Ok, this is what I used for now: Code: ./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/access.log --user=www-data --group=www-data --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --without-http_uwsgi_module --without-http_scgi_module --without-http_memcached_module --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_geoip_module --with-http_dav_module --add-module=/root/ngnx-compiling/nginx_modules/naxsi-core-0.49/naxsi_src/ --add-module=/root/ngnx-compiling/nginx_modules/headers-more-nginx-module-0.19 --add-module=/root/ngnx-compiling/nginx_modules/masterzen-nginx-upload-progress-module-a788dea --add-module=/root/ngnx-compiling/nginx_modules/mod_strip --add-module=/root/ngnx-compiling/nginx_modules/nginx_upload_module-2.2.0 --add-module=/root/ngnx-compiling/nginx_modules/ngx_cache_purge-2.0 --add-module=/root/ngnx-compiling/nginx_modules/ngx_pagespeed-master I simply made a backup copy of my originally installed Debian nginx flavor before doing the make install so basically I am still using all my old configs and the original init script. So far so good. Now on to some testing. AND I have no idea how to compile or use naxsi-ui - any hints? ###edit#### I also uncommented include /etc/nginx/naxsi_core.rules; in /etc/nginx/nginx.conf but I need some more info, i.e. do I manually insert a where do I forward denied requests? Any suggestions? what happens if I don't include it? Do I need any other configuration for rules?
