github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v6.1.3.0 

Change log: https://roxy-wi.org/changelog.py#6_1_3
pull/334/head
Pavel Loginov 2022-08-02 16:38:37 +03:00
parent 7a336ac9d7
commit 3a3994db48
3 changed files with 13 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/scripts/ansible/roles/nginx_common/templates/nginx.conf.j2
View File

@ -4,7 +4,10 @@ worker_processes 1;
error_log /var/log/nginx/error.log warn; error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
{% if ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS' %}
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
{% endif %}
events { events {
worker_connections 1021; worker_connections 1021;
} }

19
app/scripts/ansible/roles/waf/tasks/main.yml
View File

@ -78,6 +78,7 @@
- libtool - libtool
- make - make
- gcc-c++ - gcc-c++
- git
state: latest state: latest
when: when:
- ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS' - ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
@ -101,6 +102,7 @@
- automake - automake
- g++ - g++
- make - make
- git
state: present state: present
when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu' when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu'
environment: environment:
@ -129,7 +131,7 @@
- name: Set ModSec src foleder - name: Set ModSec src foleder
set_fact: set_fact:
mod_sec_src: /tmp/modsecurity-{{ modsec_ver }} mod_sec_src: /tmp/modsecurity/modsecurity-{{ modsec_ver }}
- name: Re configure Modsecurity - name: Re configure Modsecurity
become: true become: true
@ -160,11 +162,6 @@
- standalone/ - standalone/
- apache2/ - apache2/
- name: Install git
package:
name: git
state: present
- name: Git clone spoa-modsecurity - name: Git clone spoa-modsecurity
command: chdir=/tmp/ git clone https://github.com/haproxy/spoa-modsecurity.git command: chdir=/tmp/ git clone https://github.com/haproxy/spoa-modsecurity.git
@ -265,12 +262,10 @@
- name: Copy owasp files - name: Copy owasp files
copy: copy:
src: "/tmp/owasp-modsecurity-crs-2.2.9/{{ item }}" src: "/tmp/owasp-modsecurity-crs-2.2.9/owasp-modsecurity-crs-2.2.9/{{ item }}"
dest: /tmp/owasp-modsecurity-crs-2.2.9 dest: "{{ HAPROXY_PATH }}/waf/rules"
remote_src: yes remote_src: yes
with_items: with_items:
- owasp-modsecurity-crs-2.2.9/
- activated_rules/
- base_rules/ - base_rules/
- experimental_rules/ - experimental_rules/
- optional_rules/ - optional_rules/
@ -278,7 +273,7 @@
- name: Copy Modsec crs conf file - name: Copy Modsec crs conf file
copy: copy:
src: /tmp/owasp-modsecurity-crs-2.2.9/modsecurity_crs_10_setup.conf.example src: /tmp/owasp-modsecurity-crs-2.2.9/owasp-modsecurity-crs-2.2.9/modsecurity_crs_10_setup.conf.example
dest: "{{ HAPROXY_PATH }}/waf/rules/modsecurity_crs_10_setup.conf" dest: "{{ HAPROXY_PATH }}/waf/rules/modsecurity_crs_10_setup.conf"
remote_src: true remote_src: true
@ -346,7 +341,7 @@
state: absent state: absent
with_items: with_items:
- /tmp/modsecurity.tar.gz - /tmp/modsecurity.tar.gz
- "/tmp/modsecurity-{{ modsec_ver }}" - "{{ mod_sec_dir }}"
- "/tmp/haproxy-{{ VERSION }}" - "/tmp/haproxy-{{ VERSION }}"
- /tmp/owasp.tar.gz - /tmp/owasp.tar.gz
- /tmp/owasp-modsecurity-crs-2.2.9 - /tmp/owasp-modsecurity-crs-2.2.9

10
app/scripts/ansible/roles/waf_nginx/tasks/main.yml
View File

@ -5,8 +5,6 @@
set_fact: set_fact:
ansible_port: "{{SSH_PORT}}" ansible_port: "{{SSH_PORT}}"
# - debug: msg="{{ ansible_facts }}"
- name: Check that WAF has been installed - name: Check that WAF has been installed
stat: stat:
path: "{{ NGINX_PATH }}/waf/modsecurity.conf" path: "{{ NGINX_PATH }}/waf/modsecurity.conf"
@ -53,6 +51,7 @@
- libevent-dev - libevent-dev
- libpcre3-dev - libpcre3-dev
- libxml2-dev - libxml2-dev
- libssl-dev
- gcc - gcc
- libpcre3-dev - libpcre3-dev
- libcurl4-nss-dev - libcurl4-nss-dev
@ -62,11 +61,8 @@
- autoconf - autoconf
- g++ - g++
- make - make
- openssl-dev
- libxslt-dev - libxslt-dev
- gd-dev
- perl-modules - perl-modules
- libmodsecurity3
- libgeoip-dev - libgeoip-dev
- libfuzzy2 - libfuzzy2
state: present state: present
@ -79,8 +75,6 @@
ansible.builtin.get_url: ansible.builtin.get_url:
url: "http://repo.roxy-wi.org/modsec/modsecv3.0.7-{{ ansible_facts.distribution | lower }}{{ ansible_facts.distribution_major_version }}.tar.gz" url: "http://repo.roxy-wi.org/modsec/modsecv3.0.7-{{ ansible_facts.distribution | lower }}{{ ansible_facts.distribution_major_version }}.tar.gz"
dest: /usr/local/modsecv3.tar.gz dest: /usr/local/modsecv3.tar.gz
when:
- ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
- name: Untar ModSec - name: Untar ModSec
unarchive: unarchive:
@ -221,4 +215,4 @@
- /tmp/nginx-connector - /tmp/nginx-connector
- /tmp/OWASP.tar.gz - /tmp/OWASP.tar.gz
- /usr/local/modsecv3.tar.gz - /usr/local/modsecv3.tar.gz
# - "/tmp/coreruleset-{{ coreruleset_ver }}" - "/tmp/coreruleset-{{ coreruleset_ver }}"