> My primary driving reason for considering the deployment of Nginx from source is to use ModSecurity WAF with Nginx. I'm under the impression that it's much easier to use ModSecurity with Nginx when compiled from source.

If ModSecurity is the issue ...

There are old instructions easily found ON the nginx.com site,

https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/

for building it as a dynamic module, which can be separately built and added to a packaged nginx build. not required to rebuild/repackage/reinstall nginx itself. of course, you need to match source version to your pkg'd version.

but note, NGINX is dumping ... er ... Transitioning to End-of-Life ... ModSecurity support,

F5 NGINX ModSecurity WAF Is Transitioning to End-of-Life
https://www.nginx.com/blog/f5-nginx-modsecurity-waf-transitioning-to-eol/

and that ModSecurity itself is on its way out,

Talking about ModSecurity and the new Coraza WAF
https://coreruleset.org/20211222/talking-about-modsecurity-and-the-new-coraza-waf/

but not quite dead yet. in the interim, there's ModSecurity v3/master

https://github.com/SpiderLabs/ModSecurity

, with a new architecture, and a specific Nginx connector

https://github.com/SpiderLabs/ModSecurity-nginx

which can, similarly to the above, be built/added as a dynamic module, and still works well enough.

and here's a useful tutorial for setting up Nginx + LibModsecurity

Configure LibModsecurity with Nginx on CentOS 8
https://kifarunix.com/configure-libmodsecurity-with-nginx-on-centos-8/


_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org