Nginx A straight forward tutorial to install test-cookie?

Oxide · Jun 25, 2015

Hi,

Are there any straight-forward tutorial on how I can install example: kyprizel/testcookie-nginx-module · GitHub

With centminmod?

I got a big tutorial before, but i can't imagine all that is neccesary. I would assume "all i have to do" is to download the files, place it in specific location then add testcookie to the install.. then somehow reinstall nginx?

eva2000 · Jun 25, 2015

I posted an example of how to add nginx modules to Centmin Mod at centminmod.com/nginx_webdav.html for webdav prior to it becoming an official part of Centmin Mod's default module list. You can use that example to pretty much add or extend Nginx with additional modules.

Only limitations are

You need to know generally how to add Nginx modules and that is basically the same for any Nginx server not just Centmin Mod

You also need to know the instructions for specific Nginx module

You also need to know any prerequiste system dependencies and YUM packages that the Nginx module requires as I may not know what they are as I may have never used the Nginx module you want.

I'm limited to what I can add to Centmin Mod by what I know and use usually and what I am comfortable with supporting. So that limits what officially I can add to Centmin Mod. But you are free to add whatever you need using above as a guide.

For Centmin Mod Nginx, download tar.gz nginx modules to /svr-setup and extract and then editing inc/nginx_configure.inc just use the same --add-module=../nginx-module-name line.

Posted a more recent example below. Actual Github commits for adding 3 new Centmin Mod Nginx modules, echo-nginx-module, set-misc-nginx-module and ngx_devel_kit are located below (you can use these changes and webdav example as a blue print for understanding how to extend and add your own Centmin Mod Nginx modules.

Github commits for 3 new Nginx modules

add Openresty set-misc-nginx-module and ngx_devel_kit Nginx modules t… · centminmod/centminmod@b1006c5 · GitHub

add Openresty echo-nginx-module Nginx module for Centmin Mod .08 beta · centminmod/centminmod@6026a7a · GitHub

General Info on Adding New Nginx Modules

There's 5 basic steps involve in adding a new Nginx module into Centmin Mod Nginx server for Centmin Mod .08 beta02 and higher. They involve editing 5 Centmin Mod files.

centmin.sh - add VARIABLE name to define the nginx module's version number if there is one

inc/downloadlinks.inc - add 2 VARIABLES to define the module download link and filename

inc/downloads.inc - add download function to download the module using download link defined in inc/downloadlinks.inc and test the download validity i.e. untar it using filename defined in inc/downloadlinks.inc

inc/nginx_configure.inc - add check variables to grab latest nginx module extracted directory and put it info directory variable to be called from Nginx ./configure options only if NGINX_OPENRESTY='y'

inc/nginx_upgrade.inc - add to existing file check, the new module download file name (defined in inc/downloadlinks.inc). This ensures, when you run centmin.sh menu option 4 to upgrade Nginx, if the new nginx module download file doesn't exist in /svr-setup, it will download it and extract it before the Nginx compilation begins

Oxide · Jun 25, 2015

eva2000 said: ↑

I posted an example of how to add nginx modules to Centmin Mod at centminmod.com/nginx_webdav.html for webdav prior to it becoming an official part of Centmin Mod's default module list. You can use that example to pretty much add or extend Nginx with additional modules.

Only limitations are

You need to know generally how to add Nginx modules and that is basically the same for any Nginx server not just Centmin Mod

You also need to know the instructions for specific Nginx module

You also need to know any prerequiste system dependencies and YUM packages that the Nginx module requires as I may not know what they are as I may have never used the Nginx module you want.

I'm limited to what I can add to Centmin Mod by what I know and use usually and what I am comfortable with supporting. So that limits what officially I can add to Centmin Mod. But you are free to add whatever you need using above as a guide.

For Centmin Mod Nginx, download tar.gz nginx modules to /svr-setup and extract and then editing inc/nginx_configure.inc just use the same --add-module=../nginx-module-name line.

Posted a more recent example below. Actual Github commits for adding 3 new Centmin Mod Nginx modules, echo-nginx-module, set-misc-nginx-module and ngx_devel_kit are located below (you can use these changes and webdav example as a blue print for understanding how to extend and add your own Centmin Mod Nginx modules.

Github commits for 3 new Nginx modules

add Openresty set-misc-nginx-module and ngx_devel_kit Nginx modules t… · centminmod/centminmod@b1006c5 · GitHub

add Openresty echo-nginx-module Nginx module for Centmin Mod .08 beta · centminmod/centminmod@6026a7a · GitHub

General Info on Adding New Nginx Modules

There's 5 basic steps involve in adding a new Nginx module into Centmin Mod Nginx server for Centmin Mod .08 beta02 and higher. They involve editing 5 Centmin Mod files.

centmin.sh - add VARIABLE name to define the nginx module's version number if there is one

inc/downloadlinks.inc - add 2 VARIABLES to define the module download link and filename

inc/downloads.inc - add download function to download the module using download link defined in inc/downloadlinks.inc and test the download validity i.e. untar it using filename defined in inc/downloadlinks.inc

inc/nginx_configure.inc - add check variables to grab latest nginx module extracted directory and put it info directory variable to be called from Nginx ./configure options only if NGINX_OPENRESTY='y'

inc/nginx_upgrade.inc - add to existing file check, the new module download file name (defined in inc/downloadlinks.inc). This ensures, when you run centmin.sh menu option 4 to upgrade Nginx, if the new nginx module download file doesn't exist in /svr-setup, it will download it and extract it before the Nginx compilation begins

Click to expand...

damn looks so hard :/ hope you can add test cookie option to nginx, this is very good for ddos protection layer -7 which is what most hosts have issues with.. also very easy to use

also question, if i wanted to install only nginx with centminmod is this also possible? i dont want mariadb.. i want to use it as reverse proxy example..

maybe someone here kind enough to help me out with a very very noob friendly tutorial "find, replace with" for test cookie too? ^^ im using latest stable

Oxide · Jun 25, 2015

i actually have mod 0.8 0.2 /usr/local/src/centminmod-123.08centos7beta02/inc

so i can donate a few bucks if you can help me implanting test cookie to it xD

eva2000 · Jun 25, 2015

You're on your own, everything you need is laid out in my above initial reply for Centmin Mod and adding additional nginx modules. Try and test on a test VPS and not live server so doesn't matter if you fumble your way through until you nail it down

Oxide · Jun 25, 2015

eva2000 said: ↑

You're on your own, everything you need is laid out in my above initial reply for Centmin Mod and adding additional nginx modules. Try and test on a test VPS and not live server so doesn't matter if you fumble your way through until you nail it down
Click to expand...

the tutorial for beta doesnt explain what exactly to add and what line to add them, which is more what i need

webadev one looks dedicated to webadev

Oxide · Jun 25, 2015

Code:

    if [ "$NGINX_OPENRESTY" == 'y' ]; then
        MEMCDIR=`ls -rt $DIR_TMP | grep openresty-memc-nginx-module | egrep -v 'gz|zip' | tail -1`
        SRCACHEDIR=`ls -rt $DIR_TMP | grep openresty-srcache-nginx-module | egrep -v 'gz|zip' | tail -1`
        SETMISCDIR=`ls -rt $DIR_TMP | grep set-misc-nginx-module | egrep -v 'gz|zip' | tail -1`
        DEVELKITDIR=`ls -rt $DIR_TMP | grep ngx_devel_kit | egrep -v 'gz|zip' | tail -1`
        ECHODIR=`ls -rt $DIR_TMP | grep echo-nginx-module | egrep -v 'gz|zip' | tail -1`
        MEMCOPT=" --add-module=../${MEMCDIR}"
        SRCCACHEOPT=" --add-module=../${SRCACHEDIR}"
        SETMISCOPT=" --add-module=../${SETMISCDIR}"
        DEVELKITOPT=" --add-module=../${DEVELKITDIR}"
        ECHOOPT=" --add-module=../${ECHODIR}"
        ECHOOPT=" --add-module=../testcookie-nginx"

the path is located /svr-setup/testcookie-nginx

http://i.imgur.com/9n2k7Ag.png

then reinstall nginx, with what option ?

eva2000 · Jun 25, 2015

Oxide said: ↑
Code:
    if [ "$NGINX_OPENRESTY" == 'y' ]; then
        MEMCDIR=`ls -rt $DIR_TMP | grep openresty-memc-nginx-module | egrep -v 'gz|zip' | tail -1`
        SRCACHEDIR=`ls -rt $DIR_TMP | grep openresty-srcache-nginx-module | egrep -v 'gz|zip' | tail -1`
        SETMISCDIR=`ls -rt $DIR_TMP | grep set-misc-nginx-module | egrep -v 'gz|zip' | tail -1`
        DEVELKITDIR=`ls -rt $DIR_TMP | grep ngx_devel_kit | egrep -v 'gz|zip' | tail -1`
        ECHODIR=`ls -rt $DIR_TMP | grep echo-nginx-module | egrep -v 'gz|zip' | tail -1`
        MEMCOPT=" --add-module=../${MEMCDIR}"
        SRCCACHEOPT=" --add-module=../${SRCACHEDIR}"
        SETMISCOPT=" --add-module=../${SETMISCDIR}"
        DEVELKITOPT=" --add-module=../${DEVELKITDIR}"
        ECHOOPT=" --add-module=../${ECHODIR}"
        ECHOOPT=" --add-module=../testcookie-nginx"
the path is located /svr-setup/testcookie-nginx

http://i.imgur.com/9n2k7Ag.png

then reinstall nginx, with what option ?
Click to expand...
would need a separate variable other than ECHOOPT as you would override the existing echo nginx module's ECHOOPT variable or you can do away with separate variable and add it onto ECHOOPT existing variable
Code:
ECHOOPT=" --add-module=../${ECHODIR} --add-module=../testcookie-nginx"
then recompile nginx via centmin.sh menu option 4 (always used for nginx upgrade/downgrade/recompiles).

Oxide · Jun 25, 2015

eva2000 said: ↑
would need a separate variable other than ECHOOPT as you would override the existing echo nginx module's ECHOOPT variable or you can do away with separate variable and add it onto ECHOOPT existing variable
Code:
ECHOOPT=" --add-module=../${ECHODIR} --add-module=../testcookie-nginx"
then recompile nginx via centmin.sh menu option 4 (always used for nginx upgrade/downgrade/recompiles).
Click to expand...
thats it, this easy?

only add --add-module=../testcookie-nginx to echopt then done?

im testing on live server since this is all i have xD

eva2000 · Jun 25, 2015

Depends on the nginx module and whether it has other dependent software or nginx modules that need installing so goes back to the above

You also need to know the instructions for specific Nginx module

You also need to know any prerequiste system dependencies and YUM packages that the Nginx module requires as I may not know what they are as I may have never used the Nginx module you want.

Click to expand...

if you followed my above steps you would have additional functionality in defining a variable in centmin.sh to turn on/off the module, define a version number if needed, and setup download routine so you can auto update module version just when you run centmin.sh menu option 4

Oxide · Jun 25, 2015

eva2000 said: ↑

Depends on the nginx module and whether it has other dependent software or nginx modules that need installing so goes back to the above
Click to expand...

tried to run it now, lets see

Oxide · Jun 25, 2015

eva2000 said: ↑

Depends on the nginx module and whether it has other dependent software or nginx modules that need installing so goes back to the above

if you followed my above steps you would have additional functionality in defining a variable in centmin.sh to turn on/off the module, define a version number if needed, and setup download routine so you can auto update module version just when you run centmin.sh menu option 4
Click to expand...

i love you, thats all i have to say D

it worked so easy ^_^

rdan · Jul 9, 2015

Oxide said: ↑

i love you, thats all i have to say D

it worked so easy ^_^
Click to expand...

And it protect your site from Layer 7 type of attack?

Oxide · Jul 9, 2015

RoldanLT said: ↑

And it protect your site from Layer 7 type of attack?
Click to expand...

indeed

rdan · Jul 9, 2015

How can you confirm it works? Via log or ?

Oxide · Jul 9, 2015

RoldanLT said: ↑

How can you confirm it works? Via log or ?
Click to expand...

By attacking my self.

It's obvious.

This will check wether the user that are accessing your web site can store cookie, if the user can not store cookie it's more than likely a botnet/attack on your web site / Layer-7.

This will prevent the user from accessing the 'real' website aka. etc forum, or where it contains mysql queries that could be abused to such attack

rdan · Jul 9, 2015

What about those good bots? google, bing bots?

Oxide · Jul 9, 2015

RoldanLT said: ↑

What about those good bots? google, bing bots?
Click to expand...

They can be white listed by IP's, also I would think they have ability to store cookies.

rdan · Jul 9, 2015

Download testcookie-nginx-module to /svr-setup
Code:
cd /svr-setup
wget -c https://github.com/kyprizel/testcookie-nginx-module/zipball/master -O testcookie-nginx-module.zip
unzip testcookie-nginx-module.zip
mv kyprizel-testcookie-nginx-module* testcookie-nginx-module
Delete the original nginx_configure.inc file.

And create a new one, with modification from original file here.
Code:
rm -rf /usr/local/src/centmin-v1.2.3mod/inc/nginx_configure.inc
nano /usr/local/src/centmin-v1.2.3mod/inc/nginx_configure.inc
Add this code 4 times.
Code:
--add-module=../testcookie-nginx-module
Sample modified nginx_configure.inc

Then recompile Nginx via centmin menu option #4

That's all

# nginx -V
nginx version: nginx/1.9.2
built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
built with LibreSSL 2.2.0
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro' --with-cc-opt='-m32 -mtune=generic -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_realip_module --with-openssl-opt=enable-tlsext --add-module=../ngx_cache_purge-2.3 --add-module=../nginx-accesskey-2.0.3 --add-module=../nginx-http-concat-master --add-module=../headers-more-nginx-module-0.25 --with-openssl=../libressl-2.2.0 --with-libatomic --with-threads --with-pcre=../pcre-8.37 --with-pcre-jit --with-http_spdy_module --add-module=../testcookie-nginx-module
Click to expand...

Oxide · Jul 9, 2015

RoldanLT said: ↑

Download testcookie-nginx-module to /svr-setup

Code:

cd /svr-setup
wget -c https://github.com/kyprizel/testcookie-nginx-module/zipball/master -O testcookie-nginx-module.zip
unzip testcookie-nginx-module.zip

Edit inc/nginx_configure.inc to modify Nginx source configure options to add:

Code:

--add-module=../testcookie-nginx-module

Then recompile Nginx via centmin.sh menu option #4

That's all

Code:

# nginx -V
nginx version: nginx/1.9.2
built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
built with LibreSSL 2.2.0
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro' --with-cc-opt='-m32 -mtune=generic -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_realip_module --with-openssl-opt=enable-tlsext --add-module=../ngx_cache_purge-2.3 --add-module=../nginx-accesskey-2.0.3 --add-module=../nginx-http-concat-master --add-module=../headers-more-nginx-module-0.25 --with-openssl=../libressl-2.2.0 --with-libatomic --with-threads --with-pcre=../pcre-8.37 --with-pcre-jit --with-http_spdy_module --add-module=../kyprizel-testcookie-nginx-module

Click to expand...

thnx, i got it working but might be good for someone else that needs it

i dont think people realize how much this helps, espewcially if layer-7 is your issue and your host handles layer-4

Log in / Register

Forums

Want to subscribe to topics you're interested in?

Nginx A straight forward tutorial to install test-cookie?

Oxide Active Member

eva2000 Administrator Staff Member

General Info on Adding New Nginx Modules

Oxide Active Member

Oxide Active Member

eva2000 Administrator Staff Member

Oxide Active Member

Oxide Active Member

eva2000 Administrator Staff Member

Oxide Active Member

eva2000 Administrator Staff Member

Oxide Active Member

Oxide Active Member

rdan Well-Known Member

Oxide Active Member

rdan Well-Known Member

Oxide Active Member

rdan Well-Known Member

Oxide Active Member

rdan Well-Known Member

Oxide Active Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

Nginx A straight forward tutorial to install test-cookie?

Oxide Active Member

eva2000 Administrator Staff Member

General Info on Adding New Nginx Modules

Oxide Active Member

Oxide Active Member

eva2000 Administrator Staff Member

Oxide Active Member

Oxide Active Member

eva2000 Administrator Staff Member

Oxide Active Member

eva2000 Administrator Staff Member

Oxide Active Member

Oxide Active Member

rdan Well-Known Member

Oxide Active Member

rdan Well-Known Member

Oxide Active Member

rdan Well-Known Member

Oxide Active Member

rdan Well-Known Member

Oxide Active Member

.