Skip to content

coopdevs/nginx_modsec3_crs-role

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits

defaults

defaults

 
 

handlers

handlers

 
 

meta

meta

 
 

tasks

tasks

 
 

templates

templates

 
 

tests

tests

 
 

vars

vars

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

requirements.yml

requirements.yml

 
 

Repository files navigation

nginx_modsec3_crs role

Ansible role for Installing Nginx, compiling ModSecurity3, and installing the OWASP CRS v3 ruleset

Forked from @perryk's ansible-role-nginx-modsec3-crs3

There are a number of libraries and packages which ModSecurity3 depends on and will be installed via this role.

This role will additionally install any compilers and other build tools required for compilation. It will then remove these tools if they were not previously installed.

Nginx support is primarily provided by the dependent role ansible-role-nginx by jdauphant.

https://github.com/jdauphant/ansible-role-nginx

⚠️ jdauphant's nginx role is no longer mantained.

Requirements

Before running a playbook which calls this role:

Install any required Ansible roles from requirements.yml View here.

ansible-galaxy install -r requirements.yml

i.e this in the requirements.yml file for your project's playbook (not the requirements.yml file for this role) you will need to include both this role and the role mentioned above like this:

- src: coopdevs.nginx_modsec3_crs

- src: jdauphant.nginx
  version: v2.21.2

Role Variables

Browse the role's defaults/main.yml and vars/main.yml files to see if there is anything you would like to change or need to override by setting in your playbook.

Specific-role vars are explained below, with their default value set.

# Enables the modsecurity compilation, installation and configuration if it is not installed
nginx_modsec3_enabled: True
 # Set the ruleset version
nginx_modsec3_crs_version: v3.4/dev
# Force modsecurity recompile despite it is already installed
nginx_modsec3_crs3_force_compile: True
# Enable the block mode (if False, then "Detection Only" mode is set)
nginx_modsec3_crs3_block_mode: True

There are lots of variables more in the nginx role, perhaps the best explanation of these are all the examples in the role README.md file.

Example Playbook

Example playbook calling the role adding and enabling ModSecurity for the default Nginx site.

- hosts: servers

  vars:
    nginx_modsec3_enabled: True
    nginx_modsec3_crs_version: v4.0/dev
    nginx_pkgs:
      - nginx
    nginx_module_configs:
      - ngx_http_modsecurity_module
    nginx_sites:
      default:
       - |
         ...
         modsecurity on;
         modsecurity_rules_file /etc/nginx/modsec/main.conf;
         ...
  roles:
    - coopdevs.nginx_modsec3_crs

License

GPL-3.0-or-later

Author Information

Perry Kollmorgen - https://github.com/perryk
Coopdevs - https://github.com/coopdevs

About

Ansible role for installing Nginx, compiling ModSecurity3, and configuring the OWASP CRS v3 ruleset

galaxy.ansible.com/coopdevs/nginx_modsec3_crs

Topics

nginx ansible-role modsecurity modsecurity-nginx modsecurity-core-rule-set

Resources

Readme

License

View license
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

v1.0.2 Latest
Dec 13, 2022
+ 2 releases

Languages

  • Jinja 100.0%