Kong with OWASP ModSecurity optional configuration include - nginx

For customizing of ModSecurity configuration I have included to the modsecurity.conf following line:
Include /etc/modsecurity/*.conf
But without any conf file in the directory (usual case on my enviroment), a kong failing during startup
Error: could not prepare Kong prefix at /usr/local/kong: nginx
configuration is invalid (exit code 1): nginx: [emerg]
"modsecurity_rules_file" directive Rules error. File:
/usr/local/kong/modsecurity.conf. Line: 268. Column: 31.
/etc/modsecurity/.conf: Not able to open file. Looking at:
'/etc/modsecurity/.conf', '/etc/modsecurity/.conf',
'/usr/local/kong//etc/modsecurity/.conf',
'/usr/local/kong//etc/modsecurity/*.conf'. in
/usr/local/kong/nginx-kong.conf:69 nginx: configuration file
/usr/local/kong/nginx.conf test failed
IncludeOptional not supported by kong.
How I can solve the case with optional include?
Kong version 1.2.X

Related

Running If Statement in NGINX website configuration files

Im trying to use an if statement that allows me to ignore headers only when caching a request. This is the code I implemented ( on /etc/nginx/sites-available/example.com) :
if ($skip_cache = 0) {
fastcgi_ignore_headers X-Accel-Expires Expires Cache-Control;
}
When I run a check on the configuration file's syntax, i get the following error:
nginx: [emerg] "fastcgi_ignore_headers" directive is not allowed here in /etc/nginx/sites-enabled/chartership.com:46
nginx: configuration file /etc/nginx/nginx.conf test failed
Do you guys have any suggestions to steer the implementation correctly?

Problem with brotli configuration in nginx

I am following this guide https://www.vultr.com/docs/add-brotli-support-to-nginx-on-ubuntu-18-04
I have followed every step but I am stuck at Step 4 – Configure Nginx
When I add to nginx.conf
load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;
I get this error after running sudo nginx -t:
nginx: [emerg] dlopen() "/usr/share/nginx/modules/ngx_http_brotli_filter_module.so" failed (/usr/share/nginx/modules/ngx_http_brotli_filter_module.so: cannot open shared object file: No such file or directory) in /etc/nginx/nginx.conf:6
nginx: configuration file /etc/nginx/nginx.conf test failed
What might cause that?
Thank you!
Hosting provider: DigitalOcean
Server running: Ubuntu 20.04 LEMP
Nginx version: 1.17.10
I had the same issue 2 years back and after a lot of reading and research got it working.
Hope this helps.
I have provided step by step instruction in the answer.
ngx_http_brotli_filter_module.so" is not binary compatible in /etc/nginx/nginx.conf:1

SecContentInjection is not yet supported

I am getting below error when using ContentInjection rule
vi /etc/nginx/nginx.conf nginx -s reload 10:26:25 [notice] 118#118:
ModSecurity-nginx v1.0.0 10:26:25 [emerg] 118#118: "modsecurity_rules"
directive Rules error. File: <>.
Line: 1. Column: 16. SecContentInjection is not yet supported. in
/etc/nginx/nginx
rg] "modsecurity_rules" directive Rules error. File: <>. Line: 1. Column: 16. SecContentInjection is
not yet supported. in /etc/nginx/nginx.conf:66
It's not supported in libModSecurity 3.0. And I am not sure, it is impossible to bring this feature to nginx the way it used to work on Apache.

nginx with grunt-nginx - paths on Windows

I have nginx installed to c:\nginx\, and a node app at c:\node\stock\. I have my gruntfile.js at c:\node\stock\gruntfile.js.
I tried config: 'c:\\nginx\\conf\\nginx.conf' and prefix: 'c:\\nginx'. Also config: '../../nginx/conf/nginx.conf' and prefix: '../../nginx/'.
I'm getting this error message:
Exception thrown in attempt to start nginx: Error: Error: not found: nginx
What should these paths be..?
The author of grunt-nginx (https://github.com/alexcurtis) answered my question on github.
You have to add the PATH to nginx (c:\nginx in my case) into your Windows environment variables, then restart your console.

specify server root as a parameter when launching nginx

I've put nginx into /d/webservers/nginx on Windows and added it to the PATH. Now I try to run nginx from different folder but get the following error:
nginx: [alert] could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
2015/03/22 10:09:25 [emerg] 5516#3056: CreateFile() "C:\Users\username/conf/nginx.conf" failed (3: The system cannot find the path specified)
It seems that nginx can't find it's server root folder /d/webservers/nginx where config and logs folder exists. Is there any way to pass as an argument the pass to the server root folder? Something like it's done for Apache: httpd -d /d/Webservers/Apache24'
nginx -c d:/webservers/nginx/conf/nginx.conf

Resources