Skip to content
/ ansible-role-nginx-modsec3-crs3 Public
forked from perryk/ansible-role-nginx-modsec3-crs3

Ansible role for Installing Nginx, compiling ModSecurity3, and installing the OWASP CRS v3 ruleset

License

MIT license
0 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

prghix/ansible-role-nginx-modsec3-crs3

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
tests
tests
 
 
vars
vars
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.yml
requirements.yml
 
 

Repository files navigation

Ansible role for Installing Nginx, compiling ModSecurity3, and installing the OWASP CRS v3 ruleset

ModSecurity3 is a powerful open source cross-platform web application firewall (WAF).

https://modsecurity.org/

It goes hand in hand with a ruleset known as OWASP CRS.

https://modsecurity.org/crs/

Additionally both of these go hand in hand with a webserver, either Apache or Nginx, this role only supports Nginx however.

https://www.nginx.com

There are a number of libraries and packages which ModSecurity3 depends on and will be installed via this role.

This role will additionally install any compilers and other build tools required for compilation. It will then remove these tools if they were not previously installed.

Nginx support is primarily provided by the dependent role ansible-role-nginx by jdauphant.

https://github.com/jdauphant/ansible-role-nginx

By default this role will install Nginx packages from OS provided repos, this is recommended to be changed to installing from the official Nginx repo instead.

This can be done by setting this variable:

nginx_official_repo: True

Requirements

Before running a playbook which calls this role:

Install any required Ansible roles from requirements.yml View here.

ansible-galaxy install -r requirements.yml

n.b in particular this role will call certain tasks from the nginx role so be sure to have it installed in the same location as this role and with a specific name of "ansible-role-nginx".

i.e this in the requirements.yml file for your project's playbook (not the requirements.yml file for this role) you will need to include both this role and the role mentioned above like this:

- src: perryk.nginx_modsec3_crs3

- src: https://github.com/jdauphant/ansible-role-nginx
  version: master

Role Variables

Browse the role's defaults/main.yml and vars/main.yml files to see if there is anything you would like to change or need to override by setting in your playbook.

There are currently no variables of note being set.

There are lots of variables however in the nginx role, perhaps the best explanation of these are all the examples in the role README.md file.

Example Playbook

Example playbook calling the role adding and enabling ModSecurity for the default Nginx site.

- hosts: servers

  vars:

    nginx_pkgs:
      - nginx
    nginx_install_epel_repo: False
    nginx_official_repo: True
    nginx_official_repo_mainline: True
    nginx_module_configs:
      - ngx_http_modsecurity_module
    nginx_sites:
      default:
       - listen 80
       - server_name _
       - "Modsecurity on"
       - "modsecurity_rules_file /etc/nginx/modsec/main.conf"
       - root "/usr/share/nginx/html"
       - index index.html

  roles:
    - perryk.nginx-modsec3-crs3

License

MIT

Author Information

Perry Kollmorgen - https://github.com/perryk

About

Ansible role for Installing Nginx, compiling ModSecurity3, and installing the OWASP CRS v3 ruleset

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages

  • Jinja 100.0%