build Nginx w/ module »njs«

Support for QuickJS is in progress [1]. [1]: nginx/njs#698
agebhar1 · Jun 15, 2024 · 0b396c4 · 0b396c4
1 parent d3d7fc0
commit 0b396c4
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -47,7 +47,10 @@ $ curl -H 'User-Agent: nessus' -H 'X-Request-ID: 1' 192.168.56.{2,3}
 - https://coreruleset.org/
 - https://github.com/SpiderLabs/ModSecurity
 - https://github.com/SpiderLabs/ModSecurity-nginx
-- http://nginx.org/en/download.html
+- https://nginx.org/en/download.html
+- https://nginx.org/en/docs/njs/
+- https://github.com/nginx/njs-examples
+- https://nginx.org/en/docs/njs/typescript.html
 - https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/
 - https://www.nginx.com/blog/deploying-nginx-plus-as-an-api-gateway-part-1/
 - https://www.nginx.com/resources/wiki/start/topics/examples/logrotation/

diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
@@ -8,6 +8,7 @@ nginx_src_directory: "{{ nginx_user_home }}/src"
 
 nginx_build_configuration:
   - --add-module=../../modsecurity-nginx/{{ modsecurity_nginx_version }}
+  - --add-module=../../njs-nginx/{{ njs_version }}/nginx
   - --with-debug
   - --with-http_auth_request_module
   - --with-http_gzip_static_module

diff --git a/roles/nginx/meta/main.yml b/roles/nginx/meta/main.yml
@@ -1,3 +1,4 @@
 ---
 dependencies:
+  - role: njs
   - role: owasp_modsecurity_crs
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
@@ -5,6 +5,7 @@
       - gcc
       - gcc-c++
       - libopenssl-1_1-devel
+      - libxslt-devel
       - make
       - patch
       - pcre-devel
@@ -21,6 +22,7 @@
     - { dest: "{{ nginx_src_directory }}/download" }
     - { dest: "{{ nginx_src_directory }}/modsecurity-nginx/{{ modsecurity_nginx_version }}" }
     - { dest: "{{ nginx_src_directory }}/nginx/{{ nginx_version }}" }
+    - { dest: "{{ nginx_src_directory }}/njs-nginx/{{ njs_version }}" }
     - { dest: "{{ nginx_user_home }}/.config/systemd/user" }
     - { dest: "{{ nginx_user_home }}/etc/logrotate.d/daily.d" }
     - { dest: "{{ nginx_user_home }}/etc/nginx/conf.d" }
@@ -70,6 +72,15 @@
       - --strip-components=1
     mode: u=rwX,g=,o=
 
+- name: Ensure »Nginx njs Module« source is extracted.
+  ansible.builtin.unarchive:
+    src: "{{ nginx_src_directory }}/download/njs-v{{ njs_version }}.tar.gz"
+    dest: "{{ nginx_src_directory }}/njs-nginx/{{ njs_version }}"
+    remote_src: true
+    extra_opts:
+      - --strip-components=1
+    mode: u=rwX,g=,o=
+
 - name: Get current configuration hash.
   ansible.builtin.set_fact:
     nginx_build_configuration_hash_current: |-