Wednesday, November 16, 2016

Customizing built-in modules of your Nginx deb packages

The other day I had to update my customer's Nginx due to CVE-2016-4450. Their installation is a bit fussy as they use the "set-misc" module, which is not included in the nginx-extras package in Ubuntu by default.

First step is download the source code:

$ apt-get source nginx-extras

You should get a nginx-<version> folder. Inside you can find the source code, debian control files, etc.

To add the "set-misc" module we download the latest build from the official repository inside debian/modules folder:

$ cd debian/modules
$ sudo wget https://github.com/openresty/set-misc-nginx-module/archive/master.zip && sudo unzip -d . master.zip && sudo rm -f master.zip

To add the module to the build options we need to edit the file debian/rules and add our options on the flavor configuration (in this case, nginx-extras adding --add-module=/home/amartin/nginx-1.4.6/debian/modules/set-misc-nginx-module-master \ at the end):


It would be a good idea to delete modules not being used to harden and light up the software.

Now we can build the packages:

$ sudo dpkg-buildpackage -b

Now you should have a set of built in packages with the options you have specified.