fix: dynamically get nginx paths

Author: oyale

tasks/compile.yml

@@ -7,9 +7,15 @@
     path: "~/ModSecurity"
   register: modsecurity_folder
 
-- name: Set nginx_modules_location if not already set
+- name: Get Nginx modules location
+  shell: nginx -V 2>&1 | grep "configure arguments:" | sed -e 's/.*--modules-path=\([^ ]*\).*/\1/'
+  register: _nginx_modules_location
+  changed_when: false
+  when: nginx_modules_location is not defined
+
+- name: Set variable nginx_modules_location
   set_fact:
-    nginx_modules_location: "{{ nginx_conf_dir }}/modules"
+    nginx_modules_location: "{{ _nginx_modules_location.stdout }}"
   when: nginx_modules_location is not defined
 
 - name: Clear previous compilation
@@ -143,7 +149,7 @@
 - name: Copy ModSecurity-nginx to Nginx modules folder
   copy:
     src: "~/Nginx/nginx-{{ nginx_modsec3_crs3_nginx_version }}/objs/ngx_http_modsecurity_module.so"
-    dest: "{{ nginx_modules_location }}"
+    dest: "{{ nginx_modules_location }}/ngx_http_modsecurity_module.so"
     remote_src: yes
   when: not modsec3_nginx_present or nginx_modsec3_crs3_force_compile
 

tasks/main.yml

@@ -13,21 +13,41 @@
     state: present
   when: ansible_os_family == "RedHat"
 
-- name: run Nginx selinux tasks
+- name: Save the current list of packages for Debian/Ubuntu
+  shell: dpkg-query -l > /tmp/before.txt
+  when: ansible_os_family == "Debian" and ( nginx_modsec3_crs3_keep is undefined or not nginx_modsec3_crs3_keep )
+
+- name: Save the current list of packages for RHEL/Centos
+  shell: rpm -qa > /tmp/before.txt
+  when: ansible_os_family == 'RedHat' and ( nginx_modsec3_crs3_keep is undefined or not nginx_modsec3_crs3_keep )
+
+- name: Installing compiler dependencies for Debian/Ubuntu
+  apt:
+    name: "{{ nginx_modsec3_crs3_debian_compiler_reqs }}"
+    state: present
+  when: ansible_os_family == "Debian"
+
+- name: Installing compiler dependencies for RHEL/Centos
+  yum:
+    name: "{{ nginx_modsec3_crs3_redhat_compiler_reqs }}"
+    state: present
+  when: ansible_os_family == "Redhat"
+
+- name: Run Nginx SElinux tasks
   include_role:
     name: jdauphant.nginx
     tasks_from: selinux.yml
     allow_duplicates: yes
   when: ansible_selinux and ansible_selinux.status == "enabled"
 
-- name: run Nginx nginx offical repo tasks
+- name: Run Nginx official repo tasks
   include_role:
     name: jdauphant.nginx
     tasks_from: nginx-official-repo.yml
     allow_duplicates: yes
   when: nginx_official_repo == True
 
-- name: run Nginx install packages tasks
+- name: Run Nginx install packages tasks
   include_role:
     name: jdauphant.nginx
     tasks_from: installation.packages.yml
@@ -63,12 +83,15 @@
   set_fact:
     nginx_modsec3_crs3_nginx_version: "{{ ansible_facts.packages.nginx[0].version.split('-')[0] }}"
 
-- name: Compile ModSecurity3 , install OWAPS CRS3, and build nginx modules
-  import_tasks: compile.yml
+- name: Get Nginx conf location
+  shell: dirname $(nginx -V 2>&1 | grep "configure arguments:" | sed -e 's/.*--conf-path=\([^ ]*\).*/\1/')
+  register: _nginx_conf_location
+  changed_when: false
+  when: nginx_conf_dir is not defined
 
-- name: Set nginx_conf_dir if not already set
+- name: Set variable nginx_conf_dir
   set_fact:
-    nginx_conf_dir: "/etc/nginx"
+    nginx_conf_dir: "{{ _nginx_conf_location.stdout }}"
   when: nginx_conf_dir is not defined
 
 - name: Check if ModSecurity3 is present