Builds Nginx with ModSecurity v3 and the Core Rule Set (CRS) for Ubuntu and Debian.
- Ubuntu 22.04 (Jammy)
- Ubuntu 24.04 (Noble)
- Debian 11 (Bullseye)
- Debian 12 (Bookworm)
- Debian 13 (Trixie)
We also publish packages to a Cloudsmith apt repository. This lets you install and update via your system package manager.
curl -1sLf \
'https://dl.cloudsmith.io/public/nginx/modsecurity/setup.deb.sh' \
| sudo -E bashcurl -1sLf \
'https://dl.cloudsmith.io/public/nginx/modsecurity/setup.deb.sh' \
| sudo -E distro=DISTRO codename=CODENAME arch=ARCH component=COMPONENT bashapt-get install -y debian-keyring # debian only
apt-get install -y debian-archive-keyring # debian only
apt-get install -y apt-transport-https
# For Debian Stretch, Ubuntu 22.04 and later
keyring_location=/usr/share/keyrings/nginx-modsecurity-archive-keyring.gpg
# For Debian Jessie, Ubuntu 15.10 and earlier
keyring_location=/etc/apt/trusted.gpg.d/nginx-modsecurity.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/nginx/modsecurity/gpg.96896FFB30D18241.key' | gpg --dearmor >> ${keyring_location}
curl -1sLf 'https://dl.cloudsmith.io/public/nginx/modsecurity/config.deb.txt?distro=ubuntu&codename=xenial&component=main' > /etc/apt/sources.list.d/nginx-modsecurity.list
sudo chmod 644 ${keyring_location}
sudo chmod 644 /etc/apt/sources.list.d/nginx-modsecurity.list
apt-get updateNote: Replace ubuntu, xenial and main above with your actual distribution, codename and component.
On the target machine download the latest version of deb file. see Releases
After downloading a package, you can verify it:
md5sum nginx_*.debInstall it using cli:
sudo dpkg -i ./nginx_*.deb && sudo apt install -f Add a server block similar to this and reload Nginx:
server {
...
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
...
location / {
...
}
}