From 7c7b9301b8365bd1ebf7c0bb2aa6ecbf5ded7981 Mon Sep 17 00:00:00 2001
From: Andreas Gebhardt <agebhar1@googlemail.com>
Date: Wed, 1 May 2024 17:38:53 +0200
Subject: [PATCH] =?UTF-8?q?build=20Nginx=20w/=20module=20=C2=BBnjs=C2=AB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Support for QuickJS is in progress [1].

[1]: https://github.com/nginx/njs/issues/698
---
 README.md                     |  5 ++++-
 roles/nginx/defaults/main.yml |  1 +
 roles/nginx/meta/main.yml     |  1 +
 roles/nginx/tasks/main.yml    | 11 +++++++++++
 4 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 00edf13..cd9353e 100644
--- a/README.md
+++ b/README.md
@@ -47,7 +47,10 @@ $ curl -H 'User-Agent: nessus' -H 'X-Request-ID: 1' 192.168.56.{2,3}
 - https://coreruleset.org/
 - https://github.com/SpiderLabs/ModSecurity
 - https://github.com/SpiderLabs/ModSecurity-nginx
-- http://nginx.org/en/download.html
+- https://nginx.org/en/download.html
+- https://nginx.org/en/docs/njs/
+- https://github.com/nginx/njs-examples
+- https://nginx.org/en/docs/njs/typescript.html
 - https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/
 - https://www.nginx.com/blog/deploying-nginx-plus-as-an-api-gateway-part-1/
 - https://www.nginx.com/resources/wiki/start/topics/examples/logrotation/
diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
index 924a27c..1cc619c 100644
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@@ -8,6 +8,7 @@ nginx_src_directory: "{{ nginx_user_home }}/src"
 
 nginx_build_configuration:
   - --add-module=../../modsecurity-nginx/{{ modsecurity_nginx_version }}
+  - --add-module=../../njs-nginx/{{ njs_version }}/nginx
   - --with-debug
   - --with-http_auth_request_module
   - --with-http_gzip_static_module
diff --git a/roles/nginx/meta/main.yml b/roles/nginx/meta/main.yml
index dcc926f..35c7036 100644
--- a/roles/nginx/meta/main.yml
+++ b/roles/nginx/meta/main.yml
@@ -1,3 +1,4 @@
 ---
 dependencies:
+  - role: njs
   - role: owasp_modsecurity_crs
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 4556fea..e8cdff2 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -5,6 +5,7 @@
       - gcc
       - gcc-c++
       - libopenssl-1_1-devel
+      - libxslt-devel
       - make
       - patch
       - pcre-devel
@@ -21,6 +22,7 @@
     - { dest: "{{ nginx_src_directory }}/download" }
     - { dest: "{{ nginx_src_directory }}/modsecurity-nginx/{{ modsecurity_nginx_version }}" }
     - { dest: "{{ nginx_src_directory }}/nginx/{{ nginx_version }}" }
+    - { dest: "{{ nginx_src_directory }}/njs-nginx/{{ njs_version }}" }
     - { dest: "{{ nginx_user_home }}/.config/systemd/user" }
     - { dest: "{{ nginx_user_home }}/etc/logrotate.d/daily.d" }
     - { dest: "{{ nginx_user_home }}/etc/nginx/conf.d" }
@@ -70,6 +72,15 @@
       - --strip-components=1
     mode: u=rwX,g=,o=
 
+- name: Ensure »Nginx njs Module« source is extracted.
+  ansible.builtin.unarchive:
+    src: "{{ nginx_src_directory }}/download/njs-v{{ njs_version }}.tar.gz"
+    dest: "{{ nginx_src_directory }}/njs-nginx/{{ njs_version }}"
+    remote_src: true
+    extra_opts:
+      - --strip-components=1
+    mode: u=rwX,g=,o=
+
 - name: Get current configuration hash.
   ansible.builtin.set_fact:
     nginx_build_configuration_hash_current: |-