root@fw:~ # service nginx start/usr/local/etc/rc.d/nginx: WARNING: failed to setup nginxPerforming sanity check on nginx configuration:nginx: [emerg] Naxsi-Config : Incorrect line MainRule id:1500 (/usr/obj/usr/ports/www/nginx/work/naxsi-29793dc/naxsi_src/naxsi_skeleton.c/973)... in /usr/local/etc/nginx/nginx.conf:51nginx: configuration file /usr/local/etc/nginx/nginx.conf test failedStarting nginx.nginx: [emerg] Naxsi-Config : Incorrect line MainRule id:1500 (/usr/obj/usr/ports/www/nginx/work/naxsi-29793dc/naxsi_src/naxsi_skeleton.c/973)... in /usr/local/etc/nginx/nginx.conf:51/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx
MainRule id:1500 "rx:\.ph|\.asp|\.ht|\.jsp" "msg:asp/php/jsp file upload" "mz:FILE_EXT" "s:$policycd6d033b9a494994a4f73375c23b214e:8";
root@fw:~ # /usr/sbin/service nginx start/usr/local/etc/rc.d/nginx: WARNING: failed to setup nginxPerforming sanity check on nginx configuration:nginx: [emerg] Naxsi-Config : Incorrect line MainRule id:1000 (/usr/obj/usr/ports/www/nginx/work/naxsi-29793dc/naxsi_src/naxsi_skeleton.c/973)... in /usr/local/etc/nginx/nginx.conf:81nginx: configuration file /usr/local/etc/nginx/nginx.conf test failedStarting nginx.nginx: [emerg] Naxsi-Config : Incorrect line MainRule id:1000 (/usr/obj/usr/ports/www/nginx/work/naxsi-29793dc/naxsi_src/naxsi_skeleton.c/973)... in /usr/local/etc/nginx/nginx.conf:81/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx
MainRule id:1000 "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop|load_file|substr|group_concat|dumpfile" "msg:sql keywords" "mz:BODY|ARGS|URL|$HEADERS_VAR_X:Cookie" "s:$policye5cc303f2c4d419da82d91435bf7b85b:4"
root@fw:~ # /usr/sbin/service nginx start/usr/local/etc/rc.d/nginx: WARNING: failed to setup nginxPerforming sanity check on nginx configuration:nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is oknginx: configuration file /usr/local/etc/nginx/nginx.conf test is successfulStarting nginx.root@fw:~ # /usr/sbin/service nginx statusnginx is running as pid 42341.
root@fw:~ # opnsense-revert -z nginxFetching nginx.pkg: ... doneVerifying signature with trusted certificate pkg.opnsense.org.20221213... donenginx-1.24.0_6,3: already unlockedUpdating OPNsense repository catalogue...OPNsense repository is up to date.All repositories are up to date.Checking integrity... done (0 conflicting)The following 1 package(s) will be affected (of 0 checked):New packages to be INSTALLED: nginx: 1.24.0_8,3Number of packages to be installed: 1The process will require 4 MiB more space.[1/1] Installing nginx-1.24.0_8,3...===> Creating groups.Using existing group 'www'.===> Creating usersUsing existing user 'www'.Extracting nginx-1.24.0_8,3: 100%=====Message from nginx-1.24.0_8,3:--Recent version of the NGINX introduces dynamic modules support. InFreeBSD ports tree this feature was enabled by default with the DSOknob. Several vendor's and third-party modules have been convertedto dynamic modules. Unset the DSO knob builds an NGINX withoutdynamic modules support.To load a module at runtime, include the new `load_module'directive in the main context, specifying the path to the sharedobject file for the module, enclosed in quotation marks. When youreload the configuration or restart NGINX, the module is loaded in.It is possible to specify a path relative to the source directory,or a full path, please seehttps://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ andhttp://nginx.org/en/docs/ngx_core_module.html#load_module fordetails.Default path for the NGINX dynamic modules is/usr/local/libexec/nginx.root@fw:~ # service nginx stopStopping nginx.Waiting for PIDS: 63871.root@fw:~ # service nginx start/usr/local/etc/rc.d/nginx: WARNING: failed to setup nginxPerforming sanity check on nginx configuration:nginx: [warn] could not build optimal variables_hash, you should increase either variables_hash_max_size: 1024 or variables_hash_bucket_size: 64; ignoring variables_hash_bucket_sizenginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is oknginx: configuration file /usr/local/etc/nginx/nginx.conf test is successfulStarting nginx.nginx: [warn] could not build optimal variables_hash, you should increase either variables_hash_max_size: 1024 or variables_hash_bucket_size: 64; ignoring variables_hash_bucket_sizeroot@fw:~ # service nginx statusnginx is running as pid 66182
2023/06/24 12:50:00 [warn] 79720#100103: could not build optimal variables_hash, you should increase either variables_hash_max_size: 1024 or variables_hash_bucket_size: 64; ignoring variables_hash_bucket_size2023/06/24 12:50:00 [notice] 79720#100103: signal process startedroot@fw:/var/log/nginx # tail -100 error.log
root@fw:/usr/local/etc/nginx # find . -type f -name "*.conf" -exec grep hash {} /dev/null \;./nginx.conf:ip_hash;./nginx.conf:ip_hash;./nginx.conf:ip_hash;./nginx.conf:ip_hash;./nginx.conf: hash $remote_addr consistent;./nginx.conf: hash $remote_addr consistent;./nginx.conf: hash $remote_addr consistent;./nginx.conf: hash $remote_addr consistent;./nginx.conf: hash $remote_addr consistent;./nginx.conf: hash $remote_addr consistent;./nginx.conf: hash $remote_addr consistent;./nginx.conf: hash $remote_addr consistent;
root@fw:/usr/local/etc/nginx # nginx -Vnginx version: nginx/1.24.0built with OpenSSL 1.1.1u 30 May 2023TLS SNI support enabledconfigure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --with-compat --with-pcre --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_v2_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --without-mail_smtp_module --with-mail_ssl_module --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-http_xslt_module=dynamic --with-mail=dynamic --with-stream=dynamic --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/ngx_brotli-9aec15e --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/headers-more-nginx-module-33b646d --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/naxsi-1.4/naxsi_src --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/njs-0.7.12/nginx --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/nginx-module-vts-bf64dbf --with-ld-opt='-L /usr/local/lib'
root@fw:/usr/local/etc/nginx # cd /usr/local/libexec/nginxroot@fw:/usr/local/libexec/nginx # ls -latrtotal 3136drwxr-xr-x 10 root wheel 512 Jun 23 06:23 ..-r-xr-xr-x 1 root wheel 171336 Jun 24 10:52 ngx_stream_module.so-r-xr-xr-x 1 root wheel 982968 Jun 24 10:52 ngx_stream_js_module.so-r-xr-xr-x 1 root wheel 88616 Jun 24 10:52 ngx_mail_module.so-r-xr-xr-x 1 root wheel 18816 Jun 24 10:52 ngx_http_xslt_filter_module.so-r-xr-xr-x 1 root wheel 172080 Jun 24 10:52 ngx_http_vhost_traffic_status_module.so-r-xr-xr-x 1 root wheel 567216 Jun 24 10:52 ngx_http_naxsi_module.so-r-xr-xr-x 1 root wheel 1001536 Jun 24 10:52 ngx_http_js_module.so-r-xr-xr-x 1 root wheel 25440 Jun 24 10:52 ngx_http_headers_more_filter_module.so-r-xr-xr-x 1 root wheel 9088 Jun 24 10:52 ngx_http_brotli_static_module.so-r-xr-xr-x 1 root wheel 14472 Jun 24 10:52 ngx_http_brotli_filter_module.so