Last active
September 27, 2019 10:57
-
-
Save rubnet/6e3e36a11c2a05de22048a332fda28b7 to your computer and use it in GitHub Desktop.
Building nginx with ngx_brotli, openssl and pagespeed from Sources
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#PS_NGX_EXTRA_FLAGS="--with-cc=/opt/rh/devtoolset-2/root/usr/bin/gcc" | |
PS_NGX_EXTRA_FLAGS="" | |
DOWNTMP=/data/ | |
#[check the https://www.modpagespeed.com/doc/release_notes for the latest version] | |
NPS_VERSION=1.13.35.2-stable | |
cd $DOWNTMP | |
wget https://github.com/apache/incubator-pagespeed-ngx/archive/v${NPS_VERSION}.zip | |
unzip v${NPS_VERSION}.zip | |
nps_dir=$(find . -name "*pagespeed-ngx-${NPS_VERSION}" -type d) | |
cd "$nps_dir" | |
#NPS_RELEASE_NUMBER=${NPS_VERSION/beta/} | |
NPS_RELEASE_NUMBER=${NPS_VERSION/stable/} | |
psol_url=https://dl.google.com/dl/page-speed/psol/${NPS_RELEASE_NUMBER}.tar.gz | |
[ -e scripts/format_binary_url.sh ] && psol_url=$(scripts/format_binary_url.sh PSOL_BINARY_URL) | |
wget ${psol_url} | |
tar -xzvf $(basename ${psol_url}) # extracts to psol/ | |
#[check https://www.openssl.org/source/ ttps://github.com/eustas/ngx_brotli for the latest version] | |
OSSLVER=1.1.1c | |
NGX_BROTLI_VERSION=0.1.2 | |
BROTLI_VERSION=1.0.7 | |
cd $DOWNTMP | |
wget -qO- https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz | tar xzf - | |
wget -qO- https://github.com/eustas/ngx_brotli/archive/v$NGX_BROTLI_VERSION.tar.gz | tar xzf - | |
wget -qO- https://github.com/google/brotli/archive/v$BROTLI_VERSION.tar.gz | tar xzf - | |
rm -rf $DOWNTMP/ngx_brotli-$NGX_BROTLI_VERSION/deps/brotli | |
ln -s $DOWNTMP/brotli-$BROTLI_VERSION $DOWNTMP/ngx_brotli-$NGX_BROTLI_VERSION/deps/brotli | |
NGINX_VERSION=1.16.0 | |
#[check http://nginx.org/en/download.html for the latest version] | |
cd $DOWNTMP | |
wget -qO- http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar xzf - | |
cd nginx-${NGINX_VERSION}/ | |
./configure --prefix=/etc/nginx --sbin-path=$DOWNTMP/nginx \ | |
--modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf \ | |
--error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log \ | |
--pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock \ | |
--http-client-body-temp-path=/var/cache/nginx/client_temp \ | |
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \ | |
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ | |
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ | |
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \ | |
--user=nginx --group=nginx --with-compat --with-file-aio \ | |
--with-threads --with-http_addition_module --with-http_auth_request_module \ | |
--with-http_dav_module --with-http_flv_module --with-http_gunzip_module \ | |
--with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module \ | |
--with-http_realip_module --with-http_secure_link_module --with-http_slice_module \ | |
--with-http_ssl_module --with-http_stub_status_module --with-http_sub_module \ | |
--with-http_v2_module --with-mail --with-mail_ssl_module --with-stream \ | |
--with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module \ | |
--with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' \ | |
--with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' \ | |
${PS_NGX_EXTRA_FLAGS} --add-module=../$nps_dir \ | |
--with-openssl=../openssl-${OSSLVER} --add-module=../ngx_brotli-$NGX_BROTLI_VERSION | |
#./configure --sbin-path=$DOWNTMP/nginx ${PS_NGX_EXTRA_FLAGS} --add-module=$DOWNTMP/$nps_dir --with-openssl=$DOWNTMP/openssl-${OSSLVER} --add-module=$DOWNTMP/ngx_brotli-$NGX_BROTLI_VERSION | |
#With some inspiration from IRC, I discovered that the Makefile generated by nginx's configure script | |
# doesn't compile OpenSSL (or any other sources you're using, like zlib) with -fPIC. | |
#Editing the generated Makefile (objs/Makefile), finding the openssl ./config command, | |
#and adding -fPIC to that command line made it compile. | |
#sed -i '1957c && ./config -fPIC --prefix=/usr/local/src/openssl-1.1.1/.openssl no-shared no-threads \\' objs/Makefile | |
if [ -f objs/Makefile ]; then | |
make && make install | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment