-
-
Save tkhoa2711/5d0770bd73c5cc3ae7dae7e20a621924 to your computer and use it in GitHub Desktop.
Compiling NGiNX with LibreSSL, Brotli, more_headers - Ubuntu 16.04 x64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Latest versions of each package. | |
| export NGINX_VERSION=1.11.12 | |
| export VERSION_NGINX=nginx-$NGINX_VERSION | |
| export VERSION_PCRE=pcre-8.40 | |
| export VERSION_ZLIB=zlib-1.2.11 | |
| export VERSION_OPENSSL=openssl-1.1.0e | |
| #export VERSION_LIBRESSL=libressl-2.5.1 | |
| export HMORE_VERSION=0.32 | |
| export VERSION_HEADERS_MORE=v${HMORE_VERSION} | |
| #export NGXPS_VERSION=1.12.34.2 | |
| #export VERSION_PAGESPEED=v${NGXPS_VERSION}-beta | |
| #export VERSION_PSOL=$NGXPS_VERSION-x64 | |
| # URLs to the source directories | |
| export SOURCE_PCRE=https://ftp.pcre.org/pub/pcre/ | |
| export SOURCE_ZLIB=http://zlib.net/ | |
| export SOURCE_OPENSSL=https://www.openssl.org/source/ | |
| #export SOURCE_LIBRESSL=https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ | |
| export SOURCE_NGINX=http://nginx.org/download/ | |
| export SOURCE_HEADERS_MORE=https://github.com/openresty/headers-more-nginx-module/archive/ | |
| #export SOURCE_PAGESPEED=https://github.com/pagespeed/ngx_pagespeed/archive/ | |
| #export SOURCE_PSOL=https://dl.google.com/dl/page-speed/psol/ | |
| export BPATH=$(pwd)/build | |
| #export STATICLIBSSL=$BPATH/$VERSION_LIBRESSL | |
| # proc for building faster | |
| NB_PROC=$(grep -c ^processor /proc/cpuinfo) | |
| # Make a 'today' variable for use in back-up filenames later | |
| today=$(date +"%Y-%m-%d") | |
| # Clean out any files from previous runs of this script | |
| rm -rf build | |
| rm -rf /etc/nginx-default | |
| mkdir build | |
| # Ensure that we have the required software to compile our own nginx | |
| echo "======================================================"; | |
| echo "========== Installing prerequisite software =========="; | |
| echo "======================================================"; | |
| apt-get -y install build-essential wget git python2.7 python-dev libgd-dev | |
| # Grab the source files | |
| echo "=================================================="; | |
| echo "========== Downloading the source files =========="; | |
| echo "=================================================="; | |
| wget -P ./build $SOURCE_NGINX$VERSION_NGINX.tar.gz | |
| wget -P ./build $SOURCE_PCRE$VERSION_PCRE.tar.gz | |
| wget -P ./build $SOURCE_ZLIB$VERSION_ZLIB.tar.gz | |
| wget -P ./build $SOURCE_OPENSSL$VERSION_OPENSSL.tar.gz --no-check-certificate | |
| #wget -P ./build $SOURCE_LIBRESSL$VERSION_LIBRESSL.tar.gz | |
| wget -P ./build $SOURCE_HEADERS_MORE$VERSION_HEADERS_MORE.tar.gz | |
| #wget -P ./build $SOURCE_PAGESPEED$VERSION_PAGESPEED.tar.gz | |
| #wget -P ./build $SOURCE_PSOL$VERSION_PSOL.tar.gz | |
| # Expand the source files | |
| cd $BPATH | |
| tar -xzf $VERSION_NGINX.tar.gz | |
| tar -xzf $VERSION_PCRE.tar.gz | |
| tar -xzf $VERSION_ZLIB.tar.gz | |
| tar -xzf $VERSION_OPENSSL.tar.gz | |
| #tar -xzf $VERSION_LIBRESSL.tar.gz | |
| tar -xzf $VERSION_HEADERS_MORE.tar.gz | |
| #tar -xzf $VERSION_PAGESPEED.tar.gz | |
| #tar -xzf $VERSION_PSOL.tar.gz -C ngx_pagespeed-${NGXPS_VERSION}-beta | |
| # build static LibreSSL | |
| #echo "================================================="; | |
| #echo "========== Configure & Build LibreSSL ==========="; | |
| #echo "================================================="; | |
| #cd ${STATICLIBSSL} | |
| #./configure LDFLAGS=-lrt --prefix=${STATICLIBSSL}/.openssl/ && make install-strip -j $NB_PROC | |
| #cd $BPATH | |
| # Grab and install Brotli. | |
| echo "================================================="; | |
| echo "========== Cloning & Installing Brotli =========="; | |
| echo "================================================="; | |
| git clone https://github.com/google/brotli.git | |
| cd brotli && python setup.py install | |
| cd $BPATH | |
| git clone https://github.com/bagder/libbrotli | |
| cd libbrotli && ./autogen.sh && ./configure && make && make install | |
| cd $BPATH | |
| git clone https://github.com/google/ngx_brotli | |
| cd ngx_brotli && git submodule update --init | |
| # Rename the existing /etc/nginx directory so it's saved as a back-up | |
| echo "================================================================="; | |
| echo "========== Backing up excisting NGiNX config directory =========="; | |
| echo "================================================================="; | |
| mv /etc/nginx /etc/nginx-$today | |
| # Build nginx, with various modules included/excluded | |
| # Configuration parameters were taken from a default NGiNX build. | |
| echo "============================================="; | |
| echo "========== Configure & Build Nginx =========="; | |
| echo "============================================="; | |
| cd $BPATH/$VERSION_NGINX | |
| ./configure --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2,-DTCP_FASTOPEN=23' \ | |
| --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' \ | |
| --prefix=/etc/nginx \ | |
| --sbin-path=/usr/sbin/nginx \ | |
| --modules-path=/usr/lib/nginx/modules \ | |
| --conf-path=/etc/nginx/nginx.conf \ | |
| --error-log-path=/var/log/nginx/error.log \ | |
| --http-log-path=/var/log/nginx/access.log \ | |
| --pid-path=/var/run/nginx.pid \ | |
| --lock-path=/var/run/nginx.lock \ | |
| --http-client-body-temp-path=/var/cache/nginx/client_temp \ | |
| --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ | |
| --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ | |
| --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ | |
| --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ | |
| --user=nginx \ | |
| --group=nginx \ | |
| --with-compat \ | |
| --with-file-aio \ | |
| --with-threads \ | |
| --with-http_addition_module \ | |
| --with-http_auth_request_module \ | |
| --with-http_flv_module \ | |
| --with-http_gunzip_module \ | |
| --with-http_gzip_static_module \ | |
| --with-http_image_filter_module \ | |
| --with-http_mp4_module \ | |
| --with-http_random_index_module \ | |
| --with-http_realip_module \ | |
| --with-http_secure_link_module \ | |
| --with-http_slice_module \ | |
| --with-http_ssl_module \ | |
| --with-http_stub_status_module \ | |
| --with-http_sub_module \ | |
| --with-http_v2_module \ | |
| --with-stream \ | |
| --with-stream_realip_module \ | |
| --with-stream_ssl_module \ | |
| --with-stream_ssl_preread_module \ | |
| --without-mail_pop3_module \ | |
| --without-mail_smtp_module \ | |
| --without-mail_imap_module \ | |
| --with-zlib=../$VERSION_ZLIB \ | |
| --with-pcre=../$VERSION_PCRE \ | |
| --add-module=../ngx_brotli \ | |
| --add-module=../headers-more-nginx-module-$HMORE_VERSION \ | |
| --with-openssl=../$VERSION_OPENSSL \ | |
| #--with-openssl=../$VERSION_LIBRESSL \ | |
| # --add-module=../ngx_pagespeed-${NGXPS_VERSION}-beta | |
| # to prevent nginx building libressl again. | |
| #touch $BPATH/$VERSION_LIBRESSL/.openssl/include/openssl/ssl.h | |
| # build it and install. | |
| make -j $NB_PROC && make install | |
| # rename the compiled default /etc/nginx directory so its accessible as a reference to the new nginx defaults | |
| mv /etc/nginx /etc/nginx-default | |
| # now restore the previous version of /etc/nginx to /etc/nginx so the old settings are kept | |
| mv /etc/nginx-$today /etc/nginx | |
| echo "============================================================="; | |
| echo "All done."; | |
| echo "This build has not edited your existing /etc/nginx directory."; | |
| echo "If things aren't working now you may need to refer to the"; | |
| echo "configuration files the new nginx ships with as defaults,"; | |
| echo "which are available at /etc/nginx-default"; | |
| echo "============================================================="; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment