87 lines
3.7 KiB
Bash
Executable File
87 lines
3.7 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
apt-get -y install build-essential zlib1g-dev libpcre3 libpcre3-dev libbz2-dev libssl-dev tar unzip
|
|
|
|
NGINX_VER=1.13.8
|
|
OPENSSL_VER=1.1.0g
|
|
NGINX_GPG="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \
|
|
A09CD539B8BB8CBE96E82BDFABD4D3B3F5806B4D \
|
|
4C2C85E705DC730833990C38A9376139A524C53E \
|
|
65506C02EFC250F1B7A3D694ECF0E90B2C172083 \
|
|
B0F4253373F8F6F510D42178520A9993A1C052F8 \
|
|
7338973069ED3F443F4D37DFA64FD5B17ADB39A8"
|
|
|
|
echo "**** download package ****"
|
|
git clone https://github.com/openresty/headers-more-nginx-module --depth=1 /tmp/headers-more-nginx-module
|
|
git clone https://github.com/bagder/libbrotli --depth=1 /tmp/libbrotli
|
|
git clone https://github.com/google/ngx_brotli --depth=1 /tmp/ngx_brotli
|
|
wget -q http://nginx.org/download/nginx-${NGINX_VER}.tar.gz -O /tmp/nginx-${NGINX_VER}.tar.gz
|
|
wget -q http://nginx.org/download/nginx-${NGINX_VER}.tar.gz.asc -O /tmp/nginx-${NGINX_VER}.tar.gz.asc
|
|
wget -q https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz -O /tmp/openssl-${OPENSSL_VER}.tar.gz
|
|
git clone https://github.com/grahamedgecombe/nginx-ct --depth=1 /tmp/nginx-ct
|
|
|
|
echo "**** compile brotli ****"
|
|
cd /tmp/libbrotli
|
|
./autogen.sh
|
|
./configure
|
|
mkdir brotli/c/tools/.deps
|
|
touch brotli/c/tools/.deps/brotli-brotli.Po
|
|
make -j 1
|
|
make install
|
|
cd /tmp/ngx_brotli
|
|
git submodule update --init
|
|
|
|
echo "**** untar openssl ****"
|
|
cd /tmp
|
|
tar xzf openssl-${OPENSSL_VER}.tar.gz
|
|
|
|
echo "**** compile nginx ****"
|
|
cd /tmp
|
|
for server in ha.pool.sks-keyservers.net hkp://keyserver.ubuntu.com:80 hkp://p80.pool.sks-keyservers.net:80 pgp.mit.edu;
|
|
do
|
|
echo "Fetching GPG key $NGINX_GPGKEY from $server";
|
|
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys $NGINX_GPG && found=yes && break;
|
|
done
|
|
gpg --batch --verify nginx-${NGINX_VER}.tar.gz.asc nginx-${NGINX_VER}.tar.gz
|
|
tar xzf nginx-${NGINX_VER}.tar.gz
|
|
cd /tmp/nginx-${NGINX_VER}
|
|
wget -q https://raw.githubusercontent.com/cujanovic/nginx-dynamic-tls-records-patch/master/nginx__dynamic_tls_records_1.13.0%2B.patch -O dynamic_records.patch
|
|
patch -p1 < dynamic_records.patch
|
|
./configure --prefix=/etc/nginx \
|
|
--sbin-path=/usr/sbin/nginx \
|
|
--http-log-path=/var/log/nginx/logs/nginx_access.log \
|
|
--error-log-path=/var/log/nginx/logs/nginx_error.log \
|
|
--pid-path=/run/nginx.pid \
|
|
--lock-path=/run/nginx.lock \
|
|
--user=www-data --group=www-data \
|
|
--with-http_ssl_module \
|
|
--with-http_realip_module \
|
|
--with-http_addition_module \
|
|
--with-http_sub_module \
|
|
--with-http_dav_module \
|
|
--with-http_flv_module \
|
|
--with-http_mp4_module \
|
|
--with-http_gunzip_module \
|
|
--with-http_gzip_static_module \
|
|
--with-http_random_index_module \
|
|
--with-http_secure_link_module \
|
|
--with-http_stub_status_module \
|
|
--with-threads \
|
|
--with-stream \
|
|
--with-stream_ssl_module \
|
|
--with-http_slice_module \
|
|
--with-mail \
|
|
--with-pcre-jit \
|
|
--with-mail_ssl_module \
|
|
--with-http_v2_module \
|
|
--with-file-aio \
|
|
--with-ipv6 \
|
|
--add-module=/tmp/headers-more-nginx-module \
|
|
--add-module=/tmp/nginx-ct \
|
|
--add-module=/tmp/ngx_brotli \
|
|
--with-cc-opt="-O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -Wno-deprecated-declarations" \
|
|
--with-openssl-opt='no-async enable-ec_nistp_64_gcc_128 no-shared no-ssl2 no-ssl3 no-comp no-idea no-weak-ssl-ciphers -DOPENSSL_NO_HEARTBEATS -O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2' \
|
|
--with-openssl=/tmp/openssl-${OPENSSL_VER}
|
|
make -j 1
|
|
make install
|