nginx-compiler/nginx_compile_deb.sh

#!/bin/bash
## author      : Dryusdan
## date        : 27/12/2019
## description : A Nginx compiler
## usage       : ./nginx_compile_deb.sh NGINX_VER OPENSSL_VER TMP_FOLDER

## Bash strict mode ####################################
set -o errexit   # abort on nonzero exitstatus
set -o nounset   # abort on unbound variable
set -o pipefail  # don't hide errors within pipes

## Bash color ##########################################
# Set colors
RED='\033[0;31m'
GREEN='\033[00;32m'
YELLOW='\033[00;33m'
BLUE='\033[00;34m'
PURPLE='\033[00;35m'
CYAN='\033[00;36m'
LIGHTGRAY='\033[00;37m'
LRED='\033[01;31m'
LGREEN='\033[01;32m'
LYELLOW='\033[01;33m'
LBLUE='\033[01;34m'
LPURPLE='\033[01;35m'
LCYAN='\033[01;36m'
WHITE='\033[01;37m'
NC='\033[0m' # No Color

## Logs ################################################
readonly SCRIPTNAME="$(basename "$0")"
debug()    { echo -e "${LPURPLE}[DEBUG] $* ${NC}"    | logger --tag "${SCRIPTNAME}" --stderr ; }
info()    { echo -e "${LBLUE}[INFO] $* ${NC}"    | logger --tag "${SCRIPTNAME}" --stderr ; }
warning() { echo -e "${YELLOW}[WARNING] $* ${NC}" | logger --tag "${SCRIPTNAME}" --stderr ; }
error()   { echo -e "${LRED}[ERROR] $* ${NC}"   | logger --tag "${SCRIPTNAME}" --stderr ; }
fatal()   { echo -e "${RED}[FATAL] $* ${NC}"   | logger --tag "${SCRIPTNAME}" --stderr ; exit 1 ; }
########################################################

## Define variables ####################################
NGINX_VER=${1}
OPENSSL_VER=${2}
TMP_FOLDER=${3}
########################################################


## Define functions ####################################
clean_files(){
	if [ -d "${1}" ]; then
		warning "Removing ${1}"
		rm -rf ${1} 
	fi
}

clean_folder(){
	clean_files "${TMP_FOLDER}/headers-more-nginx-module"
	clean_files "${TMP_FOLDER}/libbrotli"
	clean_files "${TMP_FOLDER}/ngx_brotli"
	clean_files "${TMP_FOLDER}/nginx-ct"
	clean_files "${TMP_FOLDER}/nginx-${NGINX_VER}.tar.gz"
	clean_files "${TMP_FOLDER}/openssl-${OPENSSL_VER}.tar.gz"
}
########################################################
NGINX_GPG="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \
           A09CD539B8BB8CBE96E82BDFABD4D3B3F5806B4D \
           4C2C85E705DC730833990C38A9376139A524C53E \
           65506C02EFC250F1B7A3D694ECF0E90B2C172083 \
           B0F4253373F8F6F510D42178520A9993A1C052F8 \
           7338973069ED3F443F4D37DFA64FD5B17ADB39A8"

info "Install required packages"
apt-get install -qq -y zlib1g-dev zlib1g libpcre3 libpcre3-dev build-essential git wget 

info "Cleaning tmp"
clean_folder
info "End cleaning"
info "Downloading module header-more"
git clone -q https://github.com/openresty/headers-more-nginx-module --depth=1 ${TMP_FOLDER}/headers-more-nginx-module
info "Downloading libbrotli"
git clone -q https://github.com/bagder/libbrotli --depth=1 ${TMP_FOLDER}/libbrotli
info "Downloading module brotli for Nginx"
git clone -q https://github.com/google/ngx_brotli --depth=1 ${TMP_FOLDER}/ngx_brotli
info "Downloading Nginx Certificate Transparency module"
git clone -q https://github.com/grahamedgecombe/nginx-ct --depth=1 ${TMP_FOLDER}/nginx-ct
info "Downloading Nginx version ${NGINX_VER}"
wget -q http://nginx.org/download/nginx-${NGINX_VER}.tar.gz -O ${TMP_FOLDER}/nginx-${NGINX_VER}.tar.gz
info "Downloading Nginx signature ${NGINX_VER}"
wget -q http://nginx.org/download/nginx-${NGINX_VER}.tar.gz.asc -O ${TMP_FOLDER}/nginx-${NGINX_VER}.tar.gz.asc
info "Downloading Openssl version ${OPENSSL_VER}"
wget -q https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz -O ${TMP_FOLDER}/openssl-${OPENSSL_VER}.tar.gz

info "Ending download"

info "Compiling brotli"
cd ${TMP_FOLDER}/libbrotli
./autogen.sh >/dev/null 2>/dev/null
./configure >/dev/null 2>/dev/null
mkdir -p brotli/c/tools/.deps 
touch brotli/c/tools/.deps/brotli-brotli.Po 
make -j 1 >/dev/null 2>/dev/null
make install >/dev/null 2>/dev/null 
cd ${TMP_FOLDER}/ngx_brotli 
git submodule update --init >/dev/null 2>/dev/null

info "Decompressing OpenSSL"
cd ${TMP_FOLDER}
tar xzf openssl-${OPENSSL_VER}.tar.gz

info "Compiling Nginx"
cd ${TMP_FOLDER}
for server in ha.pool.sks-keyservers.net hkp://keyserver.ubuntu.com:80 hkp://p80.pool.sks-keyservers.net:80 pgp.mit.edu; 
    do 
        info "Fetching GPG key $NGINX_GPG from $server";
        gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys $NGINX_GPG && found=yes && break;
done >/dev/null 2>/dev/null 
gpg --batch --verify nginx-${NGINX_VER}.tar.gz.asc nginx-${NGINX_VER}.tar.gz >/dev/null 2>/dev/null
tar xzf nginx-${NGINX_VER}.tar.gz
cd ${TMP_FOLDER}/nginx-${NGINX_VER}
#make clean
./configure --prefix=/etc/nginx \
            --sbin-path=/usr/sbin/nginx \
            --http-log-path=/var/log/nginx/access.log \
            --error-log-path=/var/log/nginx/error.log \
            --pid-path=/run/nginx.pid \
            --lock-path=/run/nginx.lock \
            --user=nginx --group=nginx \
            --with-http_ssl_module \
            --with-http_realip_module \
            --with-http_addition_module \
            --with-http_sub_module \
            --with-http_dav_module \
            --with-http_flv_module \
            --with-http_mp4_module \
            --with-http_gunzip_module \
            --with-http_gzip_static_module \
            --with-http_stub_status_module \
            --with-threads \
            --with-stream \
            --with-stream_ssl_module \
            --with-pcre-jit \
            --with-http_v2_module \
            --with-file-aio \
            --with-ipv6 \
            --add-module=${TMP_FOLDER}/headers-more-nginx-module \
            --add-module=${TMP_FOLDER}/nginx-ct \
            --add-module=${TMP_FOLDER}/ngx_brotli \
            --with-cc-opt="-O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -Wno-deprecated-declarations" \
            --with-openssl-opt='no-async enable-ec_nistp_64_gcc_128 no-shared no-ssl2 no-ssl3 no-comp no-idea no-weak-ssl-ciphers -DOPENSSL_NO_HEARTBEATS -O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2' \
            --with-openssl=${TMP_FOLDER}/openssl-${OPENSSL_VER} >/dev/null 2>/dev/null
make --quiet -j 1 >/dev/null 2>/dev/null
make --quiet install >/dev/null 2>/dev/null

info "Ending compilation"
info "Cleaning tmp"
clean_folder
info "Ending cleaning"

info "exiting ${SCRIPTNAME}"
exit 0
Add compiler script and remove mail support 2019-12-30 07:53:31 +01:00			`#!/bin/bash`
			`## author : Dryusdan`
			`## date : 27/12/2019`
			`## description : A Nginx compiler`
			`## usage : ./nginx_compile_deb.sh NGINX_VER OPENSSL_VER TMP_FOLDER`

			`## Bash strict mode ####################################`
			`set -o errexit # abort on nonzero exitstatus`
			`set -o nounset # abort on unbound variable`
			`set -o pipefail # don't hide errors within pipes`

			`## Bash color ##########################################`
			`# Set colors`
			`RED='\033[0;31m'`
			`GREEN='\033[00;32m'`
			`YELLOW='\033[00;33m'`
			`BLUE='\033[00;34m'`
			`PURPLE='\033[00;35m'`
			`CYAN='\033[00;36m'`
			`LIGHTGRAY='\033[00;37m'`
			`LRED='\033[01;31m'`
			`LGREEN='\033[01;32m'`
			`LYELLOW='\033[01;33m'`
			`LBLUE='\033[01;34m'`
			`LPURPLE='\033[01;35m'`
			`LCYAN='\033[01;36m'`
			`WHITE='\033[01;37m'`
			`NC='\033[0m' # No Color`

			`## Logs ################################################`
			`readonly SCRIPTNAME="$(basename "$0")"`
			`debug() { echo -e "${LPURPLE}[DEBUG] $* ${NC}" \| logger --tag "${SCRIPTNAME}" --stderr ; }`
			`info() { echo -e "${LBLUE}[INFO] $* ${NC}" \| logger --tag "${SCRIPTNAME}" --stderr ; }`
			`warning() { echo -e "${YELLOW}[WARNING] $* ${NC}" \| logger --tag "${SCRIPTNAME}" --stderr ; }`
			`error() { echo -e "${LRED}[ERROR] $* ${NC}" \| logger --tag "${SCRIPTNAME}" --stderr ; }`
			`fatal() { echo -e "${RED}[FATAL] $* ${NC}" \| logger --tag "${SCRIPTNAME}" --stderr ; exit 1 ; }`
			`########################################################`

			`## Define variables ####################################`
			`NGINX_VER=${1}`
			`OPENSSL_VER=${2}`
			`TMP_FOLDER=${3}`
			`########################################################`


			`## Define functions ####################################`
			`clean_files(){`
			`if [ -d "${1}" ]; then`
			`warning "Removing ${1}"`
			`rm -rf ${1}`
			`fi`
			`}`

			`clean_folder(){`
			`clean_files "${TMP_FOLDER}/headers-more-nginx-module"`
			`clean_files "${TMP_FOLDER}/libbrotli"`
			`clean_files "${TMP_FOLDER}/ngx_brotli"`
			`clean_files "${TMP_FOLDER}/nginx-ct"`
			`clean_files "${TMP_FOLDER}/nginx-${NGINX_VER}.tar.gz"`
			`clean_files "${TMP_FOLDER}/openssl-${OPENSSL_VER}.tar.gz"`
			`}`
			`########################################################`
			`NGINX_GPG="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \`
			`A09CD539B8BB8CBE96E82BDFABD4D3B3F5806B4D \`
			`4C2C85E705DC730833990C38A9376139A524C53E \`
			`65506C02EFC250F1B7A3D694ECF0E90B2C172083 \`
			`B0F4253373F8F6F510D42178520A9993A1C052F8 \`
			`7338973069ED3F443F4D37DFA64FD5B17ADB39A8"`

			`info "Install required packages"`
			`apt-get install -qq -y zlib1g-dev zlib1g libpcre3 libpcre3-dev build-essential git wget`

			`info "Cleaning tmp"`
			`clean_folder`
			`info "End cleaning"`
			`info "Downloading module header-more"`
			`git clone -q https://github.com/openresty/headers-more-nginx-module --depth=1 ${TMP_FOLDER}/headers-more-nginx-module`
			`info "Downloading libbrotli"`
			`git clone -q https://github.com/bagder/libbrotli --depth=1 ${TMP_FOLDER}/libbrotli`
			`info "Downloading module brotli for Nginx"`
			`git clone -q https://github.com/google/ngx_brotli --depth=1 ${TMP_FOLDER}/ngx_brotli`
			`info "Downloading Nginx Certificate Transparency module"`
			`git clone -q https://github.com/grahamedgecombe/nginx-ct --depth=1 ${TMP_FOLDER}/nginx-ct`
			`info "Downloading Nginx version ${NGINX_VER}"`
			`wget -q http://nginx.org/download/nginx-${NGINX_VER}.tar.gz -O ${TMP_FOLDER}/nginx-${NGINX_VER}.tar.gz`
			`info "Downloading Nginx signature ${NGINX_VER}"`
			`wget -q http://nginx.org/download/nginx-${NGINX_VER}.tar.gz.asc -O ${TMP_FOLDER}/nginx-${NGINX_VER}.tar.gz.asc`
			`info "Downloading Openssl version ${OPENSSL_VER}"`
			`wget -q https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz -O ${TMP_FOLDER}/openssl-${OPENSSL_VER}.tar.gz`

			`info "Ending download"`

			`info "Compiling brotli"`
			`cd ${TMP_FOLDER}/libbrotli`
			`./autogen.sh >/dev/null 2>/dev/null`
			`./configure >/dev/null 2>/dev/null`
			`mkdir -p brotli/c/tools/.deps`
			`touch brotli/c/tools/.deps/brotli-brotli.Po`
			`make -j 1 >/dev/null 2>/dev/null`
			`make install >/dev/null 2>/dev/null`
			`cd ${TMP_FOLDER}/ngx_brotli`
			`git submodule update --init >/dev/null 2>/dev/null`

			`info "Decompressing OpenSSL"`
			`cd ${TMP_FOLDER}`
			`tar xzf openssl-${OPENSSL_VER}.tar.gz`

			`info "Compiling Nginx"`
			`cd ${TMP_FOLDER}`
			`for server in ha.pool.sks-keyservers.net hkp://keyserver.ubuntu.com:80 hkp://p80.pool.sks-keyservers.net:80 pgp.mit.edu;`
			`do`
			`info "Fetching GPG key $NGINX_GPG from $server";`
			`gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys $NGINX_GPG && found=yes && break;`
			`done >/dev/null 2>/dev/null`
			`gpg --batch --verify nginx-${NGINX_VER}.tar.gz.asc nginx-${NGINX_VER}.tar.gz >/dev/null 2>/dev/null`
			`tar xzf nginx-${NGINX_VER}.tar.gz`
			`cd ${TMP_FOLDER}/nginx-${NGINX_VER}`
			`#make clean`
			`./configure --prefix=/etc/nginx \`
Mise à jour de 'nginx_compile_deb.sh' 2021-04-16 15:02:05 +02:00			`--sbin-path=/usr/sbin/nginx \`
Add compiler script and remove mail support 2019-12-30 07:53:31 +01:00			`--http-log-path=/var/log/nginx/access.log \`
			`--error-log-path=/var/log/nginx/error.log \`
			`--pid-path=/run/nginx.pid \`
			`--lock-path=/run/nginx.lock \`
			`--user=nginx --group=nginx \`
			`--with-http_ssl_module \`
			`--with-http_realip_module \`
			`--with-http_addition_module \`
			`--with-http_sub_module \`
			`--with-http_dav_module \`
			`--with-http_flv_module \`
			`--with-http_mp4_module \`
			`--with-http_gunzip_module \`
			`--with-http_gzip_static_module \`
			`--with-http_stub_status_module \`
			`--with-threads \`
			`--with-stream \`
			`--with-stream_ssl_module \`
			`--with-pcre-jit \`
			`--with-http_v2_module \`
			`--with-file-aio \`
			`--with-ipv6 \`
Update readme and optimize nginx compile 2019-12-30 08:47:09 +01:00			`--add-module=${TMP_FOLDER}/headers-more-nginx-module \`
			`--add-module=${TMP_FOLDER}/nginx-ct \`
			`--add-module=${TMP_FOLDER}/ngx_brotli \`
Add compiler script and remove mail support 2019-12-30 07:53:31 +01:00			`--with-cc-opt="-O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -Wno-deprecated-declarations" \`
			`--with-openssl-opt='no-async enable-ec_nistp_64_gcc_128 no-shared no-ssl2 no-ssl3 no-comp no-idea no-weak-ssl-ciphers -DOPENSSL_NO_HEARTBEATS -O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2' \`
Update readme and optimize nginx compile 2019-12-30 08:47:09 +01:00			`--with-openssl=${TMP_FOLDER}/openssl-${OPENSSL_VER} >/dev/null 2>/dev/null`
Add compiler script and remove mail support 2019-12-30 07:53:31 +01:00			`make --quiet -j 1 >/dev/null 2>/dev/null`
			`make --quiet install >/dev/null 2>/dev/null`

			`info "Ending compilation"`
			`info "Cleaning tmp"`
			`clean_folder`
			`info "Ending cleaning"`

			`info "exiting ${SCRIPTNAME}"`
			`exit 0`