2019-12-30 07:53:31 +01:00
|
|
|
#!/bin/bash
|
|
|
|
## author : Dryusdan
|
|
|
|
## date : 27/12/2019
|
|
|
|
## description : A Nginx compiler
|
|
|
|
## usage : ./nginx_compile_deb.sh NGINX_VER OPENSSL_VER TMP_FOLDER
|
|
|
|
|
|
|
|
## Bash strict mode ####################################
|
|
|
|
set -o errexit # abort on nonzero exitstatus
|
|
|
|
set -o nounset # abort on unbound variable
|
|
|
|
set -o pipefail # don't hide errors within pipes
|
|
|
|
|
|
|
|
## Bash color ##########################################
|
|
|
|
# Set colors
|
|
|
|
RED='\033[0;31m'
|
|
|
|
GREEN='\033[00;32m'
|
|
|
|
YELLOW='\033[00;33m'
|
|
|
|
BLUE='\033[00;34m'
|
|
|
|
PURPLE='\033[00;35m'
|
|
|
|
CYAN='\033[00;36m'
|
|
|
|
LIGHTGRAY='\033[00;37m'
|
|
|
|
LRED='\033[01;31m'
|
|
|
|
LGREEN='\033[01;32m'
|
|
|
|
LYELLOW='\033[01;33m'
|
|
|
|
LBLUE='\033[01;34m'
|
|
|
|
LPURPLE='\033[01;35m'
|
|
|
|
LCYAN='\033[01;36m'
|
|
|
|
WHITE='\033[01;37m'
|
|
|
|
NC='\033[0m' # No Color
|
|
|
|
|
|
|
|
## Logs ################################################
|
|
|
|
readonly SCRIPTNAME="$(basename "$0")"
|
|
|
|
debug() { echo -e "${LPURPLE}[DEBUG] $* ${NC}" | logger --tag "${SCRIPTNAME}" --stderr ; }
|
|
|
|
info() { echo -e "${LBLUE}[INFO] $* ${NC}" | logger --tag "${SCRIPTNAME}" --stderr ; }
|
|
|
|
warning() { echo -e "${YELLOW}[WARNING] $* ${NC}" | logger --tag "${SCRIPTNAME}" --stderr ; }
|
|
|
|
error() { echo -e "${LRED}[ERROR] $* ${NC}" | logger --tag "${SCRIPTNAME}" --stderr ; }
|
|
|
|
fatal() { echo -e "${RED}[FATAL] $* ${NC}" | logger --tag "${SCRIPTNAME}" --stderr ; exit 1 ; }
|
|
|
|
########################################################
|
|
|
|
|
|
|
|
## Define variables ####################################
|
|
|
|
NGINX_VER=${1}
|
|
|
|
OPENSSL_VER=${2}
|
|
|
|
TMP_FOLDER=${3}
|
|
|
|
########################################################
|
|
|
|
|
|
|
|
|
|
|
|
## Define functions ####################################
|
|
|
|
clean_files(){
|
|
|
|
if [ -d "${1}" ]; then
|
|
|
|
warning "Removing ${1}"
|
|
|
|
rm -rf ${1}
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
clean_folder(){
|
|
|
|
clean_files "${TMP_FOLDER}/headers-more-nginx-module"
|
|
|
|
clean_files "${TMP_FOLDER}/libbrotli"
|
|
|
|
clean_files "${TMP_FOLDER}/ngx_brotli"
|
|
|
|
clean_files "${TMP_FOLDER}/nginx-ct"
|
|
|
|
clean_files "${TMP_FOLDER}/nginx-${NGINX_VER}.tar.gz"
|
|
|
|
clean_files "${TMP_FOLDER}/openssl-${OPENSSL_VER}.tar.gz"
|
|
|
|
}
|
|
|
|
########################################################
|
|
|
|
NGINX_GPG="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \
|
|
|
|
A09CD539B8BB8CBE96E82BDFABD4D3B3F5806B4D \
|
|
|
|
4C2C85E705DC730833990C38A9376139A524C53E \
|
|
|
|
65506C02EFC250F1B7A3D694ECF0E90B2C172083 \
|
|
|
|
B0F4253373F8F6F510D42178520A9993A1C052F8 \
|
|
|
|
7338973069ED3F443F4D37DFA64FD5B17ADB39A8"
|
|
|
|
|
|
|
|
info "Install required packages"
|
|
|
|
apt-get install -qq -y zlib1g-dev zlib1g libpcre3 libpcre3-dev build-essential git wget
|
|
|
|
|
|
|
|
info "Cleaning tmp"
|
|
|
|
clean_folder
|
|
|
|
info "End cleaning"
|
|
|
|
info "Downloading module header-more"
|
|
|
|
git clone -q https://github.com/openresty/headers-more-nginx-module --depth=1 ${TMP_FOLDER}/headers-more-nginx-module
|
|
|
|
info "Downloading libbrotli"
|
|
|
|
git clone -q https://github.com/bagder/libbrotli --depth=1 ${TMP_FOLDER}/libbrotli
|
|
|
|
info "Downloading module brotli for Nginx"
|
|
|
|
git clone -q https://github.com/google/ngx_brotli --depth=1 ${TMP_FOLDER}/ngx_brotli
|
|
|
|
info "Downloading Nginx Certificate Transparency module"
|
|
|
|
git clone -q https://github.com/grahamedgecombe/nginx-ct --depth=1 ${TMP_FOLDER}/nginx-ct
|
|
|
|
info "Downloading Nginx version ${NGINX_VER}"
|
|
|
|
wget -q http://nginx.org/download/nginx-${NGINX_VER}.tar.gz -O ${TMP_FOLDER}/nginx-${NGINX_VER}.tar.gz
|
|
|
|
info "Downloading Nginx signature ${NGINX_VER}"
|
|
|
|
wget -q http://nginx.org/download/nginx-${NGINX_VER}.tar.gz.asc -O ${TMP_FOLDER}/nginx-${NGINX_VER}.tar.gz.asc
|
|
|
|
info "Downloading Openssl version ${OPENSSL_VER}"
|
|
|
|
wget -q https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz -O ${TMP_FOLDER}/openssl-${OPENSSL_VER}.tar.gz
|
|
|
|
|
|
|
|
info "Ending download"
|
|
|
|
|
|
|
|
info "Compiling brotli"
|
|
|
|
cd ${TMP_FOLDER}/libbrotli
|
|
|
|
./autogen.sh >/dev/null 2>/dev/null
|
|
|
|
./configure >/dev/null 2>/dev/null
|
|
|
|
mkdir -p brotli/c/tools/.deps
|
|
|
|
touch brotli/c/tools/.deps/brotli-brotli.Po
|
|
|
|
make -j 1 >/dev/null 2>/dev/null
|
|
|
|
make install >/dev/null 2>/dev/null
|
|
|
|
cd ${TMP_FOLDER}/ngx_brotli
|
|
|
|
git submodule update --init >/dev/null 2>/dev/null
|
|
|
|
|
|
|
|
info "Decompressing OpenSSL"
|
|
|
|
cd ${TMP_FOLDER}
|
|
|
|
tar xzf openssl-${OPENSSL_VER}.tar.gz
|
|
|
|
|
|
|
|
info "Compiling Nginx"
|
|
|
|
cd ${TMP_FOLDER}
|
|
|
|
for server in ha.pool.sks-keyservers.net hkp://keyserver.ubuntu.com:80 hkp://p80.pool.sks-keyservers.net:80 pgp.mit.edu;
|
|
|
|
do
|
|
|
|
info "Fetching GPG key $NGINX_GPG from $server";
|
|
|
|
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys $NGINX_GPG && found=yes && break;
|
|
|
|
done >/dev/null 2>/dev/null
|
|
|
|
gpg --batch --verify nginx-${NGINX_VER}.tar.gz.asc nginx-${NGINX_VER}.tar.gz >/dev/null 2>/dev/null
|
|
|
|
tar xzf nginx-${NGINX_VER}.tar.gz
|
|
|
|
cd ${TMP_FOLDER}/nginx-${NGINX_VER}
|
|
|
|
#make clean
|
|
|
|
./configure --prefix=/etc/nginx \
|
2021-04-16 15:02:05 +02:00
|
|
|
--sbin-path=/usr/sbin/nginx \
|
2019-12-30 07:53:31 +01:00
|
|
|
--http-log-path=/var/log/nginx/access.log \
|
|
|
|
--error-log-path=/var/log/nginx/error.log \
|
|
|
|
--pid-path=/run/nginx.pid \
|
|
|
|
--lock-path=/run/nginx.lock \
|
|
|
|
--user=nginx --group=nginx \
|
|
|
|
--with-http_ssl_module \
|
|
|
|
--with-http_realip_module \
|
|
|
|
--with-http_addition_module \
|
|
|
|
--with-http_sub_module \
|
|
|
|
--with-http_dav_module \
|
|
|
|
--with-http_flv_module \
|
|
|
|
--with-http_mp4_module \
|
|
|
|
--with-http_gunzip_module \
|
|
|
|
--with-http_gzip_static_module \
|
|
|
|
--with-http_stub_status_module \
|
|
|
|
--with-threads \
|
|
|
|
--with-stream \
|
|
|
|
--with-stream_ssl_module \
|
|
|
|
--with-pcre-jit \
|
|
|
|
--with-http_v2_module \
|
|
|
|
--with-file-aio \
|
|
|
|
--with-ipv6 \
|
2019-12-30 08:47:09 +01:00
|
|
|
--add-module=${TMP_FOLDER}/headers-more-nginx-module \
|
|
|
|
--add-module=${TMP_FOLDER}/nginx-ct \
|
|
|
|
--add-module=${TMP_FOLDER}/ngx_brotli \
|
2019-12-30 07:53:31 +01:00
|
|
|
--with-cc-opt="-O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -Wno-deprecated-declarations" \
|
|
|
|
--with-openssl-opt='no-async enable-ec_nistp_64_gcc_128 no-shared no-ssl2 no-ssl3 no-comp no-idea no-weak-ssl-ciphers -DOPENSSL_NO_HEARTBEATS -O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2' \
|
2019-12-30 08:47:09 +01:00
|
|
|
--with-openssl=${TMP_FOLDER}/openssl-${OPENSSL_VER} >/dev/null 2>/dev/null
|
2019-12-30 07:53:31 +01:00
|
|
|
make --quiet -j 1 >/dev/null 2>/dev/null
|
|
|
|
make --quiet install >/dev/null 2>/dev/null
|
|
|
|
|
|
|
|
info "Ending compilation"
|
|
|
|
info "Cleaning tmp"
|
|
|
|
clean_folder
|
|
|
|
info "Ending cleaning"
|
|
|
|
|
|
|
|
info "exiting ${SCRIPTNAME}"
|
|
|
|
exit 0
|