#!/bin/bash ## author : Dryusdan ## date : 27/12/2019 ## description : A Nginx compiler ## usage : ./nginx_compile_deb.sh NGINX_VER OPENSSL_VER TMP_FOLDER ## Bash strict mode #################################### set -o errexit # abort on nonzero exitstatus set -o nounset # abort on unbound variable set -o pipefail # don't hide errors within pipes ## Bash color ########################################## # Set colors RED='\033[0;31m' GREEN='\033[00;32m' YELLOW='\033[00;33m' BLUE='\033[00;34m' PURPLE='\033[00;35m' CYAN='\033[00;36m' LIGHTGRAY='\033[00;37m' LRED='\033[01;31m' LGREEN='\033[01;32m' LYELLOW='\033[01;33m' LBLUE='\033[01;34m' LPURPLE='\033[01;35m' LCYAN='\033[01;36m' WHITE='\033[01;37m' NC='\033[0m' # No Color ## Logs ################################################ readonly SCRIPTNAME="$(basename "$0")" debug() { echo -e "${LPURPLE}[DEBUG] $* ${NC}" | logger --tag "${SCRIPTNAME}" --stderr ; } info() { echo -e "${LBLUE}[INFO] $* ${NC}" | logger --tag "${SCRIPTNAME}" --stderr ; } warning() { echo -e "${YELLOW}[WARNING] $* ${NC}" | logger --tag "${SCRIPTNAME}" --stderr ; } error() { echo -e "${LRED}[ERROR] $* ${NC}" | logger --tag "${SCRIPTNAME}" --stderr ; } fatal() { echo -e "${RED}[FATAL] $* ${NC}" | logger --tag "${SCRIPTNAME}" --stderr ; exit 1 ; } ######################################################## ## Define variables #################################### NGINX_VER=${1} OPENSSL_VER=${2} TMP_FOLDER=${3} ######################################################## ## Define functions #################################### clean_files(){ if [ -d "${1}" ]; then warning "Removing ${1}" rm -rf ${1} fi } clean_folder(){ clean_files "${TMP_FOLDER}/headers-more-nginx-module" clean_files "${TMP_FOLDER}/libbrotli" clean_files "${TMP_FOLDER}/ngx_brotli" clean_files "${TMP_FOLDER}/nginx-ct" clean_files "${TMP_FOLDER}/nginx-${NGINX_VER}.tar.gz" clean_files "${TMP_FOLDER}/openssl-${OPENSSL_VER}.tar.gz" } ######################################################## NGINX_GPG="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ A09CD539B8BB8CBE96E82BDFABD4D3B3F5806B4D \ 4C2C85E705DC730833990C38A9376139A524C53E \ 65506C02EFC250F1B7A3D694ECF0E90B2C172083 \ B0F4253373F8F6F510D42178520A9993A1C052F8 \ 7338973069ED3F443F4D37DFA64FD5B17ADB39A8" info "Install required packages" apt-get install -qq -y zlib1g-dev zlib1g libpcre3 libpcre3-dev build-essential git wget info "Cleaning tmp" clean_folder info "End cleaning" info "Downloading module header-more" git clone -q https://github.com/openresty/headers-more-nginx-module --depth=1 ${TMP_FOLDER}/headers-more-nginx-module info "Downloading libbrotli" git clone -q https://github.com/bagder/libbrotli --depth=1 ${TMP_FOLDER}/libbrotli info "Downloading module brotli for Nginx" git clone -q https://github.com/google/ngx_brotli --depth=1 ${TMP_FOLDER}/ngx_brotli info "Downloading Nginx Certificate Transparency module" git clone -q https://github.com/grahamedgecombe/nginx-ct --depth=1 ${TMP_FOLDER}/nginx-ct info "Downloading Nginx version ${NGINX_VER}" wget -q http://nginx.org/download/nginx-${NGINX_VER}.tar.gz -O ${TMP_FOLDER}/nginx-${NGINX_VER}.tar.gz info "Downloading Nginx signature ${NGINX_VER}" wget -q http://nginx.org/download/nginx-${NGINX_VER}.tar.gz.asc -O ${TMP_FOLDER}/nginx-${NGINX_VER}.tar.gz.asc info "Downloading Openssl version ${OPENSSL_VER}" wget -q https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz -O ${TMP_FOLDER}/openssl-${OPENSSL_VER}.tar.gz info "Ending download" info "Compiling brotli" cd ${TMP_FOLDER}/libbrotli ./autogen.sh >/dev/null 2>/dev/null ./configure >/dev/null 2>/dev/null mkdir -p brotli/c/tools/.deps touch brotli/c/tools/.deps/brotli-brotli.Po make -j 1 >/dev/null 2>/dev/null make install >/dev/null 2>/dev/null cd ${TMP_FOLDER}/ngx_brotli git submodule update --init >/dev/null 2>/dev/null info "Decompressing OpenSSL" cd ${TMP_FOLDER} tar xzf openssl-${OPENSSL_VER}.tar.gz info "Compiling Nginx" cd ${TMP_FOLDER} for server in ha.pool.sks-keyservers.net hkp://keyserver.ubuntu.com:80 hkp://p80.pool.sks-keyservers.net:80 pgp.mit.edu; do info "Fetching GPG key $NGINX_GPG from $server"; gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys $NGINX_GPG && found=yes && break; done >/dev/null 2>/dev/null gpg --batch --verify nginx-${NGINX_VER}.tar.gz.asc nginx-${NGINX_VER}.tar.gz >/dev/null 2>/dev/null tar xzf nginx-${NGINX_VER}.tar.gz cd ${TMP_FOLDER}/nginx-${NGINX_VER} #make clean ./configure --prefix=/etc/nginx \ --sbin-path=/usr/sbin/nginx \ --http-log-path=/var/log/nginx/access.log \ --error-log-path=/var/log/nginx/error.log \ --pid-path=/run/nginx.pid \ --lock-path=/run/nginx.lock \ --user=nginx --group=nginx \ --with-http_ssl_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_stub_status_module \ --with-threads \ --with-stream \ --with-stream_ssl_module \ --with-pcre-jit \ --with-http_v2_module \ --with-file-aio \ --with-ipv6 \ --add-module=${TMP_FOLDER}/headers-more-nginx-module \ --add-module=${TMP_FOLDER}/nginx-ct \ --add-module=${TMP_FOLDER}/ngx_brotli \ --with-cc-opt="-O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -Wno-deprecated-declarations" \ --with-openssl-opt='no-async enable-ec_nistp_64_gcc_128 no-shared no-ssl2 no-ssl3 no-comp no-idea no-weak-ssl-ciphers -DOPENSSL_NO_HEARTBEATS -O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2' \ --with-openssl=${TMP_FOLDER}/openssl-${OPENSSL_VER} >/dev/null 2>/dev/null make --quiet -j 1 >/dev/null 2>/dev/null make --quiet install >/dev/null 2>/dev/null info "Ending compilation" info "Cleaning tmp" clean_folder info "Ending cleaning" info "exiting ${SCRIPTNAME}" exit 0