-
-
Notifications
You must be signed in to change notification settings - Fork 57
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #155 from VirtuBox/dev
Update Nginx stable and few improvements
- Loading branch information
Showing
5 changed files
with
40 additions
and
118 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,7 +7,7 @@ | |
# Copyright (c) 2019-2024 VirtuBox <[email protected]> | ||
# This script is licensed under M.I.T | ||
# ------------------------------------------------------------------------- | ||
# Version 3.8.0 - 2024-04-23 | ||
# Version 3.8.1 - 2024-04-24 | ||
# ------------------------------------------------------------------------- | ||
|
||
################################## | ||
|
@@ -26,7 +26,7 @@ _help() { | |
echo " -------------------------------------------------------------------- " | ||
echo "" | ||
echo "Usage: ./nginx-ee <options> [modules]" | ||
echo "By default, Nginx-ee will compile the latest Nginx mainline release with HTTP/3 and without Naxsi or RTMP module" | ||
echo "By default, Nginx-ee will compile the latest Nginx mainline release without Naxsi or RTMP module" | ||
echo " Options:" | ||
echo " -h, --help ..... display this help" | ||
echo " -i, --interactive ....... interactive installation" | ||
|
@@ -138,8 +138,8 @@ fi | |
DIR_SRC="/usr/local/src" | ||
NGINX_EE_VER=$(curl -m 5 --retry 3 -sL https://api.github.com/repos/VirtuBox/nginx-ee/releases/latest 2>&1 | jq -r '.tag_name') | ||
NGINX_MAINLINE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 1 2>&1)" | ||
NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.24 2>&1)" | ||
LIBRESSL_VER="3.8.4" | ||
NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.26 2>&1)" | ||
LIBRESSL_VER="$(curl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ 2>&1 | grep -E -o 'libressl\-[0-9.]+\.tar[.a-z]*' | awk -F "libressl-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | sort -r | head -n 1)" | ||
if command_exists openssl; then | ||
OPENSSL_BIN_VER=$(openssl version) | ||
OPENSSL_VER=${OPENSSL_BIN_VER:0:15} | ||
|
@@ -150,7 +150,6 @@ TLS13_CIPHERS="TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+CHAC | |
readonly OS_ARCH="$(uname -m)" | ||
OS_DISTRO_FULL="$(lsb_release -ds)" | ||
readonly DISTRO_ID="$(lsb_release -si)" | ||
readonly DISTRO_CODENAME="$(lsb_release -sc)" | ||
|
||
# Colors | ||
CSI='\033[' | ||
|
@@ -206,9 +205,7 @@ if [ "$INTERACTIVE_SETUP" = "1" ]; then | |
while [[ "$SSL_LIB_CHOICE" != "1" && "$SSL_LIB_CHOICE" != "2" ]]; do | ||
echo -e "Select an option [1-2]: " && read -r SSL_LIB_CHOICE | ||
done | ||
if [ "$SSL_LIB_CHOICE" = "1" ]; then | ||
OPENSSL_LIB=3 | ||
else | ||
if [ "$SSL_LIB_CHOICE" = "2" ]; then | ||
LIBRESSL="y" | ||
fi | ||
echo -e '\nDo you want NAXSI WAF (still experimental)? (y/n)' | ||
|
@@ -236,11 +233,9 @@ fi | |
|
||
if [ "$NGINX_RELEASE" = "2" ]; then | ||
NGINX_VER="$NGINX_STABLE" | ||
NGX_HPACK="--with-http_v2_hpack_enc" | ||
NGX_QUIC="" | ||
NGX_QUIC="--with-http_v3_module" | ||
else | ||
NGINX_VER="$NGINX_MAINLINE" | ||
NGX_HPACK="" | ||
NGX_QUIC="--with-http_v3_module" | ||
fi | ||
|
||
|
@@ -285,7 +280,6 @@ else | |
OPENSSL_OPT="enable-tls1_3" | ||
fi | ||
fi | ||
QUIC_VALID="NO" | ||
NGX_SSL_LIB="" | ||
OPENSSL_VALID="from system" | ||
LIBSSL_DEV="libssl-dev" | ||
|
@@ -323,20 +317,13 @@ echo "" | |
echo -e " - Nginx release : $NGINX_VER" | ||
[ -n "$OPENSSL_VALID" ] && { | ||
echo -e " - OPENSSL : $OPENSSL_VER" | ||
if [ "$NGINX_RELEASE" = "2" ]; then | ||
echo -e " - HTTP/2 HPACK : YES" | ||
else | ||
echo -e " - with HTTP/3 : YES" | ||
fi | ||
echo -e " - with HTTP/3 : YES" | ||
|
||
} | ||
[ -n "$LIBRESSL_VALID" ] && { | ||
echo -e " - LIBRESSL : $LIBRESSL_VALID" | ||
if [ "$NGINX_RELEASE" = "2" ]; then | ||
echo -e " - HTTP/2 HPACK : YES" | ||
else | ||
echo -e " - HTTP/3 QUIC : YES" | ||
fi | ||
echo -e " - HTTP/3 QUIC : YES" | ||
|
||
} | ||
echo " - Dynamic modules $DYNAMIC_MODULES_VALID" | ||
echo " - Naxsi : $NAXSI_VALID" | ||
|
@@ -471,10 +458,8 @@ _dynamic_setup() { | |
} | ||
|
||
################################## | ||
# Install gcc7 or gcc8 from PPA | ||
# Install gcc | ||
################################## | ||
# gcc7 if Nginx is compiled with RTMP module | ||
# otherwise gcc8 is used | ||
|
||
_gcc_setup() { | ||
echo -ne ' Installing gcc [..]\r' | ||
|
@@ -529,12 +514,12 @@ _download_modules() { | |
echo -ne ' Downloading additionals modules [..]\r' | ||
if { | ||
echo "### downloading additionals modules ###" | ||
MODULES='FRiCKLE/ngx_cache_purge openresty/memc-nginx-module | ||
MODULES='openresty/memc-nginx-module | ||
simpl/ngx_devel_kit openresty/headers-more-nginx-module | ||
openresty/echo-nginx-module yaoweibin/ngx_http_substitutions_filter_module | ||
openresty/redis2-nginx-module openresty/srcache-nginx-module | ||
openresty/set-misc-nginx-module sto/ngx_http_auth_pam_module | ||
vozlt/nginx-module-vts centminmod/ngx_http_redis' | ||
vozlt/nginx-module-vts centminmod/ngx_http_redis nginx-modules/ngx_cache_purge' | ||
for MODULE in $MODULES; do | ||
_gitget "$MODULE" | ||
done | ||
|
@@ -589,9 +574,9 @@ _download_zlib() { | |
echo "### configure zlib-cf ###" | ||
./configure --prefix=/usr/local/zlib-cf | ||
else | ||
echo "### downloading zlib 1.2.13 ###" | ||
echo "### downloading zlib latest ###" | ||
rm -rf zlib | ||
curl -sL http://zlib.net/zlib-1.2.13.tar.gz | /bin/tar zxf - -C "$DIR_SRC" | ||
curl -sL http://zlib.net/current/zlib.tar.gz | /bin/tar zxf - -C "$DIR_SRC" | ||
mv zlib-1.2.13 zlib | ||
fi | ||
|
||
|
@@ -633,67 +618,6 @@ _download_brotli() { | |
|
||
} | ||
|
||
################################## | ||
# Download and patch OpenSSL | ||
################################## | ||
|
||
_download_openssl_dev() { | ||
|
||
cd "$DIR_SRC" || exit 1 | ||
if { | ||
echo -ne ' Downloading openssl [..]\r' | ||
|
||
{ | ||
if [ -d /usr/local/src/openssl ]; then | ||
if [ ! -d /usr/local/src/openssl/.git ]; then | ||
echo "### removing openssl extracted archive ###" | ||
rm -rf /usr/local/src/openssl | ||
echo "### cloning openssl ###" | ||
git clone --depth=50 https://github.com/openssl/openssl.git /usr/local/src/openssl | ||
cd /usr/local/src/openssl || exit 1 | ||
echo "### git checkout commit ###" | ||
#git checkout $OPENSSL_COMMIT | ||
else | ||
cd /usr/local/src/openssl || exit 1 | ||
echo "### reset openssl to master and clean patches ###" | ||
git fetch --all | ||
git reset --hard origin/master | ||
git clean -f | ||
#git checkout $OPENSSL_COMMIT | ||
fi | ||
else | ||
echo "### cloning openssl ###" | ||
git clone --depth=50 https://github.com/openssl/openssl.git /usr/local/src/openssl | ||
cd /usr/local/src/openssl || exit 1 | ||
echo "### git checkout commit ###" | ||
#git checkout $OPENSSL_COMMIT | ||
fi | ||
} >>/tmp/nginx-ee.log 2>&1 | ||
|
||
{ | ||
if [ -d /usr/local/src/openssl-patch/.git ]; then | ||
cd /usr/local/src/openssl-patch || exit 1 | ||
git pull origin master | ||
else | ||
git clone --depth=50 https://github.com/VirtuBox/openssl-patch.git /usr/local/src/openssl-patch | ||
fi | ||
cd /usr/local/src/openssl || exit 1 | ||
# apply openssl ciphers patch | ||
echo "### openssl ciphers patch ###" | ||
#patch -p1 <../openssl-patch/openssl-equal-3.0.0-dev_ciphers.patch | ||
} >>/tmp/nginx-ee.log 2>&1 | ||
|
||
}; then | ||
echo -ne " Downloading openssl [${CGREEN}OK${CEND}]\\r" | ||
echo -ne '\n' | ||
else | ||
echo -e " Downloading openssl [${CRED}FAIL${CEND}]" | ||
echo -e '\n Please look at /tmp/nginx-ee.log\n' | ||
exit 1 | ||
fi | ||
|
||
} | ||
|
||
################################## | ||
# Download LibreSSL | ||
################################## | ||
|
@@ -706,8 +630,8 @@ _download_libressl() { | |
|
||
{ | ||
rm -rf /usr/local/src/libressl | ||
curl -sL http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VER}.tar.gz | /bin/tar xzf - -C "$DIR_SRC" | ||
mv /usr/local/src/libressl-${LIBRESSL_VER} /usr/local/src/libressl | ||
curl -sL "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-$LIBRESSL_VER.tar.gz" | /bin/tar xzf - -C "$DIR_SRC" | ||
mv "/usr/local/src/libressl-$LIBRESSL_VER" /usr/local/src/libressl | ||
} >>/tmp/nginx-ee.log 2>&1 | ||
|
||
}; then | ||
|
@@ -789,12 +713,7 @@ _patch_nginx() { | |
echo -ne ' Applying nginx patches [..]\r' | ||
|
||
{ | ||
if [ "$NGINX_RELEASE" = "2" ]; then | ||
curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_for_1.23.4.patch | patch -p1 | ||
else | ||
curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1 | ||
fi | ||
#curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_auto_using_PRIORITIZE_CHACHA.patch | patch -p1 | ||
curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1 | ||
} >>/tmp/nginx-ee.log 2>&1 | ||
|
||
}; then | ||
|
@@ -897,7 +816,6 @@ _configure_nginx() { | |
$NGX_USER \ | ||
--with-file-aio \ | ||
--with-threads \ | ||
$NGX_HPACK \ | ||
$NGX_QUIC \ | ||
--with-http_v2_module \ | ||
--with-http_ssl_module \ | ||
|
@@ -1125,13 +1043,7 @@ fi | |
if [ "$LIBRESSL" = "y" ]; then | ||
_download_libressl | ||
else | ||
if [ "$OPENSSL_LIB" = "2" ]; then | ||
_download_openssl_dev | ||
elif [ "$OPENSSL_LIB" = "3" ]; then | ||
sleep 1 | ||
else | ||
sleep 1 | ||
fi | ||
sleep 1 | ||
fi | ||
_download_nginx | ||
_patch_nginx | ||
|