From f61fbdb3344e24d1221e4ff4e30dec684be1851e Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 23 Apr 2024 01:58:15 +0200 Subject: [PATCH 1/6] Add HTTP/3 QUIC support with LibreSSL --- nginx-build.sh | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/nginx-build.sh b/nginx-build.sh index 2cfa8df..2fb89f2 100755 --- a/nginx-build.sh +++ b/nginx-build.sh @@ -141,7 +141,7 @@ DIR_SRC="/usr/local/src" NGINX_EE_VER=$(curl -m 5 --retry 3 -sL https://api.github.com/repos/VirtuBox/nginx-ee/releases/latest 2>&1 | jq -r '.tag_name') NGINX_MAINLINE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 1 2>&1)" NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.24 2>&1)" -LIBRESSL_VER="3.7.2" +LIBRESSL_VER="3.8.4" if command_exists openssl; then OPENSSL_BIN_VER=$(openssl version) OPENSSL_VER=${OPENSSL_BIN_VER:0:15} @@ -290,6 +290,18 @@ else fi +################################## +# Set LibreSSL HTTP/3 QUIC +################################## + +if "$LIBRESSL_VALID"; then + NGX_QUIC="--with-http_v3_module" + QUIC_VALID="YES" +else + NGX_QUIC="" + QUIC_VALID="NO" +fi + ################################## # Set Pagespeed module ################################## @@ -331,6 +343,7 @@ echo -e " - Nginx release : $NGINX_VER" } [ -n "$LIBRESSL_VALID" ] && { echo -e " - LIBRESSL : $LIBRESSL_VALID" + echo -e " - HTTP/3 QUIC : $QUIC_VALID" } echo " - Dynamic modules $DYNAMIC_MODULES_VALID" echo " - Naxsi : $NAXSI_VALID" @@ -892,6 +905,7 @@ _configure_nginx() { --with-file-aio \ --with-threads \ $NGX_HPACK \ + $NGX_QUIC \ --with-http_v2_module \ --with-http_ssl_module \ --with-pcre-jit \ From 15e9b68dc084d1ee7b920d75e3d7409dff515611 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 23 Apr 2024 01:59:42 +0200 Subject: [PATCH 2/6] Update install script --- nginx-build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx-build.sh b/nginx-build.sh index 2fb89f2..bf0046a 100755 --- a/nginx-build.sh +++ b/nginx-build.sh @@ -4,10 +4,10 @@ # ------------------------------------------------------------------------- # Website: https://virtubox.net # GitHub: https://github.com/VirtuBox/nginx-ee -# Copyright (c) 2019-2020 VirtuBox +# Copyright (c) 2019-2024 VirtuBox # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.8.0 - 2023-05-08 +# Version 3.9.0 - 2024-04-23 # ------------------------------------------------------------------------- ################################## From c625f02a7d469b96fa3bc2c0d7b641f6af093fdb Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 23 Apr 2024 02:05:10 +0200 Subject: [PATCH 3/6] improve LibreSSL declaration --- nginx-build.sh | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/nginx-build.sh b/nginx-build.sh index bf0046a..b8e2ffd 100755 --- a/nginx-build.sh +++ b/nginx-build.sh @@ -274,6 +274,8 @@ fi if [ "$LIBRESSL" = "y" ]; then NGX_SSL_LIB="--with-openssl=../libressl" + NGX_QUIC="--with-http_v3_module" + QUIC_VALID="YES" LIBRESSL_VALID="YES" OPENSSL_OPT="" else @@ -284,31 +286,14 @@ else OPENSSL_OPT="enable-tls1_3" fi fi + NGX_QUIC="" + QUIC_VALID="NO" NGX_SSL_LIB="" OPENSSL_VALID="from system" LIBSSL_DEV="libssl-dev" fi -################################## -# Set LibreSSL HTTP/3 QUIC -################################## - -if "$LIBRESSL_VALID"; then - NGX_QUIC="--with-http_v3_module" - QUIC_VALID="YES" -else - NGX_QUIC="" - QUIC_VALID="NO" -fi - -################################## -# Set Pagespeed module -################################## - -NGX_PAGESPEED="" -PAGESPEED_VALID="NO" - ################################## # Set Plesk configuration ################################## From 1624a19c9cb8b307e147dc07ffd4b48aafeb236c Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 23 Apr 2024 02:15:56 +0200 Subject: [PATCH 4/6] Set http/3 globaly --- nginx-build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx-build.sh b/nginx-build.sh index b8e2ffd..1d43aca 100755 --- a/nginx-build.sh +++ b/nginx-build.sh @@ -239,9 +239,11 @@ fi if [ "$NGINX_RELEASE" = "2" ]; then NGINX_VER="$NGINX_STABLE" NGX_HPACK="--with-http_v2_hpack_enc" + NGX_QUIC="" else NGINX_VER="$NGINX_MAINLINE" NGX_HPACK="" + NGX_QUIC="--with-http_v3_module" fi ################################## @@ -274,7 +276,6 @@ fi if [ "$LIBRESSL" = "y" ]; then NGX_SSL_LIB="--with-openssl=../libressl" - NGX_QUIC="--with-http_v3_module" QUIC_VALID="YES" LIBRESSL_VALID="YES" OPENSSL_OPT="" @@ -286,7 +287,6 @@ else OPENSSL_OPT="enable-tls1_3" fi fi - NGX_QUIC="" QUIC_VALID="NO" NGX_SSL_LIB="" OPENSSL_VALID="from system" From 5120745823ae0c201d2525897a89f063ac17b557 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 23 Apr 2024 07:42:54 +0200 Subject: [PATCH 5/6] Add HTTP/3 QUIC support --- CHANGELOG.md | 11 +++++++++++ README.md | 23 +++++++++++++---------- nginx-build.sh | 20 ++++++++++++++------ 3 files changed, 38 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f3290d..eb57e2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [Unreleased] - XX-XX-XX +## [3.8.0] - 2024-04-23 + +### Added + +- `--with-http_v3_module` on Mainline release +- Full HTTP/3 QUIC support on Mainline release with LibreSSL + +### Changed + +- LibreSSL release bumped to 3.8.4 + ## [3.7.1] - 2023-05-08 ### Changed diff --git a/README.md b/README.md index 3e3a0ba..3719b66 100644 --- a/README.md +++ b/README.md @@ -45,13 +45,12 @@ Automated Nginx compilation from sources with additional modules support * Nginx built-in modules selection * Nginx Third-party modules selection * Dynamic modules support +* HTTP/3 QUIC Support with Mainline Release * Brotli Support -* TLS v1.3 support (Final) +* TLS v1.3 support * OpenSSL or LibreSSL -* Cloudflare HPACK * Cloudflare zlib * Automated nginx updates cronjob -* Compilation with GCC-7/9 * Security hardening and performance optimization enabled with proper GCC flags * An option to omit nginx configuration, allowing usage of third party devops tools @@ -59,8 +58,8 @@ Automated Nginx compilation from sources with additional modules support ## Additional Third-party modules -Nginx current mainline release : **v1.23.4** -Nginx current stable release : **v1.24.0** +Nginx current mainline release : **v1.25.5** with HTTP/3 QUIC +Nginx current stable release : **v1.24.0** with Cloudflare HTTP/2 HPACK * [ngx_cache_purge](https://github.com/FRiCKLE/ngx_cache_purge) * [headers-more-nginx-module](https://github.com/openresty/headers-more-nginx-module) @@ -84,7 +83,7 @@ For Nginx http_ssl_module : Optional modules : -* [naxsi WAF](https://github.com/nbs-system/naxsi) +* [naxsi WAF](https://github.com/wargio/naxsi) * [nginx-rtmp-module](https://github.com/arut/nginx-rtmp-module) --- @@ -120,6 +119,10 @@ Optional modules : * 17.9.x * 18.x (Obsidian) +### HTTP/3 QUIC + +Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html). + --- ## Usage @@ -128,7 +131,7 @@ Optional modules : **Default settings** : -* mainline release +* mainline release with HTTP/3 * openssl from system * without naxsi * without rtmp @@ -155,7 +158,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive ### Custom installation -Example : Nginx stable release with naxsi +Example : Nginx stable release HTTP/2 with naxsi ```bash bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi @@ -165,7 +168,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi Nginx build options : -* `--stable` : compile Nginx stable release +* `--stable` : compile Nginx stable release with HTTP/2 * `--full` : Naxsi + RTMP * `--dynamic` : Compile Nginx modules as dynamic modules * `--noconf` : Compile Nginx without any configuring. Useful when you use devops tools like ansible. @@ -198,7 +201,7 @@ Extras : * [x] Add support for LibreSSL * [x] Add noconf support * [ ] Add support for config.inc build configuration -* [ ] Add HTTP/3 QUIC support +* [x] Add HTTP/3 QUIC support --- diff --git a/nginx-build.sh b/nginx-build.sh index 1d43aca..8d41395 100755 --- a/nginx-build.sh +++ b/nginx-build.sh @@ -7,7 +7,7 @@ # Copyright (c) 2019-2024 VirtuBox # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.9.0 - 2024-04-23 +# Version 3.8.0 - 2024-04-23 # ------------------------------------------------------------------------- ################################## @@ -26,19 +26,17 @@ _help() { echo " -------------------------------------------------------------------- " echo "" echo "Usage: ./nginx-ee [modules]" - echo "By default, Nginx-ee will compile the latest Nginx mainline release without Pagespeed, Naxsi or RTMP module" + echo "By default, Nginx-ee will compile the latest Nginx mainline release with HTTP/3 and without Naxsi or RTMP module" echo " Options:" echo " -h, --help ..... display this help" echo " -i, --interactive ....... interactive installation" echo " --stable ..... Nginx stable release" - echo " --full ..... Nginx mainline release with Nasxi and RTMP module" + echo " --full ..... Nginx with Nasxi and RTMP module" echo " --dynamic ..... Compile Nginx modules as dynamic" echo " --noconf ..... Compile Nginx without any configuring. Useful when you use devops tools like ansible." echo " Modules:" echo " --naxsi ..... Naxsi WAF module" echo " --rtmp ..... RTMP video streaming module" - echo " --openssl-dev ..... Compile Nginx with OpenSSL 3.0.0-dev" - echo " --openssl-system ..... Compile Nginx with OpenSSL from system lib" echo " --libressl ..... Compile Nginx with LibreSSL" echo "" return 0 @@ -325,10 +323,20 @@ echo "" echo -e " - Nginx release : $NGINX_VER" [ -n "$OPENSSL_VALID" ] && { echo -e " - OPENSSL : $OPENSSL_VER" + if [ "$NGINX_RELEASE" = "2" ]; then + echo -e " - HTTP/2 HPACK : YES" + else + echo -e " - with HTTP/3 : YES" + fi + } [ -n "$LIBRESSL_VALID" ] && { echo -e " - LIBRESSL : $LIBRESSL_VALID" - echo -e " - HTTP/3 QUIC : $QUIC_VALID" + if [ "$NGINX_RELEASE" = "2" ]; then + echo -e " - HTTP/2 HPACK : YES" + else + echo -e " - HTTP/3 QUIC : YES" + fi } echo " - Dynamic modules $DYNAMIC_MODULES_VALID" echo " - Naxsi : $NAXSI_VALID" From ceec4f418fa273f23212479fc41c63d355b8c865 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 23 Apr 2024 07:55:30 +0200 Subject: [PATCH 6/6] Update changelog and informations --- CHANGELOG.md | 5 +++++ README.md | 2 +- docs/index.md | 17 ++++++++++------- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eb57e2d..a9e9355 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ### Changed - LibreSSL release bumped to 3.8.4 +- Update zlib to 1.2.13 by @WinSCaP in [#146](https://github.com/VirtuBox/nginx-ee/pull/146) + +### Fixed + +- Fix compile error due to Brotli by @janiosarmento in [#151](https://github.com/VirtuBox/nginx-ee/pull/152) ## [3.7.1] - 2023-05-08 diff --git a/README.md b/README.md index 3719b66..76e5158 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,7 @@ Optional modules : ### HTTP/3 QUIC -Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html). +**Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html). --- diff --git a/docs/index.md b/docs/index.md index 78d9d55..71cf4b0 100644 --- a/docs/index.md +++ b/docs/index.md @@ -42,19 +42,18 @@ Automated Nginx compilation from sources with additional modules support
  • Nginx built-in modules selection
  • Nginx Third-party modules selection
  • Dynamic modules support
    • +
  • HTTP/3 QUIC Support with Mainline Release
  • Brotli Support
  • TLS v1.3 support (Final)
  • OpenSSL or LibreSSL
    • -
  • Cloudflare HPACK
  • Cloudflare zlib
  • Automated nginx updates cronjob
    • -
  • Compilation with GCC-7/9
  • Security hardening and performance optimization enabled with proper GCC flags

    • Additional Third-party modules

    -

    Nginx current mainline release : v1.23.4 -Nginx current stable release : v1.24.0

    +

    Nginx current mainline release : v1.25.5 with HTTP/3 QUIC +Nginx current stable release : v1.24.0

    with Cloudflare HTTP/2 HPACK

    Optional modules :

    @@ -109,12 +108,15 @@ Nginx current stable release : v1.24.0

  • 17.9.x
  • 18.x (Obsidian)
    • +

    ### HTTP/3 QUIC

    +

    Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).

    +

    Usage

    One-Step Automated Install

    Default settings :

      -
    • mainline release
      • +
    • mainline release with HTTP/3
    • openssl from system lib
    • without naxsi
    • without rtmp
      • @@ -131,7 +133,7 @@ sudo bash nginx-build.sh 
      bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive

      Custom installation

      -

      Example : Nginx stable release with naxsi

      +

      Example : Nginx stable release with HTTP/2 HPACK with naxsi

      bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi

      Options available

      @@ -177,6 +179,7 @@ Feel free to use the custom Nginx package built for WordOps and available on Add openssl release choice
    • Add more compilation presets
    • Add support for LibreSSL
      • +
    • Add support for HTTP/3 QUIC