-
-
Save dxgldotorg/3d75f6e89fcbe922e28106cdbc4b9f20 to your computer and use it in GitHub Desktop.
My attempt at building a nginx-extras compatible build with OpenSSL 1.1.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # names of latest versions of each package | |
| export NGINX_VERSION=1.11.3 | |
| export VERSION_PCRE=pcre-8.39 | |
| export VERSION_OPENSSL=openssl-1.1.0 | |
| export VERSION_NGINX=nginx-$NGINX_VERSION | |
| export NPS_VERSION=1.11.33.2 | |
| export VERSION_PAGESPEED=v${NPS_VERSION}-beta | |
| # URLs to the source directories | |
| export SOURCE_OPENSSL=https://www.openssl.org/source/ | |
| export SOURCE_PCRE=ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ | |
| export SOURCE_NGINX=http://nginx.org/download/ | |
| export SOURCE_RTMP=https://github.com/arut/nginx-rtmp-module.git | |
| export SOURCE_PAGESPEED=https://github.com/pagespeed/ngx_pagespeed/archive/ | |
| export SOURCE_AUTH_PAM=https://github.com/stogh/ngx_http_auth_pam_module.git | |
| export SOURCE_CACHE_PURGE=https://github.com/FRiCKLE/ngx_cache_purge.git | |
| export SOURCE_DAV_EXT=https://github.com/arut/nginx-dav-ext-module.git | |
| export SOURCE_ECHO=https://github.com/openresty/echo-nginx-module.git | |
| export SOURCE_FANCYINDEX=https://github.com/aperezdc/ngx-fancyindex.git | |
| export SOURCE_HEADERS_MORE=https://github.com/openresty/headers-more-nginx-module.git | |
| export SOURCE_LUA=https://github.com/openresty/lua-nginx-module.git | |
| export SOURCE_PUSH_STREAM=https://github.com/wandenberg/nginx-push-stream-module.git | |
| export SOURCE_HTTP_SUBSTITUTIONS=git://github.com/yaoweibin/ngx_http_substitutions_filter_module.git | |
| export SOURCE_UPLOAD_PROGRESS=https://github.com/masterzen/nginx-upload-progress-module.git | |
| export SOURCE_UPSTREAM_FAIR=https://github.com/gnosek/nginx-upstream-fair.git | |
| export PATCH_RTMP=https://raw.githubusercontent.com/gentoo/gentoo/6241ba18ca4a5e043a97ad11cf450c8d27b3079f/www-servers/nginx/files/rtmp-nginx-1.11.0.patch | |
| export PATCH_NGINX=https://forum.nginx.org/file.php?2,file=2645,filename=0001-Fix-nginx-build.patch | |
| # clean out any files from previous runs of this script | |
| rm -rf build | |
| mkdir build | |
| # proc for building faster | |
| NB_PROC=$(grep -c ^processor /proc/cpuinfo) | |
| # ensure that we have the required software to compile our own nginx | |
| sudo apt-get -y install curl wget build-essential libgd-dev libgeoip-dev checkinstall git | |
| # grab the source files | |
| echo "Download sources" | |
| wget -P ./build $SOURCE_PCRE$VERSION_PCRE.tar.gz | |
| wget -P ./build $SOURCE_OPENSSL$VERSION_OPENSSL.tar.gz | |
| wget -P ./build $SOURCE_NGINX$VERSION_NGINX.tar.gz | |
| wget -P ./build $SOURCE_PAGESPEED$VERSION_PAGESPEED.tar.gz | |
| wget -P ./build https://dl.google.com/dl/page-speed/psol/${NPS_VERSION}.tar.gz | |
| git clone $SOURCE_RTMP ./build/rtmp | |
| wget -P ./build $PATCH_RTMP | |
| wget -P ./build -O 0001-Fix-nginx-build.patch $PATCH_NGINX | |
| git clone $SOURCE_AUTH_PAM ./build/auth_pam | |
| git clone $SOURCE_CACHE_PURGE ./build/cache_purge | |
| git clone $SOURCE_DAV_EXT ./build/dav_ext | |
| git clone $SOURCE_ECHO ./build/echo | |
| git clone $SOURCE_FANCYINDEX ./build/fancyindex | |
| git clone $SOURCE_HEADERS_MORE ./build/headers_more | |
| git clone $SOURCE_LUA ./build/lua | |
| git clone $SOURCE_PUSH_STREAM ./build/push_stream | |
| git clone $SOURCE_HTTP_SUBSTITUTIONS ./build/http_substitutions | |
| git clone $SOURCE_UPLOAD_PROGRESS ./build/upload_progress | |
| git clone $SOURCE_UPSTREAM_FAIR ./build/upstream_fair | |
| # expand the source files | |
| echo "Extract Packages" | |
| cd build | |
| tar xzf $VERSION_NGINX.tar.gz | |
| tar xzf $VERSION_OPENSSL.tar.gz | |
| tar xzf $VERSION_PCRE.tar.gz | |
| tar xzf $VERSION_PAGESPEED.tar.gz | |
| tar xzf ${NPS_VERSION}.tar.gz -C ngx_pagespeed-${NPS_VERSION}-beta | |
| cd ../ | |
| # set where OpenSSL and nginx will be built | |
| export BPATH=$(pwd)/build | |
| export STATICLIBSSL=$BPATH/$VERSION_OPENSSL | |
| # patch the rtmp module | |
| cd $BPATH/rtmp | |
| patch -p1 <$BPATH/rtmp-nginx-1.11.0.patch | |
| # patch nginx for OpenSSL 1.1.0 | |
| cd $BPATH/nginx | |
| patch -p1 <$BPATH/0001-Fix-nginx-build.patch | |
| # build static OpenSSL | |
| echo "Configure & Build OpenSSL" | |
| cd $STATICLIBSSL | |
| ./configure LDFLAGS=-lrt --prefix=${STATICLIBSSL}/.openssl/ && make install-strip -j $NB_PROC | |
| # build nginx, with various modules included/excluded | |
| echo "Configure & Build Nginx" | |
| cd $BPATH/$VERSION_NGINX | |
| #echo "Download and apply path" | |
| #wget -q -O - $NGINX_PATH | patch -p0 | |
| mkdir -p $BPATH/nginx | |
| ./configure --with-openssl=$STATICLIBSSL \ | |
| --with-ld-opt="-lrt" \ | |
| --sbin-path=/usr/sbin/nginx \ | |
| --conf-path=/etc/nginx/nginx.conf \ | |
| --error-log-path=/var/log/nginx/error.log \ | |
| --http-log-path=/var/log/nginx/access.log \ | |
| --with-pcre=$BPATH/$VERSION_PCRE \ | |
| --with-http_ssl_module \ | |
| --with-http_v2_module \ | |
| --with-file-aio \ | |
| --with-ipv6 \ | |
| --with-http_gzip_static_module \ | |
| --with-http_stub_status_module \ | |
| --with-mail_ssl_module \ | |
| --with-http_image_filter_module \ | |
| --lock-path=/var/lock/nginx.lock \ | |
| --pid-path=/run/nginx.pid \ | |
| --http-client-body-temp-path=/var/lib/nginx/body \ | |
| --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ | |
| --http-proxy-temp-path=/var/lib/nginx/proxy \ | |
| --http-scgi-temp-path=/var/lib/nginx/scgi \ | |
| --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ | |
| --with-debug \ | |
| --with-pcre-jit \ | |
| --with-http_realip_module \ | |
| --with-http_auth_request_module \ | |
| --with-http_addition_module \ | |
| --with-http_geoip_module \ | |
| --with-http_dav_module \ | |
| --with-http_flv_module \ | |
| --with-http_gunzip_module \ | |
| --with-http_mp4_module \ | |
| --with-http_perl_module \ | |
| --with-http_random_index_module \ | |
| --with-http_secure_link_module \ | |
| --with-stream \ | |
| --with-http_sub_module \ | |
| --with-http_xslt_module \ | |
| --add-module=$BPATH/rtmp \ | |
| --add-module=$BPATH/auth_pam \ | |
| --add-module=$BPATH/cache_purge \ | |
| --add-module=$BPATH/dav_ext \ | |
| --add-module=$BPATH/echo \ | |
| --add-module=$BPATH/fancyindex \ | |
| --add-module=$BPATH/headers_more \ | |
| --add-module=$BPATH/lua \ | |
| --add-module=$BPATH/push_stream \ | |
| --add-module=$BPATH/http_substitutions \ | |
| --add-module=$BPATH/upload_progress \ | |
| --add-module=$BPATH/upstream_fair \ | |
| --add-module=$BPATH/ngx_pagespeed-${NPS_VERSION}-beta | |
| touch $STATICLIBSSL/.openssl/include/openssl/ssl.h | |
| make -j $NB_PROC && sudo checkinstall --pkgname="nginx-openssl110" --pkgversion="$NGINX_VERSION" \ | |
| --provides="nginx" --requires="libc6, libpcre3, zlib1g" --strip=yes \ | |
| --stripso=yes --backup=yes -y | |
| echo "All done."; | |
| echo "This build has not edited your existing /etc/nginx directory."; | |
| echo "If things aren't working now you may need to refer to the"; | |
| echo "configuration files the new nginx ships with as defaults,"; | |
| echo "which are available at /etc/nginx-default"; | |
| echo "NOTE: I removed --install=yes to prevent auto-install." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment