virtubox
/
nginx-ee
mirror of https://github.com/VirtuBox/nginx-ee.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #82 from VirtuBox/develop 

Develop
This commit is contained in:
VirtuBox 2019-10-08 02:10:03 +02:00 committed by GitHub
parent 87fdc8a104 60b545974d
commit 529a26f785
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 79 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
CHANGELOG.md
View File

@ -6,6 +6,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## [Unreleased] - XX-XX-XX
### Changed
- OpenSSL updated to 1.1.1d
- Updated ngx_brotli module
### Fixed
- dpkg-buildflags variable set before installing dpkg-dev
## [3.6.4] - 2019-08-29
### Added
@ -13,7 +22,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Debian 10 (buster) support
- Raspbian 10 (buster) support
### Changes
### Changed
- Updated cronjob
- Improve module cloning duration by adding `--depth=50` to `git clone`

8
README.md
View File

@ -48,7 +48,7 @@ Automated Nginx compilation from sources with additional modules support
* Dynamic modules support
* Brotli Support
* TLS v1.3 support (Final)
* OpenSSL (1.1.1c or 3.0.0-dev or from system-lib) or LibreSSL
* OpenSSL (1.1.1d or 3.0.0-dev or from system-lib) or LibreSSL
* Cloudflare HPACK
* Cloudflare zlib
* Automated nginx updates cronjob
@ -59,12 +59,12 @@ Automated Nginx compilation from sources with additional modules support
## Additional Third-party modules
Nginx current mainline release : **v1.17.3**
Nginx current mainline release : **v1.17.4**
Nginx current stable release : **v1.16.1**
* [ngx_cache_purge](https://github.com/FRiCKLE/ngx_cache_purge)
* [headers-more-nginx-module](https://github.com/openresty/headers-more-nginx-module)
* [ngx_brotli](https://github.com/eustas/ngx_brotli)
* [ngx_brotli](https://github.com/google/ngx_brotli)
* [memc-nginx-module](https://github.com/openresty/memc-nginx-module.git)
* [ngx-devel-kit](https://github.com/simpl/ngx_devel_kit.git)
* [srcache-nginx-module](https://github.com/openresty/srcache-nginx-module)
@ -131,7 +131,7 @@ Optional modules :
**Default settings** :
* mainline release
* openssl stable : 1.1.1c
* openssl stable : 1.1.1d
* without pagespeed
* without naxsi
* without rtmp

8
docs/index.md
View File

@ -44,7 +44,7 @@ Automated Nginx compilation from sources with additional modules support
<li>Dynamic modules support</li>
<li>Brotli Support</li>
<li>TLS v1.3 support (Final)</li>
<li>OpenSSL (1.1.1c or 3.0.0-dev or from system-lib) or LibreSSL</li>
<li>OpenSSL (1.1.1d or 3.0.0-dev or from system-lib) or LibreSSL</li>
<li>Cloudflare HPACK</li>
<li>Cloudflare zlib</li>
<li>Automated nginx updates cronjob</li>
@ -53,12 +53,12 @@ Automated Nginx compilation from sources with additional modules support
</ul>
<hr />
<h2 id="additional-third-party-modules">Additional Third-party modules</h2>
<p>Nginx current mainline release : <strong>v1.17.3</strong>
<p>Nginx current mainline release : <strong>v1.17.4</strong>
Nginx current stable release : <strong>v1.16.1</strong></p>
<ul>
<li><a href="https://github.com/FRiCKLE/ngx_cache_purge">ngx_cache_purge</a></li>
<li><a href="https://github.com/openresty/headers-more-nginx-module">headers-more-nginx-module</a></li>
<li><a href="https://github.com/eustas/ngx_brotli">ngx_brotli</a></li>
<li><a href="https://github.com/google/ngx_brotli">ngx_brotli</a></li>
<li><a href="https://github.com/openresty/memc-nginx-module.git">memc-nginx-module</a></li>
<li><a href="https://github.com/simpl/ngx_devel_kit.git">ngx-devel-kit</a></li>
<li><a href="https://github.com/openresty/srcache-nginx-module">srcache-nginx-module</a></li>
@ -117,7 +117,7 @@ Nginx current stable release : <strong>v1.16.1</strong></p>
<p><strong>Default settings</strong> :</p>
<ul>
<li>mainline release</li>
<li>openssl stable : 1.1.1c</li>
<li>openssl stable : 1.1.1d</li>
<li>without pagespeed</li>
<li>without naxsi</li>
<li>without rtmp</li>

219
nginx-build.sh
View File

@ -146,15 +146,13 @@ NGINX_EE_VER="3.6.4"
NGINX_MAINLINE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 1 2>&1)"
NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.16 2>&1)"
LIBRESSL_VER="2.9.1"
OPENSSL_VER="1.1.1c"
OPENSSL_VER="1.1.1d"
TLS13_CIPHERS="TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES"
readonly OS_ARCH="$(uname -m)"
OS_DISTRO_FULL="$(lsb_release -ds)"
readonly DISTRO_ID="$(lsb_release -si)"
readonly DISTRO_CODENAME="$(lsb_release -sc)"
readonly DISTRO_NUMBER="$(lsb_release -sr)"
DEB_CFLAGS="$(dpkg-buildflags --get CPPFLAGS) -Wno-error=date-time"
DEB_LFLAGS="$(dpkg-buildflags --get LDFLAGS)"
OPENSSL_COMMIT="3bbec1afed1c65b6f7f645b27808b070e6e7a509"
export DEBIAN_FRONTEND=noninteractive
@ -402,12 +400,22 @@ echo ""
# Install dependencies
##################################
_gitget() {
REPO="$1"
repodir=$(echo "$REPO" | awk -F "/" '{print $2}')
if [ -d /usr/local/src/${repodir}/.git ]; then
git -C /usr/local/src/${repodir} pull &
else
git clone --depth 1 https://github.com/${REPO}.git /usr/local/src/${repodir} &
fi
}
_install_dependencies() {
echo -ne ' Installing dependencies [..]\r'
if {
apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install \
git build-essential libtool automake autoconf \
libgd-dev libgeoip-dev libjemalloc-dev \
libgd-dev dpkg-dev libgeoip-dev libjemalloc-dev \
libbz2-1.0 libreadline-dev libbz2-dev libbz2-ocaml libbz2-ocaml-dev software-properties-common tar \
libgoogle-perftools-dev perl libperl-dev libpam0g-dev libbsd-dev gnupg gnupg2 \
libgmp-dev autotools-dev libxml2-dev libpcre3-dev "$LIBBROTLI_DEV" "$LIBSSL_DEV"
@ -432,7 +440,7 @@ _nginx_from_scratch_setup() {
if {
# clone custom nginx configuration
[ ! -d /etc/nginx ] && {
git clone https://github.com/VirtuBox/nginx-config.git /etc/nginx
git clone --depth 50 https://github.com/VirtuBox/nginx-config.git /etc/nginx
} >> /tmp/nginx-ee.log 2>&1
# create nginx temp directory
@ -618,72 +626,12 @@ _download_modules() {
if {
echo "### downloading additionals modules ###"
# cache_purge module
{ [ -d "$DIR_SRC/ngx_cache_purge" ] && {
git -C "$DIR_SRC/ngx_cache_purge" pull
}; } || {
git clone --depth=50 https://github.com/FRiCKLE/ngx_cache_purge.git
}
# memcached module
{ [ -d "$DIR_SRC/memc-nginx-module" ] && {
git -C "$DIR_SRC/memc-nginx-module" pull
}; } || {
git clone --depth=50 https://github.com/openresty/memc-nginx-module.git
}
# devel kit
{ [ -d "$DIR_SRC/ngx_devel_kit" ] && {
git -C "$DIR_SRC/ngx_devel_kit" pull
}; } || {
git clone --depth=50 https://github.com/simpl/ngx_devel_kit.git
}
# headers-more module
{ [ -d "$DIR_SRC/headers-more-nginx-module" ] && {
git -C "$DIR_SRC/headers-more-nginx-module" pull
}; } || {
git clone --depth=50 https://github.com/openresty/headers-more-nginx-module.git
}
# echo module
{ [ -d "$DIR_SRC/echo-nginx-module" ] && {
git -C "$DIR_SRC/echo-nginx-module" pull
}; } || {
git clone --depth=50 https://github.com/openresty/echo-nginx-module.git
}
# http_substitutions_filter module
{ [ -d "$DIR_SRC/ngx_http_substitutions_filter_module" ] && {
git -C "$DIR_SRC/ngx_http_substitutions_filter_module" pull
}; } || {
git clone --depth=50 https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
}
# redis2 module
{ [ -d "$DIR_SRC/redis2-nginx-module" ] && {
git -C "$DIR_SRC/redis2-nginx-module" pull
}; } || {
git clone --depth=50 https://github.com/openresty/redis2-nginx-module.git
}
# srcache module
{ [ -d "$DIR_SRC/srcache-nginx-module" ] && {
git -C "$DIR_SRC/srcache-nginx-module" pull
}; } || {
git clone --depth=50 https://github.com/openresty/srcache-nginx-module.git
}
# set-misc module
{ [ -d "$DIR_SRC/set-misc-nginx-module" ] && {
git -C "$DIR_SRC/set-misc-nginx-module" pull
}; } || {
git clone --depth=50 https://github.com/openresty/set-misc-nginx-module.git
}
# auth_pam module
{ [ -d "$DIR_SRC/ngx_http_auth_pam_module" ] && {
git -C "$DIR_SRC/ngx_http_auth_pam_module" pull
}; } || {
git clone --depth=50 https://github.com/sto/ngx_http_auth_pam_module.git
}
# nginx-vts module
{ [ -d "$DIR_SRC/nginx-module-vts" ] && {
git -C "$DIR_SRC/nginx-module-vts" pull
}; } || {
git clone --depth=50 https://github.com/vozlt/nginx-module-vts.git
}
MODULES='FRiCKLE/ngx_cache_purge openresty/memc-nginx-module simpl/ngx_devel_kit openresty/headers-more-nginx-module
openresty/echo-nginx-module yaoweibin/ngx_http_substitutions_filter_module openresty/redis2-nginx-module openresty/srcache-nginx-module
openresty/set-misc-nginx-module sto/ngx_http_auth_pam_module vozlt/nginx-module-vts'
for MODULE in $MODULES; do
_gitget "$MODULE"
done
# http redis module
[ ! -d /usr/local/src/ngx_http_redis ] && {
curl -sL https://people.freebsd.org/~osa/ngx_http_redis-0.3.8.tar.gz | /bin/tar zxf - -C "$DIR_SRC"
@ -691,19 +639,19 @@ _download_modules() {
}
if [ "$RTMP" = "y" ]; then
{ [ -d "$DIR_SRC/nginx-rtmp-module" ] && {
git -C "$DIR_SRC/nginx-rtmp-module" pull
git -C "$DIR_SRC/nginx-rtmp-module" pull &
}; } || {
git clone --depth=50 https://github.com/arut/nginx-rtmp-module.git
git clone --depth=1 https://github.com/arut/nginx-rtmp-module.git &
}
fi
# ipscrub module
{ [ -d "$DIR_SRC/ipscrubtmp" ] && {
git -C "$DIR_SRC/ipscrubtmp" pull origin master
git -C "$DIR_SRC/ipscrubtmp" pull origin master &
}; } || {
git clone --depth=50 https://github.com/masonicboom/ipscrub.git ipscrubtmp
git clone --depth=1 https://github.com/masonicboom/ipscrub.git ipscrubtmp &
}
wait
echo "### additionals modules downloaded ###"
} >> /tmp/nginx-ee.log 2>&1; then
echo -ne " Downloading additionals modules [${CGREEN}OK${CEND}]\\r"
@ -732,7 +680,7 @@ _download_zlib() {
git -c /usr/local/src/zlib-cf pull
}; } || {
echo "### cloning zlib-cf ###"
git clone https://github.com/cloudflare/zlib.git -b gcc.amd64 /usr/local/src/zlib-cf
git clone --depth=1 https://github.com/cloudflare/zlib.git -b gcc.amd64 /usr/local/src/zlib-cf
}
cd /usr/local/src/zlib-cf || exit 1
echo "### make distclean ###"
@ -757,7 +705,6 @@ _download_zlib() {
}
##################################
# Download ngx_broti
##################################
@ -770,9 +717,9 @@ _download_brotli() {
{
rm /usr/local/src/ngx_brotli -rf
if [ "$DISTRO_CODENAME" = "jessie" ]; then
git clone --recursive --depth=50 https://github.com/eustas/ngx_brotli /usr/local/src/ngx_brotli -q
git clone --recursive --depth=1 https://github.com/google/ngx_brotli /usr/local/src/ngx_brotli -q
else
git clone --depth=50 https://github.com/eustas/ngx_brotli /usr/local/src/ngx_brotli -q
git clone --depth=1 https://github.com/google/ngx_brotli /usr/local/src/ngx_brotli -q
fi
} >> /tmp/nginx-ee.log 2>&1
@ -992,6 +939,10 @@ _patch_nginx() {
##################################
_configure_nginx() {
local DEB_CFLAGS
local DEB_LFLAGS
DEB_CFLAGS="$(dpkg-buildflags --get CPPFLAGS) -Wno-error=date-time"
DEB_LFLAGS="$(dpkg-buildflags --get LDFLAGS)"
if {
echo -ne ' Configuring nginx [..]\r'
@ -1056,87 +1007,38 @@ _configure_nginx() {
if [ "$OS_ARCH" = 'x86_64' ]; then
if [ "$DISTRO_ID" = "Ubuntu" ]; then
./configure \
${NGX_NAXSI} \
--with-cc-opt='-m64 -march=native -mtune=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto -ffat-lto-objects -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting -Wp,-D_FORTIFY_SOURCE=2 -gsplit-dwarf' \
--with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-z,now -fPIC -flto -ffat-lto-objects' \
${NGINX_BUILD_OPTIONS} \
--build='VirtuBox Nginx-ee' \
${NGX_USER} \
--with-file-aio \
--with-threads \
${NGX_HPACK} \
--with-http_v2_module \
--with-http_ssl_module \
--with-pcre-jit \
${NGINX_INCLUDED_MODULES} \
${NGINX_THIRD_MODULES} \
${NGX_PAGESPEED} \
${NGX_RTMP} \
--add-module=../echo-nginx-module \
--add-module=../headers-more-nginx-module \
--add-module=../ngx_cache_purge \
--add-module=../ngx_brotli \
--with-zlib=../zlib-cf \
${NGX_SSL_LIB} \
--with-openssl-opt="$OPENSSL_OPT" \
--sbin-path=/usr/sbin/nginx >> /tmp/nginx-ee.log 2>&1
else
./configure \
--with-cc-opt="$DEB_CFLAGS" \
--with-ld-opt="$DEB_LFLAGS" \
${NGX_NAXSI} \
${NGINX_BUILD_OPTIONS} \
--build='VirtuBox Nginx-ee' \
${NGX_USER} \
--with-file-aio \
--with-threads \
${NGX_HPACK} \
--with-http_v2_module \
--with-http_ssl_module \
--with-pcre-jit \
${NGINX_INCLUDED_MODULES} \
${NGINX_THIRD_MODULES} \
${NGX_PAGESPEED} \
${NGX_RTMP} \
--add-module=../echo-nginx-module \
--add-module=../headers-more-nginx-module \
--add-module=../ngx_cache_purge \
--add-module=../ngx_brotli \
--with-zlib=../zlib-cf \
${NGX_SSL_LIB} \
--with-openssl-opt="$OPENSSL_OPT" \
--sbin-path=/usr/sbin/nginx >> /tmp/nginx-ee.log 2>&1
DEB_CFLAGS='-m64 -march=native -mtune=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto -ffat-lto-objects -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting -Wp,-D_FORTIFY_SOURCE=2 -gsplit-dwarf'
DEB_LFLAGS='-lrt -ljemalloc -Wl,-z,relro -Wl,-z,now -fPIC -flto -ffat-lto-objects'
fi
ZLIB_PATH='../zlib-cf'
else
./configure \
${NGX_NAXSI} \
--with-cc-opt="$DEB_CFLAGS" \
--with-ld-opt="$DEB_LFLAGS" \
${NGINX_BUILD_OPTIONS} \
--build='VirtuBox Nginx-ee' \
${NGX_USER} \
--with-file-aio \
--with-threads \
--with-http_v2_module \
--with-http_ssl_module \
--with-pcre-jit \
${NGINX_INCLUDED_MODULES} \
${NGINX_THIRD_MODULES} \
${NGX_HPACK} \
${NGX_PAGESPEED} \
${NGX_RTMP} \
--add-module=../echo-nginx-module \
--add-module=../headers-more-nginx-module \
--add-module=../ngx_cache_purge \
--add-module=../ngx_brotli \
--with-zlib=../zlib \
${NGX_SSL_LIB} \
--with-openssl-opt="$OPENSSL_OPT" \
--sbin-path=/usr/sbin/nginx >> /tmp/nginx-ee.log 2>&1
ZLIB_PATH='../zlib'
fi
bash -c "./configure \
${NGX_NAXSI} \
--with-cc-opt='$DEB_CFLAGS' \
--with-ld-opt='$DEB_LFLAGS' \
$NGINX_BUILD_OPTIONS \
--build='VirtuBox Nginx-ee' \
$NGX_USER \
--with-file-aio \
--with-threads \
$NGX_HPACK \
--with-http_v2_module \
--with-http_ssl_module \
--with-pcre-jit \
$NGINX_INCLUDED_MODULES \
$NGINX_THIRD_MODULES \
$NGX_PAGESPEED \
$NGX_RTMP \
--add-module=../echo-nginx-module \
--add-module=../headers-more-nginx-module \
--add-module=../ngx_cache_purge \
--add-module=../ngx_brotli \
--with-zlib=$ZLIB_PATH \
$NGX_SSL_LIB \
--with-openssl-opt='$OPENSSL_OPT' \
--sbin-path=/usr/sbin/nginx >> /tmp/nginx-ee.log 2>&1;"
}; then
echo -ne " Configuring nginx [${CGREEN}OK${CEND}]\\r"
@ -1358,3 +1260,4 @@ if [ "$CRON_SETUP" = "y" ]; then
_cron_setup
fi
_final_tasks
echo "Give Nginx-ee a GitHub star : https://github.com/VirtuBox/nginx-ee"