update nginx release & cleanup code
This commit is contained in:
parent
a2384c16b8
commit
6c52da7c64
|
@ -19,8 +19,8 @@
|
|||
|
||||
## Additional modules
|
||||
|
||||
Nginx current mainline release : **v1.15.5**
|
||||
Nginx current stable release : **v1.14.0**
|
||||
Nginx current mainline release : **v1.15.6**
|
||||
Nginx current stable release : **v1.14.1**
|
||||
|
||||
* ngx_cache_purge
|
||||
* memcached_nginx_module
|
||||
|
|
|
@ -1,28 +1,15 @@
|
|||
# Stop dance for nginx
|
||||
# =======================
|
||||
#
|
||||
# ExecStop sends SIGSTOP (graceful stop) to the nginx process.
|
||||
# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control
|
||||
# and sends SIGTERM (fast shutdown) to the main process.
|
||||
# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends
|
||||
# SIGKILL to all the remaining processes in the process group (KillMode=mixed).
|
||||
#
|
||||
# nginx signals reference doc:
|
||||
# http://nginx.org/en/docs/control.html
|
||||
#
|
||||
[Unit]
|
||||
Description=A high performance web server and a reverse proxy server
|
||||
After=network.target
|
||||
Description=The NGINX HTTP and reverse proxy server
|
||||
After=syslog.target network.target remote-fs.target nss-lookup.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
PIDFile=/run/nginx.pid
|
||||
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
|
||||
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
|
||||
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
|
||||
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
|
||||
TimeoutStopSec=5
|
||||
KillMode=mixed
|
||||
ExecStartPre=/usr/sbin/nginx -t
|
||||
ExecStart=/usr/sbin/nginx
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
ExecStop=/bin/kill -s QUIT $MAINPID
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
WantedBy=multi-user.target
|
603
nginx-build.sh
603
nginx-build.sh
|
@ -11,16 +11,17 @@
|
|||
#
|
||||
|
||||
# Check if user is root
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
[ "$(id -u)" != "0" ] && {
|
||||
echo "Error: You must be root to run this script, please use the root user to install the software."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# check if curl is installed
|
||||
|
||||
if [ ! -x /usr/bin/curl ]; then
|
||||
apt-get install curl >>/tmp/nginx-ee.log 2>&1
|
||||
fi
|
||||
[ ! -x /usr/bin/curl ] && {
|
||||
apt-get install curl
|
||||
}>>/tmp/nginx-ee.log 2>&1
|
||||
|
||||
|
||||
##################################
|
||||
# Variables
|
||||
|
@ -28,11 +29,8 @@ fi
|
|||
|
||||
NAXSI_VER=0.56
|
||||
DIR_SRC=/usr/local/src
|
||||
NGINX_STABLE=1.14.0
|
||||
NGINX_STABLE=1.14.1
|
||||
NGINX_MAINLINE=$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 1 2>&1)
|
||||
if [ ! -x /usr/sbin/nginx ]; then
|
||||
NGINX_CURRENT=$(nginx -v 2>&1 | awk -F "/" '{print $2}' | grep 1.15)
|
||||
fi
|
||||
|
||||
# Colors
|
||||
CSI='\033['
|
||||
|
@ -49,32 +47,24 @@ CGREEN="${CSI}1;32m"
|
|||
echo "" >/tmp/nginx-ee.log
|
||||
|
||||
# detect Plesk
|
||||
if [ -d /etc/psa ]; then
|
||||
[ -d /etc/psa ] && {
|
||||
NGINX_PLESK=1
|
||||
NGINX_EASYENGINE=0
|
||||
NGINX_FROM_SCRATCH=0
|
||||
echo "Plesk installation detected"
|
||||
else
|
||||
NGINX_PLESK=0
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
# detect easyengine
|
||||
if [ -d /etc/ee ]; then
|
||||
[ -d /etc/ee ] && {
|
||||
echo "EasyEngine installation detected"
|
||||
NGINX_EASYENGINE=1
|
||||
# detect no nginx
|
||||
else
|
||||
NGINX_EASYENGINE=0
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
if [ ! -d /etc/psa ] && [ ! -d /etc/ee ] && [ ! -d /etc/nginx ]; then
|
||||
[ ! -x /usr/sbin/nginx ] && {
|
||||
NGINX_FROM_SCRATCH=1
|
||||
echo "No Plesk or EasyEngine installation detected"
|
||||
else
|
||||
NGINX_FROM_SCRATCH=0
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -140,7 +130,7 @@ if [ -z $NGINX_RELEASE ]; then
|
|||
done
|
||||
echo ""
|
||||
if [ "$PAGESPEED" = "y" ]; then
|
||||
echo "Do you want to build the latest Pagespeed Beta [1] or Stable [2] Release ?"
|
||||
echo "Do you prefer to build the latest Pagespeed Beta [1] or Stable [2] Release ?"
|
||||
while [[ $PAGESPEED_RELEASE != "1" && $PAGESPEED_RELEASE != "2" ]]; do
|
||||
read -p "Select an option [1-2]: " PAGESPEED_RELEASE
|
||||
done
|
||||
|
@ -163,26 +153,21 @@ fi
|
|||
# Set nginx release and modules
|
||||
##################################
|
||||
|
||||
|
||||
if [ "$NGINX_RELEASE" = "1" ]; then
|
||||
NGINX_VER=$NGINX_MAINLINE
|
||||
NGX_HPACK="--with-http_v2_hpack_enc"
|
||||
if [ "$RTMP" = "y" ]; then
|
||||
NGINX_CC_OPT=( [index]=--with-cc-opt='-m64 -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wno-error=date-time -D_FORTIFY_SOURCE=2' )
|
||||
NGX_RTMP="--add-module=/usr/local/src/nginx-rtmp-module "
|
||||
else
|
||||
NGINX_CC_OPT=( [index]=--with-cc-opt='-m64 -O3 -g -march=native -mtune=native -fcode-hoisting -flto -fstack-protector-strong -fuse-ld=gold -Werror=format-security -Wformat -Wimplicit-fallthrough=0 -Wno-cast-function-type -Wno-deprecated-declarations -Wno-error=strict-aliasing --param=ssp-buffer-size=4 -Wp,-D_FORTIFY_SOURCE=2' )
|
||||
NGX_RTMP=""
|
||||
fi
|
||||
else
|
||||
NGINX_VER=$NGINX_STABLE
|
||||
NGX_HPACK=""
|
||||
if [ "$RTMP" = "y" ]; then
|
||||
NGINX_CC_OPT=( [index]=--with-cc-opt='-m64 -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wno-error=date-time -D_FORTIFY_SOURCE=2' )
|
||||
NGX_RTMP="--add-module=/usr/local/src/nginx-rtmp-module "
|
||||
else
|
||||
NGINX_CC_OPT=( [index]=--with-cc-opt='-m64 -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' )
|
||||
NGX_RTMP=""
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$RTMP" = "y" ]; then
|
||||
NGINX_CC_OPT=( [index]=--with-cc-opt='-m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -Wno-error=date-time -D_FORTIFY_SOURCE=2' )
|
||||
NGX_RTMP="--add-module=/usr/local/src/nginx-rtmp-module "
|
||||
else
|
||||
NGINX_CC_OPT=( [index]=--with-cc-opt='-m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting -Wp,-D_FORTIFY_SOURCE=2 -gsplit-dwarf' )
|
||||
NGX_RTMP=""
|
||||
fi
|
||||
|
||||
if [ "$NAXSI" = "y" ]; then
|
||||
|
@ -191,12 +176,11 @@ else
|
|||
NGX_NAXSI=""
|
||||
fi
|
||||
|
||||
if [ "$PAGESPEED" = "y" ]; then
|
||||
if [ "$PAGESPEED_RELEASE" = "1" ]; then
|
||||
NGX_PAGESPEED="--add-module=/usr/local/src/incubator-pagespeed-ngx-latest-beta "
|
||||
else
|
||||
NGX_PAGESPEED="--add-module=/usr/local/src/incubator-pagespeed-ngx-latest-stable "
|
||||
fi
|
||||
|
||||
if [ "$PAGESPEED_RELEASE" = "1" ]; then
|
||||
NGX_PAGESPEED="--add-module=/usr/local/src/incubator-pagespeed-ngx-latest-beta "
|
||||
elif [ "$PAGESPEED_RELEASE" = "2" ]; then
|
||||
NGX_PAGESPEED="--add-module=/usr/local/src/incubator-pagespeed-ngx-latest-stable "
|
||||
else
|
||||
NGX_PAGESPEED=""
|
||||
fi
|
||||
|
@ -210,9 +194,9 @@ echo -ne ' Installing dependencies [..]\r'
|
|||
apt-get update >>/tmp/nginx-ee.log 2>&1
|
||||
apt-get install -y git build-essential libtool automake autoconf zlib1g-dev \
|
||||
libpcre3 libpcre3-dev libgd-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libjemalloc1 libjemalloc-dev \
|
||||
libbz2-1.0 libreadline-dev libbz2-dev libbz2-ocaml libbz2-ocaml-dev software-properties-common sudo tar zlibc zlib1g zlib1g-dbg \
|
||||
libbz2-1.0 libreadline-dev libbz2-dev libbz2-ocaml libbz2-ocaml-dev software-properties-common sudo tar zlibc zlib1g zlib1g-dbg \
|
||||
libcurl4-openssl-dev libgoogle-perftools-dev libperl-dev libpam0g-dev libbsd-dev zip unzip gnupg gnupg2 pigz libluajit-5.1-common \
|
||||
libluajit-5.1-dev libmhash-dev libatomic-ops-dev libexpat-dev libgmp-dev autotools-dev bc checkinstall ccache curl debhelper dh-systemd libxml2 >>/tmp/nginx-ee.log 2>&1
|
||||
libluajit-5.1-dev libmhash-dev libexpat-dev libgmp-dev autotools-dev bc checkinstall ccache curl debhelper dh-systemd libxml2 >>/tmp/nginx-ee.log 2>&1
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -ne " Installing dependencies [${CGREEN}OK${CEND}]\\r"
|
||||
|
@ -231,23 +215,32 @@ fi
|
|||
|
||||
if [ "$NGINX_FROM_SCRATCH" = "1" ]; then
|
||||
|
||||
# clone custom nginx configuration
|
||||
git clone https://github.com/VirtuBox/nginx-config.git /etc/nginx
|
||||
mkdir -p /var/lib/nginx/{body,fastcgi,proxy,scgi,uwsgi}
|
||||
mkdir -p /var/run/nginx-cache
|
||||
mkdir -p /var/cache/nginx
|
||||
chown -R www-data:root /var/lib/nginx/* /var/cache/nginx /var/run/nginx-cache
|
||||
|
||||
# create nginx temp directory
|
||||
mkdir -p /var/lib/nginx/{body,fastcgi,proxy,scgi,uwsgi}
|
||||
# create nginx cache directory
|
||||
[ ! -d /var/cache/nginx ] && {
|
||||
mkdir -p /var/run/nginx-cache
|
||||
}
|
||||
[ ! -d /var/run/nginx-cache ] && {
|
||||
mkdir -p /var/run/nginx-cache
|
||||
}
|
||||
# set proper permissions
|
||||
chown -R www-data:root /var/lib/nginx/* /var/cache/nginx /var/run/nginx-cache
|
||||
# create websites directory
|
||||
mkdir -p /var/www/html
|
||||
|
||||
{
|
||||
|
||||
wget -qO /var/www/html/index.nginx-debian.html https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/var/www/html/index.nginx-debian.html
|
||||
wget -O /var/www/html/index.nginx-debian.html https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/var/www/html/index.nginx-debian.html
|
||||
ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
|
||||
|
||||
if [ ! -f /etc/systemd/system/multi-user.target.wants/nginx.service ] && [ ! -f /lib/systemd/system/nginx.service ]; then
|
||||
wget -qO /lib/systemd/system/nginx.service https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/etc/systemd/system/nginx.service
|
||||
[ ! -f /lib/systemd/system/nginx.service ] && {
|
||||
wget -O /lib/systemd/system/nginx.service https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/etc/systemd/system/nginx.service
|
||||
systemctl enable nginx.service
|
||||
fi
|
||||
}
|
||||
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
|
||||
|
@ -261,78 +254,89 @@ fi
|
|||
|
||||
# Checking lsb_release package
|
||||
if [ ! -x /usr/bin/lsb_release ]; then
|
||||
sudo apt-get -y install lsb-release >>/tmp/nginx-ee.log 2>&1
|
||||
sudo apt-get -y install lsb-release | sudo tee -a /tmp/nginx-ee.log 2>&1
|
||||
fi
|
||||
|
||||
# install gcc-7
|
||||
distro_version=$(lsb_release -sc)
|
||||
|
||||
{
|
||||
|
||||
if [ "$distro_version" == "bionic" ] && [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-bionic.list ]; then
|
||||
add-apt-repository -y ppa:jonathonf/gcc
|
||||
elif [ "$distro_version" == "xenial" ] && [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-xenial.list ]; then
|
||||
add-apt-repository -y ppa:jonathonf/gcc
|
||||
fi
|
||||
|
||||
apt-get update
|
||||
apt-get upgrade -y
|
||||
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
if [ "$NGINX_RELEASE" == "1" ] && [ "$RTMP" != "y" ]; then
|
||||
if [ "$distro_version" == "bionic" ]; then
|
||||
if [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-8_1-bionic.list ] && [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-bionic.list ]; then
|
||||
echo -ne ' Installing gcc-8 [..]\r'
|
||||
{
|
||||
sudo add-apt-repository -y ppa:jonathonf/gcc-8.1
|
||||
sudo add-apt-repository -y ppa:jonathonf/gcc
|
||||
sudo apt-get update
|
||||
sudo apt-get install gcc-8 g++-8 -y
|
||||
sudo update-alternatives --remove-all gcc
|
||||
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 80 --slave /usr/bin/g++ g++ /usr/bin/g++-8
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -ne " Installing gcc-8 [${CGREEN}OK${CEND}]\\r"
|
||||
echo -ne '\n'
|
||||
else
|
||||
echo -e " Installing gcc-8 [${CRED}FAIL${CEND}]"
|
||||
echo ""
|
||||
echo "Please look at /tmp/nginx-ee.log"
|
||||
echo ""
|
||||
exit 1
|
||||
fi
|
||||
echo -ne ' Installing gcc-8 [..]\r'
|
||||
{
|
||||
apt-get install gcc-8 g++-8 -y
|
||||
update-alternatives --remove-all gcc
|
||||
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 80 --slave /usr/bin/g++ g++ /usr/bin/g++-8
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -ne " Installing gcc-8 [${CGREEN}OK${CEND}]\\r"
|
||||
echo -ne '\n'
|
||||
else
|
||||
echo -e " Installing gcc-8 [${CRED}FAIL${CEND}]"
|
||||
echo ""
|
||||
echo "Please look at /tmp/nginx-ee.log"
|
||||
echo ""
|
||||
exit 1
|
||||
fi
|
||||
|
||||
elif [ "$distro_version" == "xenial" ]; then
|
||||
if [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-8_1-xenial.list ] && [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-xenial.list ]; then
|
||||
echo -ne ' Installing gcc-8 [..]\r'
|
||||
sudo add-apt-repository -y ppa:jonathonf/gcc-8.1
|
||||
sudo add-apt-repository -y ppa:jonathonf/gcc
|
||||
sudo apt-get update
|
||||
sudo apt-get install gcc-8 g++-8 -y
|
||||
sudo update-alternatives --remove-all gcc
|
||||
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 80 --slave /usr/bin/g++ g++ /usr/bin/g++-8
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -ne " Installing gcc-8 [${CGREEN}OK${CEND}]\\r"
|
||||
echo -ne '\n'
|
||||
else
|
||||
echo -e " Installing gcc-8 [${CRED}FAIL${CEND}]"
|
||||
echo ""
|
||||
echo "Please look at /tmp/nginx-ee.log"
|
||||
echo ""
|
||||
exit 1
|
||||
fi
|
||||
echo -ne ' Installing gcc-8 [..]\r'
|
||||
{
|
||||
add-apt-repository -y ppa:jonathonf/gcc-8.1
|
||||
apt-get update
|
||||
apt-get install gcc-8 g++-8 -y
|
||||
update-alternatives --remove-all gcc
|
||||
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 80 --slave /usr/bin/g++ g++ /usr/bin/g++-8
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -ne " Installing gcc-8 [${CGREEN}OK${CEND}]\\r"
|
||||
echo -ne '\n'
|
||||
else
|
||||
echo -e " Installing gcc-8 [${CRED}FAIL${CEND}]"
|
||||
echo ""
|
||||
echo "Please look at /tmp/nginx-ee.log"
|
||||
echo ""
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
else
|
||||
if [ "$distro_version" == "xenial" ]; then
|
||||
if [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-7_1-xenial.list ] && [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-xenial.list ]; then
|
||||
echo -ne ' Installing gcc-7 [..]\r'
|
||||
{
|
||||
sudo add-apt-repository -y ppa:jonathonf/gcc-7.1
|
||||
sudo add-apt-repository -y ppa:jonathonf/gcc
|
||||
sduo apt-get update -y
|
||||
sudo apt-get install gcc-7 g++-7 -y
|
||||
sudo update-alternatives --remove-all gcc
|
||||
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 80 --slave /usr/bin/g++ g++ /usr/bin/g++-7
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -ne " Installing gcc-7 [${CGREEN}OK${CEND}]\\r"
|
||||
echo -ne '\n'
|
||||
else
|
||||
echo -e " Installing gcc-7 [${CRED}FAIL${CEND}]"
|
||||
echo ""
|
||||
echo "Please look at /tmp/nginx-ee.log"
|
||||
echo ""
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo -ne ' Installing gcc-7 [..]\r'
|
||||
{
|
||||
add-apt-repository -y ppa:jonathonf/gcc-7.1
|
||||
apt-get update -y
|
||||
apt-get install gcc-7 g++-7 -y
|
||||
update-alternatives --remove-all gcc
|
||||
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 80 --slave /usr/bin/g++ g++ /usr/bin/g++-7
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -ne " Installing gcc-7 [${CGREEN}OK${CEND}]\\r"
|
||||
echo -ne '\n'
|
||||
else
|
||||
echo -e " Installing gcc-7 [${CRED}FAIL${CEND}]"
|
||||
echo ""
|
||||
echo "Please look at /tmp/nginx-ee.log"
|
||||
echo ""
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
@ -373,94 +377,97 @@ fi
|
|||
# clear previous compilation archives
|
||||
|
||||
cd $DIR_SRC || exit
|
||||
rm -rf $DIR_SRC/{*.tar.gz,nginx-1.*,ipscrubtmp,ipscrub,openssl,openssl-*,ngx_brotli,pcre,zlib}
|
||||
rm -rf $DIR_SRC/{*.tar.gz,nginx-1.*,openssl,openssl-*,ngx_brotli,pcre,zlib,incubator-pagespeed-*,build_ngx_pagespeed.sh,install,ngx_http_redis*}
|
||||
|
||||
echo -ne ' Downloading additionals modules [..]\r'
|
||||
|
||||
{
|
||||
# cache_purge module
|
||||
if [ -d $DIR_SRC/ngx_cache_purge ]; then
|
||||
{ [ -d $DIR_SRC/ngx_cache_purge ] && {
|
||||
git -C $DIR_SRC/ngx_cache_purge pull origin master
|
||||
else
|
||||
} } || {
|
||||
git clone https://github.com/FRiCKLE/ngx_cache_purge.git
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
# memcached module
|
||||
if [ -d $DIR_SRC/memc-nginx-module ]; then
|
||||
{ [ -d $DIR_SRC/memc-nginx-module ] && {
|
||||
git -C $DIR_SRC/memc-nginx-module pull origin master
|
||||
else
|
||||
} } || {
|
||||
git clone https://github.com/openresty/memc-nginx-module.git
|
||||
fi
|
||||
}
|
||||
|
||||
# devel kit
|
||||
if [ -d $DIR_SRC/ngx_devel_kit ]; then
|
||||
{ [ -d $DIR_SRC/ngx_devel_kit ] && {
|
||||
git -C $DIR_SRC/ngx_devel_kit pull origin master
|
||||
else
|
||||
} } || {
|
||||
git clone https://github.com/simpl/ngx_devel_kit.git
|
||||
fi
|
||||
}
|
||||
# headers-more module
|
||||
if [ -d $DIR_SRC/headers-more-nginx-module ]; then
|
||||
{ [ -d $DIR_SRC/headers-more-nginx-module ] && {
|
||||
git -C $DIR_SRC/headers-more-nginx-module pull origin master
|
||||
else
|
||||
} } || {
|
||||
git clone https://github.com/openresty/headers-more-nginx-module.git
|
||||
fi
|
||||
}
|
||||
# echo module
|
||||
if [ -d $DIR_SRC/echo-nginx-module ]; then
|
||||
{ [ -d $DIR_SRC/echo-nginx-module ] && {
|
||||
git -C $DIR_SRC/echo-nginx-module pull origin master
|
||||
else
|
||||
} } || {
|
||||
git clone https://github.com/openresty/echo-nginx-module.git
|
||||
fi
|
||||
}
|
||||
# http_substitutions_filter module
|
||||
if [ -d $DIR_SRC/ngx_http_substitutions_filter_module ]; then
|
||||
{ [ -d $DIR_SRC/ngx_http_substitutions_filter_module ] && {
|
||||
git -C $DIR_SRC/ngx_http_substitutions_filter_module pull origin master
|
||||
else
|
||||
} } || {
|
||||
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
|
||||
fi
|
||||
}
|
||||
# redis2 module
|
||||
if [ -d $DIR_SRC/redis2-nginx-module ]; then
|
||||
{ [ -d $DIR_SRC/redis2-nginx-module ] && {
|
||||
git -C $DIR_SRC/redis2-nginx-module pull origin master
|
||||
else
|
||||
} } || {
|
||||
git clone https://github.com/openresty/redis2-nginx-module.git
|
||||
fi
|
||||
}
|
||||
# srcache module
|
||||
if [ -d $DIR_SRC/srcache-nginx-module ]; then
|
||||
{ [ -d $DIR_SRC/srcache-nginx-module ] && {
|
||||
git -C $DIR_SRC/srcache-nginx-module pull origin master
|
||||
else
|
||||
} } || {
|
||||
git clone https://github.com/openresty/srcache-nginx-module.git
|
||||
fi
|
||||
}
|
||||
# set-misc module
|
||||
if [ -d $DIR_SRC/set-misc-nginx-module ]; then
|
||||
{ [ -d $DIR_SRC/set-misc-nginx-module ] && {
|
||||
git -C $DIR_SRC/set-misc-nginx-module pull origin master
|
||||
else
|
||||
} } || {
|
||||
git clone https://github.com/openresty/set-misc-nginx-module.git
|
||||
fi
|
||||
}
|
||||
# auth_pam module
|
||||
if [ -d $DIR_SRC/ngx_http_auth_pam_module ]; then
|
||||
{ [ -d $DIR_SRC/ngx_http_auth_pam_module ] && {
|
||||
git -C $DIR_SRC/ngx_http_auth_pam_module pull origin master
|
||||
else
|
||||
} } || {
|
||||
git clone https://github.com/sto/ngx_http_auth_pam_module.git
|
||||
fi
|
||||
}
|
||||
# nginx-vts module
|
||||
if [ -d $DIR_SRC/nginx-module-vts ]; then
|
||||
{ [ -d $DIR_SRC/nginx-module-vts ] && {
|
||||
git -C $DIR_SRC/nginx-module-vts pull origin master
|
||||
else
|
||||
} } || {
|
||||
git clone https://github.com/vozlt/nginx-module-vts.git
|
||||
fi
|
||||
}
|
||||
# http redis module
|
||||
if [ ! -d $DIR_SRC/ngx_http_redis ]; then
|
||||
sudo curl -sL https://people.freebsd.org/~osa/ngx_http_redis-0.3.8.tar.gz | tar zxf - -C $DIR_SRC
|
||||
mv ngx_http_redis-0.3.8 ngx_http_redis
|
||||
fi
|
||||
sudo curl -sL https://people.freebsd.org/~osa/ngx_http_redis-0.3.8.tar.gz | tar zxf - -C $DIR_SRC
|
||||
mv ngx_http_redis-0.3.8 ngx_http_redis
|
||||
if [ "$RTMP" = "y" ]; then
|
||||
if [ -d $DIR_SRC/nginx-rtmp-module ]; then
|
||||
{ [ -d $DIR_SRC/nginx-rtmp-module ] && {
|
||||
git -C $DIR_SRC/nginx-rtmp-module pull origin master
|
||||
else
|
||||
} } || {
|
||||
git clone https://github.com/arut/nginx-rtmp-module.git
|
||||
fi
|
||||
}
|
||||
fi
|
||||
if [ $NGINX_PLESK = "0" ]; then
|
||||
# ipscrub module
|
||||
# ipscrub module
|
||||
{ [ -d $DIR_SRC/ipscrubtmp ] && {
|
||||
git -C $DIR_SRC/ipscrubtmp pull origin master
|
||||
} } || {
|
||||
git clone https://github.com/masonicboom/ipscrub.git ipscrubtmp
|
||||
cp -rf $DIR_SRC/ipscrubtmp/ipscrub $DIR_SRC/ipscrub
|
||||
fi
|
||||
}
|
||||
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
|
@ -529,7 +536,7 @@ if [ ! -x /usr/bin/pcretest ]; then
|
|||
sudo make -j "$(nproc)"
|
||||
sudo make install
|
||||
mv -v /usr/lib/libpcre.so.* /lib
|
||||
ln -sfv ../../lib/$(readlink /usr/lib/libpcre.so) /usr/lib/libpcre.so
|
||||
ln -sfv ../../lib/"$(readlink /usr/lib/libpcre.so)" /usr/lib/libpcre.so
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -ne " Downloading pcre [${CGREEN}OK${CEND}]\\r"
|
||||
|
@ -544,24 +551,11 @@ if [ ! -x /usr/bin/pcretest ]; then
|
|||
fi
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
##################################
|
||||
# Install Jemalloc
|
||||
##################################
|
||||
|
||||
|
||||
# touch /etc/ld.so.preload
|
||||
# echo "/usr/lib/x86_64-linux-gnu/libjemalloc.so" | sudo tee --append /etc/ld.so.preload
|
||||
#} >>/tmp/nginx-ee.log 2>&1
|
||||
|
||||
|
||||
##################################
|
||||
# Download ngx_broti
|
||||
##################################
|
||||
|
||||
cd $DIR_SRC || exit
|
||||
cd $DIR_SRC || exit 1
|
||||
|
||||
echo -ne ' Downloading brotli [..]\r'
|
||||
{
|
||||
|
@ -587,18 +581,25 @@ fi
|
|||
|
||||
echo -ne ' Downloading openssl [..]\r'
|
||||
|
||||
cd $DIR_SRC || exit
|
||||
cd $DIR_SRC || exit 1
|
||||
{
|
||||
sudo curl -sL https://www.openssl.org/source/openssl-1.1.1.tar.gz | tar zxf - -C $DIR_SRC
|
||||
curl -sL https://www.openssl.org/source/openssl-1.1.1.tar.gz | tar zxf - -C $DIR_SRC
|
||||
mv openssl-1.1.1 openssl
|
||||
cd $DIR_SRC/openssl || exit 1
|
||||
curl https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/openssl-equal-1.1.1.patch | patch -p1
|
||||
cd $DIR_SRC/openssl || exit 1
|
||||
} >> /tmp/nginx-ee.log
|
||||
|
||||
{
|
||||
# apply openssl ciphers patch
|
||||
curl https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/openssl-equal-1.1.1_ciphers.patch | patch -p1
|
||||
# apply patch from centminmod
|
||||
curl https://raw.githubusercontent.com/centminmod/centminmod/master/patches/openssl/OpenSSL-1.1.1-reset-tls1.3-ciphers-SSL_CTX_set_ssl_version.patch | patch -p1
|
||||
curl https://raw.githubusercontent.com/centminmod/centminmod/master/patches/openssl/OpenSSL-1.1.1-sni-fix-delay-sig-algs.patch | patch -p1
|
||||
curl https://raw.githubusercontent.com/centminmod/centminmod/123.09beta01/patches/openssl/OpenSSL-1.1.1-fix-ocsp-memleak.patch | patch -p1
|
||||
curl https://raw.githubusercontent.com/centminmod/centminmod/123.09beta01/patches/openssl/OpenSSL-1.1.1-safer-mem-cleanup.patch | patch -p1
|
||||
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -ne " Downloading openssl [${CGREEN}OK${CEND}]\\r"
|
||||
echo -ne '\n'
|
||||
|
@ -618,9 +619,9 @@ cd $DIR_SRC || exit 1
|
|||
if [ "$NAXSI" = "y" ]; then
|
||||
echo -ne ' Downloading naxsi [..]\r'
|
||||
{
|
||||
if [ -d $DIR_SRC/naxsi ]; then
|
||||
[ -d $DIR_SRC/naxsi ] && {
|
||||
rm -rf $DIR_SRC/naxsi
|
||||
fi
|
||||
}
|
||||
curl -sL https://github.com/nbs-system/naxsi/archive/$NAXSI_VER.tar.gz | tar zxf - -C $DIR_SRC
|
||||
mv naxsi-$NAXSI_VER naxsi
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
|
@ -647,7 +648,7 @@ if [ "$PAGESPEED" = "y" ]; then
|
|||
echo -ne ' Downloading pagespeed [..]\r'
|
||||
|
||||
{
|
||||
rm -rf incubator-pagespeed-* build_ngx_pagespeed.sh install
|
||||
rm -rf
|
||||
wget -qO build_ngx_pagespeed.sh https://raw.githubusercontent.com/pagespeed/ngx_pagespeed/master/scripts/build_ngx_pagespeed.sh
|
||||
chmod +x build_ngx_pagespeed.sh
|
||||
if [ "$PAGESPEED_RELEASE" = "1" ]; then
|
||||
|
@ -675,9 +676,9 @@ fi
|
|||
|
||||
cd $DIR_SRC || exit 1
|
||||
echo -ne ' Downloading nginx [..]\r'
|
||||
if [ -d $DIR_SRC/nginx ]; then
|
||||
[ -d $DIR_SRC/nginx ] && {
|
||||
rm -rf $DIR_SRC/nginx
|
||||
fi
|
||||
}
|
||||
{
|
||||
curl -sL http://nginx.org/download/nginx-${NGINX_VER}.tar.gz | tar zxf - -C $DIR_SRC
|
||||
mv nginx-${NGINX_VER} nginx
|
||||
|
@ -702,15 +703,15 @@ fi
|
|||
|
||||
echo -ne ' Applying nginx patches [..]\r'
|
||||
|
||||
if [ $NGINX_RELEASE = "1" ]; then
|
||||
{
|
||||
curl -s https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_1.15.5%2B.patch | patch -p1
|
||||
curl -s https://raw.githubusercontent.com/centminmod/centminmod/123.09beta01/patches/cloudflare/nginx-1.15.3_http2-hpack.patch | patch -p1
|
||||
curl -s https://raw.githubusercontent.com/kn007/patch/master/nginx_auto_using_PRIORITIZE_CHACHA.patch | patch -p1
|
||||
}>>/tmp/nginx-ee.log 2>&1
|
||||
if [ "$NGINX_RELEASE" = "1" ]; then
|
||||
|
||||
curl -s https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_1.15.5%2B.patch | patch -p1
|
||||
curl -s https://raw.githubusercontent.com/centminmod/centminmod/123.09beta01/patches/cloudflare/nginx-1.15.3_http2-hpack.patch | patch -p1
|
||||
curl -s https://raw.githubusercontent.com/kn007/patch/master/nginx_auto_using_PRIORITIZE_CHACHA.patch | patch -p1
|
||||
|
||||
#wget -qO nginx__dynamic_tls_records.patch https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_1.15.5%2B.patch >>/tmp/nginx-ee.log 2>&1
|
||||
else
|
||||
curl -s https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_1.13.0%2B.patch | patch -p1 >>/tmp/nginx-ee.log 2>&1
|
||||
curl -s https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_1.13.0%2B.patch | patch -p1
|
||||
fi
|
||||
#patch -p1 <nginx__dynamic_tls_records.patch >>/tmp/nginx-ee.log 2>&1
|
||||
|
||||
|
@ -731,71 +732,86 @@ fi
|
|||
|
||||
echo -ne ' Configuring nginx [..]\r'
|
||||
|
||||
if [[ "$distro_version" == "xenial" || "$distro_version" == "bionic" ]]; then
|
||||
if [[ "$NGINX_RELEASE" == "1" && "$RTMP" != "y" ]]; then
|
||||
export CC="/usr/bin/gcc-8"
|
||||
export CXX="/usr/bin/gc++-8"
|
||||
else
|
||||
export CC="/usr/bin/gcc-7"
|
||||
export CXX="/usr/bin/gc++-7"
|
||||
fi
|
||||
if [[ "$NGINX_RELEASE" == "1" && "$RTMP" != "y" ]]; then
|
||||
export CC="/usr/bin/gcc-8"
|
||||
export CXX="/usr/bin/gc++-8"
|
||||
else
|
||||
export CC="/usr/bin/gcc-7"
|
||||
export CXX="/usr/bin/gc++-7"
|
||||
fi
|
||||
|
||||
NGINX_BUILD_OPTIONS="--prefix=/usr/share \
|
||||
--conf-path=/etc/nginx/nginx.conf \
|
||||
--http-log-path=/var/log/nginx/access.log \
|
||||
--error-log-path=/var/log/nginx/error.log \
|
||||
--lock-path=/var/lock/nginx.lock \
|
||||
--pid-path=/var/run/nginx.pid \
|
||||
--http-client-body-temp-path=/var/lib/nginx/body \
|
||||
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
|
||||
--http-proxy-temp-path=/var/lib/nginx/proxy \
|
||||
--http-scgi-temp-path=/var/lib/nginx/scgi \
|
||||
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
|
||||
--modules-path=/usr/share/nginx/modules"
|
||||
|
||||
NGINX_PLESK_BUILD="--prefix=/usr/share \
|
||||
--conf-path=/etc/nginx/nginx.conf \
|
||||
--http-log-path=/var/log/nginx/access.log \
|
||||
--error-log-path=/var/log/nginx/error.log \
|
||||
--lock-path=/var/lock/nginx.lock \
|
||||
--pid-path=/var/run/nginx.pid \
|
||||
--http-client-body-temp-path=/var/lib/nginx/body \
|
||||
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
|
||||
--http-proxy-temp-path=/var/lib/nginx/proxy \
|
||||
--http-scgi-temp-path=/var/lib/nginx/scgi \
|
||||
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
|
||||
--modules-path=/usr/share/nginx/modules"
|
||||
|
||||
NGINX_INCLUDED_MODULES="--without-http_uwsgi_module \
|
||||
--without-mail_imap_module \
|
||||
--without-mail_pop3_module \
|
||||
--without-mail_smtp_module \
|
||||
--with-pcre-jit \
|
||||
--with-http_ssl_module \
|
||||
--with-http_stub_status_module \
|
||||
--with-http_realip_module \
|
||||
--with-http_auth_request_module \
|
||||
--with-http_addition_module \
|
||||
--with-http_geoip_module \
|
||||
--with-http_gzip_static_module \
|
||||
--with-http_image_filter_module \
|
||||
--with-http_v2_module \
|
||||
--with-http_mp4_module \
|
||||
--with-http_sub_module \
|
||||
--with-file-aio \
|
||||
--with-threads"
|
||||
|
||||
NGINX_THIRD_MODULES="--with-zlib=/usr/local/src/zlib \
|
||||
--add-module=/usr/local/src/ngx_cache_purge \
|
||||
--add-module=/usr/local/src/headers-more-nginx-module \
|
||||
--add-module=/usr/local/src/memc-nginx-module \
|
||||
--add-module=/usr/local/src/ngx_devel_kit \
|
||||
--add-module=/usr/local/src/ngx_brotli \
|
||||
--add-module=/usr/local/src/echo-nginx-module \
|
||||
--add-module=/usr/local/src/ngx_http_substitutions_filter_module \
|
||||
--add-module=/usr/local/src/redis2-nginx-module \
|
||||
--add-module=/usr/local/src/srcache-nginx-module \
|
||||
--add-module=/usr/local/src/set-misc-nginx-module \
|
||||
--add-module=/usr/local/src/ngx_http_redis \
|
||||
--add-module=/usr/local/src/ngx_http_auth_pam_module \
|
||||
--add-module=/usr/local/src/nginx-module-vts \
|
||||
--add-module=/usr/local/src/ipscrubtmp/ipscrub"
|
||||
|
||||
if [ "$NGINX_PLESK" = "0" ]; then
|
||||
|
||||
./configure \
|
||||
${NGX_NAXSI} \
|
||||
"${NGINX_CC_OPT[@]}" \
|
||||
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' \
|
||||
--prefix=/usr/share \
|
||||
--conf-path=/etc/nginx/nginx.conf \
|
||||
--http-log-path=/var/log/nginx/access.log \
|
||||
--error-log-path=/var/log/nginx/error.log \
|
||||
--lock-path=/var/lock/nginx.lock \
|
||||
--pid-path=/var/run/nginx.pid \
|
||||
--http-client-body-temp-path=/var/lib/nginx/body \
|
||||
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
|
||||
--http-proxy-temp-path=/var/lib/nginx/proxy \
|
||||
--modules-path=/usr/share/nginx/modules \
|
||||
${NGINX_BUILD_OPTIONS} \
|
||||
--build='VirtuBox Nginx-ee' \
|
||||
--without-http_uwsgi_module \
|
||||
--without-mail_imap_module \
|
||||
--without-http_browser_module \
|
||||
--without-http_split_clients_module \
|
||||
--without-http_ssi_module \
|
||||
--without-http_userid_module \
|
||||
--without-mail_pop3_module \
|
||||
--without-mail_smtp_module \
|
||||
--with-pcre-jit \
|
||||
--with-http_ssl_module \
|
||||
--with-http_stub_status_module \
|
||||
--with-http_realip_module \
|
||||
--with-http_auth_request_module \
|
||||
--with-http_addition_module \
|
||||
${NGX_HPACK} \
|
||||
--with-http_geoip_module \
|
||||
--with-http_gunzip_module \
|
||||
--with-http_gzip_static_module \
|
||||
--with-http_image_filter_module \
|
||||
--with-http_v2_module \
|
||||
--with-http_sub_module \
|
||||
--with-file-aio \
|
||||
--with-threads \
|
||||
--with-zlib=/usr/local/src/zlib \
|
||||
--add-module=/usr/local/src/ngx_cache_purge \
|
||||
--add-module=/usr/local/src/headers-more-nginx-module \
|
||||
--add-module=/usr/local/src/memc-nginx-module \
|
||||
--add-module=/usr/local/src/ngx_devel_kit \
|
||||
--add-module=/usr/local/src/ngx_brotli \
|
||||
--add-module=/usr/local/src/echo-nginx-module \
|
||||
--add-module=/usr/local/src/ngx_http_substitutions_filter_module \
|
||||
--add-module=/usr/local/src/redis2-nginx-module \
|
||||
--add-module=/usr/local/src/srcache-nginx-module \
|
||||
--add-module=/usr/local/src/set-misc-nginx-module \
|
||||
--add-module=/usr/local/src/ngx_http_redis \
|
||||
--add-module=/usr/local/src/ipscrub \
|
||||
--add-module=/usr/local/src/ngx_http_auth_pam_module \
|
||||
--add-module=/usr/local/src/nginx-module-vts \
|
||||
${NGINX_INCLUDED_MODULES} \
|
||||
${NGINX_THIRD_MODULES} \
|
||||
${NGX_HPACK}
|
||||
${NGX_PAGESPEED} \
|
||||
${NGX_RTMP} \
|
||||
--with-openssl=/usr/local/src/openssl \
|
||||
|
@ -808,57 +824,12 @@ else
|
|||
${NGX_NAXSI} \
|
||||
"${NGINX_CC_OPT[@]}" \
|
||||
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' \
|
||||
--prefix=/usr/share \
|
||||
--conf-path=/etc/nginx/nginx.conf \
|
||||
--http-log-path=/var/log/nginx/access.log \
|
||||
--error-log-path=/var/log/nginx/error.log \
|
||||
--lock-path=/var/lock/nginx.lock \
|
||||
--pid-path=/var/run/nginx.pid \
|
||||
--http-client-body-temp-path=/var/lib/nginx/body \
|
||||
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
|
||||
--http-proxy-temp-path=/var/lib/nginx/proxy \
|
||||
--http-scgi-temp-path=/var/lib/nginx/scgi \
|
||||
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
|
||||
--modules-path=/usr/share/nginx/modules \
|
||||
${NGINX_PLESK_BUILD} \
|
||||
--build='VirtuBox Nginx-ee' \
|
||||
--without-http_uwsgi_module \
|
||||
--without-mail_imap_module \
|
||||
--without-http_browser_module \
|
||||
--without-http_split_clients_module \
|
||||
--without-http_ssi_module \
|
||||
--without-http_userid_module \
|
||||
--without-mail_pop3_module \
|
||||
--without-mail_smtp_module \
|
||||
--user=nginx \
|
||||
--group=nginx \
|
||||
--with-pcre-jit \
|
||||
--with-http_ssl_module \
|
||||
--with-http_stub_status_module \
|
||||
--with-http_dav_module \
|
||||
--with-http_realip_module \
|
||||
--with-http_auth_request_module \
|
||||
--with-http_addition_module \
|
||||
${NGX_HPACK} \
|
||||
--with-http_geoip_module \
|
||||
--with-http_gzip_static_module \
|
||||
--with-http_image_filter_module \
|
||||
--with-http_v2_module \
|
||||
--with-http_sub_module \
|
||||
--with-file-aio \
|
||||
--with-threads \
|
||||
--add-module=/usr/local/src/ngx_cache_purge \
|
||||
--add-module=/usr/local/src/headers-more-nginx-module \
|
||||
--add-module=/usr/local/src/memc-nginx-module \
|
||||
--add-module=/usr/local/src/ngx_devel_kit \
|
||||
--add-module=/usr/local/src/echo-nginx-module \
|
||||
--add-module=/usr/local/src/ngx_http_substitutions_filter_module \
|
||||
--add-module=/usr/local/src/redis2-nginx-module \
|
||||
--add-module=/usr/local/src/srcache-nginx-module \
|
||||
--add-module=/usr/local/src/set-misc-nginx-module \
|
||||
--add-module=/usr/local/src/ngx_http_redis \
|
||||
--add-module=/usr/local/src/ngx_brotli \
|
||||
--add-module=/usr/local/src/ngx_http_auth_pam_module \
|
||||
--add-module=/usr/local/src/nginx-module-vts \
|
||||
${NGINX_INCLUDED_MODULES} \
|
||||
${NGINX_THIRD_MODULES} \
|
||||
${NGX_PAGESPEED} \
|
||||
${NGX_RTMP} \
|
||||
--with-openssl=/usr/local/src/openssl \
|
||||
|
@ -905,36 +876,44 @@ fi
|
|||
# Perform final tasks
|
||||
##################################
|
||||
|
||||
if [ $NGINX_PLESK = "1" ]; then
|
||||
[ ! -f /etc/apt/preferences.d/nginx-block ] && {
|
||||
if [ $NGINX_PLESK = "1" ]; then
|
||||
{
|
||||
# block sw-nginx package updates from APT repository
|
||||
echo -e 'Package: sw-nginx*\nPin: release *\nPin-Priority: -1' > /etc/apt/preferences.d/nginx-block
|
||||
apt-mark unhold sw-nginx
|
||||
} >> /tmp/nginx-ee.log
|
||||
else
|
||||
|
||||
# block sw-nginx package updates from APT repository
|
||||
apt-mark hold sw-nginx >>/tmp/nginx-ee.log 2>&1
|
||||
|
||||
elif [ $NGINX_EASYENGINE = "1" ]; then
|
||||
{
|
||||
# replace old TLS v1.3 ciphers suite
|
||||
sed -i 's/TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256/TLS13+AESGCM+AES128/' /etc/nginx/nginx.conf
|
||||
apt-mark hold nginx-ee nginx-common
|
||||
{
|
||||
sed -i 's/TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256/TLS13+AESGCM+AES128/' /etc/nginx/nginx.conf
|
||||
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
fi
|
||||
echo -e 'Package: nginx*\nPin: release *\nPin-Priority: -1' > /etc/apt/preferences.d/nginx-block
|
||||
apt-mark unhold nginx-ee nginx-common
|
||||
} >> /tmp/nginx-ee.log
|
||||
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
systemctl unmask nginx.service
|
||||
systemctl enable nginx.service
|
||||
systemctl start nginx.service
|
||||
rm /etc/nginx/{*.default,*.dpkg-dist} > /dev/null 2>&1
|
||||
|
||||
{
|
||||
systemctl unmask nginx
|
||||
systemctl enable nginx
|
||||
|
||||
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
|
||||
echo -ne ' Checking nginx configuration [..]\r'
|
||||
|
||||
# check if nginx -t do not return errors
|
||||
VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed)
|
||||
if [ -z "$VERIFY_NGINX_CONFIG" ]; then
|
||||
{
|
||||
systemctl stop nginx
|
||||
systemctl start nginx
|
||||
} >>/tmp/nginx-ee.log 2>&1
|
||||
# {
|
||||
#systemctl stop nginx
|
||||
#systemctl start nginx
|
||||
# } >>/tmp/nginx-ee.log 2>&1
|
||||
echo -ne " Checking nginx configuration [${CGREEN}OK${CEND}]\\r"
|
||||
echo -ne '\n'
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue