virtubox
/
nginx-wo
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update nginx release & cleanup code

This commit is contained in:
VirtuBox 2018-11-07 11:03:33 +01:00
parent a2384c16b8
commit 6c52da7c64
3 changed files with 301 additions and 335 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -19,8 +19,8 @@
## Additional modules
Nginx current mainline release : **v1.15.5**
Nginx current stable release : **v1.14.0**
Nginx current mainline release : **v1.15.6**
Nginx current stable release : **v1.14.1**
* ngx_cache_purge
* memcached_nginx_module

29
etc/systemd/system/nginx.service
View File

@ -1,28 +1,15 @@
# Stop dance for nginx
# =======================
#
# ExecStop sends SIGSTOP (graceful stop) to the nginx process.
# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control
# and sends SIGTERM (fast shutdown) to the main process.
# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends
# SIGKILL to all the remaining processes in the process group (KillMode=mixed).
#
# nginx signals reference doc:
# http://nginx.org/en/docs/control.html
#
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
WantedBy=multi-user.target

603
nginx-build.sh
View File

@ -11,16 +11,17 @@
#
# Check if user is root
if [ "$(id -u)" != "0" ]; then
[ "$(id -u)" != "0" ] && {
echo "Error: You must be root to run this script, please use the root user to install the software."
exit 1
fi
}
# check if curl is installed
if [ ! -x /usr/bin/curl ]; then
apt-get install curl >>/tmp/nginx-ee.log 2>&1
fi
[ ! -x /usr/bin/curl ] && {
apt-get install curl
}>>/tmp/nginx-ee.log 2>&1
##################################
# Variables
@ -28,11 +29,8 @@ fi
NAXSI_VER=0.56
DIR_SRC=/usr/local/src
NGINX_STABLE=1.14.0
NGINX_STABLE=1.14.1
NGINX_MAINLINE=$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 1 2>&1)
if [ ! -x /usr/sbin/nginx ]; then
NGINX_CURRENT=$(nginx -v 2>&1 | awk -F "/" '{print $2}' | grep 1.15)
fi
# Colors
CSI='\033['
@ -49,32 +47,24 @@ CGREEN="${CSI}1;32m"
echo "" >/tmp/nginx-ee.log
# detect Plesk
if [ -d /etc/psa ]; then
[ -d /etc/psa ] && {
NGINX_PLESK=1
NGINX_EASYENGINE=0
NGINX_FROM_SCRATCH=0
echo "Plesk installation detected"
else
NGINX_PLESK=0
fi
}
# detect easyengine
if [ -d /etc/ee ]; then
[ -d /etc/ee ] && {
echo "EasyEngine installation detected"
NGINX_EASYENGINE=1
# detect no nginx
else
NGINX_EASYENGINE=0
fi
}
if [ ! -d /etc/psa ] && [ ! -d /etc/ee ] && [ ! -d /etc/nginx ]; then
[ ! -x /usr/sbin/nginx ] && {
NGINX_FROM_SCRATCH=1
echo "No Plesk or EasyEngine installation detected"
else
NGINX_FROM_SCRATCH=0
fi
}
@ -140,7 +130,7 @@ if [ -z $NGINX_RELEASE ]; then
done
echo ""
if [ "$PAGESPEED" = "y" ]; then
echo "Do you want to build the latest Pagespeed Beta [1] or Stable [2] Release ?"
echo "Do you prefer to build the latest Pagespeed Beta [1] or Stable [2] Release ?"
while [[ $PAGESPEED_RELEASE != "1" && $PAGESPEED_RELEASE != "2" ]]; do
read -p "Select an option [1-2]: " PAGESPEED_RELEASE
done
@ -163,26 +153,21 @@ fi
# Set nginx release and modules
##################################
if [ "$NGINX_RELEASE" = "1" ]; then
NGINX_VER=$NGINX_MAINLINE
NGX_HPACK="--with-http_v2_hpack_enc"
if [ "$RTMP" = "y" ]; then
NGINX_CC_OPT=( [index]=--with-cc-opt='-m64 -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wno-error=date-time -D_FORTIFY_SOURCE=2' )
NGX_RTMP="--add-module=/usr/local/src/nginx-rtmp-module "
else
NGINX_CC_OPT=( [index]=--with-cc-opt='-m64 -O3 -g -march=native -mtune=native -fcode-hoisting -flto -fstack-protector-strong -fuse-ld=gold -Werror=format-security -Wformat -Wimplicit-fallthrough=0 -Wno-cast-function-type -Wno-deprecated-declarations -Wno-error=strict-aliasing --param=ssp-buffer-size=4 -Wp,-D_FORTIFY_SOURCE=2' )
NGX_RTMP=""
fi
else
NGINX_VER=$NGINX_STABLE
NGX_HPACK=""
if [ "$RTMP" = "y" ]; then
NGINX_CC_OPT=( [index]=--with-cc-opt='-m64 -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wno-error=date-time -D_FORTIFY_SOURCE=2' )
NGX_RTMP="--add-module=/usr/local/src/nginx-rtmp-module "
else
NGINX_CC_OPT=( [index]=--with-cc-opt='-m64 -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' )
NGX_RTMP=""
fi
fi
if [ "$RTMP" = "y" ]; then
NGINX_CC_OPT=( [index]=--with-cc-opt='-m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -Wno-error=date-time -D_FORTIFY_SOURCE=2' )
NGX_RTMP="--add-module=/usr/local/src/nginx-rtmp-module "
else
NGINX_CC_OPT=( [index]=--with-cc-opt='-m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting -Wp,-D_FORTIFY_SOURCE=2 -gsplit-dwarf' )
NGX_RTMP=""
fi
if [ "$NAXSI" = "y" ]; then
@ -191,12 +176,11 @@ else
NGX_NAXSI=""
fi
if [ "$PAGESPEED" = "y" ]; then
if [ "$PAGESPEED_RELEASE" = "1" ]; then
NGX_PAGESPEED="--add-module=/usr/local/src/incubator-pagespeed-ngx-latest-beta "
else
NGX_PAGESPEED="--add-module=/usr/local/src/incubator-pagespeed-ngx-latest-stable "
fi
if [ "$PAGESPEED_RELEASE" = "1" ]; then
NGX_PAGESPEED="--add-module=/usr/local/src/incubator-pagespeed-ngx-latest-beta "
elif [ "$PAGESPEED_RELEASE" = "2" ]; then
NGX_PAGESPEED="--add-module=/usr/local/src/incubator-pagespeed-ngx-latest-stable "
else
NGX_PAGESPEED=""
fi
@ -210,9 +194,9 @@ echo -ne ' Installing dependencies [..]\r'
apt-get update >>/tmp/nginx-ee.log 2>&1
apt-get install -y git build-essential libtool automake autoconf zlib1g-dev \
libpcre3 libpcre3-dev libgd-dev libssl-dev libxslt1-dev libxml2-dev libgeoip-dev libjemalloc1 libjemalloc-dev \
libbz2-1.0 libreadline-dev libbz2-dev libbz2-ocaml libbz2-ocaml-dev software-properties-common sudo tar zlibc zlib1g zlib1g-dbg \
libbz2-1.0 libreadline-dev libbz2-dev libbz2-ocaml libbz2-ocaml-dev software-properties-common sudo tar zlibc zlib1g zlib1g-dbg \
libcurl4-openssl-dev libgoogle-perftools-dev libperl-dev libpam0g-dev libbsd-dev zip unzip gnupg gnupg2 pigz libluajit-5.1-common \
libluajit-5.1-dev libmhash-dev libatomic-ops-dev libexpat-dev libgmp-dev autotools-dev bc checkinstall ccache curl debhelper dh-systemd libxml2 >>/tmp/nginx-ee.log 2>&1
libluajit-5.1-dev libmhash-dev libexpat-dev libgmp-dev autotools-dev bc checkinstall ccache curl debhelper dh-systemd libxml2 >>/tmp/nginx-ee.log 2>&1
if [ $? -eq 0 ]; then
echo -ne " Installing dependencies [${CGREEN}OK${CEND}]\\r"
@ -231,23 +215,32 @@ fi
if [ "$NGINX_FROM_SCRATCH" = "1" ]; then
# clone custom nginx configuration
git clone https://github.com/VirtuBox/nginx-config.git /etc/nginx
mkdir -p /var/lib/nginx/{body,fastcgi,proxy,scgi,uwsgi}
mkdir -p /var/run/nginx-cache
mkdir -p /var/cache/nginx
chown -R www-data:root /var/lib/nginx/* /var/cache/nginx /var/run/nginx-cache
# create nginx temp directory
mkdir -p /var/lib/nginx/{body,fastcgi,proxy,scgi,uwsgi}
# create nginx cache directory
[ ! -d /var/cache/nginx ] && {
mkdir -p /var/run/nginx-cache
}
[ ! -d /var/run/nginx-cache ] && {
mkdir -p /var/run/nginx-cache
}
# set proper permissions
chown -R www-data:root /var/lib/nginx/* /var/cache/nginx /var/run/nginx-cache
# create websites directory
mkdir -p /var/www/html
{
wget -qO /var/www/html/index.nginx-debian.html https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/var/www/html/index.nginx-debian.html
wget -O /var/www/html/index.nginx-debian.html https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/var/www/html/index.nginx-debian.html
ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
if [ ! -f /etc/systemd/system/multi-user.target.wants/nginx.service ] && [ ! -f /lib/systemd/system/nginx.service ]; then
wget -qO /lib/systemd/system/nginx.service https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/etc/systemd/system/nginx.service
[ ! -f /lib/systemd/system/nginx.service ] && {
wget -O /lib/systemd/system/nginx.service https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/etc/systemd/system/nginx.service
systemctl enable nginx.service
fi
}
} >>/tmp/nginx-ee.log 2>&1
@ -261,78 +254,89 @@ fi
# Checking lsb_release package
if [ ! -x /usr/bin/lsb_release ]; then
sudo apt-get -y install lsb-release >>/tmp/nginx-ee.log 2>&1
sudo apt-get -y install lsb-release | sudo tee -a /tmp/nginx-ee.log 2>&1
fi
# install gcc-7
distro_version=$(lsb_release -sc)
{
if [ "$distro_version" == "bionic" ] && [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-bionic.list ]; then
add-apt-repository -y ppa:jonathonf/gcc
elif [ "$distro_version" == "xenial" ] && [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-xenial.list ]; then
add-apt-repository -y ppa:jonathonf/gcc
fi
apt-get update
apt-get upgrade -y
} >>/tmp/nginx-ee.log 2>&1
if [ "$NGINX_RELEASE" == "1" ] && [ "$RTMP" != "y" ]; then
if [ "$distro_version" == "bionic" ]; then
if [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-8_1-bionic.list ] && [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-bionic.list ]; then
echo -ne ' Installing gcc-8 [..]\r'
{
sudo add-apt-repository -y ppa:jonathonf/gcc-8.1
sudo add-apt-repository -y ppa:jonathonf/gcc
sudo apt-get update
sudo apt-get install gcc-8 g++-8 -y
sudo update-alternatives --remove-all gcc
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 80 --slave /usr/bin/g++ g++ /usr/bin/g++-8
} >>/tmp/nginx-ee.log 2>&1
if [ $? -eq 0 ]; then
echo -ne " Installing gcc-8 [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else
echo -e " Installing gcc-8 [${CRED}FAIL${CEND}]"
echo ""
echo "Please look at /tmp/nginx-ee.log"
echo ""
exit 1
fi
echo -ne ' Installing gcc-8 [..]\r'
{
apt-get install gcc-8 g++-8 -y
update-alternatives --remove-all gcc
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 80 --slave /usr/bin/g++ g++ /usr/bin/g++-8
} >>/tmp/nginx-ee.log 2>&1
if [ $? -eq 0 ]; then
echo -ne " Installing gcc-8 [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else
echo -e " Installing gcc-8 [${CRED}FAIL${CEND}]"
echo ""
echo "Please look at /tmp/nginx-ee.log"
echo ""
exit 1
fi
elif [ "$distro_version" == "xenial" ]; then
if [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-8_1-xenial.list ] && [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-xenial.list ]; then
echo -ne ' Installing gcc-8 [..]\r'
sudo add-apt-repository -y ppa:jonathonf/gcc-8.1
sudo add-apt-repository -y ppa:jonathonf/gcc
sudo apt-get update
sudo apt-get install gcc-8 g++-8 -y
sudo update-alternatives --remove-all gcc
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 80 --slave /usr/bin/g++ g++ /usr/bin/g++-8
if [ $? -eq 0 ]; then
echo -ne " Installing gcc-8 [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else
echo -e " Installing gcc-8 [${CRED}FAIL${CEND}]"
echo ""
echo "Please look at /tmp/nginx-ee.log"
echo ""
exit 1
fi
echo -ne ' Installing gcc-8 [..]\r'
{
add-apt-repository -y ppa:jonathonf/gcc-8.1
apt-get update
apt-get install gcc-8 g++-8 -y
update-alternatives --remove-all gcc
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 80 --slave /usr/bin/g++ g++ /usr/bin/g++-8
} >>/tmp/nginx-ee.log 2>&1
if [ $? -eq 0 ]; then
echo -ne " Installing gcc-8 [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else
echo -e " Installing gcc-8 [${CRED}FAIL${CEND}]"
echo ""
echo "Please look at /tmp/nginx-ee.log"
echo ""
exit 1
fi
fi
else
if [ "$distro_version" == "xenial" ]; then
if [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-7_1-xenial.list ] && [ ! -f /etc/apt/sources.list.d/jonathonf-ubuntu-gcc-xenial.list ]; then
echo -ne ' Installing gcc-7 [..]\r'
{
sudo add-apt-repository -y ppa:jonathonf/gcc-7.1
sudo add-apt-repository -y ppa:jonathonf/gcc
sduo apt-get update -y
sudo apt-get install gcc-7 g++-7 -y
sudo update-alternatives --remove-all gcc
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 80 --slave /usr/bin/g++ g++ /usr/bin/g++-7
} >>/tmp/nginx-ee.log 2>&1
if [ $? -eq 0 ]; then
echo -ne " Installing gcc-7 [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else
echo -e " Installing gcc-7 [${CRED}FAIL${CEND}]"
echo ""
echo "Please look at /tmp/nginx-ee.log"
echo ""
exit 1
fi
echo -ne ' Installing gcc-7 [..]\r'
{
add-apt-repository -y ppa:jonathonf/gcc-7.1
apt-get update -y
apt-get install gcc-7 g++-7 -y
update-alternatives --remove-all gcc
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 80 --slave /usr/bin/g++ g++ /usr/bin/g++-7
} >>/tmp/nginx-ee.log 2>&1
if [ $? -eq 0 ]; then
echo -ne " Installing gcc-7 [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else
echo -e " Installing gcc-7 [${CRED}FAIL${CEND}]"
echo ""
echo "Please look at /tmp/nginx-ee.log"
echo ""
exit 1
fi
fi
fi
@ -373,94 +377,97 @@ fi
# clear previous compilation archives
cd $DIR_SRC || exit
rm -rf $DIR_SRC/{*.tar.gz,nginx-1.*,ipscrubtmp,ipscrub,openssl,openssl-*,ngx_brotli,pcre,zlib}
rm -rf $DIR_SRC/{*.tar.gz,nginx-1.*,openssl,openssl-*,ngx_brotli,pcre,zlib,incubator-pagespeed-*,build_ngx_pagespeed.sh,install,ngx_http_redis*}
echo -ne ' Downloading additionals modules [..]\r'
{
# cache_purge module
if [ -d $DIR_SRC/ngx_cache_purge ]; then
{ [ -d $DIR_SRC/ngx_cache_purge ] && {
git -C $DIR_SRC/ngx_cache_purge pull origin master
else
} } || {
git clone https://github.com/FRiCKLE/ngx_cache_purge.git
fi
}
# memcached module
if [ -d $DIR_SRC/memc-nginx-module ]; then
{ [ -d $DIR_SRC/memc-nginx-module ] && {
git -C $DIR_SRC/memc-nginx-module pull origin master
else
} } || {
git clone https://github.com/openresty/memc-nginx-module.git
fi
}
# devel kit
if [ -d $DIR_SRC/ngx_devel_kit ]; then
{ [ -d $DIR_SRC/ngx_devel_kit ] && {
git -C $DIR_SRC/ngx_devel_kit pull origin master
else
} } || {
git clone https://github.com/simpl/ngx_devel_kit.git
fi
}
# headers-more module
if [ -d $DIR_SRC/headers-more-nginx-module ]; then
{ [ -d $DIR_SRC/headers-more-nginx-module ] && {
git -C $DIR_SRC/headers-more-nginx-module pull origin master
else
} } || {
git clone https://github.com/openresty/headers-more-nginx-module.git
fi
}
# echo module
if [ -d $DIR_SRC/echo-nginx-module ]; then
{ [ -d $DIR_SRC/echo-nginx-module ] && {
git -C $DIR_SRC/echo-nginx-module pull origin master
else
} } || {
git clone https://github.com/openresty/echo-nginx-module.git
fi
}
# http_substitutions_filter module
if [ -d $DIR_SRC/ngx_http_substitutions_filter_module ]; then
{ [ -d $DIR_SRC/ngx_http_substitutions_filter_module ] && {
git -C $DIR_SRC/ngx_http_substitutions_filter_module pull origin master
else
} } || {
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
fi
}
# redis2 module
if [ -d $DIR_SRC/redis2-nginx-module ]; then
{ [ -d $DIR_SRC/redis2-nginx-module ] && {
git -C $DIR_SRC/redis2-nginx-module pull origin master
else
} } || {
git clone https://github.com/openresty/redis2-nginx-module.git
fi
}
# srcache module
if [ -d $DIR_SRC/srcache-nginx-module ]; then
{ [ -d $DIR_SRC/srcache-nginx-module ] && {
git -C $DIR_SRC/srcache-nginx-module pull origin master
else
} } || {
git clone https://github.com/openresty/srcache-nginx-module.git
fi
}
# set-misc module
if [ -d $DIR_SRC/set-misc-nginx-module ]; then
{ [ -d $DIR_SRC/set-misc-nginx-module ] && {
git -C $DIR_SRC/set-misc-nginx-module pull origin master
else
} } || {
git clone https://github.com/openresty/set-misc-nginx-module.git
fi
}
# auth_pam module
if [ -d $DIR_SRC/ngx_http_auth_pam_module ]; then
{ [ -d $DIR_SRC/ngx_http_auth_pam_module ] && {
git -C $DIR_SRC/ngx_http_auth_pam_module pull origin master
else
} } || {
git clone https://github.com/sto/ngx_http_auth_pam_module.git
fi
}
# nginx-vts module
if [ -d $DIR_SRC/nginx-module-vts ]; then
{ [ -d $DIR_SRC/nginx-module-vts ] && {
git -C $DIR_SRC/nginx-module-vts pull origin master
else
} } || {
git clone https://github.com/vozlt/nginx-module-vts.git
fi
}
# http redis module
if [ ! -d $DIR_SRC/ngx_http_redis ]; then
sudo curl -sL https://people.freebsd.org/~osa/ngx_http_redis-0.3.8.tar.gz | tar zxf - -C $DIR_SRC
mv ngx_http_redis-0.3.8 ngx_http_redis
fi
sudo curl -sL https://people.freebsd.org/~osa/ngx_http_redis-0.3.8.tar.gz | tar zxf - -C $DIR_SRC
mv ngx_http_redis-0.3.8 ngx_http_redis
if [ "$RTMP" = "y" ]; then
if [ -d $DIR_SRC/nginx-rtmp-module ]; then
{ [ -d $DIR_SRC/nginx-rtmp-module ] && {
git -C $DIR_SRC/nginx-rtmp-module pull origin master
else
} } || {
git clone https://github.com/arut/nginx-rtmp-module.git
fi
}
fi
if [ $NGINX_PLESK = "0" ]; then
# ipscrub module
# ipscrub module
{ [ -d $DIR_SRC/ipscrubtmp ] && {
git -C $DIR_SRC/ipscrubtmp pull origin master
} } || {
git clone https://github.com/masonicboom/ipscrub.git ipscrubtmp
cp -rf $DIR_SRC/ipscrubtmp/ipscrub $DIR_SRC/ipscrub
fi
}
} >>/tmp/nginx-ee.log 2>&1
if [ $? -eq 0 ]; then
@ -529,7 +536,7 @@ if [ ! -x /usr/bin/pcretest ]; then
sudo make -j "$(nproc)"
sudo make install
mv -v /usr/lib/libpcre.so.* /lib
ln -sfv ../../lib/$(readlink /usr/lib/libpcre.so) /usr/lib/libpcre.so
ln -sfv ../../lib/"$(readlink /usr/lib/libpcre.so)" /usr/lib/libpcre.so
} >>/tmp/nginx-ee.log 2>&1
if [ $? -eq 0 ]; then
echo -ne " Downloading pcre [${CGREEN}OK${CEND}]\\r"
@ -544,24 +551,11 @@ if [ ! -x /usr/bin/pcretest ]; then
fi
fi
##################################
# Install Jemalloc
##################################
# touch /etc/ld.so.preload
# echo "/usr/lib/x86_64-linux-gnu/libjemalloc.so" | sudo tee --append /etc/ld.so.preload
#} >>/tmp/nginx-ee.log 2>&1
##################################
# Download ngx_broti
##################################
cd $DIR_SRC || exit
cd $DIR_SRC || exit 1
echo -ne ' Downloading brotli [..]\r'
{
@ -587,18 +581,25 @@ fi
echo -ne ' Downloading openssl [..]\r'
cd $DIR_SRC || exit
cd $DIR_SRC || exit 1
{
sudo curl -sL https://www.openssl.org/source/openssl-1.1.1.tar.gz | tar zxf - -C $DIR_SRC
curl -sL https://www.openssl.org/source/openssl-1.1.1.tar.gz | tar zxf - -C $DIR_SRC
mv openssl-1.1.1 openssl
cd $DIR_SRC/openssl || exit 1
curl https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/openssl-equal-1.1.1.patch | patch -p1
cd $DIR_SRC/openssl || exit 1
} >> /tmp/nginx-ee.log
{
# apply openssl ciphers patch
curl https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/openssl-equal-1.1.1_ciphers.patch | patch -p1
# apply patch from centminmod
curl https://raw.githubusercontent.com/centminmod/centminmod/master/patches/openssl/OpenSSL-1.1.1-reset-tls1.3-ciphers-SSL_CTX_set_ssl_version.patch | patch -p1
curl https://raw.githubusercontent.com/centminmod/centminmod/master/patches/openssl/OpenSSL-1.1.1-sni-fix-delay-sig-algs.patch | patch -p1
curl https://raw.githubusercontent.com/centminmod/centminmod/123.09beta01/patches/openssl/OpenSSL-1.1.1-fix-ocsp-memleak.patch | patch -p1
curl https://raw.githubusercontent.com/centminmod/centminmod/123.09beta01/patches/openssl/OpenSSL-1.1.1-safer-mem-cleanup.patch | patch -p1
} >>/tmp/nginx-ee.log 2>&1
if [ $? -eq 0 ]; then
echo -ne " Downloading openssl [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
@ -618,9 +619,9 @@ cd $DIR_SRC || exit 1
if [ "$NAXSI" = "y" ]; then
echo -ne ' Downloading naxsi [..]\r'
{
if [ -d $DIR_SRC/naxsi ]; then
[ -d $DIR_SRC/naxsi ] && {
rm -rf $DIR_SRC/naxsi
fi
}
curl -sL https://github.com/nbs-system/naxsi/archive/$NAXSI_VER.tar.gz | tar zxf - -C $DIR_SRC
mv naxsi-$NAXSI_VER naxsi
} >>/tmp/nginx-ee.log 2>&1
@ -647,7 +648,7 @@ if [ "$PAGESPEED" = "y" ]; then
echo -ne ' Downloading pagespeed [..]\r'
{
rm -rf incubator-pagespeed-* build_ngx_pagespeed.sh install
rm -rf
wget -qO build_ngx_pagespeed.sh https://raw.githubusercontent.com/pagespeed/ngx_pagespeed/master/scripts/build_ngx_pagespeed.sh
chmod +x build_ngx_pagespeed.sh
if [ "$PAGESPEED_RELEASE" = "1" ]; then
@ -675,9 +676,9 @@ fi
cd $DIR_SRC || exit 1
echo -ne ' Downloading nginx [..]\r'
if [ -d $DIR_SRC/nginx ]; then
[ -d $DIR_SRC/nginx ] && {
rm -rf $DIR_SRC/nginx
fi
}
{
curl -sL http://nginx.org/download/nginx-${NGINX_VER}.tar.gz | tar zxf - -C $DIR_SRC
mv nginx-${NGINX_VER} nginx
@ -702,15 +703,15 @@ fi
echo -ne ' Applying nginx patches [..]\r'
if [ $NGINX_RELEASE = "1" ]; then
{
curl -s https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_1.15.5%2B.patch | patch -p1
curl -s https://raw.githubusercontent.com/centminmod/centminmod/123.09beta01/patches/cloudflare/nginx-1.15.3_http2-hpack.patch | patch -p1
curl -s https://raw.githubusercontent.com/kn007/patch/master/nginx_auto_using_PRIORITIZE_CHACHA.patch | patch -p1
}>>/tmp/nginx-ee.log 2>&1
if [ "$NGINX_RELEASE" = "1" ]; then
curl -s https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_1.15.5%2B.patch | patch -p1
curl -s https://raw.githubusercontent.com/centminmod/centminmod/123.09beta01/patches/cloudflare/nginx-1.15.3_http2-hpack.patch | patch -p1
curl -s https://raw.githubusercontent.com/kn007/patch/master/nginx_auto_using_PRIORITIZE_CHACHA.patch | patch -p1
#wget -qO nginx__dynamic_tls_records.patch https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_1.15.5%2B.patch >>/tmp/nginx-ee.log 2>&1
else
curl -s https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_1.13.0%2B.patch | patch -p1 >>/tmp/nginx-ee.log 2>&1
curl -s https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_1.13.0%2B.patch | patch -p1
fi
#patch -p1 <nginx__dynamic_tls_records.patch >>/tmp/nginx-ee.log 2>&1
@ -731,71 +732,86 @@ fi
echo -ne ' Configuring nginx [..]\r'
if [[ "$distro_version" == "xenial" || "$distro_version" == "bionic" ]]; then
if [[ "$NGINX_RELEASE" == "1" && "$RTMP" != "y" ]]; then
export CC="/usr/bin/gcc-8"
export CXX="/usr/bin/gc++-8"
else
export CC="/usr/bin/gcc-7"
export CXX="/usr/bin/gc++-7"
fi
if [[ "$NGINX_RELEASE" == "1" && "$RTMP" != "y" ]]; then
export CC="/usr/bin/gcc-8"
export CXX="/usr/bin/gc++-8"
else
export CC="/usr/bin/gcc-7"
export CXX="/usr/bin/gc++-7"
fi
NGINX_BUILD_OPTIONS="--prefix=/usr/share \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--lock-path=/var/lock/nginx.lock \
--pid-path=/var/run/nginx.pid \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--modules-path=/usr/share/nginx/modules"
NGINX_PLESK_BUILD="--prefix=/usr/share \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--lock-path=/var/lock/nginx.lock \
--pid-path=/var/run/nginx.pid \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--modules-path=/usr/share/nginx/modules"
NGINX_INCLUDED_MODULES="--without-http_uwsgi_module \
--without-mail_imap_module \
--without-mail_pop3_module \
--without-mail_smtp_module \
--with-pcre-jit \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_auth_request_module \
--with-http_addition_module \
--with-http_geoip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module \
--with-http_v2_module \
--with-http_mp4_module \
--with-http_sub_module \
--with-file-aio \
--with-threads"
NGINX_THIRD_MODULES="--with-zlib=/usr/local/src/zlib \
--add-module=/usr/local/src/ngx_cache_purge \
--add-module=/usr/local/src/headers-more-nginx-module \
--add-module=/usr/local/src/memc-nginx-module \
--add-module=/usr/local/src/ngx_devel_kit \
--add-module=/usr/local/src/ngx_brotli \
--add-module=/usr/local/src/echo-nginx-module \
--add-module=/usr/local/src/ngx_http_substitutions_filter_module \
--add-module=/usr/local/src/redis2-nginx-module \
--add-module=/usr/local/src/srcache-nginx-module \
--add-module=/usr/local/src/set-misc-nginx-module \
--add-module=/usr/local/src/ngx_http_redis \
--add-module=/usr/local/src/ngx_http_auth_pam_module \
--add-module=/usr/local/src/nginx-module-vts \
--add-module=/usr/local/src/ipscrubtmp/ipscrub"
if [ "$NGINX_PLESK" = "0" ]; then
./configure \
${NGX_NAXSI} \
"${NGINX_CC_OPT[@]}" \
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' \
--prefix=/usr/share \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--lock-path=/var/lock/nginx.lock \
--pid-path=/var/run/nginx.pid \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--modules-path=/usr/share/nginx/modules \
${NGINX_BUILD_OPTIONS} \
--build='VirtuBox Nginx-ee' \
--without-http_uwsgi_module \
--without-mail_imap_module \
--without-http_browser_module \
--without-http_split_clients_module \
--without-http_ssi_module \
--without-http_userid_module \
--without-mail_pop3_module \
--without-mail_smtp_module \
--with-pcre-jit \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_auth_request_module \
--with-http_addition_module \
${NGX_HPACK} \
--with-http_geoip_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module \
--with-http_v2_module \
--with-http_sub_module \
--with-file-aio \
--with-threads \
--with-zlib=/usr/local/src/zlib \
--add-module=/usr/local/src/ngx_cache_purge \
--add-module=/usr/local/src/headers-more-nginx-module \
--add-module=/usr/local/src/memc-nginx-module \
--add-module=/usr/local/src/ngx_devel_kit \
--add-module=/usr/local/src/ngx_brotli \
--add-module=/usr/local/src/echo-nginx-module \
--add-module=/usr/local/src/ngx_http_substitutions_filter_module \
--add-module=/usr/local/src/redis2-nginx-module \
--add-module=/usr/local/src/srcache-nginx-module \
--add-module=/usr/local/src/set-misc-nginx-module \
--add-module=/usr/local/src/ngx_http_redis \
--add-module=/usr/local/src/ipscrub \
--add-module=/usr/local/src/ngx_http_auth_pam_module \
--add-module=/usr/local/src/nginx-module-vts \
${NGINX_INCLUDED_MODULES} \
${NGINX_THIRD_MODULES} \
${NGX_HPACK}
${NGX_PAGESPEED} \
${NGX_RTMP} \
--with-openssl=/usr/local/src/openssl \
@ -808,57 +824,12 @@ else
${NGX_NAXSI} \
"${NGINX_CC_OPT[@]}" \
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' \
--prefix=/usr/share \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--lock-path=/var/lock/nginx.lock \
--pid-path=/var/run/nginx.pid \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--modules-path=/usr/share/nginx/modules \
${NGINX_PLESK_BUILD} \
--build='VirtuBox Nginx-ee' \
--without-http_uwsgi_module \
--without-mail_imap_module \
--without-http_browser_module \
--without-http_split_clients_module \
--without-http_ssi_module \
--without-http_userid_module \
--without-mail_pop3_module \
--without-mail_smtp_module \
--user=nginx \
--group=nginx \
--with-pcre-jit \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_dav_module \
--with-http_realip_module \
--with-http_auth_request_module \
--with-http_addition_module \
${NGX_HPACK} \
--with-http_geoip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module \
--with-http_v2_module \
--with-http_sub_module \
--with-file-aio \
--with-threads \
--add-module=/usr/local/src/ngx_cache_purge \
--add-module=/usr/local/src/headers-more-nginx-module \
--add-module=/usr/local/src/memc-nginx-module \
--add-module=/usr/local/src/ngx_devel_kit \
--add-module=/usr/local/src/echo-nginx-module \
--add-module=/usr/local/src/ngx_http_substitutions_filter_module \
--add-module=/usr/local/src/redis2-nginx-module \
--add-module=/usr/local/src/srcache-nginx-module \
--add-module=/usr/local/src/set-misc-nginx-module \
--add-module=/usr/local/src/ngx_http_redis \
--add-module=/usr/local/src/ngx_brotli \
--add-module=/usr/local/src/ngx_http_auth_pam_module \
--add-module=/usr/local/src/nginx-module-vts \
${NGINX_INCLUDED_MODULES} \
${NGINX_THIRD_MODULES} \
${NGX_PAGESPEED} \
${NGX_RTMP} \
--with-openssl=/usr/local/src/openssl \
@ -905,36 +876,44 @@ fi
# Perform final tasks
##################################
if [ $NGINX_PLESK = "1" ]; then
[ ! -f /etc/apt/preferences.d/nginx-block ] && {
if [ $NGINX_PLESK = "1" ]; then
{
# block sw-nginx package updates from APT repository
echo -e 'Package: sw-nginx*\nPin: release *\nPin-Priority: -1' > /etc/apt/preferences.d/nginx-block
apt-mark unhold sw-nginx
} >> /tmp/nginx-ee.log
else
# block sw-nginx package updates from APT repository
apt-mark hold sw-nginx >>/tmp/nginx-ee.log 2>&1
elif [ $NGINX_EASYENGINE = "1" ]; then
{
# replace old TLS v1.3 ciphers suite
sed -i 's/TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256/TLS13+AESGCM+AES128/' /etc/nginx/nginx.conf
apt-mark hold nginx-ee nginx-common
{
sed -i 's/TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256/TLS13+AESGCM+AES128/' /etc/nginx/nginx.conf
} >>/tmp/nginx-ee.log 2>&1
fi
echo -e 'Package: nginx*\nPin: release *\nPin-Priority: -1' > /etc/apt/preferences.d/nginx-block
apt-mark unhold nginx-ee nginx-common
} >> /tmp/nginx-ee.log
fi
}
systemctl unmask nginx.service
systemctl enable nginx.service
systemctl start nginx.service
rm /etc/nginx/{*.default,*.dpkg-dist} > /dev/null 2>&1
{
systemctl unmask nginx
systemctl enable nginx
} >>/tmp/nginx-ee.log 2>&1
echo -ne ' Checking nginx configuration [..]\r'
# check if nginx -t do not return errors
VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed)
if [ -z "$VERIFY_NGINX_CONFIG" ]; then
{
systemctl stop nginx
systemctl start nginx
} >>/tmp/nginx-ee.log 2>&1
# {
#systemctl stop nginx
#systemctl start nginx
# } >>/tmp/nginx-ee.log 2>&1
echo -ne " Checking nginx configuration [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else