diff --git a/nginx/build.sh b/nginx/build.sh index 3fe8078..dae0846 100644 --- a/nginx/build.sh +++ b/nginx/build.sh @@ -1,14 +1,309 @@ #!/bin/bash -apt-get install -y build-essential libtool automake autoconf zlib1g-dev libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgd2-xpm-dev libgeoip-dev libgoogle-perftools-dev libperl-dev -cd /usr/local/src -wget http://nginx.org/download/nginx-1.13.5.tar.gz -tar -xzvf nginx-1.13.5.tar.gz -mv nginx-1.13.5 nginx +# Colors +CSI="\033[" +CEND="${CSI}0m" +CRED="${CSI}1;31m" +CGREEN="${CSI}1;32m" + +# Check root access +if [[ "$EUID" -ne 0 ]]; then + echo -e "${CRED}Sorry, you need to run this as root${CEND}" + exit 1 +fi + +# releases +NGINX_VER=1.13.6 +LIBRESSL_VER=2.6.2 +OPENSSL_VER=1.1.0f +NPS_VER=1.12.34.3 +HEADERMOD_VER=0.32 + +# Clear log files +echo "" > /tmp/plesk-nginx-autoinstall-output.log +echo "" > /tmp/plesk-nginx-autoinstall-error.log + +clear +echo "" +echo "Welcome to the plesk-nginx-autoinstall script." +echo "" +echo "What do you want to do?" +echo " 1) Install or update Nginx" +echo " 2) Update the script" +echo " 3) Exit" +echo "" +while [[ $OPTION != "1" && $OPTION != "2" && $OPTION != "3" ]]; do + read -p "Select an option [1-3]: " OPTION +done +case $OPTION in + 1) + echo "This script will install Nginx ${NGINX_VER} (mainline) with some optional modules." + echo "" + echo "Please tell me which modules you want to install." + echo "If you select none, Nginx will be installed with its default modules." + echo "" + echo "Modules to install :" + while [[ $PAGESPEED != "y" && $PAGESPEED != "n" ]]; do + read -p " PageSpeed $NPS_VER [y/n]: " -e PAGESPEED + done + while [[ $BROTLI != "y" && $BROTLI != "n" ]]; do + read -p " Brotli [y/n]: " -e BROTLI + done + while [[ $HEADERMOD != "y" && $HEADERMOD != "n" ]]; do + read -p " Headers More $HEADERMOD_VER [y/n]: " -e HEADERMOD + done + while [[ $GEOIP != "y" && $GEOIP != "n" ]]; do + read -p " GeoIP [y/n]: " -e GEOIP + done + while [[ $TCP != "y" && $TCP != "n" ]]; do + read -p " Cloudflare's TLS Dynamic Record Resizing patch [y/n]: " -e TCP + done + + # Dependencies + echo -ne " Installing dependencies [..]\r" + apt-get update 2>> /tmp/plesk-nginx-autoinstall-error.log 1>> /tmp/plesk-nginx-autoinstall-output.log + apt-get install build-essential libtool automake autoconf zlib1g-dev libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgd2-xpm-dev libgeoip-dev libgoogle-perftools-dev libperl-dev -y 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + + if [ $? -eq 0 ]; then + echo -ne " Installing dependencies [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Installing dependencies [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + + # PageSpeed + if [[ "$PAGESPEED" = 'y' ]]; then + cd /usr/local/src + # Cleaning up in case of update + rm -r ngx_pagespeed-*-stable 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + # Download and extract of PageSpeed module + echo -ne " Downloading ngx_pagespeed [..]\r" + wget https://github.com/pagespeed/ngx_pagespeed/archive/v${NPS_VER}-stable.zip 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + unzip v${NPS_VER}-stable.zip 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + rm v${NPS_VER}-stable.zip + cd ngx_pagespeed-${NPS_VER}-stable + psol_url=https://dl.google.com/dl/page-speed/psol/${NPS_VERSION}.tar.gz + [ -e scripts/format_binary_url.sh ] && psol_url=$(scripts/format_binary_url.sh PSOL_BINARY_URL) + wget ${psol_url} 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + tar -xzvf $(basename ${psol_url}) 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + rm $(basename ${psol_url}) + + if [ $? -eq 0 ]; then + echo -ne " Downloading ngx_pagespeed [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Downloading ngx_pagespeed [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + fi + #Brotli + if [[ "$BROTLI" = 'y' ]]; then + cd /usr/local/src + # Cleaning up in case of update + rm -r libbrotli 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + # libbrolti is needed for the ngx_brotli module + # libbrotli download + echo -ne " Downloading libbrotli [..]\r" + git clone https://github.com/bagder/libbrotli 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + + if [ $? -eq 0 ]; then + echo -ne " Downloading libbrotli [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Downloading libbrotli [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + + cd libbrotli + echo -ne " Configuring libbrotli [..]\r" + ./autogen.sh 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + ./configure 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + + if [ $? -eq 0 ]; then + echo -ne " Configuring libbrotli [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Configuring libbrotli [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + + echo -ne " Compiling libbrotli [..]\r" + make -j $(nproc) 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + + if [ $? -eq 0 ]; then + echo -ne " Compiling libbrotli [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Compiling libbrotli [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + + # libbrotli install + echo -ne " Installing libbrotli [..]\r" + make install 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + + if [ $? -eq 0 ]; then + echo -ne " Installing libbrotli [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Installing libbrotli [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + + # Linking libraries to avoid errors + ldconfig 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + # ngx_brotli module download + cd /usr/local/src + rm -r ngx_brotli 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + echo -ne " Downloading ngx_brotli [..]\r" + git clone https://github.com/google/ngx_brotli 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + cd ngx_brotli + git submodule update --init 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + + if [ $? -eq 0 ]; then + echo -ne " Downloading ngx_brotli [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Downloading ngx_brotli [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + fi + + # More Headers + if [[ "$HEADERMOD" = 'y' ]]; then + cd /usr/local/src + # Cleaning up in case of update + rm -r headers-more-nginx-module-* 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + echo -ne " Downloading ngx_headers_more [..]\r" + wget https://github.com/openresty/headers-more-nginx-module/archive/v${HEADERMOD_VER}.tar.gz 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + tar xaf v${HEADERMOD_VER}.tar.gz + rm v${HEADERMOD_VER}.tar.gz + + if [ $? -eq 0 ]; then + echo -ne " Downloading ngx_headers_more [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Downloading ngx_headers_more [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + fi + + # GeoIP + if [[ "$GEOIP" = 'y' ]]; then + # Dependence + apt-get install libgeoip-dev -y 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + cd /usr/local/src + # Cleaning up in case of update + rm -r geoip-db 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + mkdir geoip-db + cd geoip-db + echo -ne " Downloading GeoIP databases [..]\r" + wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + gunzip GeoIP.dat.gz + gunzip GeoLiteCity.dat.gz + mv GeoIP.dat GeoIP-Country.dat + mv GeoLiteCity.dat GeoIP-City.dat + + if [ $? -eq 0 ]; then + echo -ne " Downloading GeoIP databases [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Downloading GeoIP databases [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + fi + + # OpenSSL + if [[ "$OPENSSL" = 'y' ]]; then + cd /usr/local/src + # Cleaning up in case of update + rm -r openssl-* 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + # OpenSSL download + echo -ne " Downloading OpenSSL [..]\r" + wget https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + tar xaf openssl-${OPENSSL_VER}.tar.gz + rm openssl-${OPENSSL_VER}.tar.gz + cd openssl-${OPENSSL_VER} + if [ $? -eq 0 ]; then + echo -ne " Downloading OpenSSL [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Downloading OpenSSL [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + + echo -ne " Configuring OpenSSL [..]\r" + ./config 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + + if [ $? -eq 0 ]; then + echo -ne " Configuring OpenSSL [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Configuring OpenSSL [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + fi + + # Cleaning up in case of update + rm -r /usr/local/src/nginx-* 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + # Download and extract of Nginx source code + cd /usr/local/src/ + echo -ne " Downloading Nginx [..]\r" + wget -qO- http://nginx.org/download/nginx-${NGINX_VER}.tar.gz | tar zxf - + mv nginx-${NGINX_VER} nginx + cd nginx + + if [ $? -eq 0 ]; then + echo -ne " Downloading Nginx [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Downloading Nginx [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + + # other modules +cd /usr/local/src git clone https://github.com/FRiCKLE/ngx_cache_purge.git git clone https://github.com/openresty/memc-nginx-module.git git clone https://github.com/simpl/ngx_devel_kit.git -git clone https://github.com/openresty/headers-more-nginx-module.git git clone https://github.com/openresty/echo-nginx-module.git git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git git clone https://github.com/openresty/redis2-nginx-module.git @@ -20,6 +315,166 @@ wget https://people.freebsd.org/~osa/ngx_http_redis-0.3.8.tar.gz tar -zxf ngx_http_redis-0.3.8.tar.gz mv ngx_http_redis-0.3.8 ngx_http_redis + # Modules configuration + # Common configuration +NGINX_OPTIONS=" + --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' \ + --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' \ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --lock-path=/var/lock/nginx.lock \ + --pid-path=/var/run/nginx.pid \ + --http-client-body-temp-path=/var/lib/nginx/body \ + --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ + --http-proxy-temp-path=/var/lib/nginx/proxy \ + --http-scgi-temp-path=/var/lib/nginx/scgi \ + --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ + --user=nginx \ + --group=nginx" + + NGINX_MODULES="--with-debug \ + --with-pcre-jit \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_realip_module \ + --with-http_auth_request_module \ + --with-http_addition_module \ + --with-http_geoip_module \ + --with-http_gzip_static_module \ + --with-http_image_filter_module \ + --with-http_v2_module \ + --with-http_sub_module \ + --with-http_xslt_module \ + --with-threads + --add-module=/usr/local/src/ngx_cache_purge \ + --add-module=/usr/local/src/memc-nginx-module \ + --add-module=/usr/local/src/ngx_devel_kit \ + --add-module=/usr/local/src/echo-nginx-module \ + --add-module=/usr/local/src/ngx_http_substitutions_filter_module \ + --add-module=/usr/local/src/redis2-nginx-module \ + --add-module=/usr/local/src/srcache-nginx-module \ + --add-module=/usr/local/src/set-misc-nginx-module \ + --add-module=/usr/local/src/ngx_http_redis \ + --with-openssl=/usr/local/src/openssl \ + --with-openssl-opt=enable-tls1_3" + # PageSpeed + if [[ "$PAGESPEED" = 'y' ]]; then + NGINX_MODULES=$(echo $NGINX_MODULES; echo "--add-module=/usr/local/src/ngx_pagespeed-${NPS_VER}-stable") + fi + # Brotli + if [[ "$BROTLI" = 'y' ]]; then + NGINX_MODULES=$(echo $NGINX_MODULES; echo "--add-module=/usr/local/src/ngx_brotli") + fi + # More Headers + if [[ "$HEADERMOD" = 'y' ]]; then + NGINX_MODULES=$(echo $NGINX_MODULES; echo "--add-module=/usr/local/src/headers-more-nginx-module-${HEADERMOD_VER}") + fi + # GeoIP + if [[ "$GEOIP" = 'y' ]]; then + NGINX_MODULES=$(echo $NGINX_MODULES; echo "--with-http_geoip_module") + fi + # Cloudflare's TLS Dynamic Record Resizing patch + if [[ "$TCP" = 'y' ]]; then + echo -ne " TLS Dynamic Records support [..]\r" + wget https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/nginx__1.11.5_dynamic_tls_records.patch 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + patch -p1 < nginx__1.11.5_dynamic_tls_records.patch 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + + if [ $? -eq 0 ]; then + echo -ne " TLS Dynamic Records support [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " TLS Dynamic Records support [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + fi + # We configure Nginx + echo -ne " Configuring Nginx [..]\r" + ./configure $NGINX_OPTIONS $NGINX_MODULES 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + + if [ $? -eq 0 ]; then + echo -ne " Configuring Nginx [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Configuring Nginx [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + # Then we compile + echo -ne " Compiling Nginx [..]\r" + make -j $(nproc) 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + + if [ $? -eq 0 ]; then + echo -ne " Compiling Nginx [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Compiling Nginx [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + # Then we install \o/ + echo -ne " Installing Nginx [..]\r" + make install 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + + # remove debugging symbols + strip -s /usr/sbin/nginx + + if [ $? -eq 0 ]; then + echo -ne " Installing Nginx [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Installing Nginx [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + # Restart Nginx + echo -ne " Restarting Nginx [..]\r" + sudo systemctl unmask sw-nginx + sudo systemctl enable nginx + systemctl restart nginx 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + + if [ $? -eq 0 ]; then + echo -ne " Restarting Nginx [${CGREEN}OK${CEND}]\r" + echo -ne "\n" + else + echo -e " Restarting Nginx [${CRED}FAIL${CEND}]" + echo "" + echo "Please look /tmp/nginx-autoinstall-error.log" + echo "" + exit 1 + fi + + # We're done ! + echo "" + echo -e " ${CGREEN}Installation successful !${CEND}" + echo "" + exit + ;; + 3) # Update the script + wget https://raw.githubusercontent.com/Angristan/nginx-autoinstall/master/nginx-autoinstall.sh -O nginx-autoinstall.sh 2>> /tmp/nginx-autoinstall-error.log 1>> /tmp/nginx-autoinstall-output.log + chmod +x nginx-autoinstall.sh + echo "" + echo -e "${CGREEN}Update succcessful !${CEND}" + sleep 2 + ./nginx-autoinstall.sh + exit + ;; + 4) # Exit + exit + ;; + + git clone https://github.com/google/ngx_brotli.git cd ngx_brotli git submodule update --init --recursive @@ -78,16 +533,13 @@ patch -p1 < nginx__dynamic_tls_records_1.11.5*.patch --with-openssl=/usr/local/src/openssl \ --with-openssl-opt=enable-tls1_3 -make -j $(nproc) -make install -wget -O /etc/systemd/system/multi-user.target.wants/nginx.service https://git.virtubox.net/virtubox/plesk-script/raw/master/nginx/nginx.service -sudo systemctl unmask sw-nginx + sudo systemctl enable nginx sudo systemctl start nginx -wget -O /etc/nginx/nginx.conf https://git.virtubox.net/virtubox/plesk-onyx-config/raw/master/etc/nginx/nginx.conf -wget -O /etc/nginx/conf.d/ssl.conf https://git.virtubox.net/virtubox/plesk-onyx-config/raw/master/etc/nginx/conf.d/ssl.conf +wget -O /etc/nginx/nginx.conf https://raw.githubusercontent.com/VirtuBox/plesk-nginx/master/etc/nginx/nginx.conf +wget -O /etc/nginx/conf.d/ssl.conf https://raw.githubusercontent.com/VirtuBox/plesk-nginx/master/etc/nginx/conf.d/ssl.conf nginx -t && service nginx reload sudo systemctl restart nginx