Instantly share code, notes, and snippets.

Embed
What would you like to do?
Compiling Nginx with LibreSSL (and http2)
#!/usr/bin/env bash
# names of latest versions of each package
export NGINX_VERSION=1.15.3
export VERSION_NGINX=nginx-$NGINX_VERSION
export VERSION_LIBRESSL=libressl-2.7.4
export VERSION_PCRE=pcre-8.42
#export NPS_VERSION=1.9.32.10
#export VERSION_PAGESPEED=v${NPS_VERSION}-beta
# URLs to the source directories
export SOURCE_LIBRESSL=https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
export SOURCE_PCRE=ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
export SOURCE_NGINX=http://nginx.org/download/
#export SOURCE_RTMP=https://github.com/arut/nginx-rtmp-module.git
#export SOURCE_PAGESPEED=https://github.com/pagespeed/ngx_pagespeed/archive/
# clean out any files from previous runs of this script
rm -rf build
mkdir build
# proc for building faster
NB_PROC=$(grep -c ^processor /proc/cpuinfo)
# ensure that we have the required software to compile our own nginx
sudo apt-get -y install curl wget build-essential libgd-dev libgeoip-dev checkinstall git
# grab the source files
echo "Download sources"
wget -P ./build $SOURCE_PCRE$VERSION_PCRE.tar.gz
wget -P ./build $SOURCE_LIBRESSL$VERSION_LIBRESSL.tar.gz
wget -P ./build $SOURCE_NGINX$VERSION_NGINX.tar.gz
#wget -P ./build $SOURCE_PAGESPEED$VERSION_PAGESPEED.tar.gz
#wget -P ./build https://dl.google.com/dl/page-speed/psol/${NPS_VERSION}.tar.gz
git clone $SOURCE_RTMP ./build/rtmp
# expand the source files
echo "Extract Packages"
cd build
tar xzf $VERSION_NGINX.tar.gz
tar xzf $VERSION_LIBRESSL.tar.gz
tar xzf $VERSION_PCRE.tar.gz
#tar xzf $VERSION_PAGESPEED.tar.gz
#tar xzf ${NPS_VERSION}.tar.gz -C ngx_pagespeed-${NPS_VERSION}-beta
cd ../
# set where LibreSSL and nginx will be built
export BPATH=$(pwd)/build
export STATICLIBSSL=$BPATH/$VERSION_LIBRESSL
# build static LibreSSL
echo "Configure & Build LibreSSL"
cd $STATICLIBSSL
./configure LDFLAGS=-lrt --prefix=${STATICLIBSSL}/.openssl/ && make install-strip -j $NB_PROC
# build nginx, with various modules included/excluded
echo "Configure & Build Nginx"
cd $BPATH/$VERSION_NGINX
#echo "Download and apply path"
#wget -q -O - $NGINX_PATH | patch -p0
mkdir -p $BPATH/nginx
./configure --with-openssl=$STATICLIBSSL \
--with-ld-opt="-lrt" \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-pcre=$BPATH/$VERSION_PCRE \
--with-http_ssl_module \
--with-http_v2_module \
--with-file-aio \
--with-ipv6 \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--without-mail_pop3_module \
--without-mail_smtp_module \
--without-mail_imap_module \
--with-http_image_filter_module \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-debug \
--with-pcre-jit \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_auth_request_module \
--with-http_addition_module \
--with-http_geoip_module \
--with-http_gzip_static_module
# --add-module=$BPATH/rtmp
#--add-module=$BPATH/ngx_pagespeed-${NPS_VERSION}-beta
touch $STATICLIBSSL/.openssl/include/openssl/ssl.h
make -j $NB_PROC && sudo checkinstall --pkgname="nginx-libressl" --pkgversion="$NGINX_VERSION" \
--provides="nginx" --requires="libc6, libpcre3, zlib1g" --strip=yes \
--stripso=yes --backup=yes -y --install=yes
echo "All done.";
echo "This build has not edited your existing /etc/nginx directory.";
echo "If things aren't working now you may need to refer to the";
echo "configuration files the new nginx ships with as defaults,";
echo "which are available at /etc/nginx-default";
@partounian

This comment has been minimized.

Show comment
Hide comment
@partounian

partounian Sep 26, 2016

Out of curiousity, why did you stop compiling with PageSpeed? Also isn't there a way of checking for the newest version versus manually typing in the newest versions?

partounian commented Sep 26, 2016

Out of curiousity, why did you stop compiling with PageSpeed? Also isn't there a way of checking for the newest version versus manually typing in the newest versions?

@Belphemur

This comment has been minimized.

Show comment
Hide comment
@Belphemur

Belphemur Oct 8, 2016

@partounian: I stopped using it because it wasn't compatible with HTTP2.
I haven't tried since.

Owner

Belphemur commented Oct 8, 2016

@partounian: I stopped using it because it wasn't compatible with HTTP2.
I haven't tried since.

@nicka101

This comment has been minimized.

Show comment
Hide comment
@nicka101

nicka101 May 22, 2017

Just built mainline 1.13.0 with http2 support and latest-stable pagespeed, it required a couple of modification to the build script so I could use the latest-stable tagged archive but seems to work fine with HTTP2 and pagespeed is working fine, just FYI

nicka101 commented May 22, 2017

Just built mainline 1.13.0 with http2 support and latest-stable pagespeed, it required a couple of modification to the build script so I could use the latest-stable tagged archive but seems to work fine with HTTP2 and pagespeed is working fine, just FYI

@concatime

This comment has been minimized.

Show comment
Hide comment
@concatime

concatime Jul 16, 2017

Hi. What's the main purpose of `--with-ld-opt="-lrt"'? I know it's for realtime library, but what happens if I omit it?

concatime commented Jul 16, 2017

Hi. What's the main purpose of `--with-ld-opt="-lrt"'? I know it's for realtime library, but what happens if I omit it?

@nshtg

This comment has been minimized.

Show comment
Hide comment
@nshtg

nshtg Sep 21, 2017

Thanks for your script! I am curious why you are doing this:

touch $STATICLIBSSL/.openssl/include/openssl/ssl.h

nginx 1.13.5 is building perfectly fine without it. I don't even need to ./configure LibreSSL manually:

https://gist.github.com/nshtg/059b2db767cbc92bc566085100e662f6

nshtg commented Sep 21, 2017

Thanks for your script! I am curious why you are doing this:

touch $STATICLIBSSL/.openssl/include/openssl/ssl.h

nginx 1.13.5 is building perfectly fine without it. I don't even need to ./configure LibreSSL manually:

https://gist.github.com/nshtg/059b2db767cbc92bc566085100e662f6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment