Instantly share code, notes, and snippets.

What would you like to do?
Compiling Nginx with LibreSSL (and http2)
#!/usr/bin/env bash
# names of latest versions of each package
export NGINX_VERSION=1.15.5
export VERSION_LIBRESSL=libressl-2.8.1
export VERSION_PCRE=pcre-8.42
#export NPS_VERSION=
# URLs to the source directories
#export SOURCE_RTMP=
# clean out any files from previous runs of this script
rm -rf build
mkdir build
# proc for building faster
NB_PROC=$(grep -c ^processor /proc/cpuinfo)
# ensure that we have the required software to compile our own nginx
sudo apt-get -y install curl wget build-essential libgd-dev libgeoip-dev checkinstall git
# grab the source files
echo "Download sources"
wget -P ./build $SOURCE_PCRE$VERSION_PCRE.tar.gz
wget -P ./build $SOURCE_NGINX$VERSION_NGINX.tar.gz
#wget -P ./build${NPS_VERSION}.tar.gz
git clone $SOURCE_RTMP ./build/rtmp
# expand the source files
echo "Extract Packages"
cd build
tar xzf $VERSION_NGINX.tar.gz
tar xzf $VERSION_LIBRESSL.tar.gz
tar xzf $VERSION_PCRE.tar.gz
#tar xzf $VERSION_PAGESPEED.tar.gz
#tar xzf ${NPS_VERSION}.tar.gz -C ngx_pagespeed-${NPS_VERSION}-beta
cd ../
# set where LibreSSL and nginx will be built
export BPATH=$(pwd)/build
# build static LibreSSL
echo "Configure & Build LibreSSL"
./configure LDFLAGS=-lrt --prefix=${STATICLIBSSL}/.openssl/ && make install-strip -j $NB_PROC
# build nginx, with various modules included/excluded
echo "Configure & Build Nginx"
#echo "Download and apply path"
#wget -q -O - $NGINX_PATH | patch -p0
mkdir -p $BPATH/nginx
./configure --with-openssl=$STATICLIBSSL \
--with-ld-opt="-lrt" \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-pcre=$BPATH/$VERSION_PCRE \
--with-http_ssl_module \
--with-http_v2_module \
--with-file-aio \
--with-ipv6 \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--without-mail_pop3_module \
--without-mail_smtp_module \
--without-mail_imap_module \
--with-http_image_filter_module \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/ \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-debug \
--with-pcre-jit \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_auth_request_module \
--with-http_addition_module \
--with-http_geoip_module \
# --add-module=$BPATH/rtmp
touch $STATICLIBSSL/.openssl/include/openssl/ssl.h
make -j $NB_PROC && sudo checkinstall --pkgname="nginx-libressl" --pkgversion="$NGINX_VERSION" \
--provides="nginx" --requires="libc6, libpcre3, zlib1g" --strip=yes \
--stripso=yes --backup=yes -y --install=yes
echo "All done.";
echo "This build has not edited your existing /etc/nginx directory.";
echo "If things aren't working now you may need to refer to the";
echo "configuration files the new nginx ships with as defaults,";
echo "which are available at /etc/nginx-default";

This comment has been minimized.

partounian commented Sep 26, 2016

Out of curiousity, why did you stop compiling with PageSpeed? Also isn't there a way of checking for the newest version versus manually typing in the newest versions?


This comment has been minimized.


Belphemur commented Oct 8, 2016

@partounian: I stopped using it because it wasn't compatible with HTTP2.
I haven't tried since.


This comment has been minimized.

nicka101 commented May 22, 2017

Just built mainline 1.13.0 with http2 support and latest-stable pagespeed, it required a couple of modification to the build script so I could use the latest-stable tagged archive but seems to work fine with HTTP2 and pagespeed is working fine, just FYI


This comment has been minimized.

concatime commented Jul 16, 2017

Hi. What's the main purpose of `--with-ld-opt="-lrt"'? I know it's for realtime library, but what happens if I omit it?


This comment has been minimized.

nshtg commented Sep 21, 2017

Thanks for your script! I am curious why you are doing this:

touch $STATICLIBSSL/.openssl/include/openssl/ssl.h

nginx 1.13.5 is building perfectly fine without it. I don't even need to ./configure LibreSSL manually:


This comment has been minimized.

petecooper commented Oct 9, 2018

@Belphemur -- you have a couple of duplicate build options:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment