Skip to content

Instantly share code, notes, and snippets.

@JoeUX
Forked from tollmanz/compile-nginx.sh
Last active March 5, 2022 18:36
Show Gist options
  • Save JoeUX/ae339373eea94fdaac65f9a842026e06 to your computer and use it in GitHub Desktop.
Save JoeUX/ae339373eea94fdaac65f9a842026e06 to your computer and use it in GitHub Desktop.
Optimized nginx compilation flags for modern CPUs, faster math, and LTO. This should be much faster than vanilla nginx builds. Still testing.
# Install dependencies
#
# * checkinstall: package the .deb
# * libpcre3, libpcre3-dev: required for HTTP rewrite module
# * zlib1g zlib1g-dbg zlib1g-dev: required for HTTP gzip module
apt-get install checkinstall libpcre3 libpcre3-dev zlib1g zlib1g-dbg zlib1g-dev && \
mkdir -p ~/sources/ && \
# Compile against OpenSSL to enable NPN. I updated this block to get the latest 1.0.2h release. It's critical that OpenSSL be up to date.
cd ~/sources && \
wget https://www.openssl.org/source/openssl-1.0.2h.tar.gz && \
tar -xzvf openssl-1.0.2h.tar.gz && \
# Download the Cache Purge module
cd ~/sources/ && \
git clone https://github.com/FRiCKLE/ngx_cache_purge.git && \
cd ~/sources && \
# Download PageSpeed – Ignore this section for now. Pagespeed might not be worth the hassle. Still testing.
# cd ~/sources && \
# wget https://github.com/pagespeed/ngx_pagespeed/archive/v1.11.33.2-beta.tar.gz && \
# tar -xzvf v1.11.33.2-beta.tar.gz && \
# cd ngx_pagespeed-1.7.30.4-beta && \
# wget https://dl.google.com/dl/page-speed/psol/1.7.30.4.tar.gz && \
# tar -xzvf 1.7.30.4.tar.gz && \
# Get the Nginx source. Updated this block to get latest 1.11.3 release.
cd ~/sources/ && \
wget http://nginx.org/download/nginx-1.11.3.tar.gz && \
tar zxf nginx-1.11.3.tar.gz && \
cd nginx-1.11.3 && \
# Configure nginx.
#
# This is based on the default package in Debian. Additional flags have
# been added:
#
# * --with-debug: adds helpful logs for debugging
# * --with-openssl=$HOME/sources/openssl-1.0.1e: compile against newer version
# of openssl
# * --with-http_spdy_module: include the SPDY module
./configure --prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=www-data \
--group=www-data \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-file-aio \
--with-cc-opt='-g -O2 -march=westmere -flto -funsafe-math-optimizations -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' \
--with-ld-opt='-Wl,-z,relro -Wl,--as-needed' \
--with-ipv6 \
--with-debug \
--with-openssl=$HOME/sources/openssl-1.0.2h \
# --add-module=$HOME/sources/ngx_pagespeed-1.7.30.4-beta \
--add-module=$HOME/sources/ngx_cache_purge && \
# Make the package.
make && \
# Create a .deb package.
#
# Instead of running `make install`, create a .deb and install from there. This
# allows you to easily uninstall the package if there are issues.
checkinstall --install=no -y && \
# Install the package.
dpkg -i nginx_1.11.3-1_amd64.deb
@xwiz
Copy link

xwiz commented Jul 14, 2020

Any benchmarks?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment