Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Fetch, build, and install the latest nginx with the latest OpenSSL for RaspberryPi
#!/usr/bin/env bash
# URLs to the source directories
export SOURCE_OPENSSL=https://www.openssl.org/source/
export SOURCE_PCRE=ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
export SOURCE_NGINX=http://nginx.org/download/
# ensure that we have the required software to compile our own nginx
apt-get -y install curl wget build-essential
# automatically grabs the latest versions of each package
export VERSION_PCRE=$(curl -l $SOURCE_PCRE 2>/dev/null | grep -Po 'pcre-\d+\.\d+\.tar\.gz$' | sort | tail -1)
export VERSION_OPENSSL=$(curl -l $SOURCE_OPENSSL 2>/dev/null | grep -Po 'openssl-\d+\.\d+\.\d+[a-z]\.tar\.gz$' | sort | tail -1)
export VERSION_NGINX=nginx-$(curl $SOURCE_NGINX 2>/dev/null | grep -Po 'href="nginx-\K[0-9]+\.[0-9]+\.[0-9]+' | sort -t. -rn -k1,1 -k2,2 -k3,3 | head -1).tar.gz
# make a 'today' variable for use in back-up filenames later
today=$(date +"%Y-%m-%d")
# clean out any files from previous runs of this script
rm -rf build
rm -rf /etc/nginx-default
mkdir build
# grab the source files
wget -P ./build $SOURCE_PCRE$VERSION_PCRE
wget -P ./build $SOURCE_OPENSSL$VERSION_OPENSSL --no-check-certificate
wget -P ./build $SOURCE_NGINX$VERSION_NGINX
# expand the source files
cd build
tar xzf $VERSION_NGINX.tar.gz
tar xzf $VERSION_OPENSSL.tar.gz
tar xzf $VERSION_PCRE.tar.gz
cd ../
# set where OpenSSL and nginx will be built
export BPATH=$(pwd)/build
export STATICLIBSSL="$BPATH/staticlibssl"
# build static openssl
cd $BPATH/$VERSION_OPENSSL
rm -rf "$STATICLIBSSL"
mkdir "$STATICLIBSSL"
make clean
./config --prefix=$STATICLIBSSL no-shared enable-ec_nistp_64_gcc_128 \
&& make depend \
&& make \
&& make install_sw
# rename the existing /etc/nginx directory so it's saved as a back-up
mv /etc/nginx /etc/nginx-$today
# build nginx, with various modules included/excluded
cd $BPATH/$VERSION_NGINX
mkdir -p $BPATH/nginx
./configure --with-cc-opt="-I $STATICLIBSSL/include -I/usr/include" \
--with-ld-opt="-L $STATICLIBSSL/lib -Wl,-rpath -lssl -lcrypto -ldl -lz" \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-pcre=$BPATH/$VERSION_PCRE \
--with-http_ssl_module \
--with-http_spdy_module \
--with-file-aio \
--with-ipv6 \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--without-mail_pop3_module \
--without-mail_smtp_module \
--without-mail_imap_module \
&& make && make install
# rename the compiled 'default' /etc/nginx directory so its accessible as a reference to the new nginx defaults
mv /etc/nginx /etc/nginx-default
# now restore the previous version of /etc/nginx to /etc/nginx so the old settings are kept
mv /etc/nginx-$today /etc/nginx
echo "All done.";
echo "This build has not edited your existing /etc/nginx directory.";
echo "If things aren't working now you may need to refer to the";
echo "configuration files the new nginx ships with as defaults,";
echo "which are available at /etc/nginx-default";
@mniehe

This comment has been minimized.

Copy link

mniehe commented Nov 2, 2015

Line 65 needs to be replaced with --with-http_v2_module \ since the newest version of nginx no longer supports spdy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.