Skip to content

Instantly share code, notes, and snippets.

@Linkaan
Forked from MattWilcox/build_nginx.sh
Last active March 15, 2017 13:45
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save Linkaan/1d25a2e5f5fa64715705 to your computer and use it in GitHub Desktop.
Save Linkaan/1d25a2e5f5fa64715705 to your computer and use it in GitHub Desktop.
Fetch, build, and install the latest nginx with the latest OpenSSL for RaspberryPi
#!/usr/bin/env bash
# URLs to the source directories
export SOURCE_OPENSSL=https://www.openssl.org/source/
export SOURCE_PCRE=ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
export SOURCE_NGINX=http://nginx.org/download/
# ensure that we have the required software to compile our own nginx
apt-get -y install curl wget build-essential
# automatically grabs the latest versions of each package
export VERSION_PCRE=$(curl -l $SOURCE_PCRE 2>/dev/null | grep -Po 'pcre-\d+\.\d+\.tar\.gz$' | sort | tail -1)
export VERSION_OPENSSL=$(curl -l $SOURCE_OPENSSL 2>/dev/null | grep -Po 'openssl-\d+\.\d+\.\d+[a-z]\.tar\.gz$' | sort | tail -1)
export VERSION_NGINX=nginx-$(curl $SOURCE_NGINX 2>/dev/null | grep -Po 'href="nginx-\K[0-9]+\.[0-9]+\.[0-9]+' | sort -t. -rn -k1,1 -k2,2 -k3,3 | head -1).tar.gz
# make a 'today' variable for use in back-up filenames later
today=$(date +"%Y-%m-%d")
# clean out any files from previous runs of this script
rm -rf build
rm -rf /etc/nginx-default
mkdir build
# grab the source files
wget -P ./build $SOURCE_PCRE$VERSION_PCRE
wget -P ./build $SOURCE_OPENSSL$VERSION_OPENSSL --no-check-certificate
wget -P ./build $SOURCE_NGINX$VERSION_NGINX
# expand the source files
cd build
tar xzf $VERSION_NGINX.tar.gz
tar xzf $VERSION_OPENSSL.tar.gz
tar xzf $VERSION_PCRE.tar.gz
cd ../
# set where OpenSSL and nginx will be built
export BPATH=$(pwd)/build
export STATICLIBSSL="$BPATH/staticlibssl"
# build static openssl
cd $BPATH/$VERSION_OPENSSL
rm -rf "$STATICLIBSSL"
mkdir "$STATICLIBSSL"
make clean
./config --prefix=$STATICLIBSSL no-shared enable-ec_nistp_64_gcc_128 \
&& make depend \
&& make \
&& make install_sw
# rename the existing /etc/nginx directory so it's saved as a back-up
mv /etc/nginx /etc/nginx-$today
# build nginx, with various modules included/excluded
cd $BPATH/$VERSION_NGINX
mkdir -p $BPATH/nginx
./configure --with-cc-opt="-I $STATICLIBSSL/include -I/usr/include" \
--with-ld-opt="-L $STATICLIBSSL/lib -Wl,-rpath -lssl -lcrypto -ldl -lz" \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-pcre=$BPATH/$VERSION_PCRE \
--with-http_ssl_module \
--with-http_spdy_module \
--with-file-aio \
--with-ipv6 \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--without-mail_pop3_module \
--without-mail_smtp_module \
--without-mail_imap_module \
&& make && make install
# rename the compiled 'default' /etc/nginx directory so its accessible as a reference to the new nginx defaults
mv /etc/nginx /etc/nginx-default
# now restore the previous version of /etc/nginx to /etc/nginx so the old settings are kept
mv /etc/nginx-$today /etc/nginx
echo "All done.";
echo "This build has not edited your existing /etc/nginx directory.";
echo "If things aren't working now you may need to refer to the";
echo "configuration files the new nginx ships with as defaults,";
echo "which are available at /etc/nginx-default";
@mniehe
Copy link

mniehe commented Nov 2, 2015

Line 65 needs to be replaced with --with-http_v2_module \ since the newest version of nginx no longer supports spdy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment