|# names of latest versions of each package|
|# URLs to the source directories|
|# make a 'today' variable for use in back-up filenames later|
|# clean out any files from previous runs of this script|
|rm -rf build|
|rm -rf /etc/nginx-default|
|# ensure that we have the required software to compile our own nginx|
|apt-get -y install curl wget build-essential|
|# grab the source files|
|wget -P ./build $SOURCE_PCRE$VERSION_PCRE.tar.gz|
|wget -P ./build $SOURCE_OPENSSL$VERSION_OPENSSL.tar.gz --no-check-certificate|
|wget -P ./build $SOURCE_NGINX$VERSION_NGINX.tar.gz|
|# expand the source files|
|tar xzf $VERSION_NGINX.tar.gz|
|tar xzf $VERSION_OPENSSL.tar.gz|
|tar xzf $VERSION_PCRE.tar.gz|
|# set where OpenSSL and nginx will be built|
|# build static openssl|
|rm -rf "$STATICLIBSSL"|
|./config --prefix=$STATICLIBSSL no-shared \|
|&& make depend \|
|&& make \|
|&& make install_sw|
|# rename the existing /etc/nginx directory so it's saved as a back-up|
|mv /etc/nginx /etc/nginx-$today|
|# build nginx, with various modules included/excluded|
|mkdir -p $BPATH/nginx|
|./configure --with-cc-opt="-I $STATICLIBSSL/include -I/usr/include" \|
|--with-ld-opt="-L $STATICLIBSSL/lib -Wl,-rpath -lssl -lcrypto -ldl -lz" \|
|&& make && make install|
|# rename the compiled 'default' /etc/nginx directory so its accessible as a reference to the new nginx defaults|
|mv /etc/nginx /etc/nginx-default|
|# now restore the previous version of /etc/nginx to /etc/nginx so the old settings are kept|
|mv /etc/nginx-$today /etc/nginx|
|echo "All done.";|
|echo "This build has not edited your existing /etc/nginx directory.";|
|echo "If things aren't working now you may need to refer to the";|
|echo "configuration files the new nginx ships with as defaults,";|
|echo "which are available at /etc/nginx-default";|
what exactly does the option
Any suggestions? I'm using Debain Wheezy with gcc version 4.6.3 (Debian 4.6.3-14)
Hmm, that's interesting: Are you trying this on a Raspberry Pi running Raspbian? Or have you got Debian Wheezy installed on the Pi?
I've tried this on Raspbian on the Pi without issue, and I've tried this on Debian Wheezy running on a Linode, again without problem.
It sounds like you've got Debian running on your Pi though, which is a configuration I've not tested, and which might well throw up problems - from what I know, Debian is not best suited to the processor that the Pi uses (It's an older ARM processor, not an x86 processor). Which is one reason why Raspbian came into being in the first place; it's Debian, fettled to work nicely on Pi hardware.
I'm not sure what to suggest to get that issue fixed for you, I'm not overly familiar with the intricacies of OpenSSL nor the Pi itself, but you could try removing the option entirely (I think it's just an option to give a faster end result (using 64bit code) rather than anything of a functional change; see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698447 )
I had the same problem with the enable-ec_nistp_64_gcc_128 option. I used the latest (2014-01-07) Raspbian Image (http://www.raspberrypi.org/downloads/) an not the noobs method as Matt described in his post. Maybe that makes a difference.
According to http://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options the enable-ec_nistp_64_gcc_128 option should only be enabled on x64 systems. I believe Raspberry does not qualify for that just yet.
I'm facing issues with the script... Honestly, I don't know what to do here... It seems that when it's trying to compile nginx, it fails somehow... Any clues?
ecp_nistp224.c:574:2: warning: right shift count >= width of type [enabled by default] ecp_nistp224.c:577:2: warning: right shift count >= width of type [enabled by default] <builtin>: recipe for target 'ecp_nistp224.o' failed make: *** [ecp_nistp224.o] Error 1 make: Leaving directory '/home/pi/Install/nginx/build/openssl-1.0.1i/crypto/ec' Makefile:91: recipe for target 'subdirs' failed make: *** [subdirs] Error 1 make: Leaving directory '/home/pi/Install/nginx/build/openssl-1.0.1i/crypto' Makefile:278: recipe for target 'build_crypto' failed make: *** [build_crypto] Error 1 checking for OS + Linux 3.12.28+ armv6l checking for C compiler ... found + using GNU C compiler + gcc version: 4.6.3 (Debian 4.6.3-14+rpi1) checking for gcc -pipe switch ... found checking for --with-ld-opt="-L /home/pi/Install/nginx/build/staticlibssl/lib -Wl,-rpath -lssl -lcrypto -ldl -lz" ... not found ./configure: error: the invalid value in --with-ld-opt="-L /home/pi/Install/nginx/build/staticlibssl/lib -Wl,-rpath -lssl -lcrypto -ldl -lz" mv: cannot stat `/etc/nginx': No such file or directory All done. This build has not edited your existing /etc/nginx directory. If things aren't working now you may need to refer to the configuration files the new nginx ships with as defaults, which are available at /etc/nginx-default root@raspberrypi:/home/pi/Install/nginx#
Hi Toborrow: looks like you're running the script without having read the accompanying blog post - this script is expecting /etc/nginx to already exist because it's expecting to have had the apt-get version installed (and then removed) in the past. I did it that way so that a few init scripts and behaviours are set up for you. Have a look through https://mattwilcox.net/archives/setting-up-a-recent-version-of-nginx-with-https-and-spdy-support-on-a-raspberry-pi/ and hopefully that should help.
The error is not a missing /etc/nginx (the script moved it before calling configure on nginx), configure is failing. The problem is related to the linker options given to configure, hence the './configure: error: ' line. In my case, a 64bit zlib was missing from my system.
I would suggest running the configure line from the script directly in the shell removing options till you find which one is causing the error.
The stat on /etc/nginx fails because 'make install' called after configure did not run due to configure erroring out.
The script moves /etc/nginx back when finishing so it is there after the script completes.
@MattWilcox, thanks for the blog post, I didn't read it in the first place, mainly because I landed on this Gist right from my google query... I'll have a look!
@rgyger, I'll try that and keep you informed if this solved my issue, thanks!
Can confirm problems with enable-ec_nistp_64_gcc_128 when compiling openssl.
ecp_nistp224.c:43:3: error: unknown type name ‘__uint128_t’
Running Raspbian Debian Wheezy December 2014
Hi, thanks for the script. Here my changes which are necessary on Bananian (version: 15.01 (released 2015-01-11))
I'm new to all this, but I've followed the instructions. Fresh install on Raspbian on Pi 2, ran sudo apt-get install nginx and then once installed ran sudo apt-get remove nginx
It seems to run ok, and once it's complete I get the basic webpage. But, if I run nginx -v on my Pi, it still shows the version of 1.2.1. I'm not sure what I've done wrong. Is this the same for you?
Just wanted to let you know, I tried the script on my brand new Raspberry Pi2 and it works like a charm (without any edits though, instead of my try on RPi1).
Thanks for the help!
@Zucht doing a sudo apt-get install libssl-dev and running the script again meant that when I run nginx -v now, I get 1.7.9. but if I run an openssl version command, I still get 1.0.1e.
Is this correct? Does the script build nginx with the new version of openssl but not replace the version found on the Pi?
EDIT: I too had to remove the "enable-ec_nistp_64_gcc_128" option as it kept failing.
@bkev - The script makes a version of openssl for nginx to use, but does not replace the system one. If you're worried about security, the system ones will usually have security patches applied but still be based on an older version of OpennSSL. That's why some packages in the repositories have stuff like 'deb10.1' or similar appended to the actual software version.
Trying this with the new 2015-09-24-raspbian-jessie.img on Rasp Pi 2. Getting a compile error in crypto. I'm not strong in this area, so a suggestion is welcome.
Also, Nginx 1.9.5 no longer supports SPDY. You either need to use the new HTTP/2, or fall back to Ngnix 1.9.4. Info on Nginx HTTP/2: http://nginx.org/en/docs/http/ngx_http_v2_module.html
The script only provides OpenSSL for compiling into Nginx. It does not install the new OpenSSL into the system. Read the Mar 21 comment by MattWilcox above.
With the seg fault I posted above during creation of the OpenSSL files, I grabbed the OpenSSL 1.0.2d directory created on a Wheezy version of Raspbian and inserted it into the "build" directory on Jessie and modded the script to use it. Seems to have worked, but I don't know what monster I might have created. I'm going to try it again fresh in a couple of days.
@habovh I ran into the same problem when trying this script on Ubuntu as you did:
It seems like something changed with Debian 8, and the 'enable-ec_nistp_64_gcc_128' option on line 45 now causes a failure when configuring the crypto. I have removed this from the script and it now compiles correctly. Tested on a Pi2 with Jessie based Raspbian.
If anyone knows a better solution, I'd be all ears - it's a performance enhancement flag that the Pi would benefit from.
Sorry to chime in as well, but I too was wondering where exactly the updated versions of OpenSSL and PCRE are actually playing their part.
First off, thanks for this script. I'm not sure how or if it's possible to send pull requests to Gists so I wanted to let you know about some changes I made to my fork you may want to add in. You won't want to include all my changes because I added some modules not everyone will want, but some of my other updates may be useful:
Feel free to take or not take any of those changes from my fork.
@noplanman you're not seeing the updated versions of OpenSSL and PCRE in
PCRE 8.38 is not working anymore, 8.39 is though. (https://gist.github.com/wouterds/f676815659147a262cf77e41c704419f)