-
-
Save zucht/93361af30818add945b2 to your computer and use it in GitHub Desktop.
add brotli support
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # names of latest versions of each package | |
| export VERSION_PCRE=pcre-8.43 | |
| export VERSION_OPENSSL=openssl-1.1.1c | |
| export VERSION_LIBMAXMINDDB=1.3.2 | |
| export VERSION_NGINX=nginx-1.17.1 | |
| export VERSION_NGX_HEADERS_MORE=0.33 | |
| export VERSION_NGX_GEOIP2=3.2 | |
| # URLs to the source directories for each package | |
| export SOURCE_PCRE=ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ | |
| export SOURCE_OPENSSL=https://www.openssl.org/source/ | |
| export SOURCE_LIBMAXMINDDB=https://github.com/maxmind/libmaxminddb/releases/download/$VERSION_LIBMAXMINDDB/ | |
| export SOURCE_NGINX=http://nginx.org/download/ | |
| export SOURCE_NGX_HEADERS_MORE=https://github.com/openresty/headers-more-nginx-module/archive/ | |
| export SOURCE_NGX_GEOIP2=https://github.com/leev/ngx_http_geoip2_module/archive/ | |
| # clean out any files from previous runs of this script | |
| rm -rf build | |
| mkdir build | |
| # ensure that we have the required software to compile our own nginx | |
| apt-get -y install curl wget build-essential | |
| # grab the source files | |
| wget -P ./build $SOURCE_PCRE$VERSION_PCRE.tar.gz | |
| wget -P ./build $SOURCE_OPENSSL$VERSION_OPENSSL.tar.gz --no-check-certificate | |
| wget -P ./build $SOURCE_LIBMAXMINDDB'libmaxminddb-'$VERSION_LIBMAXMINDDB.tar.gz | |
| wget -P ./build $SOURCE_NGINX$VERSION_NGINX.tar.gz | |
| wget -P ./build $SOURCE_NGX_HEADERS_MORE'v'$VERSION_NGX_HEADERS_MORE.tar.gz | |
| wget -P ./build $SOURCE_NGX_GEOIP2$VERSION_NGX_GEOIP2.tar.gz | |
| # expand the source files | |
| cd build | |
| tar xzf $VERSION_PCRE.tar.gz | |
| tar xzf $VERSION_OPENSSL.tar.gz | |
| tar xzf 'libmaxminddb-'$VERSION_LIBMAXMINDDB.tar.gz | |
| tar xzf $VERSION_NGINX.tar.gz | |
| tar xzf 'v'$VERSION_NGX_HEADERS_MORE.tar.gz | |
| tar xzf $VERSION_NGX_GEOIP2.tar.gz | |
| cd ../ | |
| # set where OpenSSL and nginx will be built | |
| export BPATH=$(pwd)/build | |
| export STATICLIBSSL="$BPATH/staticlibssl" | |
| # build static openssl | |
| cd $BPATH/$VERSION_OPENSSL | |
| rm -rf "$STATICLIBSSL" | |
| mkdir "$STATICLIBSSL" | |
| make clean | |
| ./config --prefix=$STATICLIBSSL enable-tls1_3 no-shared no-ssl3 no-idea \ | |
| && make depend -j4\ | |
| && make -j4\ | |
| && make install_sw -j4 | |
| # build libmaxminddb | |
| cd $BPATH/'libmaxminddb-'$VERSION_LIBMAXMINDDB | |
| ./configure \ | |
| && make -j4 \ | |
| && make check -j4 \ | |
| && make install -j4 \ | |
| && ldconfig | |
| # remove the old default nginx config directories generated by previous runs of this script | |
| rm -rf /etc/nginx-default | |
| # remove the legacy back-up config created by previous runs of this script | |
| rm -rf /etc/nginx-bk-legacy | |
| # make the current 'backup' nginx config the legacy backup config | |
| mv /etc/nginx-bk /etc/nginx-bk-legacy | |
| # stop nginx server | |
| /etc/init.d/nginx stop | |
| # make the current live nginx the new back-up nginx | |
| mv /etc/nginx /etc/nginx-bk | |
| # build nginx, with various modules included/excluded | |
| cd $BPATH/$VERSION_NGINX | |
| mkdir -p $BPATH/nginx | |
| ./configure --with-cc-opt="-I $STATICLIBSSL/include -I/usr/include" \ | |
| --with-ld-opt="-L $STATICLIBSSL/lib -Wl,-rpath -lssl -lcrypto -ldl -lz" \ | |
| --sbin-path=/usr/sbin/nginx \ | |
| --conf-path=/etc/nginx/nginx.conf \ | |
| --pid-path=/var/run/nginx.pid \ | |
| --error-log-path=/var/log/nginx/error.log \ | |
| --http-log-path=/var/log/nginx/access.log \ | |
| --with-pcre=$BPATH/$VERSION_PCRE \ | |
| --with-http_ssl_module \ | |
| --with-http_v2_module \ | |
| --with-file-aio \ | |
| --with-ipv6 \ | |
| --with-http_gzip_static_module \ | |
| --with-http_stub_status_module \ | |
| --with-http_geoip_module \ | |
| --with-openssl=$BPATH/$VERSION_OPENSSL \ | |
| --with-openssl-opt=enable-tls1_3 \ | |
| --without-mail_pop3_module \ | |
| --without-mail_smtp_module \ | |
| --without-mail_imap_module \ | |
| --add-module=$BPATH/headers-more-nginx-module-$VERSION_NGX_HEADERS_MORE \ | |
| --add-module=$BPATH/ngx_http_geoip2_module-$VERSION_NGX_GEOIP2 \ | |
| --add-module=/opt/ngx_brotli \ | |
| && make -j4 && make install -j4 | |
| # rename the compiled default /etc/nginx directory so its accessible as a reference to the new nginx defaults | |
| mv /etc/nginx /etc/nginx-default | |
| # now restore /etc/nginx-bk to /etc/nginx so the old configuration is kept | |
| mv /etc/nginx-bk /etc/nginx | |
| # start nginx server | |
| /etc/init.d/nginx start | |
| echo "All done."; | |
| echo "This build has not edited your existing /etc/nginx directory."; | |
| echo "If things aren't working now you may need to refer to the"; | |
| echo "configuration files the new nginx ships with as defaults,"; | |
| echo "which are available at /etc/nginx-default"; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment