Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
nginx_boringssl_tls1.3
#!/bin/bash
set -ex
NGINX_VERSION="1.15.3"
BUILDROOT="/home/yee/ng"
sudo add-apt-repository ppa:gophers/archive
sudo apt update
sudo apt install -y build-essential uuid-dev dpkg-dev unzip cmake make
sudo apt install golang-1.10-go
export PATH=/usr/lib/go-1.10/bin:$PATH
mkdir -p $BUILDROOT && cd $BUILDROOT
# BoringSSL
git clone https://boringssl.googlesource.com/boringssl
cd boringssl
mkdir build && cd build
cmake -DCMAKE_BUILD_TYPE=Release ..
make
cd ..
mkdir -p .openssl/lib && cd .openssl && ln -s ../include .
cd ..
cp build/crypto/libcrypto.a build/ssl/libssl.a .openssl/lib
cd ..
mkdir -p "$BUILDROOT/nginx" && cd $BUILDROOT/nginx
curl -L -O https://nginx.org/keys/nginx_signing.key
sudo apt-key add nginx_signing.key
curl -L -O "http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz"
tar xzf "nginx-$NGINX_VERSION.tar.gz"
# Nginx
cd "$BUILDROOT"
curl http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz | tar -xz
cd "nginx-$NGINX_VERSION"
sudo ./configure --prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/run/nginx.pid \
--with-threads \
--with-file-aio \
--without-select_module \
--without-poll_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-openssl=../boringssl
touch ../boringssl/.openssl/include/openssl/ssl.h
sudo make && sudo make install
# Systemd
sudo -s
cat >/lib/systemd/system/nginx.service <<EOL
[Unit]
Description=NGINX
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/usr/bin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOL
exit
sudo systemctl unmask nginx.service
sudo systemctl enable nginx.service
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.