Instantly share code, notes, and snippets.

Embed
What would you like to do?
nginx_boringssl_tls1.3
#!/bin/bash
set -ex
NGINX_VERSION="1.15.3"
BUILDROOT="/home/yee/ng"
sudo add-apt-repository ppa:gophers/archive
sudo apt update
sudo apt install -y build-essential uuid-dev dpkg-dev unzip cmake make
sudo apt install golang-1.10-go
export PATH=/usr/lib/go-1.10/bin:$PATH
mkdir -p $BUILDROOT && cd $BUILDROOT
# BoringSSL
git clone https://boringssl.googlesource.com/boringssl
cd boringssl
mkdir build && cd build
cmake -DCMAKE_BUILD_TYPE=Release ..
make
cd ..
mkdir -p .openssl/lib && cd .openssl && ln -s ../include .
cd ..
cp build/crypto/libcrypto.a build/ssl/libssl.a .openssl/lib
cd ..
mkdir -p "$BUILDROOT/nginx" && cd $BUILDROOT/nginx
curl -L -O https://nginx.org/keys/nginx_signing.key
sudo apt-key add nginx_signing.key
curl -L -O "http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz"
tar xzf "nginx-$NGINX_VERSION.tar.gz"
# Nginx
cd "$BUILDROOT"
curl http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz | tar -xz
cd "nginx-$NGINX_VERSION"
sudo ./configure --prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/run/nginx.pid \
--with-threads \
--with-file-aio \
--without-select_module \
--without-poll_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-openssl=../boringssl
touch ../boringssl/.openssl/include/openssl/ssl.h
sudo make && sudo make install
# Systemd
sudo -s
cat >/lib/systemd/system/nginx.service <<EOL
[Unit]
Description=NGINX
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/usr/bin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOL
exit
sudo systemctl unmask nginx.service
sudo systemctl enable nginx.service
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment