-
-
Save rom3r4/9ab70f77cad9223b8296 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Script to install/upgrade Nginx(Naxsi,PageSpeed,PCRE) from sources on CentOS 6 | |
| # | |
| # Author: Duc Hieu - 12/2014. | |
| # Base System: CentOS release 6.6 (Final) | |
| # License: MIT | |
| # | |
| # Syntax: # sh nginx_install.sh | |
| # | |
| VERSION="1.0.0" | |
| ############################## | |
| # Nginx version to install | |
| # Use LEGACY, STABLE or DEV | |
| # - LEGACY or STABLE for a production server | |
| # - DEV for testing only | |
| VERSION_TO_INSTALL="STABLE" | |
| # NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX | |
| # Install Naxsi module? | |
| # - TRUE: Yes install it | |
| # - FALSE: Do not install it | |
| WITH_NAXSI="TRUE" | |
| # Analyze and optimize your website with PageSpeed tools to implement the web performance best practices. | |
| # Install PageSpeed module? | |
| # - TRUE: Yes install it | |
| # - FALSE: Do not install it | |
| WITH_PAGESPEED="TRUE" | |
| # PCRE - Perl Compatible Regular Expressions | |
| # Install PCRE module? | |
| # - TRUE: Yes install it | |
| # - FALSE: Do not install it | |
| WITH_PCRE="TRUE" | |
| ############################## | |
| # Current Nginx version | |
| # http://nginx.org/en/download.html | |
| NGINX_LEGACY_VERSION="1.4.7" | |
| NGINX_STABLE_VERSION="1.6.2" | |
| NGINX_DEV_VERSION="1.7.8" | |
| # PageSpeed version | |
| # https://github.com/pagespeed/ngx_pagespeed/releases | |
| PAGESPEED_VERSION="1.9.32.2-beta" | |
| PAGESPEED_PSOL_VERSION="1.9.32.2" | |
| PAGESPEED_CACHE_DIR="/tmp/ngx_pagespeed_cache" | |
| # PCRE version | |
| # ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ | |
| PCRE_VERSION="8.36" | |
| # Functions | |
| #----------------------------------------------------------------------------- | |
| displaymessage() { | |
| echo "$*" | |
| } | |
| displaytitle() { | |
| displaymessage "------------------------------------------------------------------------------" | |
| displaymessage "$*" | |
| displaymessage "------------------------------------------------------------------------------" | |
| } | |
| displayerror() { | |
| displaymessage "$*" >&2 | |
| } | |
| # First parameter: ERROR CODE | |
| # Second parameter: MESSAGE | |
| displayerrorandexit() { | |
| local exitcode=$1 | |
| shift | |
| displayerror "$*" | |
| exit $exitcode | |
| } | |
| # First parameter: MESSAGE | |
| # Others parameters: COMMAND (! not |) | |
| displayandexec() { | |
| local message=$1 | |
| echo -n "[In Progress] $message" | |
| shift | |
| echo ">>> $*" >> $LOG_FILE 2>&1 | |
| sh -c "$*" >> $LOG_FILE 2>&1 | |
| local ret=$? | |
| if [ $ret -ne 0 ]; then | |
| echo -e "\r\e[0;31m [ERROR]\e[0m $message" | |
| else | |
| echo -e "\r\e[0;32m [OK]\e[0m $message" | |
| fi | |
| return $ret | |
| } | |
| ######################## | |
| # Check Install or Upgrade | |
| TAGINSTALL=0 | |
| if [ -x /usr/sbin/nginx ] | |
| then | |
| # Upgrade | |
| TAGINSTALL=0 | |
| # Check user nginx exists | |
| ret=false | |
| getent passwd $1 >/dev/null 2>&1 && ret=true | |
| if $ret; then | |
| echo "Yes, the user nginx exists" | |
| else | |
| echo "No, the user nginx does not exist" | |
| displayandexec "Creat user nginx" useradd nginx | |
| displayandexec "Set user nginx nologin" usermod -s /sbin/nologin nginx | |
| fi | |
| else | |
| # Install | |
| TAGINSTALL=1 | |
| displayandexec "Creat user nginx" useradd nginx | |
| displayandexec "Set user nginx nologin" usermod -s /sbin/nologin nginx | |
| fi | |
| ######################## | |
| # Nginx configuration | |
| NGINX_DEPS="" | |
| NGINX_OPTIONS="--user=nginx --group=nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --http-log-path=/var/log/nginx/access.log" | |
| NGINX_MODULES="--with-http_dav_module --http-client-body-temp-path=/var/lib/nginx/body --with-http_ssl_module --http-proxy-temp-path=/var/lib/nginx/proxy --with-http_stub_status_module --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --with-http_flv_module --with-http_realip_module --with-http_mp4_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_secure_link_module --with-file-aio --with-ipv6 --with-http_addition_module" | |
| # NGINX_MODULES="--with-http_dav_module --http-client-body-temp-path=/var/lib/nginx/body --with-http_ssl_module --http-proxy-temp-path=/var/lib/nginx/proxy --with-http_stub_status_module --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --with-http_flv_module --with-http_realip_module --with-http_mp4_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_secure_link_module" | |
| if [[ $VERSION_TO_INSTALL == "LEGACY" ]]; then | |
| # The LEGACY version | |
| NGINX_VERSION=$NGINX_LEGACY_VERSION | |
| NGINX_DEPS=$NGINX_DEPS" php5-apc" | |
| elif [[ $VERSION_TO_INSTALL == "STABLE" ]]; then | |
| # The STABLE version | |
| NGINX_VERSION=$NGINX_STABLE_VERSION | |
| elif [[ $VERSION_TO_INSTALL == "DEV" ]]; then | |
| # The DEV version | |
| NGINX_VERSION=$NGINX_DEV_VERSION | |
| else | |
| displayerrorandexit 1 "Error: VERSION_TO_INSTALL should be set to LEGACY, STABLE or DEV... Exit..." | |
| fi | |
| if [[ $WITH_NAXSI == "TRUE" ]]; then | |
| # Add Naxsi module | |
| NGINX_MODULES=$NGINX_MODULES" --add-module=../naxsi-master/naxsi_src/" | |
| fi | |
| if [[ $WITH_PAGESPEED == "TRUE" ]]; then | |
| # Add PageSpeed module | |
| NGINX_MODULES=$NGINX_MODULES" --add-module=../ngx_pagespeed-release-"$PAGESPEED_VERSION | |
| fi | |
| if [[ $WITH_PCRE == "TRUE" ]]; then | |
| # Add PCRE module | |
| NGINX_MODULES=$NGINX_MODULES" --with-pcre=../pcre-"$PCRE_VERSION" --with-pcre-jit" | |
| fi | |
| displaytitle "Installation of Nginx $NGINX_VERSION ($VERSION_TO_INSTALL)" | |
| if [[ $NGINX_DEPS != "" ]]; then | |
| displaymessage "Packages needed: $NGINX_DEPS" | |
| fi | |
| displaymessage "Options: $NGINX_OPTIONS" | |
| displaymessage "Modules: $NGINX_MODULES" | |
| ############################## | |
| # Variables globales | |
| #------------------- | |
| # Download dependencies for this script | |
| # yum install unzip wget | |
| YUM="yum -y" | |
| WGET="wget --no-check-certificate" | |
| UNZIP="unzip" | |
| DATE=`date +"%Y%m%d%H%M%S"` | |
| LOG_FILE="/tmp/nginx-install-$DATE.log" | |
| # Start the installation | |
| #----------------------------------------------------------------------------- | |
| # Test the script is launched as root | |
| if [ $EUID -ne 0 ]; then | |
| displayerrorandexit 1 "Error: Script should be ran as root..." 1>&2 | |
| fi | |
| displaytitle "Install prerequisites" | |
| # Update system | |
| # displayandexec "Update the repositories list" $YUM update | |
| # (Recommended) Download all development tools | |
| displayandexec "Install development tools" $YUM groupinstall 'Development Tools' | |
| # Download System dependencies | |
| displayandexec "Install System dependencies" $YUM install gcc gcc-c++ pcre-devel zlib-devel make automake autoconf libtool | |
| # Download Nginx dependencies | |
| displayandexec "Install Nginx dependencies" $YUM install pcre-devel zlib-devel openssl-devel gd gd-devel libxslt libxml2 libxml2-devel curl curl-devel httpd-devel | |
| # displayandexec "Install PHP-FPM" $YUM install php php-mysql php-cli php-gd php-curl | |
| # displayandexec "Install Memcached" $YUM install libcache-memcached-perl php-memcache memcached | |
| # displayandexec "Install Redis" $YUM install redis-server php-redis | |
| if [[ $NGINX_DEPS != "" ]]; then | |
| displayandexec "Install Nginx dependencies" $YUM install $NGINX_DEPS | |
| fi | |
| MSG="" | |
| if [[ $WITH_NAXSI == "TRUE" ]]; then | |
| MSG=$MSG" + Naxsi" | |
| fi | |
| if [[ $WITH_PAGESPEED == "TRUE" ]]; then | |
| MSG=$MSG" + PageSpeed" | |
| fi | |
| if [[ $WITH_PCRE == "TRUE" ]]; then | |
| MSG=$MSG" + PCRE" | |
| fi | |
| displaytitle "Install Nginx version $NGINX_VERSION"$MSG | |
| # Download files | |
| if [[ $WITH_NAXSI == "TRUE" ]]; then | |
| displayandexec "Download Naxsi (HEAD version)" $WGET -O naxsi-master.zip https://github.com/nbs-system/naxsi/archive/master.zip | |
| fi | |
| if [[ $WITH_PAGESPEED == "TRUE" ]]; then | |
| displayandexec "Download PageSpeed" $WGET https://github.com/pagespeed/ngx_pagespeed/archive/release-$PAGESPEED_VERSION.zip | |
| displayandexec "Download PageSpeed (PSOL)" $WGET https://dl.google.com/dl/page-speed/psol/$PAGESPEED_PSOL_VERSION.tar.gz | |
| fi | |
| if [[ $WITH_PCRE == "TRUE" ]]; then | |
| displayandexec "Download PCRE" $WGET ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-$PCRE_VERSION.tar.gz | |
| fi | |
| displayandexec "Download Nginx version $NGINX_VERSION" $WGET http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz | |
| # Extract | |
| if [[ $WITH_NAXSI == "TRUE" ]]; then | |
| displayandexec "Uncompress Naxsi (HEAD version)" $UNZIP naxsi-master.zip | |
| fi | |
| if [[ $WITH_PAGESPEED == "TRUE" ]]; then | |
| displayandexec "Uncompress PageSpeed" $UNZIP release-$PAGESPEED_VERSION.zip | |
| displayandexec "Uncompress PageSpeed (PSOL)" "cd ngx_pagespeed-release-$PAGESPEED_VERSION/ ; tar zxvf ../$PAGESPEED_PSOL_VERSION.tar.gz ; cd .." | |
| #displayandexec "Create the PageSpeed cache directory" "mkdir -p $PAGESPEED_CACHE_DIR ; chown -R www-data:www-data $PAGESPEED_CACHE_DIR" | |
| displayandexec "Create the PageSpeed cache directory" "mkdir -p $PAGESPEED_CACHE_DIR ; chmod -R 777 $PAGESPEED_CACHE_DIR" | |
| fi | |
| if [[ $WITH_PCRE == "TRUE" ]]; then | |
| displayandexec "Uncompress PCRE" tar zxvf pcre-$PCRE_VERSION.tar.gz | |
| fi | |
| displayandexec "Uncompress Nginx version $NGINX_VERSION" tar zxvf nginx-$NGINX_VERSION.tar.gz | |
| # Configure | |
| cd nginx-$NGINX_VERSION | |
| displayandexec "Configure Nginx version $NGINX_VERSION" ./configure $NGINX_OPTIONS $NGINX_MODULES | |
| # Compile | |
| displayandexec "Compile Nginx version $NGINX_VERSION" make | |
| # Install or Upgrade | |
| if [ $TAGINSTALL == 1 ] | |
| then | |
| displayandexec "Install Nginx version $NGINX_VERSION" make install | |
| else | |
| cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.$DATE | |
| if [ -d "/etc/nginx/sites-available" ] | |
| then | |
| cp /etc/nginx/sites-available /etc/nginx/sites-available-bak-$DATE | |
| fi | |
| displayandexec "Upgrade Nginx to version $NGINX_VERSION" make install | |
| fi | |
| # Post installation | |
| if [ $TAGINSTALL == 1 ] | |
| then | |
| displayandexec "Post installation script for Nginx version $NGINX_VERSION" "cd .. ; mkdir /var/lib/nginx ; mkdir /etc/nginx/conf.d ; mkdir /etc/nginx/sites-available ; mkdir /etc/nginx/sites-enabled ; mkdir /var/www ; chown -R nginx:nginx /var/www" | |
| fi | |
| # Download the default configuration file | |
| if [ $TAGINSTALL == 1 ] | |
| then | |
| displayandexec "Init the default configuration file for Nginx" "$WGET https://gist.githubusercontent.com/hieubuiduc/d5e33dfbac52b258ff53/raw/8a35af30056bb54166bd937fbb7c7f8c30e859c9/nginx.conf ; mv nginx.conf /etc/nginx/" | |
| fi | |
| # Download the init script | |
| displayandexec "Install the Nginx init script" "$WGET https://gist.githubusercontent.com/hieubuiduc/60608810d92c4e6ce34a/raw/c0bc1a1ec76e50cdb4336182c53a0b222edb6c0e/nginx ; mv nginx /etc/init.d/ ; chmod 750 /etc/init.d/nginx" | |
| # Log file rotate | |
| cat > /etc/logrotate.d/nginx <<EOF | |
| /var/log/nginx/*_log { | |
| missingok | |
| notifempty | |
| sharedscripts | |
| postrotate | |
| /bin/kill -USR1 \`cat /var/run/nginx.pid 2>/dev/null\` 2>/dev/null || true | |
| endscript | |
| } | |
| EOF | |
| displaytitle "Start processes" | |
| # Start PHP-FPM and Nginx | |
| if [ $TAGINSTALL == 1 ] | |
| then | |
| displayandexec "Start PHP" /etc/init.d/php-fpm start | |
| displayandexec "Start Nginx" /etc/init.d/nginx start | |
| else | |
| displayandexec "Restart PHP" /etc/init.d/php-fpm restart | |
| displayandexec "Restart Nginx" "killall nginx ; /etc/init.d/nginx start" | |
| fi | |
| # Summary | |
| echo "" | |
| echo "------------------------------------------------------------------------------" | |
| echo " Nginx + PHP-FPM $MSG installation finished" | |
| echo "------------------------------------------------------------------------------" | |
| echo "Nginx configuration folder: /etc/nginx" | |
| echo "Nginx default site configuration: /etc/nginx/sites-enabled/default-site" | |
| echo "Nginx default HTML root: /var/www" | |
| if [[ $WITH_NAXSI == "TRUE" ]]; then | |
| echo "Read this to configure Naxsi: https://github.com/nbs-system/naxsi/wiki/basicsetup" | |
| fi | |
| if [[ $WITH_PAGESPEED == "TRUE" ]]; then | |
| echo "PageSpeed cache directory: $PAGESPEED_CACHE_DIR" | |
| echo "Read this to configure PageSpeed: https://developers.google.com/speed/pagespeed/module/configuration" | |
| fi | |
| if [[ $WITH_PCRE == "TRUE" ]]; then | |
| echo "Read this to information PCRE: http://www.pcre.org/" | |
| fi | |
| echo "" | |
| echo "Installation script log file: $LOG_FILE" | |
| echo "" | |
| echo "Notes: If you use IpTables add the following rules" | |
| echo "iptables -A INPUT -i lo -s localhost -d localhost -j ACCEPT" | |
| echo "iptables -A OUTPUT -o lo -s localhost -d localhost -j ACCEPT" | |
| echo "iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT" | |
| echo "iptables -A INPUT -p tcp --dport http -j ACCEPT" | |
| echo "" | |
| # echo "If you want to manage your PHP session with Redis," | |
| # echo "just add this two line in the /etc/php5/fpm/php.ini file:" | |
| # echo " session.save_handler = redis" | |
| # echo " session.save_path = \"tcp://127.0.0.1:6379?weight=1\"" | |
| echo "------------------------------------------------------------------------------" | |
| echo "" | |
| # End script |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment