Last active
September 2, 2023 13:44
-
-
Save woohooyeah/89cab25d0b1cea92bc14 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# names of latest versions of each package | |
export NGINX_VERSION=1.25.2 | |
export VERSION_PCRE=pcre-8.45 | |
export VERSION_LIBRESSL=libressl-3.8.1 | |
export VERSION_NGINX=nginx-$NGINX_VERSION | |
export SPNEGO_VERSION=1.1.1 | |
export GEOIP2_VERSION=3.4 | |
export VERSION_SPNEGO=v${SPNEGO_VERSION} | |
export VERSION_GEOIP2=${GEOIP2_VERSION} | |
# URLs to the source directories | |
export SOURCE_LIBRESSL=https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ | |
export SOURCE_PCRE=https://kumisystems.dl.sourceforge.net/project/pcre/pcre/8.45/ | |
export SOURCE_NGINX=https://nginx.org/download/ | |
export SOURCE_RTMP=https://github.com/arut/nginx-rtmp-module.git | |
export SOURCE_SPNEGO=https://github.com/stnoonan/spnego-http-auth-nginx-module/archive/refs/tags/ | |
export SOURCE_GEOIP2=https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/ | |
# clean out any files from previous runs of this script | |
rm -rf build | |
mkdir build | |
# ensure that we have the required software to compile our own nginx | |
sudo apt-get -y install curl wget build-essential libgd-dev libgeoip-dev checkinstall git krb5-user uuid-dev libmaxminddb-dev libgss-dev | |
# grab the source files | |
echo "Download sources" | |
wget -P ./build $SOURCE_PCRE$VERSION_PCRE.tar.gz | |
wget -P ./build $SOURCE_LIBRESSL$VERSION_LIBRESSL.tar.gz | |
wget -P ./build $SOURCE_NGINX$VERSION_NGINX.tar.gz | |
wget -P ./build $SOURCE_SPNEGO$VERSION_SPNEGO.tar.gz | |
wget -P ./build $SOURCE_GEOIP2$VERSION_GEOIP2.tar.gz | |
git clone $SOURCE_RTMP ./build/rtmp | |
# expand the source files | |
echo "Extract Packages" | |
cd build || exit 1 | |
tar xzf $VERSION_NGINX.tar.gz | |
tar xzf $VERSION_LIBRESSL.tar.gz | |
tar xzf $VERSION_PCRE.tar.gz | |
tar xzf $VERSION_SPNEGO.tar.gz | |
tar xzf $VERSION_GEOIP2.tar.gz | |
cd ../ || exit 1 | |
# set where LibreSSL and nginx will be built | |
BPATH=$(pwd)/build | |
export BPATH | |
export STATICLIBSSL=$BPATH/$VERSION_LIBRESSL | |
# build static LibreSSL | |
echo "Configure & Build LibreSSL" | |
cd "$STATICLIBSSL" || exit 1 | |
./configure LDFLAGS=-lrt --prefix="${STATICLIBSSL}"/.openssl/ && make install-strip | |
# build nginx, with various modules included/excluded | |
echo "Configure & Build Nginx" | |
cd "$BPATH"/"$VERSION_NGINX" || exit 1 | |
#echo "Download and apply path" | |
#wget -q -O - $NGINX_PATH | patch -p0 | |
mkdir -p "$BPATH"/nginx | |
./configure --with-openssl="$STATICLIBSSL" \ | |
--with-ld-opt="-lrt" \ | |
--sbin-path=/usr/sbin/nginx \ | |
--conf-path=/etc/nginx/nginx.conf \ | |
--error-log-path=/var/log/nginx/error.log \ | |
--http-log-path=/var/log/nginx/access.log \ | |
--with-pcre="$BPATH"/"$VERSION_PCRE" \ | |
--with-http_ssl_module \ | |
--with-http_v2_module \ | |
--with-file-aio \ | |
--with-http_gzip_static_module \ | |
--with-http_stub_status_module \ | |
--without-mail_pop3_module \ | |
--without-mail_smtp_module \ | |
--without-mail_imap_module \ | |
--with-http_image_filter_module \ | |
--lock-path=/var/lock/nginx.lock \ | |
--pid-path=/run/nginx.pid \ | |
--http-client-body-temp-path=/var/lib/nginx/body \ | |
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ | |
--http-proxy-temp-path=/var/lib/nginx/proxy \ | |
--http-scgi-temp-path=/var/lib/nginx/scgi \ | |
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ | |
--with-debug \ | |
--with-threads \ | |
--with-pcre-jit \ | |
--with-http_sub_module \ | |
--with-http_stub_status_module \ | |
--with-http_realip_module \ | |
--with-http_auth_request_module \ | |
--with-http_addition_module \ | |
--with-http_geoip_module \ | |
--with-http_gzip_static_module \ | |
--add-module="$BPATH"/rtmp \ | |
--add-module="$BPATH"/spnego-http-auth-nginx-module-${SPNEGO_VERSION} --with-debug \ | |
--add-module="$BPATH"/ngx_http_geoip2_module-${GEOIP2_VERSION} \ | |
--build="nginx with ${VERSION_LIBRESSL}" | |
touch "$STATICLIBSSL"/.openssl/include/openssl/ssl.h | |
make && sudo checkinstall --pkgname="nginx-libressl" --pkgversion="$NGINX_VERSION" \ | |
--provides="nginx" --requires="libc6, libpcre3, zlib1g" --strip=yes \ | |
--stripso=yes --backup=yes -y --install=yes | |
echo "All done."; | |
echo "This build has not edited your existing /etc/nginx directory."; | |
echo "If things aren't working now you may need to refer to the"; | |
echo "configuration files the new nginx ships with as defaults,"; | |
echo "which are available at /etc/nginx-default"; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment