deleted nginxlibressl

master
mathieu 4 years ago
parent 80efddf675
commit 9bd5000793
  1. 130
      nginx-libressl.sh

@ -1,130 +0,0 @@
#!/usr/bin/env bash
# Compile and Install from sources
# Nginx with HTTPS support and Naxsi module
# LibreSSL instead of OpenSSL pour more security
# PHP7-FPM
# Generate let's encrypt certificicate
# Donwload configuration default.
# names of latest versions of each package
export NGINX_VERSION=1.15.5
export LIBRESSL_VERSION=2.8.1
export PCRE_VERSION=8.42
export ZLIB_VERSION=1.2.11
export NAXSI_VERSION=0.56
# Ne pas modifier
export VERSION_NGINX=nginx-$NGINX_VERSION
export VERSION_LIBRESSL=libressl-$LIBRESSL_VERSION
export VERSION_PCRE=pcre-$PCRE_VERSION
export VERSION_ZLIB=zlib-$ZLIB_VERSION
export VERSION_NAXSI=$NAXSI_VERSION
#export NPS_VERSION=1.9.32.10
#export VERSION_PAGESPEED=v${NPS_VERSION}-beta
# URLs to the source directories
export SOURCE_ZlIB=https://www.zlib.net/
export SOURCE_LIBRESSL=https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
export SOURCE_PCRE=ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
export SOURCE_NGINX=http://nginx.org/download/
export SOURCE_NAXSI=https://github.com/nbs-system/naxsi/archive/
#export SOURCE_RTMP=https://github.com/arut/nginx-rtmp-module.git
#export SOURCE_PAGESPEED=https://github.com/pagespeed/ngx_pagespeed/archive/
export BUILD=/root/nginx-build
# clean out any files from previous runs of this script
rm -rf $BUILD
mkdir $BUILD
# proc for building faster
#NB_PROC=$(grep -c ^processor /proc/cpuinfo)
NB_PROC=2
# ensure that we have the required software to compile our own nginx
#sudo apt-get -y install curl wget build-essential libgd-dev libgeoip-dev checkinstall git
/usr/sbin/pkg install -y curl wget geoIP libxml2 libgd bash curl perl5
# grab the source files
echo "Download sources"
cd $BUILD
wget -P $BUILD $SOURCE_PCRE$VERSION_PCRE.tar.gz
wget -P $BUILD $SOURCE_LIBRESSL$VERSION_LIBRESSL.tar.gz
wget -P $BUILD $SOURCE_NGINX$VERSION_NGINX.tar.gz
wget -P $BUILD $SOURCE_ZLIB$VERSION_ZLIB.tar.gz
wget -P $BUILD $SOURCE_NAXSI$VERSION_NAXSI.tar.gz
#wget -P ./build $SOURCE_PAGESPEED$VERSION_PAGESPEED.tar.gz
#wget -P ./build https://dl.google.com/dl/page-speed/psol/${NPS_VERSION}.tar.gz
git clone $SOURCE_RTMP ./build/rtmp
# expand the source files
echo "Extract Packages"
cd $BUILD
tar xzf $VERSION_NGINX.tar.gz
tar xzf $VERSION_LIBRESSL.tar.gz
tar xzf $VERSION_PCRE.tar.gz
tar xzf $VERSION_ZLIB.tar.gz
tar xzf $VERSION_NAXSI.tar.gz
#tar xzf $VERSION_PAGESPEED.tar.gz
#tar xzf ${NPS_VERSION}.tar.gz -C ngx_pagespeed-${NPS_VERSION}-beta
cd ../
# set where LibreSSL and nginx will be built
export STATICLIBSSL=$BUILD/$VERSION_LIBRESSL
# build static LibreSSL
echo "Configure & Build LibreSSL"
cd $STATICLIBSSL
#./configure LDFLAGS=-lrt --prefix=${STATICLIBSSL}/.openssl/ && make install-strip -j $NB_PROC
echo "Configure & Build Zlib"
cd $BUILD/$VERSION_ZLIB
# build nginx, with various modules included/excluded
echo "Configure & Build Nginx"
cd $BUILD/$VERSION_NGINX
echo "Download and apply path"
wget -q -O - $NGINX_PATH | patch -p0
mkdir -p $BUILD/nginx
./configure --with-openssl=$STATICLIBSSL --with-ld-opt=-lrt --sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-pcre=$BUILD/$VERSION_PCRE \
--with-zlib=$VERSION_ZLIB \
--add-module=$BUILD/naxsi-$VERSION_NAXSI/naxsi_src \
--with-http_ssl_module \
--with-http_v2_module \
--with-file-aio \
--with-ipv6 \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--without-mail_pop3_module \
--without-mail_smtp_module \
--without-mail_imap_module \
--with-http_image_filter_module \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-debug \
--with-pcre-jit \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_auth_request_module \
--with-http_addition_module \
--with-http_geoip_module \
--with-http_gzip_static_module
# --add-module=$BPATH/rtmp
#--add-module=$BPATH/ngx_pagespeed-${NPS_VERSION}-beta
touch $STATICLIBSSL/.openssl/include/openssl/ssl.h
make -j $NB_PROC
make install
echo "All done.";
echo "This build has not edited your existing /etc/nginx directory.";
echo "If things aren't working now you may need to refer to the";
echo "configuration files the new nginx ships with as defaults,";
echo "which are available at /etc/nginx-default";
Loading…
Cancel
Save