#!/usr/bin/env bash # a script to build nginx against openssl-dev on ubuntu/debian/arch linux/alpine linux # includes nginx fancyindex module # exit on error set -e # display last non-zero exit code in a failed pipeline set -o pipefail # subshells and functions inherit ERR traps set -E # select the nginx version to build NGINX="1.19.2" # select the openssl branch to build OPENSSL="OpenSSL_1_1_1-stable" # set core count for make core_count="$(grep -c ^processor /proc/cpuinfo)" # choose where to put the build files # by default this is in a temporary directory BUILDROOT="$(mktemp -d)" # remove the build directory on exit function cleanup { sudo rm -rf "$BUILDROOT" } trap cleanup EXIT # if pacman is installed, use the arch dependencies if command -v pacman 2>&1 >/dev/null; then sudo pacman -S gcc cmake git gnupg go pcre libcurl-compat zlib --noconfirm --needed # if apt is installed, use the debian dependencies elif command -v apt 2>&1 >/dev/null; then sudo apt-get install -y build-essential gcc g++ cmake git gnupg golang libpcre3 libpcre3-dev curl zlib1g-dev libcurl4-openssl-dev # if apk is installed, install the alpine dependencies elif command -v apk 2>&1 > /dev/null; then sudo apk add gcc g++ cmake git gnupg go pcre-dev curl zlib-dev openssl-dev # otherwise list the expected packages and ask the user to install them manually else echo -e "\nCompatible package manager not found." echo -e "\nThe following packages are typically required: gcc, g++, cmake, git, gnupg, go, pcre, libcurl, zlib. Please install them manually and re-run the script." read -p $'If all dependencies are installed and you would like to proceed, please type ACCEPT and press Enter.\n\n' acknowledgement2 # if the user acknowledges, begin the build if [ "$acknowledgement2" = "ACCEPT" ]; then echo -e "" # otherwise, exit with error else echo -e "\nExiting script...\n" exit 1 fi fi # delete any previous build directory if [ -d "$BUILDROOT" ]; then sudo rm -rf "$BUILDROOT" fi # create the build directory mkdir -p "$BUILDROOT" cd "$BUILDROOT" # check if git supports forced ipv4, added in 2.8 git_version="$(git --version | awk '{print $3}' | cut -d"." -f1-2 )" ishigher="$(echo -e "$git_version\n2.8" | sort -V | tail -n1)" if [[ "$git_version" == "$ishigher" ]]; then forcev4="-4" else forcev4="" fi # clone the desired openssl branch, over ipv4 if supported due to slow ipv6 connectivity git clone "$forcev4" -b "$OPENSSL" git://git.openssl.org/openssl.git cd openssl # use default openssl configurations ./config # build openssl make -j"$core_count" # fetch the desired version of nginx mkdir -p "$BUILDROOT/nginx" cd "$BUILDROOT"/nginx curl -L -O "http://nginx.org/download/nginx-$NGINX.tar.gz" tar xzf "nginx-$NGINX.tar.gz" cd "$BUILDROOT/nginx/nginx-$NGINX" # fetch the fancy-index module git clone https://github.com/aperezdc/ngx-fancyindex.git "$BUILDROOT"/ngx-fancyindex # configure the nginx source to include our added modules # and to use our newly built openssl library sudo ./configure --prefix=/usr/share/nginx \ --add-module="$BUILDROOT"/ngx-fancyindex \ --sbin-path=/usr/sbin/nginx \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --pid-path=/run/nginx.pid \ --lock-path=/run/lock/subsys/nginx \ --user=www-data \ --group=www-data \ --with-threads \ --with-file-aio \ --with-pcre \ --with-pcre-jit \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --without-select_module \ --without-poll_module \ --without-mail_pop3_module \ --without-mail_imap_module \ --without-mail_smtp_module \ --with-openssl="$BUILDROOT/openssl" \ --with-cc-opt="-g -O3 -march=native -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -I $BUILDROOT/openssl" \ --with-ld-opt="-Wl,-Bsymbolic-functions -Wl,-z,relro -L $BUILDROOT/openssl/" # build nginx sudo make -j"$core_count" sudo make install # if systemctl is installed (fairly strong indicator systemd is in use), add a service unit file if it does not exist if command -v systemctl 2>&1 >/dev/null && [ ! -f "/lib/systemd/system/nginx.service" ]; then # add systemd service file cat <