Abukamel · January 8, 2017 06:07
diff --git a/installNginxWithHttp2.sh b/installNginxWithHttp2.sh
 #!/usr/bin/env bash

 # Names of latest versions of each package
 export VERSION_PCRE=pcre-8.39
 export VERSION_ZLIB=zlib-1.2.10
 export VERSION_LIBRESSL=libressl-2.4.4
 export VERSION_NGINX=nginx-1.11.8

 # Download nginx cache purge module to add it in compilation time
 # git clone https://github.com/FRiCKLE/ngx_cache_purge

 # Compile nginx_pagespeed first following this tutorial 
 # https://developers.google.com/speed/pagespeed/module/build_ngx_pagespeed_from_source
 export NPS_VERSION=1.12.34.1

 # Make sure to include naxsi module by following this tutorial
 # https://github.com/nbs-system/naxsi/wiki/naxsi-compil
 # downloaded URLs are at releases page in github: https://github.com/nbs-system/naxsi/archive/0.55.1.tar.gz
 export NAXSI_VERSION=0.55.1
 export NAXSi_SOURCE=https://github.com/nbs-system/naxsi/archive/${NAXSI_VERSION}.tar.gz

 # URLs to the source directories
 export SOURCE_LIBRESSL=http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
 export SOURCE_PCRE=http://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
 export SOURCE_NGINX=http://nginx.org/download/
 export SOURCE_ZLIB=http://zlib.net/

 # Path to local build
 export BUILD_DIR=/tmp/nginx-static-libressl/build
 # Path for libressl
 export STATICLIBSSL="${BUILD_DIR}/${VERSION_LIBRESSL}"

 function setup() {
    # create and clean build directory
    mkdir -p ${BUILD_DIR}
    rm -Rf ${BUILD_DIR}/*
    yum -y install @"Development Tools"
 }

 function download_sources() {
    # todo: verify checksum / integrity of downloads!
    echo "Download sources"

    pushd ${BUILD_DIR}

    curl -sSLO "${SOURCE_ZLIB}${VERSION_ZLIB}.tar.gz"
    curl -sSLO "${SOURCE_PCRE}${VERSION_PCRE}.tar.gz"
    curl -sSLO "${SOURCE_LIBRESSL}${VERSION_LIBRESSL}.tar.gz"
    curl -sSLO "${SOURCE_NGINX}${VERSION_NGINX}.tar.gz"
    popd
 }

 function extract_sources() {
    echo "Extracting sources"

    pushd ${BUILD_DIR}

    tar -xf "${VERSION_PCRE}.tar.gz"
    tar -xf "${VERSION_LIBRESSL}.tar.gz"
    tar -xf "${VERSION_NGINX}.tar.gz"
    tar -xf "${VERSION_ZLIB}.tar.gz"

    popd
 }

 function compile_nginx() {
    echo "Configure & Build nginx"

    pushd "${BUILD_DIR}/${VERSION_NGINX}"

    make clean

    ./configure \
        --prefix=/opt/zad/nginx \
        --add-module=$HOME/naxsi-${NAXSI_VERSION}/naxsi_src/ \
        --add-module=$HOME/ngx_pagespeed-release-${NPS_VERSION}-beta \
        --add-module=$HOME/ngx_cache_purge \
        --with-http_realip_module \
        --with-http_addition_module \
        --with-http_sub_module \
        --with-http_dav_module \
        --with-http_flv_module \
        --with-http_mp4_module \
        --with-http_gunzip_module \
        --with-http_random_index_module \
        --with-http_secure_link_module \
        --with-http_auth_request_module \
        --with-http_xslt_module=dynamic \
        --with-http_image_filter_module=dynamic \
        --with-http_geoip_module=dynamic \
        --with-http_perl_module=dynamic \
        --with-http_gunzip_module \
        --with-http_gzip_static_module \
        --with-http_slice_module \
        --with-http_stub_status_module \
        --without-select_module \
        --without-poll_module \
        --without-mail_pop3_module \
        --without-mail_imap_module \
        --without-mail_smtp_module \
        --with-stream \
        --with-stream_ssl_module \
        --with-pcre="${BUILD_DIR}/${VERSION_PCRE}" \
        --with-pcre-jit \
        --with-openssl="${STATICLIBSSL}" \
        --with-zlib="${BUILD_DIR}/${VERSION_ZLIB}" \
        --with-cc-opt="-fPIC -pie -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic" \
        --with-ld-opt="-Wl,-z,now -lrt"

    make -j1
    make install
    popd
 }

 echo "Building ${VERSION_NGINX} with static ${VERSION_LIBRESSL}, ${VERSION_PCRE}, and ${VERSION_ZLIB} ..."

 setup && download_sources && extract_sources && compile_nginx

 retval=$?
 echo ""
 if [ $retval -eq 0 ]; then
    echo "Your nginx is located at /opt/zad/nginx"
 else
    echo "Ooops, build failed. Check output!"
 fi
	#!/usr/bin/env bash

	# Names of latest versions of each package
	export VERSION_PCRE=pcre-8.39
	export VERSION_ZLIB=zlib-1.2.10
	export VERSION_LIBRESSL=libressl-2.4.4
	export VERSION_NGINX=nginx-1.11.8

	# Download nginx cache purge module to add it in compilation time
	# git clone https://github.com/FRiCKLE/ngx_cache_purge

	# Compile nginx_pagespeed first following this tutorial
	# https://developers.google.com/speed/pagespeed/module/build_ngx_pagespeed_from_source
	export NPS_VERSION=1.12.34.1

	# Make sure to include naxsi module by following this tutorial
	# https://github.com/nbs-system/naxsi/wiki/naxsi-compil
	# downloaded URLs are at releases page in github: https://github.com/nbs-system/naxsi/archive/0.55.1.tar.gz
	export NAXSI_VERSION=0.55.1
	export NAXSi_SOURCE=https://github.com/nbs-system/naxsi/archive/${NAXSI_VERSION}.tar.gz

	# URLs to the source directories
	export SOURCE_LIBRESSL=http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
	export SOURCE_PCRE=http://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
	export SOURCE_NGINX=http://nginx.org/download/
	export SOURCE_ZLIB=http://zlib.net/

	# Path to local build
	export BUILD_DIR=/tmp/nginx-static-libressl/build
	# Path for libressl
	export STATICLIBSSL="${BUILD_DIR}/${VERSION_LIBRESSL}"

	function setup() {
	# create and clean build directory
	mkdir -p ${BUILD_DIR}
	rm -Rf ${BUILD_DIR}/*
	yum -y install @"Development Tools"
	}

	function download_sources() {
	# todo: verify checksum / integrity of downloads!
	echo "Download sources"

	pushd ${BUILD_DIR}

	curl -sSLO "${SOURCE_ZLIB}${VERSION_ZLIB}.tar.gz"
	curl -sSLO "${SOURCE_PCRE}${VERSION_PCRE}.tar.gz"
	curl -sSLO "${SOURCE_LIBRESSL}${VERSION_LIBRESSL}.tar.gz"
	curl -sSLO "${SOURCE_NGINX}${VERSION_NGINX}.tar.gz"
	popd
	}

	function extract_sources() {
	echo "Extracting sources"

	pushd ${BUILD_DIR}

	tar -xf "${VERSION_PCRE}.tar.gz"
	tar -xf "${VERSION_LIBRESSL}.tar.gz"
	tar -xf "${VERSION_NGINX}.tar.gz"
	tar -xf "${VERSION_ZLIB}.tar.gz"

	popd
	}

	function compile_nginx() {
	echo "Configure & Build nginx"

	pushd "${BUILD_DIR}/${VERSION_NGINX}"

	make clean

	./configure \
	--prefix=/opt/zad/nginx \
	--add-module=$HOME/naxsi-${NAXSI_VERSION}/naxsi_src/ \
	--add-module=$HOME/ngx_pagespeed-release-${NPS_VERSION}-beta \
	--add-module=$HOME/ngx_cache_purge \
	--with-http_realip_module \
	--with-http_addition_module \
	--with-http_sub_module \
	--with-http_dav_module \
	--with-http_flv_module \
	--with-http_mp4_module \
	--with-http_gunzip_module \
	--with-http_random_index_module \
	--with-http_secure_link_module \
	--with-http_auth_request_module \
	--with-http_xslt_module=dynamic \
	--with-http_image_filter_module=dynamic \
	--with-http_geoip_module=dynamic \
	--with-http_perl_module=dynamic \
	--with-http_gunzip_module \
	--with-http_gzip_static_module \
	--with-http_slice_module \
	--with-http_stub_status_module \
	--without-select_module \
	--without-poll_module \
	--without-mail_pop3_module \
	--without-mail_imap_module \
	--without-mail_smtp_module \
	--with-stream \
	--with-stream_ssl_module \
	--with-pcre="${BUILD_DIR}/${VERSION_PCRE}" \
	--with-pcre-jit \
	--with-openssl="${STATICLIBSSL}" \
	--with-zlib="${BUILD_DIR}/${VERSION_ZLIB}" \
	--with-cc-opt="-fPIC -pie -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic" \
	--with-ld-opt="-Wl,-z,now -lrt"

	make -j1
	make install
	popd
	}

	echo "Building ${VERSION_NGINX} with static ${VERSION_LIBRESSL}, ${VERSION_PCRE}, and ${VERSION_ZLIB} ..."

	setup && download_sources && extract_sources && compile_nginx

	retval=$?
	echo ""
	if [ $retval -eq 0 ]; then
	echo "Your nginx is located at /opt/zad/nginx"
	else
	echo "Ooops, build failed. Check output!"
	fi