2023-06-25 10:16:07 +00:00
# nginx_build_script is spin-off from [minoplhy/nginquic](https://github.com/minoplhy/nginquic)@ModSecurity_incl branch.
The script here is entirely copied from [minoplhy/nginquic ](https://github.com/minoplhy/nginquic )@ModSecurity_incl . Which included ModSecurity for my own using.
2024-04-27 15:38:20 +00:00
```bash
2023-06-25 10:16:07 +00:00
export Nginx_Install=yes # This variable is required if you want Nginx to be installed scriptibly (on Debian-based systems).
curl https://raw.githubusercontent.com/minoplhy/scriptbox/main/nginx_build_script/build.sh > ~/nginx_scriptbox.sh
bash ~/nginx_scriptbox.sh
```
2024-04-27 16:03:14 +00:00
new way to run! :
```bash
# With install Nginx
curl https://raw.githubusercontent.com/minoplhy/scriptbox/main/nginx_build_script/build.sh | bash -s -- --install
```
2023-06-25 10:16:07 +00:00
2024-04-27 15:38:20 +00:00
# Arguments
```bash
while [ ${#} -gt 0 ]; do
case "$1" in
2024-10-10 14:55:06 +00:00
--modsecurity ) WITH_MODSECURITY=true ;; # Include ModSecurity in building
--lua ) WITH_LUA=true ;; # Include Lua in building
--no-modsecurity | -nm ) WITH_MODSECURITY=false ;; # LEGACY: Not include ModSecurity in building
--no-lua | -nl ) WITH_LUA=false ;; # LEGACY: Not include Lua in building
--install | -i ) INSTALL=true ;; # Install Nginx
2024-04-28 16:15:45 +00:00
--ssl=* )
SSL_LIB="${1#*=}"
2024-09-21 07:57:23 +00:00
SSL_LIB="${SSL_LIB,,}"
2024-04-28 16:15:45 +00:00
case $SSL_LIB in # Re-define SSL_LIB
"quictls") SSL_LIB="quictls" ;;
"boringssl") SSL_LIB="boringssl" ;;
"libressl") SSL_LIB="libressl" ;;
"")
echo "ERROR : --ssl= is empty!"
exit 1
;;
*)
echo "ERROR : Vaild values for --ssl are -> quictls, boringssl, libressl"
exit 1
;;
esac
2024-04-27 16:03:14 +00:00
;;
2024-09-21 07:57:23 +00:00
--type=* )
BUILD_TYPE="${1#*=}"
BUILD_TYPE="${BUILD_TYPE,,}"
case $BUILD_TYPE in
"nginx") BUILD_TYPE="nginx" ;;
"freenginx") BUILD_TYPE="freenginx" ;;
"")
echo "ERROR : --type= is empty!"
exit 1
;;
*)
echo "ERROR : Vaild values for --type are -> nginx, freenginx"
exit 1
;;
esac
;;
2024-07-09 15:39:17 +00:00
--nginx-tag=* )
2024-09-21 07:57:23 +00:00
NGINX_TAG="${1#*=}" # Specify Nginx/freenginx Tag
2024-07-09 15:39:17 +00:00
case $NGINX_TAG in
"")
echo "ERROR: --nginx-tag= is empty!"
exit 1
;;
*)
;;
esac
;;
2024-04-27 15:38:20 +00:00
*)
;;
esac
shift
done
2024-10-10 14:55:06 +00:00
2024-04-27 15:38:20 +00:00
```
2024-04-28 16:15:45 +00:00
#### Note :
* don't forgot to add necessary `lua_package_path` directive to `nginx.conf` , in the http context. else Nginx won't run.
2024-03-24 04:11:24 +00:00
```lua
2024-05-01 16:53:32 +00:00
lua_package_path "/usr/local/lua/?.lua;;";
2024-03-24 04:11:24 +00:00
```
2024-04-28 18:52:59 +00:00
* LibreSSL is broken when compile with Nginx Lua
taken from compiler:
```
error: implicit declaration of function ‘ SSL_client_hello_get0_ext’ [-Werror=implicit-function-declaration]
```
2023-06-25 10:16:07 +00:00
systemd Template:
`Location : /lib/systemd/system/nginx.service`
```
# Stop dance for nginx
# =======================
#
# ExecStop sends SIGSTOP (graceful stop) to the nginx process.
# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control
# and sends SIGTERM (fast shutdown) to the main process.
# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends
# SIGKILL to all the remaining processes in the process group (KillMode=mixed).
#
# nginx signals reference doc:
# http://nginx.org/en/docs/control.html
#
[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target
```
2024-10-03 06:22:26 +00:00
Nginx init.d
```initd
#!/sbin/openrc-run
description="Nginx http and reverse proxy server"
extra_commands="checkconfig"
extra_started_commands="reload reopen upgrade"
cfgfile=${cfgfile:-/etc/nginx/nginx.conf}
pidfile=/run/nginx.pid
command=${command:-/usr/sbin/nginx}
command_args="-c $cfgfile"
required_files="$cfgfile"
depend() {
need net
use dns logger netmount
}
start_pre() {
checkpath --directory --owner www-data:www-data ${pidfile%/*}
$command $command_args -t -q
}
checkconfig() {
ebegin "Checking $RC_SVCNAME configuration"
start_pre
eend $?
}
reload() {
ebegin "Reloading $RC_SVCNAME configuration"
start_pre & & start-stop-daemon --signal HUP --pidfile $pidfile
eend $?
}
reopen() {
ebegin "Reopening $RC_SVCNAME log files"
start-stop-daemon --signal USR1 --pidfile $pidfile
eend $?
}
upgrade() {
start_pre || return 1
ebegin "Upgrading $RC_SVCNAME binary"
einfo "Sending USR2 to old binary"
start-stop-daemon --signal USR2 --pidfile $pidfile
einfo "Sleeping 3 seconds before pid-files checking"
sleep 3
if [ ! -f $pidfile.oldbin ]; then
eerror "File with old pid ($pidfile.oldbin) not found"
return 1
fi
if [ ! -f $pidfile ]; then
eerror "New binary failed to start"
return 1
fi
einfo "Sleeping 3 seconds before WINCH"
sleep 3 ; start-stop-daemon --signal 28 --pidfile $pidfile.oldbin
einfo "Sending QUIT to old binary"
start-stop-daemon --signal QUIT --pidfile $pidfile.oldbin
einfo "Upgrade completed"
eend $? "Upgrade failed"
}
2024-10-10 14:55:06 +00:00
# modified from https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/nginx/nginx.initd
2024-10-03 06:22:26 +00:00
```