nginx_build_script : init

2023-06-25 17:16:07 +07:00 · 2023-06-25 17:16:07 +07:00 · 163e239580
commit 163e239580
parent 2f067eb153
6 changed files with 158 additions and 0 deletions
--- a/nginx_build_script/README.md
+++ b/nginx_build_script/README.md
@ -0,0 +1,45 @@
 # nginx_build_script is spin-off from [minoplhy/nginquic](https://github.com/minoplhy/nginquic)@ModSecurity_incl branch.
 The script here is entirely copied from [minoplhy/nginquic](https://github.com/minoplhy/nginquic)@ModSecurity_incl. Which included ModSecurity for my own using.
 ```shell
 export Nginx_Install=yes  # This variable is required if you want Nginx to be installed scriptibly (on Debian-based systems).
 curl https://raw.githubusercontent.com/minoplhy/scriptbox/main/nginx_build_script/build.sh > ~/nginx_scriptbox.sh
 bash ~/nginx_scriptbox.sh
 ```
 systemd Template:
 `Location : /lib/systemd/system/nginx.service`
 ```
 # Stop dance for nginx
 # =======================
 #
 # ExecStop sends SIGSTOP (graceful stop) to the nginx process.
 # If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control
 # and sends SIGTERM (fast shutdown) to the main process.
 # After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends
 # SIGKILL to all the remaining processes in the process group (KillMode=mixed).
 #
 # nginx signals reference doc:
 # http://nginx.org/en/docs/control.html
 #
 [Unit]
 Description=A high performance web server and a reverse proxy server
 Documentation=man:nginx(8)
 After=network.target nss-lookup.target
 [Service]
 Type=forking
 PIDFile=/run/nginx.pid
 ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
 ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
 ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
 ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
 TimeoutStopSec=5
 KillMode=mixed
 [Install]
 WantedBy=multi-user.target
 ```
--- a/nginx_build_script/build.sh
+++ b/nginx_build_script/build.sh
@ -0,0 +1,45 @@
 #!/bin/bash
 cd ~/
 rm -rf nginx_scriptbox
 curl -sSL https://raw.githubusercontent.com/minoplhy/scriptbox/main/nginx_build_script/packages.sh | bash
 mkdir nginx_scriptbox && cd nginx_scriptbox
 # Install Golang
 unlink /usr/bin/go
 wget https://go.dev/dl/go1.19.3.linux-amd64.tar.gz
 rm -rf /usr/local/go && tar -C /usr/local -xzf go1.19.3.linux-amd64.tar.gz
 export PATH=$PATH:/usr/local/go/bin
 ln -s /usr/local/go/bin /usr/bin/go
 hg clone -b default https://hg.nginx.org/nginx
 git clone --depth=1 https://github.com/google/boringssl
 cd boringssl
 mkdir build && cd build && cmake .. && make
 cd .. && cd ..
 # ModSecurity Part
 git clone --depth=1 https://github.com/SpiderLabs/ModSecurity
 cd ModSecurity/
 git submodule init
 git submodule update
 ./build.sh
 ./configure
 make
 sudo make install
 cd ..
 cd nginx
 mkdir mosc && cd mosc && curl -sSL https://raw.githubusercontent.com/minoplhy/scriptbox/main/nginx_build_script/modules.sh | bash && cd ..
 curl -sSL https://raw.githubusercontent.com/minoplhy/scriptbox/main/nginx_build_script/configure.sh | bash && make
 if [[ $Nginx_Install == "yes" ]]; then
    mkdir /lib/nginx/ && mkdir /lib/nginx/modules
    cd objs && cp *.so /lib/nginx/modules
    rm /usr/sbin/nginx
    cp nginx /usr/sbin/nginx
    curl -sSL https://raw.githubusercontent.com/minoplhy/scriptbox/main/nginx_build_script/modules.conf > modules.conf
    cp modules.conf /etc/nginx/modules-enabled
 else
    echo "Nginx_Install variable isn't set/vaild. Your Nginx assets location is : ~/nginx_scriptbox/nginx-quic/objs"
 fi
--- a/nginx_build_script/configure.sh
+++ b/nginx_build_script/configure.sh
@ -0,0 +1,54 @@
 ./auto/configure \
 --with-cc-opt="-I../boringssl/include"   \
 --with-ld-opt="-L../boringssl/build/ssl  \
 -L../boringssl/build/crypto" \
 --prefix=/usr/share/nginx \
 --conf-path=/etc/nginx/nginx.conf \
 --http-log-path=/var/log/nginx/access.log \
 --error-log-path=/var/log/nginx/error.log \
 --lock-path=/var/lock/nginx.lock \
 --pid-path=/run/nginx.pid \
 --modules-path=/usr/lib/nginx/modules \
 --http-client-body-temp-path=/var/lib/nginx/body \
 --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
 --http-proxy-temp-path=/var/lib/nginx/proxy \
 --http-scgi-temp-path=/var/lib/nginx/scgi \
 --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
 --with-compat \
 --with-debug \
 --with-pcre-jit \
 --with-http_ssl_module \
 --with-http_stub_status_module \
 --with-http_realip_module \
 --with-http_auth_request_module \
 --with-http_v2_module \
 --with-http_dav_module \
 --with-http_slice_module \
 --with-threads \
 --with-http_addition_module \
 --with-http_flv_module \
 --with-http_gunzip_module \
 --with-http_gzip_static_module \
 --with-http_image_filter_module=dynamic \
 --with-http_mp4_module \
 --with-http_perl_module=dynamic \
 --with-http_random_index_module \
 --with-http_secure_link_module \
 --with-http_sub_module \
 --with-http_xslt_module=dynamic \
 --with-mail=dynamic \
 --with-mail_ssl_module \
 --with-stream \
 --with-stream_realip_module \
 --with-stream_ssl_module \
 --with-stream_ssl_preread_module \
 --add-dynamic-module=mosc/headers-more-nginx-module \
 --add-dynamic-module=mosc/ngx_http_auth_pam_module \
 --add-dynamic-module=mosc/ngx_cache_purge \
 --add-dynamic-module=mosc/nginx-dav-ext-module \
 --add-dynamic-module=mosc/echo-nginx-module \
 --add-dynamic-module=mosc/ModSecurity-nginx \
 --with-http_v3_module \
 --with-stream_quic_module \
 --with-http_geoip_module \
 --with-stream_geoip_module
--- a/nginx_build_script/modules.conf
+++ b/nginx_build_script/modules.conf
@ -0,0 +1,6 @@
 load_module /lib/nginx/modules/ngx_http_auth_pam_module.so;
 load_module /lib/nginx/modules/ngx_http_cache_purge_module.so;
 load_module /lib/nginx/modules/ngx_http_dav_ext_module.so;
 load_module /lib/nginx/modules/ngx_http_echo_module.so;
 load_module /lib/nginx/modules/ngx_http_headers_more_filter_module.so;
 load_module /lib/nginx/modules/ngx_http_modsecurity_module.so;
--- a/nginx_build_script/modules.sh
+++ b/nginx_build_script/modules.sh
@ -0,0 +1,6 @@
 git clone https://github.com/openresty/headers-more-nginx-module
 git clone https://github.com/sto/ngx_http_auth_pam_module
 git clone https://github.com/arut/nginx-dav-ext-module/
 git clone https://github.com/openresty/echo-nginx-module
 git clone https://github.com/nginx-modules/ngx_cache_purge
 git clone https://github.com/SpiderLabs/ModSecurity-nginx
--- a/nginx_build_script/packages.sh
+++ b/nginx_build_script/packages.sh
@ -0,0 +1,2 @@
 sudo apt-get install mercurial libunwind-dev libpcre3 libpcre3-dev zlib1g-dev cmake make libxslt1-dev libgd-dev libssl-dev libperl-dev libpam0g-dev libgeoip-dev git g++ -y
 sudo apt-get install apt-utils autoconf automake build-essential libcurl4-openssl-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget -y
		`@ -0,0 +1,2 @@`
							`sudo apt-get install mercurial libunwind-dev libpcre3 libpcre3-dev zlib1g-dev cmake make libxslt1-dev libgd-dev libssl-dev libperl-dev libpam0g-dev libgeoip-dev git g++ -y`
							`sudo apt-get install apt-utils autoconf automake build-essential libcurl4-openssl-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget -y`