From 2cfad5cddf7b65c97aaabe1c95948a593a7388f7 Mon Sep 17 00:00:00 2001 From: minoplhy Date: Sun, 25 Feb 2024 22:18:16 +0700 Subject: [PATCH] nginx_build_script : deprecating boringssl with libressl --- nginx_build_script/build.sh | 28 ++++++++++++++++++---------- nginx_build_script/configure.sh | 8 ++++---- nginx_build_script/packages.sh | 2 +- 3 files changed, 23 insertions(+), 15 deletions(-) diff --git a/nginx_build_script/build.sh b/nginx_build_script/build.sh index d3608cb..81aa9c4 100644 --- a/nginx_build_script/build.sh +++ b/nginx_build_script/build.sh @@ -7,18 +7,26 @@ curl -sSL https://raw.githubusercontent.com/minoplhy/scriptbox/main/nginx_build_ mkdir $HOMEDIRECTORY && cd $HOMEDIRECTORY # Install Golang -GO_VERSION=1.20.5 +##GO_VERSION=1.20.5 -unlink /usr/bin/go -wget https://go.dev/dl/go$GO_VERSION.linux-amd64.tar.gz -sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go$GO_VERSION.linux-amd64.tar.gz -export PATH=$PATH:/usr/local/go/bin -ln -s /usr/local/go/bin /usr/bin/go +##unlink /usr/bin/go +##wget https://go.dev/dl/go$GO_VERSION.linux-amd64.tar.gz +##sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go$GO_VERSION.linux-amd64.tar.gz +##export PATH=$PATH:/usr/local/go/bin +##ln -s /usr/local/go/bin /usr/bin/go hg clone -b default https://hg.nginx.org/nginx -git clone --depth=1 https://github.com/google/boringssl $HOMEDIRECTORY/boringssl -cd $HOMEDIRECTORY/boringssl -mkdir $HOMEDIRECTORY/boringssl/build && cd $HOMEDIRECTORY/boringssl/build && cmake .. && make +##git clone --depth=1 https://github.com/google/boringssl $HOMEDIRECTORY/boringssl +##cd $HOMEDIRECTORY/boringssl +##mkdir $HOMEDIRECTORY/boringssl/build && cd $HOMEDIRECTORY/boringssl/build && cmake .. && make + +# Libressl +git clone https://github.com/libressl/portable $HOMEDIRECTORY/libressl && cd $HOMEDIRECTORY/libressl +bash ./autogen.sh && ./configure +mkdir -p $HOMEDIRECTORY/libressl/build-ninja && cd $HOMEDIRECTORY/libressl/build-ninja +cmake -G"Ninja" .. +ninja +ninja test # ModSecurity Part git clone --depth=1 https://github.com/SpiderLabs/ModSecurity $HOMEDIRECTORY/ModSecurity @@ -60,5 +68,5 @@ if [[ $Nginx_Install == "yes" ]]; then curl -sSL https://raw.githubusercontent.com/minoplhy/scriptbox/main/nginx_build_script/modules.conf > modules.conf cp modules.conf /etc/nginx/modules-enabled else - echo "Nginx_Install variable isn't set/vaild. Your Nginx assets location is : '$HOMEDIRECTORY'/nginx-quic/objs" + echo "Nginx_Install variable isn't set/vaild. Your Nginx assets location is : '$HOMEDIRECTORY'/nginx/objs" fi \ No newline at end of file diff --git a/nginx_build_script/configure.sh b/nginx_build_script/configure.sh index b115a43..0b4a094 100644 --- a/nginx_build_script/configure.sh +++ b/nginx_build_script/configure.sh @@ -1,7 +1,7 @@ ./auto/configure \ ---with-cc-opt="-I../boringssl/include" \ ---with-ld-opt="-L../boringssl/build/ssl \ --L../boringssl/build/crypto" \ +--with-openssl="../libressl" \ +--with-cc-opt="-I../libressl/include -I /usr/local/include -m64 -march=native -mtune=native -Ofast -flto -funroll-loops -ffunction-sections -fdata-sections" \ +--with-ld-opt="-L../libressl -m64 -Wl,-s -Wl,-Bsymbolic" \ --prefix=/usr/share/nginx \ --conf-path=/etc/nginx/nginx.conf \ --http-log-path=/var/log/nginx/access.log \ @@ -22,6 +22,7 @@ --with-http_realip_module \ --with-http_auth_request_module \ --with-http_v2_module \ +--with-http_v3_module \ --with-http_dav_module \ --with-http_slice_module \ --with-threads \ @@ -49,6 +50,5 @@ --add-dynamic-module=mosc/echo-nginx-module \ --add-dynamic-module=mosc/ModSecurity-nginx \ --add-dynamic-module=mosc/ngx_brotli \ ---with-http_v3_module \ --with-http_geoip_module \ --with-stream_geoip_module \ No newline at end of file diff --git a/nginx_build_script/packages.sh b/nginx_build_script/packages.sh index 16bf039..663e6c5 100644 --- a/nginx_build_script/packages.sh +++ b/nginx_build_script/packages.sh @@ -1,2 +1,2 @@ sudo apt-get install mercurial libunwind-dev libpcre3 libpcre3-dev zlib1g-dev cmake make libxslt1-dev libgd-dev libssl-dev libperl-dev libpam0g-dev libgeoip-dev git g++ -y -sudo apt-get install apt-utils autoconf automake build-essential libcurl4-openssl-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget -y +sudo apt-get install apt-utils autoconf automake build-essential libcurl4-openssl-dev liblmdb-dev libtool libxml2-dev libyajl-dev pkgconf wget ninja-build -y