minoplhy/scriptbox
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
c78984fcdd
scriptbox/nginx_build_script/README.md

202 lines
6.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# nginx_build_script is spin-off from [minoplhy/nginquic](https://github.com/minoplhy/nginquic)@ModSecurity_incl branch.
The script here is entirely copied from [minoplhy/nginquic](https://github.com/minoplhy/nginquic)@ModSecurity_incl. Which included ModSecurity for my own using.
```bash
export Nginx_Install=yes # This variable is required if you want Nginx to be installed scriptibly (on Debian-based systems).
curl https://raw.githubusercontent.com/minoplhy/scriptbox/main/nginx_build_script/build.sh > ~/nginx_scriptbox.sh
bash ~/nginx_scriptbox.sh
```
new way to run! :
```bash
# With install Nginx
curl https://raw.githubusercontent.com/minoplhy/scriptbox/main/nginx_build_script/build.sh | bash -s -- --install
```
# Arguments
```bash
while [ ${#} -gt 0 ]; do
case "$1" in
--modsecurity ) WITH_MODSECURITY=true ;; # Include ModSecurity in building
--lua ) WITH_LUA=true ;; # Include Lua in building
--no-modsecurity | -nm ) WITH_MODSECURITY=false ;; # LEGACY: Not include ModSecurity in building
--no-lua | -nl ) WITH_LUA=false ;; # LEGACY: Not include Lua in building
--install | -i ) INSTALL=true ;; # Install Nginx
--ssl=* )
SSL_LIB="${1#*=}"
SSL_LIB="${SSL_LIB,,}"
case $SSL_LIB in # Re-define SSL_LIB
"quictls") SSL_LIB="quictls" ;;
"boringssl") SSL_LIB="boringssl" ;;
"libressl") SSL_LIB="libressl" ;;
"")
echo "ERROR : --ssl= is empty!"
exit 1
;;
*)
echo "ERROR : Vaild values for --ssl are -> quictls, boringssl, libressl"
exit 1
;;
esac
;;
--type=* )
BUILD_TYPE="${1#*=}"
BUILD_TYPE="${BUILD_TYPE,,}"
case $BUILD_TYPE in
"nginx") BUILD_TYPE="nginx" ;;
"freenginx") BUILD_TYPE="freenginx" ;;
"")
echo "ERROR : --type= is empty!"
exit 1
;;
*)
echo "ERROR : Vaild values for --type are -> nginx, freenginx"
exit 1
;;
esac
;;
--nginx-tag=* )
NGINX_TAG="${1#*=}" # Specify Nginx/freenginx Tag
case $NGINX_TAG in
"")
echo "ERROR: --nginx-tag= is empty!"
exit 1
;;
*)
;;
esac
;;
*)
;;
esac
shift
done
```
#### Note :
* don't forgot to add necessary `lua_package_path` directive to `nginx.conf`, in the http context. else Nginx won't run.
```lua
lua_package_path "/usr/local/lua/?.lua;;";
```
* LibreSSL is broken when compile with Nginx Lua
taken from compiler:
```
error: implicit declaration of function SSL_client_hello_get0_ext [-Werror=implicit-function-declaration]
```
systemd Template:
`Location : /lib/systemd/system/nginx.service`
```
# Stop dance for nginx
# =======================
#
# ExecStop sends SIGSTOP (graceful stop) to the nginx process.
# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control
# and sends SIGTERM (fast shutdown) to the main process.
# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends
# SIGKILL to all the remaining processes in the process group (KillMode=mixed).
#
# nginx signals reference doc:
# http://nginx.org/en/docs/control.html
#
[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target
```
Nginx init.d
```initd
#!/sbin/openrc-run
description="Nginx http and reverse proxy server"
extra_commands="checkconfig"
extra_started_commands="reload reopen upgrade"
cfgfile=${cfgfile:-/etc/nginx/nginx.conf}
pidfile=/run/nginx.pid
command=${command:-/usr/sbin/nginx}
command_args="-c $cfgfile"
required_files="$cfgfile"
depend() {
need net
use dns logger netmount
}
start_pre() {
checkpath --directory --owner www-data:www-data ${pidfile%/*}
$command $command_args -t -q
}
checkconfig() {
ebegin "Checking $RC_SVCNAME configuration"
start_pre
eend $?
}
reload() {
ebegin "Reloading $RC_SVCNAME configuration"
start_pre && start-stop-daemon --signal HUP --pidfile $pidfile
eend $?
}
reopen() {
ebegin "Reopening $RC_SVCNAME log files"
start-stop-daemon --signal USR1 --pidfile $pidfile
eend $?
}
upgrade() {
start_pre || return 1
ebegin "Upgrading $RC_SVCNAME binary"
einfo "Sending USR2 to old binary"
start-stop-daemon --signal USR2 --pidfile $pidfile
einfo "Sleeping 3 seconds before pid-files checking"
sleep 3
if [ ! -f $pidfile.oldbin ]; then
eerror "File with old pid ($pidfile.oldbin) not found"
return 1
fi
if [ ! -f $pidfile ]; then
eerror "New binary failed to start"
return 1
fi
einfo "Sleeping 3 seconds before WINCH"
sleep 3 ; start-stop-daemon --signal 28 --pidfile $pidfile.oldbin
einfo "Sending QUIT to old binary"
start-stop-daemon --signal QUIT --pidfile $pidfile.oldbin
einfo "Upgrade completed"
eend $? "Upgrade failed"
}
# modified from https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/nginx/nginx.initd
```
Reference in New Issue View Git Blame Copy Permalink