-
-
Save MattWilcox/402e2e8aa2e1c132ee24 to your computer and use it in GitHub Desktop.
| #!/usr/bin/env bash | |
| # names of latest versions of each package | |
| export VERSION_PCRE=pcre-8.38 | |
| export VERSION_OPENSSL=openssl-1.0.2d | |
| export VERSION_NGINX=nginx-1.9.7 | |
| # URLs to the source directories | |
| export SOURCE_OPENSSL=https://www.openssl.org/source/ | |
| export SOURCE_PCRE=ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ | |
| export SOURCE_NGINX=http://nginx.org/download/ | |
| # make a 'today' variable for use in back-up filenames later | |
| today=$(date +"%Y-%m-%d") | |
| # clean out any files from previous runs of this script | |
| rm -rf build | |
| rm -rf /etc/nginx-default | |
| mkdir build | |
| # ensure that we have the required software to compile our own nginx | |
| apt-get -y install curl wget build-essential | |
| # grab the source files | |
| wget -P ./build $SOURCE_PCRE$VERSION_PCRE.tar.gz | |
| wget -P ./build $SOURCE_OPENSSL$VERSION_OPENSSL.tar.gz --no-check-certificate | |
| wget -P ./build $SOURCE_NGINX$VERSION_NGINX.tar.gz | |
| # expand the source files | |
| cd build | |
| tar xzf $VERSION_NGINX.tar.gz | |
| tar xzf $VERSION_OPENSSL.tar.gz | |
| tar xzf $VERSION_PCRE.tar.gz | |
| cd ../ | |
| # set where OpenSSL and nginx will be built | |
| export BPATH=$(pwd)/build | |
| export STATICLIBSSL="$BPATH/staticlibssl" | |
| # build static openssl | |
| cd $BPATH/$VERSION_OPENSSL | |
| rm -rf "$STATICLIBSSL" | |
| mkdir "$STATICLIBSSL" | |
| make clean | |
| ./config --prefix=$STATICLIBSSL no-shared \ | |
| && make depend \ | |
| && make \ | |
| && make install_sw | |
| # rename the existing /etc/nginx directory so it's saved as a back-up | |
| mv /etc/nginx /etc/nginx-$today | |
| # build nginx, with various modules included/excluded | |
| cd $BPATH/$VERSION_NGINX | |
| mkdir -p $BPATH/nginx | |
| ./configure --with-cc-opt="-I $STATICLIBSSL/include -I/usr/include" \ | |
| --with-ld-opt="-L $STATICLIBSSL/lib -Wl,-rpath -lssl -lcrypto -ldl -lz" \ | |
| --sbin-path=/usr/sbin/nginx \ | |
| --conf-path=/etc/nginx/nginx.conf \ | |
| --pid-path=/var/run/nginx.pid \ | |
| --error-log-path=/var/log/nginx/error.log \ | |
| --http-log-path=/var/log/nginx/access.log \ | |
| --with-pcre=$BPATH/$VERSION_PCRE \ | |
| --with-http_ssl_module \ | |
| --with-http_v2_module \ | |
| --with-file-aio \ | |
| --with-ipv6 \ | |
| --with-http_gzip_static_module \ | |
| --with-http_stub_status_module \ | |
| --without-mail_pop3_module \ | |
| --without-mail_smtp_module \ | |
| --without-mail_imap_module \ | |
| && make && make install | |
| # rename the compiled 'default' /etc/nginx directory so its accessible as a reference to the new nginx defaults | |
| mv /etc/nginx /etc/nginx-default | |
| # now restore the previous version of /etc/nginx to /etc/nginx so the old settings are kept | |
| mv /etc/nginx-$today /etc/nginx | |
| echo "All done."; | |
| echo "This build has not edited your existing /etc/nginx directory."; | |
| echo "If things aren't working now you may need to refer to the"; | |
| echo "configuration files the new nginx ships with as defaults,"; | |
| echo "which are available at /etc/nginx-default"; |
Sorry to chime in as well, but I too was wondering where exactly the updated versions of OpenSSL and PCRE are actually playing their part.
Shouldn't I at least see the updated version numbers in phpinfo();?
How would I make use of the updated versions otherwise?
Thanks for clarifying, I'm still new to this home server party 🎉
Newer versions:
export VERSION_OPENSSL=openssl-1.0.2f
export VERSION_NGINX=nginx-1.9.9
First off, thanks for this script. I'm not sure how or if it's possible to send pull requests to Gists so I wanted to let you know about some changes I made to my fork you may want to add in. You won't want to include all my changes because I added some modules not everyone will want, but some of my other updates may be useful:
- Bumped OpenSSL and NGINX to latest versions
- Added
set -e -xso script prints commands being executed and exits if a single command fails - Made script verify checksums
- Removed wget dependency
- Compiled without SSLv3 support
Feel free to take or not take any of those changes from my fork.
@noplanman you're not seeing the updated versions of OpenSSL and PCRE in phpinfo(); because this build script only compiles NGINX using the statically linked versions of those tools, but does not touch any versions of those tools installed on your system. As such, PHP still uses/sees the system version. However, you can confirm, for OpenSSL at least, that NGINX was built with the version of OpenSSL within the script by running the following command: nginx -V.
After removing Nginx and re-installing using this along with the Google Pagespeed module, although Nginx version 1.9.7 is installed I am unable to access it as a service - with the error of 'no such file or directory'.
Any ideas?
Hi @MattWilcox and thanks for sharing the script!
what exactly is the directory "$BPATH/nginx" for? (Line 55: mkdir -p $BPATH/nginx)
PCRE 8.38 is not working anymore, 8.39 is though. (https://gist.github.com/wouterds/f676815659147a262cf77e41c704419f)
Hi,
have tried ur script but got error about missing openssl for SSL usage, so you've to also add:
--with-openssl=$BPATH/$VERSION_OPENSSL \
It seems like something changed with Debian 8, and the 'enable-ec_nistp_64_gcc_128' option on line 45 now causes a failure when configuring the crypto. I have removed this from the script and it now compiles correctly. Tested on a Pi2 with Jessie based Raspbian.
If anyone knows a better solution, I'd be all ears - it's a performance enhancement flag that the Pi would benefit from.
/cc @Tralapo @rammjet