Skip to content

Commit

Permalink
Merge pull request #155 from VirtuBox/dev
Browse files Browse the repository at this point in the history 
Update Nginx stable and few improvements
  • Loading branch information
@VirtuBox
VirtuBox committed Apr 24, 2024
2 parents 84f4797 + 77c6bdb commit 5cc85ef
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 118 deletions.
10 changes: 10 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),

## [Unreleased] - XX-XX-XX

## [3.8.1] - 2024-04-24

### Changed

- Nginx stable release bumped to 1.26.0
- HTTP/3 now available on both mainline and stable release
- Always download latest zlib library if zlib-cf not supported
- Always download the latest libressl release
- HTTP/2 HPACK removed

## [3.8.0] - 2024-04-23

### Added
Expand Down
12 changes: 6 additions & 6 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
</h1>

<h4 align="center">
Automated Nginx compilation from sources with additional modules support
Automated Nginx compilation from sources with HTTP/3 QUIC and additional modules support
</h4>

---
Expand Down Expand Up @@ -45,7 +45,7 @@ Automated Nginx compilation from sources with additional modules support
* Nginx built-in modules selection
* Nginx Third-party modules selection
* Dynamic modules support
* HTTP/3 QUIC Support with Mainline Release
* HTTP/3 QUIC Support
* Brotli Support
* TLS v1.3 support
* OpenSSL or LibreSSL
Expand All @@ -59,7 +59,7 @@ Automated Nginx compilation from sources with additional modules support
## Additional Third-party modules

Nginx current mainline release : **v1.25.5** with HTTP/3 QUIC
Nginx current stable release : **v1.24.0** with Cloudflare HTTP/2 HPACK
Nginx current stable release : **v1.26.0** with HTTP/3 QUIC

* [ngx_cache_purge](https://github.com/FRiCKLE/ngx_cache_purge)
* [headers-more-nginx-module](https://github.com/openresty/headers-more-nginx-module)
Expand Down Expand Up @@ -121,7 +121,7 @@ Optional modules :

### HTTP/3 QUIC

**Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).
**Full support of HTTP/3 QUIC is only available with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).

---

Expand Down Expand Up @@ -158,7 +158,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive

### Custom installation

Example : Nginx stable release HTTP/2 with naxsi
Example : Nginx stable release HTTP/3 with naxsi

```bash
bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi
Expand All @@ -168,7 +168,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi

Nginx build options :

* `--stable` : compile Nginx stable release with HTTP/2
* `--stable` : compile Nginx stable release with HTTP/3
* `--full` : Naxsi + RTMP
* `--dynamic` : Compile Nginx modules as dynamic modules
* `--noconf` : Compile Nginx without any configuring. Useful when you use devops tools like ansible.
Expand Down
10 changes: 5 additions & 5 deletions docs/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ Automated Nginx compilation from sources with additional modules support
<li>Nginx built-in modules selection</li>
<li>Nginx Third-party modules selection</li>
<li>Dynamic modules support</li>
<li>HTTP/3 QUIC Support with Mainline Release</li>
<li>HTTP/3 QUIC Support</li>
<li>Brotli Support</li>
<li>TLS v1.3 support (Final)</li>
<li>OpenSSL or LibreSSL</li>
Expand All @@ -52,8 +52,8 @@ Automated Nginx compilation from sources with additional modules support
</ul>
<hr />
<h2 id="additional-third-party-modules">Additional Third-party modules</h2>
<p>Nginx current mainline release : <strong>v1.25.5</strong> with HTTP/3 QUIC
Nginx current stable release : <strong>v1.24.0</strong></p> with Cloudflare HTTP/2 HPACK
<p>Nginx current mainline release : <strong>v1.25.5</strong> with HTTP/3 QUIC</p>
<p>Nginx current stable release : <strong>v1.26.0</strong> with HTTP/3 QUIC</p>
<ul>
<li><a href="https://github.com/FRiCKLE/ngx_cache_purge">ngx_cache_purge</a></li>
<li><a href="https://github.com/openresty/headers-more-nginx-module">headers-more-nginx-module</a></li>
Expand Down Expand Up @@ -109,7 +109,7 @@ Nginx current stable release : <strong>v1.24.0</strong></p> with Cloudflare HTTP
<li>18.x (Obsidian)</li>
</ul>
<h3>### HTTP/3 QUIC</h3>
<p><strong>Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**</strong>. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).</p>
<p><strong>Full support of HTTP/3 QUIC is only available with LibreSSL**</strong>. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).</p>

<hr />
<h2 id="usage">Usage</h2>
Expand All @@ -133,7 +133,7 @@ sudo bash nginx-build.sh
<pre><code class="language-bash">bash &lt;(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive
</code></pre>
<h3 id="custom-installation">Custom installation</h3>
<p>Example : Nginx stable release with HTTP/2 HPACK with naxsi</p>
<p>Example : Nginx stable release with HTTP/3 with naxsi</p>
<pre><code class="language-bash">bash &lt;(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi
</code></pre>
<h4 id="options-available">Options available</h4>
Expand Down
2 changes: 1 addition & 1 deletion etc/nginx/nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ http

server_tokens off;
reset_timedout_connection on;
add_header X-Powered-By "Nginx-ee v3.5.2 - Optimized by VirtuBox";
add_header X-Powered-By "Nginx-ee v3.8.1 - Optimized by VirtuBox";
add_header rt-Fastcgi-Cache $upstream_cache_status;

# Limit Request
Expand Down
124 changes: 18 additions & 106 deletions nginx-build.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
# Copyright (c) 2019-2024 VirtuBox <contact@virtubox.net>
# This script is licensed under M.I.T
# -------------------------------------------------------------------------
# Version 3.8.0 - 2024-04-23
# Version 3.8.1 - 2024-04-24
# -------------------------------------------------------------------------

##################################
Expand All @@ -26,7 +26,7 @@ _help() {
echo " -------------------------------------------------------------------- "
echo ""
echo "Usage: ./nginx-ee <options> [modules]"
echo "By default, Nginx-ee will compile the latest Nginx mainline release with HTTP/3 and without Naxsi or RTMP module"
echo "By default, Nginx-ee will compile the latest Nginx mainline release without Naxsi or RTMP module"
echo " Options:"
echo " -h, --help ..... display this help"
echo " -i, --interactive ....... interactive installation"
Expand Down Expand Up @@ -138,8 +138,8 @@ fi
DIR_SRC="/usr/local/src"
NGINX_EE_VER=$(curl -m 5 --retry 3 -sL https://api.github.com/repos/VirtuBox/nginx-ee/releases/latest 2>&1 | jq -r '.tag_name')
NGINX_MAINLINE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 1 2>&1)"
NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.24 2>&1)"
LIBRESSL_VER="3.8.4"
NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.26 2>&1)"
LIBRESSL_VER="$(curl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ 2>&1 | grep -E -o 'libressl\-[0-9.]+\.tar[.a-z]*' | awk -F "libressl-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | sort -r | head -n 1)"
if command_exists openssl; then
OPENSSL_BIN_VER=$(openssl version)
OPENSSL_VER=${OPENSSL_BIN_VER:0:15}
Expand All @@ -150,7 +150,6 @@ TLS13_CIPHERS="TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+CHAC
readonly OS_ARCH="$(uname -m)"
OS_DISTRO_FULL="$(lsb_release -ds)"
readonly DISTRO_ID="$(lsb_release -si)"
readonly DISTRO_CODENAME="$(lsb_release -sc)"

# Colors
CSI='\033['
Expand Down Expand Up @@ -206,9 +205,7 @@ if [ "$INTERACTIVE_SETUP" = "1" ]; then
while [[ "$SSL_LIB_CHOICE" != "1" && "$SSL_LIB_CHOICE" != "2" ]]; do
echo -e "Select an option [1-2]: " && read -r SSL_LIB_CHOICE
done
if [ "$SSL_LIB_CHOICE" = "1" ]; then
OPENSSL_LIB=3
else
if [ "$SSL_LIB_CHOICE" = "2" ]; then
LIBRESSL="y"
fi
echo -e '\nDo you want NAXSI WAF (still experimental)? (y/n)'
Expand Down Expand Up @@ -236,11 +233,9 @@ fi

if [ "$NGINX_RELEASE" = "2" ]; then
NGINX_VER="$NGINX_STABLE"
NGX_HPACK="--with-http_v2_hpack_enc"
NGX_QUIC=""
NGX_QUIC="--with-http_v3_module"
else
NGINX_VER="$NGINX_MAINLINE"
NGX_HPACK=""
NGX_QUIC="--with-http_v3_module"
fi

Expand Down Expand Up @@ -285,7 +280,6 @@ else
OPENSSL_OPT="enable-tls1_3"
fi
fi
QUIC_VALID="NO"
NGX_SSL_LIB=""
OPENSSL_VALID="from system"
LIBSSL_DEV="libssl-dev"
Expand Down Expand Up @@ -323,20 +317,13 @@ echo ""
echo -e " - Nginx release : $NGINX_VER"
[ -n "$OPENSSL_VALID" ] && {
echo -e " - OPENSSL : $OPENSSL_VER"
if [ "$NGINX_RELEASE" = "2" ]; then
echo -e " - HTTP/2 HPACK : YES"
else
echo -e " - with HTTP/3 : YES"
fi
echo -e " - with HTTP/3 : YES"

}
[ -n "$LIBRESSL_VALID" ] && {
echo -e " - LIBRESSL : $LIBRESSL_VALID"
if [ "$NGINX_RELEASE" = "2" ]; then
echo -e " - HTTP/2 HPACK : YES"
else
echo -e " - HTTP/3 QUIC : YES"
fi
echo -e " - HTTP/3 QUIC : YES"

}
echo " - Dynamic modules $DYNAMIC_MODULES_VALID"
echo " - Naxsi : $NAXSI_VALID"
Expand Down Expand Up @@ -471,10 +458,8 @@ _dynamic_setup() {
}

##################################
# Install gcc7 or gcc8 from PPA
# Install gcc
##################################
# gcc7 if Nginx is compiled with RTMP module
# otherwise gcc8 is used

_gcc_setup() {
echo -ne ' Installing gcc [..]\r'
Expand Down Expand Up @@ -529,12 +514,12 @@ _download_modules() {
echo -ne ' Downloading additionals modules [..]\r'
if {
echo "### downloading additionals modules ###"
MODULES='FRiCKLE/ngx_cache_purge openresty/memc-nginx-module
MODULES='openresty/memc-nginx-module
simpl/ngx_devel_kit openresty/headers-more-nginx-module
openresty/echo-nginx-module yaoweibin/ngx_http_substitutions_filter_module
openresty/redis2-nginx-module openresty/srcache-nginx-module
openresty/set-misc-nginx-module sto/ngx_http_auth_pam_module
vozlt/nginx-module-vts centminmod/ngx_http_redis'
vozlt/nginx-module-vts centminmod/ngx_http_redis nginx-modules/ngx_cache_purge'
for MODULE in $MODULES; do
_gitget "$MODULE"
done
Expand Down Expand Up @@ -589,9 +574,9 @@ _download_zlib() {
echo "### configure zlib-cf ###"
./configure --prefix=/usr/local/zlib-cf
else
echo "### downloading zlib 1.2.13 ###"
echo "### downloading zlib latest ###"
rm -rf zlib
curl -sL http://zlib.net/zlib-1.2.13.tar.gz | /bin/tar zxf - -C "$DIR_SRC"
curl -sL http://zlib.net/current/zlib.tar.gz | /bin/tar zxf - -C "$DIR_SRC"
mv zlib-1.2.13 zlib
fi

Expand Down Expand Up @@ -633,67 +618,6 @@ _download_brotli() {

}

##################################
# Download and patch OpenSSL
##################################

_download_openssl_dev() {

cd "$DIR_SRC" || exit 1
if {
echo -ne ' Downloading openssl [..]\r'

{
if [ -d /usr/local/src/openssl ]; then
if [ ! -d /usr/local/src/openssl/.git ]; then
echo "### removing openssl extracted archive ###"
rm -rf /usr/local/src/openssl
echo "### cloning openssl ###"
git clone --depth=50 https://github.com/openssl/openssl.git /usr/local/src/openssl
cd /usr/local/src/openssl || exit 1
echo "### git checkout commit ###"
#git checkout $OPENSSL_COMMIT
else
cd /usr/local/src/openssl || exit 1
echo "### reset openssl to master and clean patches ###"
git fetch --all
git reset --hard origin/master
git clean -f
#git checkout $OPENSSL_COMMIT
fi
else
echo "### cloning openssl ###"
git clone --depth=50 https://github.com/openssl/openssl.git /usr/local/src/openssl
cd /usr/local/src/openssl || exit 1
echo "### git checkout commit ###"
#git checkout $OPENSSL_COMMIT
fi
} >>/tmp/nginx-ee.log 2>&1

{
if [ -d /usr/local/src/openssl-patch/.git ]; then
cd /usr/local/src/openssl-patch || exit 1
git pull origin master
else
git clone --depth=50 https://github.com/VirtuBox/openssl-patch.git /usr/local/src/openssl-patch
fi
cd /usr/local/src/openssl || exit 1
# apply openssl ciphers patch
echo "### openssl ciphers patch ###"
#patch -p1 <../openssl-patch/openssl-equal-3.0.0-dev_ciphers.patch
} >>/tmp/nginx-ee.log 2>&1

}; then
echo -ne " Downloading openssl [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else
echo -e " Downloading openssl [${CRED}FAIL${CEND}]"
echo -e '\n Please look at /tmp/nginx-ee.log\n'
exit 1
fi

}

##################################
# Download LibreSSL
##################################
Expand All @@ -706,8 +630,8 @@ _download_libressl() {

{
rm -rf /usr/local/src/libressl
curl -sL http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VER}.tar.gz | /bin/tar xzf - -C "$DIR_SRC"
mv /usr/local/src/libressl-${LIBRESSL_VER} /usr/local/src/libressl
curl -sL "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-$LIBRESSL_VER.tar.gz" | /bin/tar xzf - -C "$DIR_SRC"
mv "/usr/local/src/libressl-$LIBRESSL_VER" /usr/local/src/libressl
} >>/tmp/nginx-ee.log 2>&1

}; then
Expand Down Expand Up @@ -789,12 +713,7 @@ _patch_nginx() {
echo -ne ' Applying nginx patches [..]\r'

{
if [ "$NGINX_RELEASE" = "2" ]; then
curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_for_1.23.4.patch | patch -p1
else
curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1
fi
#curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_auto_using_PRIORITIZE_CHACHA.patch | patch -p1
curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1
} >>/tmp/nginx-ee.log 2>&1

}; then
Expand Down Expand Up @@ -897,7 +816,6 @@ _configure_nginx() {
$NGX_USER \
--with-file-aio \
--with-threads \
$NGX_HPACK \
$NGX_QUIC \
--with-http_v2_module \
--with-http_ssl_module \
Expand Down Expand Up @@ -1125,13 +1043,7 @@ fi
if [ "$LIBRESSL" = "y" ]; then
_download_libressl
else
if [ "$OPENSSL_LIB" = "2" ]; then
_download_openssl_dev
elif [ "$OPENSSL_LIB" = "3" ]; then
sleep 1
else
sleep 1
fi
sleep 1
fi
_download_nginx
_patch_nginx
Expand Down

0 comments on commit 5cc85ef

Please sign in to comment.