add Nginx Dynamic TLS Cloudflare Patch support 123.09beta01

Add NGINX_DYNAMICTLS='n' option to centmin.sh. When set in persistent config at /etc/centminmod/custom_config.inc to NGINX_DYNAMICTLS='y' + NGINXPATCH='y' and centmin.sh menu option 4 is used to recompile Nginx, then you enable the Cloudflare Nginx Dynamic TLS patch as discussed at https://community.centminmod.com/threads/optimizing-tls-over-tcp-to-reduce-latency-tls-dynamic-record-sizing.7592/. Untested on Centmin Mod Nginx 1.11 branch, so mileage will vary. To disable, do the reverse set NGINX_DYNMAICTLS='n' and recompile nginx again.
centminmod · Jun 10, 2016 · cfcc21e · cfcc21e
1 parent 4bcab2e
commit cfcc21e
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 0 deletions.
diff --git a/centmin.sh b/centmin.sh
@@ -463,6 +463,7 @@ NGINXBACKUPDIR='/usr/local/nginxbackup'
 NOSOURCEOPENSSL='y'        # set to 'y' to disable OpenSSL source compile for system default YUM package setup
 OPENSSL_VERSION='1.0.2h'   # Use this version of OpenSSL http://openssl.org/
 CLOUDFLARE_PATCHSSL='y'    # set 'y' to implement Cloudflare's chacha20 patch https://github.com/cloudflare/sslconfig
+NGINX_DYNAMICTLS='n'       # set 'y' and recompile nginx https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/
 
 # LibreSSL
 LIBRESSL_SWITCH='y'        # if set to 'y' it overrides OpenSSL as the default static compiled option for Nginx server

diff --git a/example/custom_config.inc b/example/custom_config.inc
@@ -161,6 +161,7 @@ POSTGRESQL='n'               # set to ='y'o install PostgreSQL 9.4 server, devel
 NOSOURCEOPENSSL='y'        # set to 'y' to disable OpenSSL source compile for system default YUM package setup
 OPENSSL_VERSION='1.0.2h'   # Use this version of OpenSSL http://openssl.org/
 CLOUDFLARE_PATCHSSL='y'    # set 'y' to implement Cloudflare's chacha20 patch https://github.com/cloudflare/sslconfig
+NGINX_DYNAMICTLS='n'       # set 'y' and recompile nginx https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/
 
 # LibreSSL
 LIBRESSL_SWITCH='y'        # if set to 'y' it overrides OpenSSL as the default static compiled option for Nginx server

diff --git a/inc/nginx_patch.inc b/inc/nginx_patch.inc
@@ -26,6 +26,31 @@ patchnginx() {
 			echo
 		fi
 	fi
+	if [[ "$NGINX_DYNAMICTLS" = [yY] ]]; then
+     if [ -f "$(which figlet)" ]; then
+         figlet -ckf standard "Cloudflare Nginx Dynamic TLS Patch"
+     fi
+     echo  "######################################################################"
+     echo "Patching Nginx for Dynamic TLS Size Support"
+     echo  "######################################################################"
+     echo "Cloudflare Nginx Dynamic TLS patch"
+     echo "https://github.com/cloudflare/sslconfig/raw/master/patches/nginx__dynamic_tls_records.patch"
+     echo  "######################################################################"
+     NGINXTLSPATCH_NAME='nginx__dynamic_tls_records.patch'
+     rm -rf "${NGINXTLSPATCH_NAME}"
+     NGINXTLSPATCHLINK="https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/${NGINXTLSPATCH_NAME}"
+		 # fallback mirror if github down, use gitlab mirror
+     curl -sI --connect-timeout 5 --max-time 5 "${NGINXTLSPATCHLINK}" | grep 'HTTP\/' | egrep '200' >/dev/null 2>&1
+     NGINXTLSPATCH_CURLCHECK=$?
+     if [[ "$NGINXTLSPATCH_CURLCHECK" != '0' ]]; then
+       NGINXTLSPATCHLINK="https://gitlab.com/centminmod-github-mirror/sslconfig/raw/master/patches/${NGINXTLSPATCH_NAME}"
+     fi
+     wget -cnv --no-check-certificate "$NGINXTLSPATCHLINK"
+  else
+  	if [ -f "${NGINXTLSPATCH_NAME}" ]; then
+  		rm -rf "${NGINXTLSPATCH_NAME}"
+  	fi
+	fi
 }
 
 luapatch() {