Build and install Nginx on any UNIX system with the latest version of OpenSSL to support ALPN, and therefore HTTP/2.
- Builds and installs Nginx with its dependencies in a single step.
- Uses the latest stable/LTS versions of the software.
- Can be used on any UNIX system with the corresponding dependencies.
- Is transparent and secure, by not forcing the system administrator to rely on packages built and distributed by unofficial sources.
Below are shown the GNU/Linux distributions for which the official Nginx packages come with versions of OpenSSL that support ALPN. If your operating system and version are listed below, do not use this utility. In that case it is preferable to use the official Nginx packages through your distribution's package manager.
- CentOS/Oracle Linux/RHEL 7.4 and later.
- Debian 9 (Stretch) and later.
- Ubuntu 16.04 LTS (Xenial Xerus) and later.
This utility requires wget and essential building tools like the make command and the GCC compiler. To install the necessary packages, go to the dependencies directory and run the script corresponding to your GNU/Linux distribution or family. For example:
sh dependencies/debian-ubuntu.shThe minimum OpenSSL version that supports ALPN is 1.0.2. You can edit the software versions that are going to be compiled by editing the data/versions.sh file. By default, the utility will build the latest stable version of Nginx with the latest supported stable/LTS versions of OpenSSL, PCRE and Zlib.
Run the main script and Nginx will be automatically compiled and installed in your system.
sh compile.shIf you want to build the latest mainline Nginx version instead of the stable one, comment and uncomment the corresponding lines of the data/versions.sh file. Do the same if you want to use the latest stable OpenSSL version instead of the LTS (long term support) one. If you want to support TLS 1.3 (that is a development feature), follow the instructions of the data/versions.sh file.
There are extra modules that you can optionally install by editing the file data/modules.sh.
Pagespeed is an open-source module created by Google to help make the web faster by rewriting web pages to reduce latency and bandwidth.
Naxsi is a web application firewall based on sets of rules. To enable it, edit the file data/modules.sh and set the INSTALL_NAXSI variable to yes.
Settings example for nginx.conf:
http {
include /etc/nginx/naxsi/naxsi-core.rules;
}Settings example for conf.d/*.conf:
location / {
try_files $uri $uri/ /index.php?$query_string;
SecRulesEnabled;
CheckRule "$SQL >= 10" BLOCK;
CheckRule "$RFI >= 10" BLOCK;
CheckRule "$TRAVERSAL >= 5" BLOCK;
CheckRule "$EVADE >= 5" BLOCK;
CheckRule "$XSS >= 10" BLOCK;
DeniedUrl "/naxsi.html";
include /etc/nginx/naxsi/naxsi-wordpress.rules;
}For the DeniedUrl rule to work, create a file named naxsi.html in the root directory.
This software is distributed under the MIT license. Please read LICENSE for information on the software availability and distribution.