Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Nginx stable and few improvements #155

Merged
merged 6 commits into from
Apr 24, 2024
Merged

Update Nginx stable and few improvements #155

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
1eaee87
Cleanup and test ngx_cache_purge updated module
VirtuBox Apr 23, 2024
21b1454
Update Nginx stable and few improvements
VirtuBox Apr 24, 2024
40dbae1
Update changelog
VirtuBox Apr 24, 2024
7ff2716
Update Nginx stable and few improvements
VirtuBox Apr 24, 2024
d818df5
Update changelog
VirtuBox Apr 24, 2024
77c6bdb
Merge branch 'dev' of https://github.com/VirtuBox/nginx-ee into dev
VirtuBox Apr 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),

## [Unreleased] - XX-XX-XX

## [3.8.1] - 2024-04-24

### Changed

- Nginx stable release bumped to 1.26.0
- HTTP/3 now available on both mainline and stable release
- Always download latest zlib library if zlib-cf not supported
- Always download the latest libressl release
- HTTP/2 HPACK removed

## [3.8.0] - 2024-04-23

### Added
Expand Down
12 changes: 6 additions & 6 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
</h1>

<h4 align="center">
Automated Nginx compilation from sources with additional modules support
Automated Nginx compilation from sources with HTTP/3 QUIC and additional modules support
</h4>

---
Expand Down Expand Up @@ -45,7 +45,7 @@ Automated Nginx compilation from sources with additional modules support
* Nginx built-in modules selection
* Nginx Third-party modules selection
* Dynamic modules support
* HTTP/3 QUIC Support with Mainline Release
* HTTP/3 QUIC Support
* Brotli Support
* TLS v1.3 support
* OpenSSL or LibreSSL
Expand All @@ -59,7 +59,7 @@ Automated Nginx compilation from sources with additional modules support
## Additional Third-party modules

Nginx current mainline release : **v1.25.5** with HTTP/3 QUIC
Nginx current stable release : **v1.24.0** with Cloudflare HTTP/2 HPACK
Nginx current stable release : **v1.26.0** with HTTP/3 QUIC

* [ngx_cache_purge](https://github.com/FRiCKLE/ngx_cache_purge)
* [headers-more-nginx-module](https://github.com/openresty/headers-more-nginx-module)
Expand Down Expand Up @@ -121,7 +121,7 @@ Optional modules :

### HTTP/3 QUIC

**Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).
**Full support of HTTP/3 QUIC is only available with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).

---

Expand Down Expand Up @@ -158,7 +158,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive

### Custom installation

Example : Nginx stable release HTTP/2 with naxsi
Example : Nginx stable release HTTP/3 with naxsi

```bash
bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi
Expand All @@ -168,7 +168,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi

Nginx build options :

* `--stable` : compile Nginx stable release with HTTP/2
* `--stable` : compile Nginx stable release with HTTP/3
* `--full` : Naxsi + RTMP
* `--dynamic` : Compile Nginx modules as dynamic modules
* `--noconf` : Compile Nginx without any configuring. Useful when you use devops tools like ansible.
Expand Down
10 changes: 5 additions & 5 deletions docs/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ Automated Nginx compilation from sources with additional modules support
<li>Nginx built-in modules selection</li>
<li>Nginx Third-party modules selection</li>
<li>Dynamic modules support</li>
<li>HTTP/3 QUIC Support with Mainline Release</li>
<li>HTTP/3 QUIC Support</li>
<li>Brotli Support</li>
<li>TLS v1.3 support (Final)</li>
<li>OpenSSL or LibreSSL</li>
Expand All @@ -52,8 +52,8 @@ Automated Nginx compilation from sources with additional modules support
</ul>
<hr />
<h2 id="additional-third-party-modules">Additional Third-party modules</h2>
<p>Nginx current mainline release : <strong>v1.25.5</strong> with HTTP/3 QUIC
Nginx current stable release : <strong>v1.24.0</strong></p> with Cloudflare HTTP/2 HPACK
<p>Nginx current mainline release : <strong>v1.25.5</strong> with HTTP/3 QUIC</p>
<p>Nginx current stable release : <strong>v1.26.0</strong> with HTTP/3 QUIC</p>
<ul>
<li><a href="https://github.com/FRiCKLE/ngx_cache_purge">ngx_cache_purge</a></li>
<li><a href="https://github.com/openresty/headers-more-nginx-module">headers-more-nginx-module</a></li>
Expand Down Expand Up @@ -109,7 +109,7 @@ Nginx current stable release : <strong>v1.24.0</strong></p> with Cloudflare HTTP
<li>18.x (Obsidian)</li>
</ul>
<h3>### HTTP/3 QUIC</h3>
<p><strong>Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**</strong>. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).</p>
<p><strong>Full support of HTTP/3 QUIC is only available with LibreSSL**</strong>. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).</p>

<hr />
<h2 id="usage">Usage</h2>
Expand All @@ -133,7 +133,7 @@ sudo bash nginx-build.sh
<pre><code class="language-bash">bash &lt;(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive
</code></pre>
<h3 id="custom-installation">Custom installation</h3>
<p>Example : Nginx stable release with HTTP/2 HPACK with naxsi</p>
<p>Example : Nginx stable release with HTTP/3 with naxsi</p>
<pre><code class="language-bash">bash &lt;(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi
</code></pre>
<h4 id="options-available">Options available</h4>
Expand Down
2 changes: 1 addition & 1 deletion etc/nginx/nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ http

server_tokens off;
reset_timedout_connection on;
add_header X-Powered-By "Nginx-ee v3.5.2 - Optimized by VirtuBox";
add_header X-Powered-By "Nginx-ee v3.8.1 - Optimized by VirtuBox";
add_header rt-Fastcgi-Cache $upstream_cache_status;

# Limit Request
Expand Down
124 changes: 18 additions & 106 deletions nginx-build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
# Copyright (c) 2019-2024 VirtuBox <[email protected]>
# This script is licensed under M.I.T
# -------------------------------------------------------------------------
# Version 3.8.0 - 2024-04-23
# Version 3.8.1 - 2024-04-24
# -------------------------------------------------------------------------

##################################
Expand All @@ -26,7 +26,7 @@ _help() {
echo " -------------------------------------------------------------------- "
echo ""
echo "Usage: ./nginx-ee <options> [modules]"
echo "By default, Nginx-ee will compile the latest Nginx mainline release with HTTP/3 and without Naxsi or RTMP module"
echo "By default, Nginx-ee will compile the latest Nginx mainline release without Naxsi or RTMP module"
echo " Options:"
echo " -h, --help ..... display this help"
echo " -i, --interactive ....... interactive installation"
Expand Down Expand Up @@ -138,8 +138,8 @@ fi
DIR_SRC="/usr/local/src"
NGINX_EE_VER=$(curl -m 5 --retry 3 -sL https://api.github.com/repos/VirtuBox/nginx-ee/releases/latest 2>&1 | jq -r '.tag_name')
NGINX_MAINLINE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 1 2>&1)"
NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.24 2>&1)"
LIBRESSL_VER="3.8.4"
NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.26 2>&1)"
LIBRESSL_VER="$(curl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ 2>&1 | grep -E -o 'libressl\-[0-9.]+\.tar[.a-z]*' | awk -F "libressl-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | sort -r | head -n 1)"
if command_exists openssl; then
OPENSSL_BIN_VER=$(openssl version)
OPENSSL_VER=${OPENSSL_BIN_VER:0:15}
Expand All @@ -150,7 +150,6 @@ TLS13_CIPHERS="TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+CHAC
readonly OS_ARCH="$(uname -m)"
OS_DISTRO_FULL="$(lsb_release -ds)"
readonly DISTRO_ID="$(lsb_release -si)"
readonly DISTRO_CODENAME="$(lsb_release -sc)"

# Colors
CSI='\033['
Expand Down Expand Up @@ -206,9 +205,7 @@ if [ "$INTERACTIVE_SETUP" = "1" ]; then
while [[ "$SSL_LIB_CHOICE" != "1" && "$SSL_LIB_CHOICE" != "2" ]]; do
echo -e "Select an option [1-2]: " && read -r SSL_LIB_CHOICE
done
if [ "$SSL_LIB_CHOICE" = "1" ]; then
OPENSSL_LIB=3
else
if [ "$SSL_LIB_CHOICE" = "2" ]; then
LIBRESSL="y"
fi
echo -e '\nDo you want NAXSI WAF (still experimental)? (y/n)'
Expand Down Expand Up @@ -236,11 +233,9 @@ fi

if [ "$NGINX_RELEASE" = "2" ]; then
NGINX_VER="$NGINX_STABLE"
NGX_HPACK="--with-http_v2_hpack_enc"
NGX_QUIC=""
NGX_QUIC="--with-http_v3_module"
else
NGINX_VER="$NGINX_MAINLINE"
NGX_HPACK=""
NGX_QUIC="--with-http_v3_module"
fi

Expand Down Expand Up @@ -285,7 +280,6 @@ else
OPENSSL_OPT="enable-tls1_3"
fi
fi
QUIC_VALID="NO"
NGX_SSL_LIB=""
OPENSSL_VALID="from system"
LIBSSL_DEV="libssl-dev"
Expand Down Expand Up @@ -323,20 +317,13 @@ echo ""
echo -e " - Nginx release : $NGINX_VER"
[ -n "$OPENSSL_VALID" ] && {
echo -e " - OPENSSL : $OPENSSL_VER"
if [ "$NGINX_RELEASE" = "2" ]; then
echo -e " - HTTP/2 HPACK : YES"
else
echo -e " - with HTTP/3 : YES"
fi
echo -e " - with HTTP/3 : YES"

}
[ -n "$LIBRESSL_VALID" ] && {
echo -e " - LIBRESSL : $LIBRESSL_VALID"
if [ "$NGINX_RELEASE" = "2" ]; then
echo -e " - HTTP/2 HPACK : YES"
else
echo -e " - HTTP/3 QUIC : YES"
fi
echo -e " - HTTP/3 QUIC : YES"

}
echo " - Dynamic modules $DYNAMIC_MODULES_VALID"
echo " - Naxsi : $NAXSI_VALID"
Expand Down Expand Up @@ -471,10 +458,8 @@ _dynamic_setup() {
}

##################################
# Install gcc7 or gcc8 from PPA
# Install gcc
##################################
# gcc7 if Nginx is compiled with RTMP module
# otherwise gcc8 is used

_gcc_setup() {
echo -ne ' Installing gcc [..]\r'
Expand Down Expand Up @@ -529,12 +514,12 @@ _download_modules() {
echo -ne ' Downloading additionals modules [..]\r'
if {
echo "### downloading additionals modules ###"
MODULES='FRiCKLE/ngx_cache_purge openresty/memc-nginx-module
MODULES='openresty/memc-nginx-module
simpl/ngx_devel_kit openresty/headers-more-nginx-module
openresty/echo-nginx-module yaoweibin/ngx_http_substitutions_filter_module
openresty/redis2-nginx-module openresty/srcache-nginx-module
openresty/set-misc-nginx-module sto/ngx_http_auth_pam_module
vozlt/nginx-module-vts centminmod/ngx_http_redis'
vozlt/nginx-module-vts centminmod/ngx_http_redis nginx-modules/ngx_cache_purge'
for MODULE in $MODULES; do
_gitget "$MODULE"
done
Expand Down Expand Up @@ -589,9 +574,9 @@ _download_zlib() {
echo "### configure zlib-cf ###"
./configure --prefix=/usr/local/zlib-cf
else
echo "### downloading zlib 1.2.13 ###"
echo "### downloading zlib latest ###"
rm -rf zlib
curl -sL http://zlib.net/zlib-1.2.13.tar.gz | /bin/tar zxf - -C "$DIR_SRC"
curl -sL http://zlib.net/current/zlib.tar.gz | /bin/tar zxf - -C "$DIR_SRC"
mv zlib-1.2.13 zlib
fi

Expand Down Expand Up @@ -633,67 +618,6 @@ _download_brotli() {

}

##################################
# Download and patch OpenSSL
##################################

_download_openssl_dev() {

cd "$DIR_SRC" || exit 1
if {
echo -ne ' Downloading openssl [..]\r'

{
if [ -d /usr/local/src/openssl ]; then
if [ ! -d /usr/local/src/openssl/.git ]; then
echo "### removing openssl extracted archive ###"
rm -rf /usr/local/src/openssl
echo "### cloning openssl ###"
git clone --depth=50 https://github.com/openssl/openssl.git /usr/local/src/openssl
cd /usr/local/src/openssl || exit 1
echo "### git checkout commit ###"
#git checkout $OPENSSL_COMMIT
else
cd /usr/local/src/openssl || exit 1
echo "### reset openssl to master and clean patches ###"
git fetch --all
git reset --hard origin/master
git clean -f
#git checkout $OPENSSL_COMMIT
fi
else
echo "### cloning openssl ###"
git clone --depth=50 https://github.com/openssl/openssl.git /usr/local/src/openssl
cd /usr/local/src/openssl || exit 1
echo "### git checkout commit ###"
#git checkout $OPENSSL_COMMIT
fi
} >>/tmp/nginx-ee.log 2>&1

{
if [ -d /usr/local/src/openssl-patch/.git ]; then
cd /usr/local/src/openssl-patch || exit 1
git pull origin master
else
git clone --depth=50 https://github.com/VirtuBox/openssl-patch.git /usr/local/src/openssl-patch
fi
cd /usr/local/src/openssl || exit 1
# apply openssl ciphers patch
echo "### openssl ciphers patch ###"
#patch -p1 <../openssl-patch/openssl-equal-3.0.0-dev_ciphers.patch
} >>/tmp/nginx-ee.log 2>&1

}; then
echo -ne " Downloading openssl [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else
echo -e " Downloading openssl [${CRED}FAIL${CEND}]"
echo -e '\n Please look at /tmp/nginx-ee.log\n'
exit 1
fi

}

##################################
# Download LibreSSL
##################################
Expand All @@ -706,8 +630,8 @@ _download_libressl() {

{
rm -rf /usr/local/src/libressl
curl -sL http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VER}.tar.gz | /bin/tar xzf - -C "$DIR_SRC"
mv /usr/local/src/libressl-${LIBRESSL_VER} /usr/local/src/libressl
curl -sL "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-$LIBRESSL_VER.tar.gz" | /bin/tar xzf - -C "$DIR_SRC"
mv "/usr/local/src/libressl-$LIBRESSL_VER" /usr/local/src/libressl
} >>/tmp/nginx-ee.log 2>&1

}; then
Expand Down Expand Up @@ -789,12 +713,7 @@ _patch_nginx() {
echo -ne ' Applying nginx patches [..]\r'

{
if [ "$NGINX_RELEASE" = "2" ]; then
curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_for_1.23.4.patch | patch -p1
else
curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1
fi
#curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_auto_using_PRIORITIZE_CHACHA.patch | patch -p1
curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1
} >>/tmp/nginx-ee.log 2>&1

}; then
Expand Down Expand Up @@ -897,7 +816,6 @@ _configure_nginx() {
$NGX_USER \
--with-file-aio \
--with-threads \
$NGX_HPACK \
$NGX_QUIC \
--with-http_v2_module \
--with-http_ssl_module \
Expand Down Expand Up @@ -1125,13 +1043,7 @@ fi
if [ "$LIBRESSL" = "y" ]; then
_download_libressl
else
if [ "$OPENSSL_LIB" = "2" ]; then
_download_openssl_dev
elif [ "$OPENSSL_LIB" = "3" ]; then
sleep 1
else
sleep 1
fi
sleep 1
fi
_download_nginx
_patch_nginx
Expand Down
Loading