mirror of
https://github.com/joglomedia/LEMPer.git
synced 2026-04-13 16:31:46 +00:00
Delete install_nginx_from_source.txt
unused file
This commit is contained in:
Edi Septriyanto
@@ -1,211 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Nginx from Source installer
|
||||
# Min requirement : GNU/Linux Ubuntu 14.04 & 16.04
|
||||
# Last Build : 17/11/2018
|
||||
# Author : ESLabs.id (eslabs.id@gmail.com)
|
||||
|
||||
# Make sure only root can run this installer script
|
||||
if [ $(id -u) -ne 0 ]; then
|
||||
echo "This script must be run as root..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
apt update && apt upgrade -y
|
||||
apt install build-essential git wget -y
|
||||
|
||||
## Dependencies ##
|
||||
|
||||
# PCRE version 4.4 - 8.40
|
||||
wget https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz && \
|
||||
tar xzvf pcre-8.42.tar.gz && \
|
||||
rm -f pcre-8.42.tar.gz
|
||||
|
||||
# zlib version 1.1.3 - 1.2.11
|
||||
wget http://www.zlib.net/zlib-1.2.11.tar.gz && \
|
||||
tar xzvf zlib-1.2.11.tar.gz && \
|
||||
rm -f zlib-1.2.11.tar.gz
|
||||
|
||||
# OpenSSL version 1.0.2 - 1.1.0
|
||||
wget https://www.openssl.org/source/openssl-1.1.0i.tar.gz && \
|
||||
tar xzvf openssl-1.1.0i.tar.gz && \
|
||||
rm -f openssl-1.1.0i.tar.gz
|
||||
|
||||
## Nginx sources ##
|
||||
wget https://nginx.org/download/nginx-1.14.1.tar.gz && \
|
||||
tar zxvf nginx-1.14.1.tar.gz && \
|
||||
nginx-1.14.1.tar.gz
|
||||
|
||||
## Nginx modules ##
|
||||
|
||||
mkdir modules
|
||||
cd modules
|
||||
|
||||
# FastCGI cache purge
|
||||
wget http://labs.frickle.com/files/ngx_cache_purge-2.3.tar.gz && \
|
||||
tar zxvf ngx_cache_purge-2.3.tar.gz && \
|
||||
rm -f ngx_cache_purge-2.3.tar.gz
|
||||
|
||||
git clone https://github.com/sto/ngx_http_auth_pam_module.git
|
||||
|
||||
git clone https://github.com/arut/nginx-dav-ext-module.git
|
||||
|
||||
git clone https://github.com/openresty/echo-nginx-module.git
|
||||
|
||||
git clone https://github.com/gnosek/nginx-upstream-fair.git
|
||||
|
||||
git clone git://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
|
||||
|
||||
# PageSpeed
|
||||
git clone https://github.com/apache/incubator-pagespeed-ngx.git
|
||||
|
||||
# PubSub server
|
||||
git clone https://github.com/slact/nchan.git
|
||||
|
||||
# Naxi Web Application Firewall
|
||||
git clone https://github.com/nbs-system/naxsi.git
|
||||
|
||||
# Fancy Index
|
||||
git clone https://github.com/aperezdc/ngx-fancyindex.git
|
||||
|
||||
# Handle Upload
|
||||
git clone https://github.com/fdintino/nginx-upload-module.git
|
||||
git clone https://github.com/masterzen/nginx-upload-progress-module.git
|
||||
|
||||
# VHost traffic status
|
||||
git clone https://github.com/vozlt/nginx-module-vts.git
|
||||
|
||||
cd ../
|
||||
|
||||
## Configure Nginx ##
|
||||
|
||||
cd nginx-1.14.1
|
||||
|
||||
./configure --prefix=/usr/share/nginx \
|
||||
--sbin-path=/usr/sbin/nginx \
|
||||
--modules-path=/usr/lib/nginx/modules \
|
||||
--conf-path=/etc/nginx/nginx.conf \
|
||||
--error-log-path=/var/log/nginx/error.log \
|
||||
--http-log-path=/var/log/nginx/access.log \
|
||||
--pid-path=/run/nginx.pid \
|
||||
--lock-path=/var/lock/nginx.lock \
|
||||
--user=www-data \
|
||||
--group=www-data \
|
||||
--build=Ubuntu \
|
||||
--http-client-body-temp-path=/var/lib/nginx/body \
|
||||
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
|
||||
--http-proxy-temp-path=/var/lib/nginx/proxy \
|
||||
--http-scgi-temp-path=/var/lib/nginx/scgi \
|
||||
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
|
||||
--with-openssl=../openssl-1.1.0i \
|
||||
--with-openssl-opt=enable-ec_nistp_64_gcc_128 \
|
||||
--with-openssl-opt=no-nextprotoneg \
|
||||
--with-openssl-opt=no-weak-ssl-ciphers \
|
||||
--with-openssl-opt=no-ssl3 \
|
||||
--with-pcre=../pcre-8.42 \
|
||||
--with-pcre-jit \
|
||||
--with-zlib=../zlib-1.2.11 \
|
||||
--with-compat \
|
||||
--with-file-aio \
|
||||
--with-threads \
|
||||
--with-http_addition_module \
|
||||
--with-http_auth_request_module \
|
||||
--with-http_dav_module \
|
||||
--with-http_flv_module \
|
||||
--with-http_gunzip_module \
|
||||
--with-http_gzip_static_module \
|
||||
--with-http_mp4_module \
|
||||
--with-http_random_index_module \
|
||||
--with-http_realip_module \
|
||||
--with-http_slice_module \
|
||||
--with-http_ssl_module \
|
||||
--with-http_sub_module \
|
||||
--with-http_stub_status_module \
|
||||
--with-http_v2_module \
|
||||
--with-http_secure_link_module \
|
||||
--with-http_geoip_module=dynamic \
|
||||
--with-http_image_filter_module=dynamic \
|
||||
--with-http_xslt_module=dynamic \
|
||||
--with-mail=dynamic \
|
||||
--with-mail_ssl_module \
|
||||
--with-stream=dynamic \
|
||||
--with-stream_realip_module \
|
||||
--with-stream_ssl_module \
|
||||
--with-stream_ssl_preread_module \
|
||||
--with-debug \
|
||||
--with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' \
|
||||
--with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' \
|
||||
--add-dynamic-module=../modules/ngx_http_auth_pam_module \
|
||||
--add-dynamic-module=../modules/nginx-dav-ext-module \
|
||||
--add-dynamic-module=../modules/echo-nginx-module \
|
||||
--add-dynamic-module=../modules/nginx-upstream-fair \
|
||||
--add-dynamic-module=../modules/ngx_http_substitutions_filter_module \
|
||||
--add-dynamic-module=../modules/ngx_cache_purge-2.3 \
|
||||
--add-dynamic-module=../modules/incubator-pagespeed-ngx
|
||||
|
||||
make && \
|
||||
make install
|
||||
|
||||
mkdir -p /var/lib/nginx && \
|
||||
nginx -t
|
||||
|
||||
# Systemd unit file for NGINX
|
||||
cat > /lib/systemd/system/nginx.service <<EOL
|
||||
# Stop dance for nginx
|
||||
# =======================
|
||||
#
|
||||
# ExecStop sends SIGSTOP (graceful stop) to the nginx process.
|
||||
# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control
|
||||
# and sends SIGTERM (fast shutdown) to the main process.
|
||||
# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends
|
||||
# SIGKILL to all the remaining processes in the process group (KillMode=mixed).
|
||||
#
|
||||
# nginx signals reference doc:
|
||||
# http://nginx.org/en/docs/control.html
|
||||
#
|
||||
[Unit]
|
||||
Description=A high performance web server and a reverse proxy server
|
||||
Documentation=man:nginx(8)
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
PIDFile=/run/nginx.pid
|
||||
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
|
||||
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
|
||||
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
|
||||
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
|
||||
TimeoutStopSec=5
|
||||
KillMode=mixed
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOL
|
||||
|
||||
# Start and enable NGINX service:
|
||||
systemctl start nginx.service && \
|
||||
systemctl enable nginx.service
|
||||
|
||||
# Check if NGINX will startup after a reboot:
|
||||
#sudo systemctl is-enabled nginx.service
|
||||
|
||||
# Create UFW NGINX application profile:
|
||||
cat > /etc/ufw/applications.d/nginx <<EOL
|
||||
[Nginx HTTP]
|
||||
title=Web Server (Nginx, HTTP)
|
||||
description=Small, but very powerful and efficient web server
|
||||
ports=80/tcp
|
||||
|
||||
[Nginx HTTPS]
|
||||
title=Web Server (Nginx, HTTPS)
|
||||
description=Small, but very powerful and efficient web server
|
||||
ports=443/tcp
|
||||
|
||||
[Nginx Full]
|
||||
title=Web Server (Nginx, HTTP + HTTPS)
|
||||
description=Small, but very powerful and efficient web server
|
||||
ports=80,443/tcp
|
||||
EOL
|
||||
|
||||
# Verify that UFW app profiles are created and recognized
|
||||
sudo ufw app list
|
||||
Reference in New Issue
Block a user