From 1eaee87f2f0c11f1b68e7fe96187376fa0b6e252 Mon Sep 17 00:00:00 2001
From: VirtuBox
Date: Tue, 23 Apr 2024 09:23:54 +0200
Subject: [PATCH 1/5] Cleanup and test ngx_cache_purge updated module
---
nginx-build.sh | 73 +++-----------------------------------------------
1 file changed, 3 insertions(+), 70 deletions(-)
diff --git a/nginx-build.sh b/nginx-build.sh
index 8d41395..ef6420c 100755
--- a/nginx-build.sh
+++ b/nginx-build.sh
@@ -529,12 +529,12 @@ _download_modules() {
echo -ne ' Downloading additionals modules [..]\r'
if {
echo "### downloading additionals modules ###"
- MODULES='FRiCKLE/ngx_cache_purge openresty/memc-nginx-module
+ MODULES='openresty/memc-nginx-module
simpl/ngx_devel_kit openresty/headers-more-nginx-module
openresty/echo-nginx-module yaoweibin/ngx_http_substitutions_filter_module
openresty/redis2-nginx-module openresty/srcache-nginx-module
openresty/set-misc-nginx-module sto/ngx_http_auth_pam_module
- vozlt/nginx-module-vts centminmod/ngx_http_redis'
+ vozlt/nginx-module-vts centminmod/ngx_http_redis nginx-modules/ngx_cache_purge'
for MODULE in $MODULES; do
_gitget "$MODULE"
done
@@ -633,67 +633,6 @@ _download_brotli() {
}
-##################################
-# Download and patch OpenSSL
-##################################
-
-_download_openssl_dev() {
-
- cd "$DIR_SRC" || exit 1
- if {
- echo -ne ' Downloading openssl [..]\r'
-
- {
- if [ -d /usr/local/src/openssl ]; then
- if [ ! -d /usr/local/src/openssl/.git ]; then
- echo "### removing openssl extracted archive ###"
- rm -rf /usr/local/src/openssl
- echo "### cloning openssl ###"
- git clone --depth=50 https://github.com/openssl/openssl.git /usr/local/src/openssl
- cd /usr/local/src/openssl || exit 1
- echo "### git checkout commit ###"
- #git checkout $OPENSSL_COMMIT
- else
- cd /usr/local/src/openssl || exit 1
- echo "### reset openssl to master and clean patches ###"
- git fetch --all
- git reset --hard origin/master
- git clean -f
- #git checkout $OPENSSL_COMMIT
- fi
- else
- echo "### cloning openssl ###"
- git clone --depth=50 https://github.com/openssl/openssl.git /usr/local/src/openssl
- cd /usr/local/src/openssl || exit 1
- echo "### git checkout commit ###"
- #git checkout $OPENSSL_COMMIT
- fi
- } >>/tmp/nginx-ee.log 2>&1
-
- {
- if [ -d /usr/local/src/openssl-patch/.git ]; then
- cd /usr/local/src/openssl-patch || exit 1
- git pull origin master
- else
- git clone --depth=50 https://github.com/VirtuBox/openssl-patch.git /usr/local/src/openssl-patch
- fi
- cd /usr/local/src/openssl || exit 1
- # apply openssl ciphers patch
- echo "### openssl ciphers patch ###"
- #patch -p1 <../openssl-patch/openssl-equal-3.0.0-dev_ciphers.patch
- } >>/tmp/nginx-ee.log 2>&1
-
- }; then
- echo -ne " Downloading openssl [${CGREEN}OK${CEND}]\\r"
- echo -ne '\n'
- else
- echo -e " Downloading openssl [${CRED}FAIL${CEND}]"
- echo -e '\n Please look at /tmp/nginx-ee.log\n'
- exit 1
- fi
-
-}
-
##################################
# Download LibreSSL
##################################
@@ -1125,13 +1064,7 @@ fi
if [ "$LIBRESSL" = "y" ]; then
_download_libressl
else
- if [ "$OPENSSL_LIB" = "2" ]; then
- _download_openssl_dev
- elif [ "$OPENSSL_LIB" = "3" ]; then
- sleep 1
- else
- sleep 1
- fi
+ sleep 1
fi
_download_nginx
_patch_nginx
From 21b14548179e668d3a1fe11c731723f39659560d Mon Sep 17 00:00:00 2001
From: VirtuBox
Date: Wed, 24 Apr 2024 22:18:50 +0200
Subject: [PATCH 2/5] Update Nginx stable and few improvements
---
CHANGELOG.md | 9 ++++++++
README.md | 12 +++++------
docs/index.md | 10 ++++-----
etc/nginx/nginx.conf | 2 +-
nginx-build.sh | 51 +++++++++++++-------------------------------
5 files changed, 36 insertions(+), 48 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a9e9355..9330661 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## [Unreleased] - XX-XX-XX
+## [3.8.1] - 2024-04-24
+
+### Changed
+
+- Nginx stable release bumped to 1.26.0
+- HTTP/3 now available on both mainline and stable release
+- Always download latest zlib library if zlib-cf not supported
+- Always download the latest libressl release
+
## [3.8.0] - 2024-04-23
### Added
diff --git a/README.md b/README.md
index 76e5158..4b3951e 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@
-Automated Nginx compilation from sources with additional modules support
+Automated Nginx compilation from sources with HTTP/3 QUIC and additional modules support
---
@@ -45,7 +45,7 @@ Automated Nginx compilation from sources with additional modules support
* Nginx built-in modules selection
* Nginx Third-party modules selection
* Dynamic modules support
-* HTTP/3 QUIC Support with Mainline Release
+* HTTP/3 QUIC Support
* Brotli Support
* TLS v1.3 support
* OpenSSL or LibreSSL
@@ -59,7 +59,7 @@ Automated Nginx compilation from sources with additional modules support
## Additional Third-party modules
Nginx current mainline release : **v1.25.5** with HTTP/3 QUIC
-Nginx current stable release : **v1.24.0** with Cloudflare HTTP/2 HPACK
+Nginx current stable release : **v1.26.0** with HTTP/3 QUIC
* [ngx_cache_purge](https://github.com/FRiCKLE/ngx_cache_purge)
* [headers-more-nginx-module](https://github.com/openresty/headers-more-nginx-module)
@@ -121,7 +121,7 @@ Optional modules :
### HTTP/3 QUIC
-**Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).
+**Full support of HTTP/3 QUIC is only available with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).
---
@@ -158,7 +158,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive
### Custom installation
-Example : Nginx stable release HTTP/2 with naxsi
+Example : Nginx stable release HTTP/3 with naxsi
```bash
bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi
@@ -168,7 +168,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi
Nginx build options :
-* `--stable` : compile Nginx stable release with HTTP/2
+* `--stable` : compile Nginx stable release with HTTP/3
* `--full` : Naxsi + RTMP
* `--dynamic` : Compile Nginx modules as dynamic modules
* `--noconf` : Compile Nginx without any configuring. Useful when you use devops tools like ansible.
diff --git a/docs/index.md b/docs/index.md
index 71cf4b0..97ca796 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -42,7 +42,7 @@ Automated Nginx compilation from sources with additional modules support
Nginx built-in modules selection
Nginx Third-party modules selection
Dynamic modules support
-HTTP/3 QUIC Support with Mainline Release
+HTTP/3 QUIC Support
Brotli Support
TLS v1.3 support (Final)
OpenSSL or LibreSSL
@@ -52,8 +52,8 @@ Automated Nginx compilation from sources with additional modules support
Additional Third-party modules
-Nginx current mainline release : v1.25.5 with HTTP/3 QUIC
-Nginx current stable release : v1.24.0
with Cloudflare HTTP/2 HPACK
+Nginx current mainline release : v1.25.5 with HTTP/3 QUIC
+Nginx current stable release : v1.26.0 with HTTP/3 QUIC
with Cloudflare HTTP
18.x (Obsidian)
### HTTP/3 QUIC
-Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).
+Full support of HTTP/3 QUIC is only available with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).
Usage
@@ -133,7 +133,7 @@ sudo bash nginx-build.sh
bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive
Custom installation
-Example : Nginx stable release with HTTP/2 HPACK with naxsi
+Example : Nginx stable release with HTTP/3 with naxsi
bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi
Options available
diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
index 113807a..16d4383 100644
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -36,7 +36,7 @@ http
server_tokens off;
reset_timedout_connection on;
- add_header X-Powered-By "Nginx-ee v3.5.2 - Optimized by VirtuBox";
+ add_header X-Powered-By "Nginx-ee v3.8.1 - Optimized by VirtuBox";
add_header rt-Fastcgi-Cache $upstream_cache_status;
# Limit Request
diff --git a/nginx-build.sh b/nginx-build.sh
index ef6420c..61b8cab 100755
--- a/nginx-build.sh
+++ b/nginx-build.sh
@@ -7,7 +7,7 @@
# Copyright (c) 2019-2024 VirtuBox
# This script is licensed under M.I.T
# -------------------------------------------------------------------------
-# Version 3.8.0 - 2024-04-23
+# Version 3.8.1 - 2024-04-24
# -------------------------------------------------------------------------
##################################
@@ -26,7 +26,7 @@ _help() {
echo " -------------------------------------------------------------------- "
echo ""
echo "Usage: ./nginx-ee [modules]"
- echo "By default, Nginx-ee will compile the latest Nginx mainline release with HTTP/3 and without Naxsi or RTMP module"
+ echo "By default, Nginx-ee will compile the latest Nginx mainline release without Naxsi or RTMP module"
echo " Options:"
echo " -h, --help ..... display this help"
echo " -i, --interactive ....... interactive installation"
@@ -138,8 +138,8 @@ fi
DIR_SRC="/usr/local/src"
NGINX_EE_VER=$(curl -m 5 --retry 3 -sL https://api.github.com/repos/VirtuBox/nginx-ee/releases/latest 2>&1 | jq -r '.tag_name')
NGINX_MAINLINE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 1 2>&1)"
-NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.24 2>&1)"
-LIBRESSL_VER="3.8.4"
+NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.26 2>&1)"
+LIBRESSL_VER="$(curl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ 2>&1 | grep -E -o 'libressl\-[0-9.]+\.tar[.a-z]*' | awk -F "libressl-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | sort -r | head -n 1)"
if command_exists openssl; then
OPENSSL_BIN_VER=$(openssl version)
OPENSSL_VER=${OPENSSL_BIN_VER:0:15}
@@ -150,7 +150,6 @@ TLS13_CIPHERS="TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+CHAC
readonly OS_ARCH="$(uname -m)"
OS_DISTRO_FULL="$(lsb_release -ds)"
readonly DISTRO_ID="$(lsb_release -si)"
-readonly DISTRO_CODENAME="$(lsb_release -sc)"
# Colors
CSI='\033['
@@ -206,9 +205,7 @@ if [ "$INTERACTIVE_SETUP" = "1" ]; then
while [[ "$SSL_LIB_CHOICE" != "1" && "$SSL_LIB_CHOICE" != "2" ]]; do
echo -e "Select an option [1-2]: " && read -r SSL_LIB_CHOICE
done
- if [ "$SSL_LIB_CHOICE" = "1" ]; then
- OPENSSL_LIB=3
- else
+ if [ "$SSL_LIB_CHOICE" = "2" ]; then
LIBRESSL="y"
fi
echo -e '\nDo you want NAXSI WAF (still experimental)? (y/n)'
@@ -236,11 +233,9 @@ fi
if [ "$NGINX_RELEASE" = "2" ]; then
NGINX_VER="$NGINX_STABLE"
- NGX_HPACK="--with-http_v2_hpack_enc"
- NGX_QUIC=""
+ NGX_QUIC="--with-http_v3_module"
else
NGINX_VER="$NGINX_MAINLINE"
- NGX_HPACK=""
NGX_QUIC="--with-http_v3_module"
fi
@@ -285,7 +280,6 @@ else
OPENSSL_OPT="enable-tls1_3"
fi
fi
- QUIC_VALID="NO"
NGX_SSL_LIB=""
OPENSSL_VALID="from system"
LIBSSL_DEV="libssl-dev"
@@ -323,20 +317,13 @@ echo ""
echo -e " - Nginx release : $NGINX_VER"
[ -n "$OPENSSL_VALID" ] && {
echo -e " - OPENSSL : $OPENSSL_VER"
- if [ "$NGINX_RELEASE" = "2" ]; then
- echo -e " - HTTP/2 HPACK : YES"
- else
- echo -e " - with HTTP/3 : YES"
- fi
+ echo -e " - with HTTP/3 : YES"
}
[ -n "$LIBRESSL_VALID" ] && {
echo -e " - LIBRESSL : $LIBRESSL_VALID"
- if [ "$NGINX_RELEASE" = "2" ]; then
- echo -e " - HTTP/2 HPACK : YES"
- else
- echo -e " - HTTP/3 QUIC : YES"
- fi
+ echo -e " - HTTP/3 QUIC : YES"
+
}
echo " - Dynamic modules $DYNAMIC_MODULES_VALID"
echo " - Naxsi : $NAXSI_VALID"
@@ -471,10 +458,8 @@ _dynamic_setup() {
}
##################################
-# Install gcc7 or gcc8 from PPA
+# Install gcc
##################################
-# gcc7 if Nginx is compiled with RTMP module
-# otherwise gcc8 is used
_gcc_setup() {
echo -ne ' Installing gcc [..]\r'
@@ -589,9 +574,9 @@ _download_zlib() {
echo "### configure zlib-cf ###"
./configure --prefix=/usr/local/zlib-cf
else
- echo "### downloading zlib 1.2.13 ###"
+ echo "### downloading zlib latest ###"
rm -rf zlib
- curl -sL http://zlib.net/zlib-1.2.13.tar.gz | /bin/tar zxf - -C "$DIR_SRC"
+ curl -sL http://zlib.net/current/zlib.tar.gz | /bin/tar zxf - -C "$DIR_SRC"
mv zlib-1.2.13 zlib
fi
@@ -645,8 +630,8 @@ _download_libressl() {
{
rm -rf /usr/local/src/libressl
- curl -sL http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VER}.tar.gz | /bin/tar xzf - -C "$DIR_SRC"
- mv /usr/local/src/libressl-${LIBRESSL_VER} /usr/local/src/libressl
+ curl -sL "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-$LIBRESSL_VER.tar.gz" | /bin/tar xzf - -C "$DIR_SRC"
+ mv "/usr/local/src/libressl-$LIBRESSL_VER" /usr/local/src/libressl
} >>/tmp/nginx-ee.log 2>&1
}; then
@@ -728,12 +713,7 @@ _patch_nginx() {
echo -ne ' Applying nginx patches [..]\r'
{
- if [ "$NGINX_RELEASE" = "2" ]; then
- curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_for_1.23.4.patch | patch -p1
- else
- curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1
- fi
- #curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_auto_using_PRIORITIZE_CHACHA.patch | patch -p1
+ curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1
} >>/tmp/nginx-ee.log 2>&1
}; then
@@ -836,7 +816,6 @@ _configure_nginx() {
$NGX_USER \
--with-file-aio \
--with-threads \
- $NGX_HPACK \
$NGX_QUIC \
--with-http_v2_module \
--with-http_ssl_module \
From 40dbae1aab83d01fd43099d8ce2150f01f36a3e5 Mon Sep 17 00:00:00 2001
From: VirtuBox
Date: Wed, 24 Apr 2024 22:19:44 +0200
Subject: [PATCH 3/5] Update changelog
---
CHANGELOG.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9330661..ae76810 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- HTTP/3 now available on both mainline and stable release
- Always download latest zlib library if zlib-cf not supported
- Always download the latest libressl release
+- HTTP/2 HPACK removed
## [3.8.0] - 2024-04-23
From 7ff27169d9cf0c4e17ba8898133aab97926fc5d6 Mon Sep 17 00:00:00 2001
From: VirtuBox
Date: Wed, 24 Apr 2024 22:18:50 +0200
Subject: [PATCH 4/5] Update Nginx stable and few improvements
---
CHANGELOG.md | 9 ++++++++
README.md | 12 +++++------
docs/index.md | 10 ++++-----
etc/nginx/nginx.conf | 2 +-
nginx-build.sh | 51 +++++++++++++-------------------------------
5 files changed, 36 insertions(+), 48 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a9e9355..9330661 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## [Unreleased] - XX-XX-XX
+## [3.8.1] - 2024-04-24
+
+### Changed
+
+- Nginx stable release bumped to 1.26.0
+- HTTP/3 now available on both mainline and stable release
+- Always download latest zlib library if zlib-cf not supported
+- Always download the latest libressl release
+
## [3.8.0] - 2024-04-23
### Added
diff --git a/README.md b/README.md
index 76e5158..4b3951e 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@
-Automated Nginx compilation from sources with additional modules support
+Automated Nginx compilation from sources with HTTP/3 QUIC and additional modules support
---
@@ -45,7 +45,7 @@ Automated Nginx compilation from sources with additional modules support
* Nginx built-in modules selection
* Nginx Third-party modules selection
* Dynamic modules support
-* HTTP/3 QUIC Support with Mainline Release
+* HTTP/3 QUIC Support
* Brotli Support
* TLS v1.3 support
* OpenSSL or LibreSSL
@@ -59,7 +59,7 @@ Automated Nginx compilation from sources with additional modules support
## Additional Third-party modules
Nginx current mainline release : **v1.25.5** with HTTP/3 QUIC
-Nginx current stable release : **v1.24.0** with Cloudflare HTTP/2 HPACK
+Nginx current stable release : **v1.26.0** with HTTP/3 QUIC
* [ngx_cache_purge](https://github.com/FRiCKLE/ngx_cache_purge)
* [headers-more-nginx-module](https://github.com/openresty/headers-more-nginx-module)
@@ -121,7 +121,7 @@ Optional modules :
### HTTP/3 QUIC
-**Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).
+**Full support of HTTP/3 QUIC is only available with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).
---
@@ -158,7 +158,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive
### Custom installation
-Example : Nginx stable release HTTP/2 with naxsi
+Example : Nginx stable release HTTP/3 with naxsi
```bash
bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi
@@ -168,7 +168,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi
Nginx build options :
-* `--stable` : compile Nginx stable release with HTTP/2
+* `--stable` : compile Nginx stable release with HTTP/3
* `--full` : Naxsi + RTMP
* `--dynamic` : Compile Nginx modules as dynamic modules
* `--noconf` : Compile Nginx without any configuring. Useful when you use devops tools like ansible.
diff --git a/docs/index.md b/docs/index.md
index 71cf4b0..97ca796 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -42,7 +42,7 @@ Automated Nginx compilation from sources with additional modules support
Nginx built-in modules selection
Nginx Third-party modules selection
Dynamic modules support
-HTTP/3 QUIC Support with Mainline Release
+HTTP/3 QUIC Support
Brotli Support
TLS v1.3 support (Final)
OpenSSL or LibreSSL
@@ -52,8 +52,8 @@ Automated Nginx compilation from sources with additional modules support
Additional Third-party modules
-Nginx current mainline release : v1.25.5 with HTTP/3 QUIC
-Nginx current stable release : v1.24.0
with Cloudflare HTTP/2 HPACK
+Nginx current mainline release : v1.25.5 with HTTP/3 QUIC
+Nginx current stable release : v1.26.0 with HTTP/3 QUIC
### HTTP/3 QUIC
-Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).
+Full support of HTTP/3 QUIC is only available with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).
Usage
@@ -133,7 +133,7 @@ sudo bash nginx-build.sh
bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive
Custom installation
-Example : Nginx stable release with HTTP/2 HPACK with naxsi
+Example : Nginx stable release with HTTP/3 with naxsi
bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi
Options available
diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
index 113807a..16d4383 100644
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -36,7 +36,7 @@ http
server_tokens off;
reset_timedout_connection on;
- add_header X-Powered-By "Nginx-ee v3.5.2 - Optimized by VirtuBox";
+ add_header X-Powered-By "Nginx-ee v3.8.1 - Optimized by VirtuBox";
add_header rt-Fastcgi-Cache $upstream_cache_status;
# Limit Request
diff --git a/nginx-build.sh b/nginx-build.sh
index ef6420c..61b8cab 100755
--- a/nginx-build.sh
+++ b/nginx-build.sh
@@ -7,7 +7,7 @@
# Copyright (c) 2019-2024 VirtuBox
# This script is licensed under M.I.T
# -------------------------------------------------------------------------
-# Version 3.8.0 - 2024-04-23
+# Version 3.8.1 - 2024-04-24
# -------------------------------------------------------------------------
##################################
@@ -26,7 +26,7 @@ _help() {
echo " -------------------------------------------------------------------- "
echo ""
echo "Usage: ./nginx-ee [modules]"
- echo "By default, Nginx-ee will compile the latest Nginx mainline release with HTTP/3 and without Naxsi or RTMP module"
+ echo "By default, Nginx-ee will compile the latest Nginx mainline release without Naxsi or RTMP module"
echo " Options:"
echo " -h, --help ..... display this help"
echo " -i, --interactive ....... interactive installation"
@@ -138,8 +138,8 @@ fi
DIR_SRC="/usr/local/src"
NGINX_EE_VER=$(curl -m 5 --retry 3 -sL https://api.github.com/repos/VirtuBox/nginx-ee/releases/latest 2>&1 | jq -r '.tag_name')
NGINX_MAINLINE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 1 2>&1)"
-NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.24 2>&1)"
-LIBRESSL_VER="3.8.4"
+NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.26 2>&1)"
+LIBRESSL_VER="$(curl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ 2>&1 | grep -E -o 'libressl\-[0-9.]+\.tar[.a-z]*' | awk -F "libressl-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | sort -r | head -n 1)"
if command_exists openssl; then
OPENSSL_BIN_VER=$(openssl version)
OPENSSL_VER=${OPENSSL_BIN_VER:0:15}
@@ -150,7 +150,6 @@ TLS13_CIPHERS="TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+CHAC
readonly OS_ARCH="$(uname -m)"
OS_DISTRO_FULL="$(lsb_release -ds)"
readonly DISTRO_ID="$(lsb_release -si)"
-readonly DISTRO_CODENAME="$(lsb_release -sc)"
# Colors
CSI='\033['
@@ -206,9 +205,7 @@ if [ "$INTERACTIVE_SETUP" = "1" ]; then
while [[ "$SSL_LIB_CHOICE" != "1" && "$SSL_LIB_CHOICE" != "2" ]]; do
echo -e "Select an option [1-2]: " && read -r SSL_LIB_CHOICE
done
- if [ "$SSL_LIB_CHOICE" = "1" ]; then
- OPENSSL_LIB=3
- else
+ if [ "$SSL_LIB_CHOICE" = "2" ]; then
LIBRESSL="y"
fi
echo -e '\nDo you want NAXSI WAF (still experimental)? (y/n)'
@@ -236,11 +233,9 @@ fi
if [ "$NGINX_RELEASE" = "2" ]; then
NGINX_VER="$NGINX_STABLE"
- NGX_HPACK="--with-http_v2_hpack_enc"
- NGX_QUIC=""
+ NGX_QUIC="--with-http_v3_module"
else
NGINX_VER="$NGINX_MAINLINE"
- NGX_HPACK=""
NGX_QUIC="--with-http_v3_module"
fi
@@ -285,7 +280,6 @@ else
OPENSSL_OPT="enable-tls1_3"
fi
fi
- QUIC_VALID="NO"
NGX_SSL_LIB=""
OPENSSL_VALID="from system"
LIBSSL_DEV="libssl-dev"
@@ -323,20 +317,13 @@ echo ""
echo -e " - Nginx release : $NGINX_VER"
[ -n "$OPENSSL_VALID" ] && {
echo -e " - OPENSSL : $OPENSSL_VER"
- if [ "$NGINX_RELEASE" = "2" ]; then
- echo -e " - HTTP/2 HPACK : YES"
- else
- echo -e " - with HTTP/3 : YES"
- fi
+ echo -e " - with HTTP/3 : YES"
}
[ -n "$LIBRESSL_VALID" ] && {
echo -e " - LIBRESSL : $LIBRESSL_VALID"
- if [ "$NGINX_RELEASE" = "2" ]; then
- echo -e " - HTTP/2 HPACK : YES"
- else
- echo -e " - HTTP/3 QUIC : YES"
- fi
+ echo -e " - HTTP/3 QUIC : YES"
+
}
echo " - Dynamic modules $DYNAMIC_MODULES_VALID"
echo " - Naxsi : $NAXSI_VALID"
@@ -471,10 +458,8 @@ _dynamic_setup() {
}
##################################
-# Install gcc7 or gcc8 from PPA
+# Install gcc
##################################
-# gcc7 if Nginx is compiled with RTMP module
-# otherwise gcc8 is used
_gcc_setup() {
echo -ne ' Installing gcc [..]\r'
@@ -589,9 +574,9 @@ _download_zlib() {
echo "### configure zlib-cf ###"
./configure --prefix=/usr/local/zlib-cf
else
- echo "### downloading zlib 1.2.13 ###"
+ echo "### downloading zlib latest ###"
rm -rf zlib
- curl -sL http://zlib.net/zlib-1.2.13.tar.gz | /bin/tar zxf - -C "$DIR_SRC"
+ curl -sL http://zlib.net/current/zlib.tar.gz | /bin/tar zxf - -C "$DIR_SRC"
mv zlib-1.2.13 zlib
fi
@@ -645,8 +630,8 @@ _download_libressl() {
{
rm -rf /usr/local/src/libressl
- curl -sL http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VER}.tar.gz | /bin/tar xzf - -C "$DIR_SRC"
- mv /usr/local/src/libressl-${LIBRESSL_VER} /usr/local/src/libressl
+ curl -sL "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-$LIBRESSL_VER.tar.gz" | /bin/tar xzf - -C "$DIR_SRC"
+ mv "/usr/local/src/libressl-$LIBRESSL_VER" /usr/local/src/libressl
} >>/tmp/nginx-ee.log 2>&1
}; then
@@ -728,12 +713,7 @@ _patch_nginx() {
echo -ne ' Applying nginx patches [..]\r'
{
- if [ "$NGINX_RELEASE" = "2" ]; then
- curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_for_1.23.4.patch | patch -p1
- else
- curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1
- fi
- #curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_auto_using_PRIORITIZE_CHACHA.patch | patch -p1
+ curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1
} >>/tmp/nginx-ee.log 2>&1
}; then
@@ -836,7 +816,6 @@ _configure_nginx() {
$NGX_USER \
--with-file-aio \
--with-threads \
- $NGX_HPACK \
$NGX_QUIC \
--with-http_v2_module \
--with-http_ssl_module \
From d818df511b3b4b476626a49329831d9f5d9df1de Mon Sep 17 00:00:00 2001
From: VirtuBox
Date: Wed, 24 Apr 2024 22:19:44 +0200
Subject: [PATCH 5/5] Update changelog
---
CHANGELOG.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9330661..ae76810 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- HTTP/3 now available on both mainline and stable release
- Always download latest zlib library if zlib-cf not supported
- Always download the latest libressl release
+- HTTP/2 HPACK removed
## [3.8.0] - 2024-04-23