From 1eaee87f2f0c11f1b68e7fe96187376fa0b6e252 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 23 Apr 2024 09:23:54 +0200 Subject: [PATCH 1/5] Cleanup and test ngx_cache_purge updated module --- nginx-build.sh | 73 +++----------------------------------------------- 1 file changed, 3 insertions(+), 70 deletions(-) diff --git a/nginx-build.sh b/nginx-build.sh index 8d41395..ef6420c 100755 --- a/nginx-build.sh +++ b/nginx-build.sh @@ -529,12 +529,12 @@ _download_modules() { echo -ne ' Downloading additionals modules [..]\r' if { echo "### downloading additionals modules ###" - MODULES='FRiCKLE/ngx_cache_purge openresty/memc-nginx-module + MODULES='openresty/memc-nginx-module simpl/ngx_devel_kit openresty/headers-more-nginx-module openresty/echo-nginx-module yaoweibin/ngx_http_substitutions_filter_module openresty/redis2-nginx-module openresty/srcache-nginx-module openresty/set-misc-nginx-module sto/ngx_http_auth_pam_module - vozlt/nginx-module-vts centminmod/ngx_http_redis' + vozlt/nginx-module-vts centminmod/ngx_http_redis nginx-modules/ngx_cache_purge' for MODULE in $MODULES; do _gitget "$MODULE" done @@ -633,67 +633,6 @@ _download_brotli() { } -################################## -# Download and patch OpenSSL -################################## - -_download_openssl_dev() { - - cd "$DIR_SRC" || exit 1 - if { - echo -ne ' Downloading openssl [..]\r' - - { - if [ -d /usr/local/src/openssl ]; then - if [ ! -d /usr/local/src/openssl/.git ]; then - echo "### removing openssl extracted archive ###" - rm -rf /usr/local/src/openssl - echo "### cloning openssl ###" - git clone --depth=50 https://github.com/openssl/openssl.git /usr/local/src/openssl - cd /usr/local/src/openssl || exit 1 - echo "### git checkout commit ###" - #git checkout $OPENSSL_COMMIT - else - cd /usr/local/src/openssl || exit 1 - echo "### reset openssl to master and clean patches ###" - git fetch --all - git reset --hard origin/master - git clean -f - #git checkout $OPENSSL_COMMIT - fi - else - echo "### cloning openssl ###" - git clone --depth=50 https://github.com/openssl/openssl.git /usr/local/src/openssl - cd /usr/local/src/openssl || exit 1 - echo "### git checkout commit ###" - #git checkout $OPENSSL_COMMIT - fi - } >>/tmp/nginx-ee.log 2>&1 - - { - if [ -d /usr/local/src/openssl-patch/.git ]; then - cd /usr/local/src/openssl-patch || exit 1 - git pull origin master - else - git clone --depth=50 https://github.com/VirtuBox/openssl-patch.git /usr/local/src/openssl-patch - fi - cd /usr/local/src/openssl || exit 1 - # apply openssl ciphers patch - echo "### openssl ciphers patch ###" - #patch -p1 <../openssl-patch/openssl-equal-3.0.0-dev_ciphers.patch - } >>/tmp/nginx-ee.log 2>&1 - - }; then - echo -ne " Downloading openssl [${CGREEN}OK${CEND}]\\r" - echo -ne '\n' - else - echo -e " Downloading openssl [${CRED}FAIL${CEND}]" - echo -e '\n Please look at /tmp/nginx-ee.log\n' - exit 1 - fi - -} - ################################## # Download LibreSSL ################################## @@ -1125,13 +1064,7 @@ fi if [ "$LIBRESSL" = "y" ]; then _download_libressl else - if [ "$OPENSSL_LIB" = "2" ]; then - _download_openssl_dev - elif [ "$OPENSSL_LIB" = "3" ]; then - sleep 1 - else - sleep 1 - fi + sleep 1 fi _download_nginx _patch_nginx From 21b14548179e668d3a1fe11c731723f39659560d Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 24 Apr 2024 22:18:50 +0200 Subject: [PATCH 2/5] Update Nginx stable and few improvements --- CHANGELOG.md | 9 ++++++++ README.md | 12 +++++------ docs/index.md | 10 ++++----- etc/nginx/nginx.conf | 2 +- nginx-build.sh | 51 +++++++++++++------------------------------- 5 files changed, 36 insertions(+), 48 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a9e9355..9330661 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [Unreleased] - XX-XX-XX +## [3.8.1] - 2024-04-24 + +### Changed + +- Nginx stable release bumped to 1.26.0 +- HTTP/3 now available on both mainline and stable release +- Always download latest zlib library if zlib-cf not supported +- Always download the latest libressl release + ## [3.8.0] - 2024-04-23 ### Added diff --git a/README.md b/README.md index 76e5158..4b3951e 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@

-Automated Nginx compilation from sources with additional modules support +Automated Nginx compilation from sources with HTTP/3 QUIC and additional modules support

--- @@ -45,7 +45,7 @@ Automated Nginx compilation from sources with additional modules support * Nginx built-in modules selection * Nginx Third-party modules selection * Dynamic modules support -* HTTP/3 QUIC Support with Mainline Release +* HTTP/3 QUIC Support * Brotli Support * TLS v1.3 support * OpenSSL or LibreSSL @@ -59,7 +59,7 @@ Automated Nginx compilation from sources with additional modules support ## Additional Third-party modules Nginx current mainline release : **v1.25.5** with HTTP/3 QUIC -Nginx current stable release : **v1.24.0** with Cloudflare HTTP/2 HPACK +Nginx current stable release : **v1.26.0** with HTTP/3 QUIC * [ngx_cache_purge](https://github.com/FRiCKLE/ngx_cache_purge) * [headers-more-nginx-module](https://github.com/openresty/headers-more-nginx-module) @@ -121,7 +121,7 @@ Optional modules : ### HTTP/3 QUIC -**Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html). +**Full support of HTTP/3 QUIC is only available with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html). --- @@ -158,7 +158,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive ### Custom installation -Example : Nginx stable release HTTP/2 with naxsi +Example : Nginx stable release HTTP/3 with naxsi ```bash bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi @@ -168,7 +168,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi Nginx build options : -* `--stable` : compile Nginx stable release with HTTP/2 +* `--stable` : compile Nginx stable release with HTTP/3 * `--full` : Naxsi + RTMP * `--dynamic` : Compile Nginx modules as dynamic modules * `--noconf` : Compile Nginx without any configuring. Useful when you use devops tools like ansible. diff --git a/docs/index.md b/docs/index.md index 71cf4b0..97ca796 100644 --- a/docs/index.md +++ b/docs/index.md @@ -42,7 +42,7 @@ Automated Nginx compilation from sources with additional modules support
  • Nginx built-in modules selection
  • Nginx Third-party modules selection
  • Dynamic modules support
  • -
  • HTTP/3 QUIC Support with Mainline Release
  • +
  • HTTP/3 QUIC Support
  • Brotli Support
  • TLS v1.3 support (Final)
  • OpenSSL or LibreSSL
  • @@ -52,8 +52,8 @@ Automated Nginx compilation from sources with additional modules support

    Additional Third-party modules

    -

    Nginx current mainline release : v1.25.5 with HTTP/3 QUIC -Nginx current stable release : v1.24.0

    with Cloudflare HTTP/2 HPACK +

    Nginx current mainline release : v1.25.5 with HTTP/3 QUIC

    +

    Nginx current stable release : v1.26.0 with HTTP/3 QUIC

    ### HTTP/3 QUIC

    -

    Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).

    +

    Full support of HTTP/3 QUIC is only available with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).


    Usage

    @@ -133,7 +133,7 @@ sudo bash nginx-build.sh
    bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive
     

    Custom installation

    -

    Example : Nginx stable release with HTTP/2 HPACK with naxsi

    +

    Example : Nginx stable release with HTTP/3 with naxsi

    bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi
     

    Options available

    diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 113807a..16d4383 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -36,7 +36,7 @@ http server_tokens off; reset_timedout_connection on; - add_header X-Powered-By "Nginx-ee v3.5.2 - Optimized by VirtuBox"; + add_header X-Powered-By "Nginx-ee v3.8.1 - Optimized by VirtuBox"; add_header rt-Fastcgi-Cache $upstream_cache_status; # Limit Request diff --git a/nginx-build.sh b/nginx-build.sh index ef6420c..61b8cab 100755 --- a/nginx-build.sh +++ b/nginx-build.sh @@ -7,7 +7,7 @@ # Copyright (c) 2019-2024 VirtuBox # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.8.0 - 2024-04-23 +# Version 3.8.1 - 2024-04-24 # ------------------------------------------------------------------------- ################################## @@ -26,7 +26,7 @@ _help() { echo " -------------------------------------------------------------------- " echo "" echo "Usage: ./nginx-ee [modules]" - echo "By default, Nginx-ee will compile the latest Nginx mainline release with HTTP/3 and without Naxsi or RTMP module" + echo "By default, Nginx-ee will compile the latest Nginx mainline release without Naxsi or RTMP module" echo " Options:" echo " -h, --help ..... display this help" echo " -i, --interactive ....... interactive installation" @@ -138,8 +138,8 @@ fi DIR_SRC="/usr/local/src" NGINX_EE_VER=$(curl -m 5 --retry 3 -sL https://api.github.com/repos/VirtuBox/nginx-ee/releases/latest 2>&1 | jq -r '.tag_name') NGINX_MAINLINE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 1 2>&1)" -NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.24 2>&1)" -LIBRESSL_VER="3.8.4" +NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.26 2>&1)" +LIBRESSL_VER="$(curl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ 2>&1 | grep -E -o 'libressl\-[0-9.]+\.tar[.a-z]*' | awk -F "libressl-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | sort -r | head -n 1)" if command_exists openssl; then OPENSSL_BIN_VER=$(openssl version) OPENSSL_VER=${OPENSSL_BIN_VER:0:15} @@ -150,7 +150,6 @@ TLS13_CIPHERS="TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+CHAC readonly OS_ARCH="$(uname -m)" OS_DISTRO_FULL="$(lsb_release -ds)" readonly DISTRO_ID="$(lsb_release -si)" -readonly DISTRO_CODENAME="$(lsb_release -sc)" # Colors CSI='\033[' @@ -206,9 +205,7 @@ if [ "$INTERACTIVE_SETUP" = "1" ]; then while [[ "$SSL_LIB_CHOICE" != "1" && "$SSL_LIB_CHOICE" != "2" ]]; do echo -e "Select an option [1-2]: " && read -r SSL_LIB_CHOICE done - if [ "$SSL_LIB_CHOICE" = "1" ]; then - OPENSSL_LIB=3 - else + if [ "$SSL_LIB_CHOICE" = "2" ]; then LIBRESSL="y" fi echo -e '\nDo you want NAXSI WAF (still experimental)? (y/n)' @@ -236,11 +233,9 @@ fi if [ "$NGINX_RELEASE" = "2" ]; then NGINX_VER="$NGINX_STABLE" - NGX_HPACK="--with-http_v2_hpack_enc" - NGX_QUIC="" + NGX_QUIC="--with-http_v3_module" else NGINX_VER="$NGINX_MAINLINE" - NGX_HPACK="" NGX_QUIC="--with-http_v3_module" fi @@ -285,7 +280,6 @@ else OPENSSL_OPT="enable-tls1_3" fi fi - QUIC_VALID="NO" NGX_SSL_LIB="" OPENSSL_VALID="from system" LIBSSL_DEV="libssl-dev" @@ -323,20 +317,13 @@ echo "" echo -e " - Nginx release : $NGINX_VER" [ -n "$OPENSSL_VALID" ] && { echo -e " - OPENSSL : $OPENSSL_VER" - if [ "$NGINX_RELEASE" = "2" ]; then - echo -e " - HTTP/2 HPACK : YES" - else - echo -e " - with HTTP/3 : YES" - fi + echo -e " - with HTTP/3 : YES" } [ -n "$LIBRESSL_VALID" ] && { echo -e " - LIBRESSL : $LIBRESSL_VALID" - if [ "$NGINX_RELEASE" = "2" ]; then - echo -e " - HTTP/2 HPACK : YES" - else - echo -e " - HTTP/3 QUIC : YES" - fi + echo -e " - HTTP/3 QUIC : YES" + } echo " - Dynamic modules $DYNAMIC_MODULES_VALID" echo " - Naxsi : $NAXSI_VALID" @@ -471,10 +458,8 @@ _dynamic_setup() { } ################################## -# Install gcc7 or gcc8 from PPA +# Install gcc ################################## -# gcc7 if Nginx is compiled with RTMP module -# otherwise gcc8 is used _gcc_setup() { echo -ne ' Installing gcc [..]\r' @@ -589,9 +574,9 @@ _download_zlib() { echo "### configure zlib-cf ###" ./configure --prefix=/usr/local/zlib-cf else - echo "### downloading zlib 1.2.13 ###" + echo "### downloading zlib latest ###" rm -rf zlib - curl -sL http://zlib.net/zlib-1.2.13.tar.gz | /bin/tar zxf - -C "$DIR_SRC" + curl -sL http://zlib.net/current/zlib.tar.gz | /bin/tar zxf - -C "$DIR_SRC" mv zlib-1.2.13 zlib fi @@ -645,8 +630,8 @@ _download_libressl() { { rm -rf /usr/local/src/libressl - curl -sL http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VER}.tar.gz | /bin/tar xzf - -C "$DIR_SRC" - mv /usr/local/src/libressl-${LIBRESSL_VER} /usr/local/src/libressl + curl -sL "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-$LIBRESSL_VER.tar.gz" | /bin/tar xzf - -C "$DIR_SRC" + mv "/usr/local/src/libressl-$LIBRESSL_VER" /usr/local/src/libressl } >>/tmp/nginx-ee.log 2>&1 }; then @@ -728,12 +713,7 @@ _patch_nginx() { echo -ne ' Applying nginx patches [..]\r' { - if [ "$NGINX_RELEASE" = "2" ]; then - curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_for_1.23.4.patch | patch -p1 - else - curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1 - fi - #curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_auto_using_PRIORITIZE_CHACHA.patch | patch -p1 + curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1 } >>/tmp/nginx-ee.log 2>&1 }; then @@ -836,7 +816,6 @@ _configure_nginx() { $NGX_USER \ --with-file-aio \ --with-threads \ - $NGX_HPACK \ $NGX_QUIC \ --with-http_v2_module \ --with-http_ssl_module \ From 40dbae1aab83d01fd43099d8ce2150f01f36a3e5 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 24 Apr 2024 22:19:44 +0200 Subject: [PATCH 3/5] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9330661..ae76810 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - HTTP/3 now available on both mainline and stable release - Always download latest zlib library if zlib-cf not supported - Always download the latest libressl release +- HTTP/2 HPACK removed ## [3.8.0] - 2024-04-23 From 7ff27169d9cf0c4e17ba8898133aab97926fc5d6 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 24 Apr 2024 22:18:50 +0200 Subject: [PATCH 4/5] Update Nginx stable and few improvements --- CHANGELOG.md | 9 ++++++++ README.md | 12 +++++------ docs/index.md | 10 ++++----- etc/nginx/nginx.conf | 2 +- nginx-build.sh | 51 +++++++++++++------------------------------- 5 files changed, 36 insertions(+), 48 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a9e9355..9330661 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [Unreleased] - XX-XX-XX +## [3.8.1] - 2024-04-24 + +### Changed + +- Nginx stable release bumped to 1.26.0 +- HTTP/3 now available on both mainline and stable release +- Always download latest zlib library if zlib-cf not supported +- Always download the latest libressl release + ## [3.8.0] - 2024-04-23 ### Added diff --git a/README.md b/README.md index 76e5158..4b3951e 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@

    -Automated Nginx compilation from sources with additional modules support +Automated Nginx compilation from sources with HTTP/3 QUIC and additional modules support

    --- @@ -45,7 +45,7 @@ Automated Nginx compilation from sources with additional modules support * Nginx built-in modules selection * Nginx Third-party modules selection * Dynamic modules support -* HTTP/3 QUIC Support with Mainline Release +* HTTP/3 QUIC Support * Brotli Support * TLS v1.3 support * OpenSSL or LibreSSL @@ -59,7 +59,7 @@ Automated Nginx compilation from sources with additional modules support ## Additional Third-party modules Nginx current mainline release : **v1.25.5** with HTTP/3 QUIC -Nginx current stable release : **v1.24.0** with Cloudflare HTTP/2 HPACK +Nginx current stable release : **v1.26.0** with HTTP/3 QUIC * [ngx_cache_purge](https://github.com/FRiCKLE/ngx_cache_purge) * [headers-more-nginx-module](https://github.com/openresty/headers-more-nginx-module) @@ -121,7 +121,7 @@ Optional modules : ### HTTP/3 QUIC -**Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html). +**Full support of HTTP/3 QUIC is only available with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html). --- @@ -158,7 +158,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive ### Custom installation -Example : Nginx stable release HTTP/2 with naxsi +Example : Nginx stable release HTTP/3 with naxsi ```bash bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi @@ -168,7 +168,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi Nginx build options : -* `--stable` : compile Nginx stable release with HTTP/2 +* `--stable` : compile Nginx stable release with HTTP/3 * `--full` : Naxsi + RTMP * `--dynamic` : Compile Nginx modules as dynamic modules * `--noconf` : Compile Nginx without any configuring. Useful when you use devops tools like ansible. diff --git a/docs/index.md b/docs/index.md index 71cf4b0..97ca796 100644 --- a/docs/index.md +++ b/docs/index.md @@ -42,7 +42,7 @@ Automated Nginx compilation from sources with additional modules support
  • Nginx built-in modules selection
  • Nginx Third-party modules selection
  • Dynamic modules support
  • -
  • HTTP/3 QUIC Support with Mainline Release
  • +
  • HTTP/3 QUIC Support
  • Brotli Support
  • TLS v1.3 support (Final)
  • OpenSSL or LibreSSL
  • @@ -52,8 +52,8 @@ Automated Nginx compilation from sources with additional modules support

    Additional Third-party modules

    -

    Nginx current mainline release : v1.25.5 with HTTP/3 QUIC -Nginx current stable release : v1.24.0

    with Cloudflare HTTP/2 HPACK +

    Nginx current mainline release : v1.25.5 with HTTP/3 QUIC

    +

    Nginx current stable release : v1.26.0 with HTTP/3 QUIC

    ### HTTP/3 QUIC

    -

    Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).

    +

    Full support of HTTP/3 QUIC is only available with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).


    Usage

    @@ -133,7 +133,7 @@ sudo bash nginx-build.sh
    bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive
     

    Custom installation

    -

    Example : Nginx stable release with HTTP/2 HPACK with naxsi

    +

    Example : Nginx stable release with HTTP/3 with naxsi

    bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi
     

    Options available

    diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 113807a..16d4383 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -36,7 +36,7 @@ http server_tokens off; reset_timedout_connection on; - add_header X-Powered-By "Nginx-ee v3.5.2 - Optimized by VirtuBox"; + add_header X-Powered-By "Nginx-ee v3.8.1 - Optimized by VirtuBox"; add_header rt-Fastcgi-Cache $upstream_cache_status; # Limit Request diff --git a/nginx-build.sh b/nginx-build.sh index ef6420c..61b8cab 100755 --- a/nginx-build.sh +++ b/nginx-build.sh @@ -7,7 +7,7 @@ # Copyright (c) 2019-2024 VirtuBox # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.8.0 - 2024-04-23 +# Version 3.8.1 - 2024-04-24 # ------------------------------------------------------------------------- ################################## @@ -26,7 +26,7 @@ _help() { echo " -------------------------------------------------------------------- " echo "" echo "Usage: ./nginx-ee [modules]" - echo "By default, Nginx-ee will compile the latest Nginx mainline release with HTTP/3 and without Naxsi or RTMP module" + echo "By default, Nginx-ee will compile the latest Nginx mainline release without Naxsi or RTMP module" echo " Options:" echo " -h, --help ..... display this help" echo " -i, --interactive ....... interactive installation" @@ -138,8 +138,8 @@ fi DIR_SRC="/usr/local/src" NGINX_EE_VER=$(curl -m 5 --retry 3 -sL https://api.github.com/repos/VirtuBox/nginx-ee/releases/latest 2>&1 | jq -r '.tag_name') NGINX_MAINLINE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 1 2>&1)" -NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.24 2>&1)" -LIBRESSL_VER="3.8.4" +NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.26 2>&1)" +LIBRESSL_VER="$(curl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ 2>&1 | grep -E -o 'libressl\-[0-9.]+\.tar[.a-z]*' | awk -F "libressl-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | sort -r | head -n 1)" if command_exists openssl; then OPENSSL_BIN_VER=$(openssl version) OPENSSL_VER=${OPENSSL_BIN_VER:0:15} @@ -150,7 +150,6 @@ TLS13_CIPHERS="TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+CHAC readonly OS_ARCH="$(uname -m)" OS_DISTRO_FULL="$(lsb_release -ds)" readonly DISTRO_ID="$(lsb_release -si)" -readonly DISTRO_CODENAME="$(lsb_release -sc)" # Colors CSI='\033[' @@ -206,9 +205,7 @@ if [ "$INTERACTIVE_SETUP" = "1" ]; then while [[ "$SSL_LIB_CHOICE" != "1" && "$SSL_LIB_CHOICE" != "2" ]]; do echo -e "Select an option [1-2]: " && read -r SSL_LIB_CHOICE done - if [ "$SSL_LIB_CHOICE" = "1" ]; then - OPENSSL_LIB=3 - else + if [ "$SSL_LIB_CHOICE" = "2" ]; then LIBRESSL="y" fi echo -e '\nDo you want NAXSI WAF (still experimental)? (y/n)' @@ -236,11 +233,9 @@ fi if [ "$NGINX_RELEASE" = "2" ]; then NGINX_VER="$NGINX_STABLE" - NGX_HPACK="--with-http_v2_hpack_enc" - NGX_QUIC="" + NGX_QUIC="--with-http_v3_module" else NGINX_VER="$NGINX_MAINLINE" - NGX_HPACK="" NGX_QUIC="--with-http_v3_module" fi @@ -285,7 +280,6 @@ else OPENSSL_OPT="enable-tls1_3" fi fi - QUIC_VALID="NO" NGX_SSL_LIB="" OPENSSL_VALID="from system" LIBSSL_DEV="libssl-dev" @@ -323,20 +317,13 @@ echo "" echo -e " - Nginx release : $NGINX_VER" [ -n "$OPENSSL_VALID" ] && { echo -e " - OPENSSL : $OPENSSL_VER" - if [ "$NGINX_RELEASE" = "2" ]; then - echo -e " - HTTP/2 HPACK : YES" - else - echo -e " - with HTTP/3 : YES" - fi + echo -e " - with HTTP/3 : YES" } [ -n "$LIBRESSL_VALID" ] && { echo -e " - LIBRESSL : $LIBRESSL_VALID" - if [ "$NGINX_RELEASE" = "2" ]; then - echo -e " - HTTP/2 HPACK : YES" - else - echo -e " - HTTP/3 QUIC : YES" - fi + echo -e " - HTTP/3 QUIC : YES" + } echo " - Dynamic modules $DYNAMIC_MODULES_VALID" echo " - Naxsi : $NAXSI_VALID" @@ -471,10 +458,8 @@ _dynamic_setup() { } ################################## -# Install gcc7 or gcc8 from PPA +# Install gcc ################################## -# gcc7 if Nginx is compiled with RTMP module -# otherwise gcc8 is used _gcc_setup() { echo -ne ' Installing gcc [..]\r' @@ -589,9 +574,9 @@ _download_zlib() { echo "### configure zlib-cf ###" ./configure --prefix=/usr/local/zlib-cf else - echo "### downloading zlib 1.2.13 ###" + echo "### downloading zlib latest ###" rm -rf zlib - curl -sL http://zlib.net/zlib-1.2.13.tar.gz | /bin/tar zxf - -C "$DIR_SRC" + curl -sL http://zlib.net/current/zlib.tar.gz | /bin/tar zxf - -C "$DIR_SRC" mv zlib-1.2.13 zlib fi @@ -645,8 +630,8 @@ _download_libressl() { { rm -rf /usr/local/src/libressl - curl -sL http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VER}.tar.gz | /bin/tar xzf - -C "$DIR_SRC" - mv /usr/local/src/libressl-${LIBRESSL_VER} /usr/local/src/libressl + curl -sL "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-$LIBRESSL_VER.tar.gz" | /bin/tar xzf - -C "$DIR_SRC" + mv "/usr/local/src/libressl-$LIBRESSL_VER" /usr/local/src/libressl } >>/tmp/nginx-ee.log 2>&1 }; then @@ -728,12 +713,7 @@ _patch_nginx() { echo -ne ' Applying nginx patches [..]\r' { - if [ "$NGINX_RELEASE" = "2" ]; then - curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_for_1.23.4.patch | patch -p1 - else - curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1 - fi - #curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_auto_using_PRIORITIZE_CHACHA.patch | patch -p1 + curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1 } >>/tmp/nginx-ee.log 2>&1 }; then @@ -836,7 +816,6 @@ _configure_nginx() { $NGX_USER \ --with-file-aio \ --with-threads \ - $NGX_HPACK \ $NGX_QUIC \ --with-http_v2_module \ --with-http_ssl_module \ From d818df511b3b4b476626a49329831d9f5d9df1de Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 24 Apr 2024 22:19:44 +0200 Subject: [PATCH 5/5] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9330661..ae76810 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - HTTP/3 now available on both mainline and stable release - Always download latest zlib library if zlib-cf not supported - Always download the latest libressl release +- HTTP/2 HPACK removed ## [3.8.0] - 2024-04-23