nginx mainline mit BoringSSL für TLSv1.3 0-RTT kompilieren

Von | | 
 !/bin/bash
 LATESTNGINX="1.15.8"
 BUILDROOT="/tmp/boring-nginx"
 sudo apt-get update
 sudo apt-get upgrade -y
 sudo apt-get install -y \
   build-essential \
   cmake \
   git \
   gnupg \
   golang \
   libpcre3-dev \
   curl \
   zlib1g-dev \
   libcurl4-openssl-dev
 make build root dir
 mkdir -p $BUILDROOT
 cd $BUILDROOT
 git clone https://boringssl.googlesource.com/boringssl 
 cd boringssl
 mkdir build 
 cd $BUILDROOT/boringssl/build
 cmake ..
 make
 mkdir -p "$BUILDROOT/boringssl/.openssl/lib"
 cd "$BUILDROOT/boringssl/.openssl"
 ln -s ../include include
 cd "$BUILDROOT/boringssl"
 cp "build/crypto/libcrypto.a" ".openssl/lib"
 cp "build/ssl/libssl.a" ".openssl/lib"
 Prep nginx
 mkdir -p "$BUILDROOT/nginx"
 cd $BUILDROOT/nginx
 curl -L -O https://nginx.org/keys/nginx_signing.key
 sudo apt-key add nginx_signing.key
 curl -L -O "http://nginx.org/download/nginx-$LATESTNGINX.tar.gz"
 tar xzf "nginx-$LATESTNGINX.tar.gz"
 cd "$BUILDROOT/nginx/nginx-$LATESTNGINX"
 sudo ./configure --prefix=/usr/share/nginx \
     --sbin-path=/usr/sbin/nginx \
     --conf-path=/etc/nginx/nginx.conf \
     --error-log-path=/var/log/nginx/error.log \
     --http-log-path=/var/log/nginx/access.log \
         --pid-path=/run/nginx.pid \
         --lock-path=/run/lock/subsys/nginx \
         --user=www-data \
         --group=www-data \
         --with-threads \
         --with-file-aio \
         --with-http_ssl_module \
         --with-http_v2_module \
         --with-http_realip_module \
         --with-http_gunzip_module \
         --with-http_gzip_static_module \
         --with-http_slice_module \
         --with-http_stub_status_module \
         --without-select_module \
         --without-poll_module \
         --without-mail_pop3_module \
         --without-mail_imap_module \
         --without-mail_smtp_module \
     --with-openssl="$BUILDROOT/boringssl" \
     --with-cc-opt="-g -O2 -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -I $BUILDROOT/boringssl/.openssl/include/" \
     --with-ld-opt="-Wl,-Bsymbolic-functions -Wl,-z,relro -L $BUILDROOT/boringssl/.openssl/lib/" \
 touch "$BUILDROOT/boringssl/.openssl/include/openssl/ssl.h"
 sudo make
 sudo make install
Speichere in deinen Favoriten diesen permalink.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert