!/bin/bash
LATESTNGINX="1.15.8"
BUILDROOT="/tmp/boring-nginx"
sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get install -y \
build-essential \
cmake \
git \
gnupg \
golang \
libpcre3-dev \
curl \
zlib1g-dev \
libcurl4-openssl-dev
make build root dir
mkdir -p $BUILDROOT
cd $BUILDROOT
git clone https://boringssl.googlesource.com/boringssl
cd boringssl
mkdir build
cd $BUILDROOT/boringssl/build
cmake ..
make
mkdir -p "$BUILDROOT/boringssl/.openssl/lib"
cd "$BUILDROOT/boringssl/.openssl"
ln -s ../include include
cd "$BUILDROOT/boringssl"
cp "build/crypto/libcrypto.a" ".openssl/lib"
cp "build/ssl/libssl.a" ".openssl/lib"
Prep nginx
mkdir -p "$BUILDROOT/nginx"
cd $BUILDROOT/nginx
curl -L -O https://nginx.org/keys/nginx_signing.key
sudo apt-key add nginx_signing.key
curl -L -O "http://nginx.org/download/nginx-$LATESTNGINX.tar.gz"
tar xzf "nginx-$LATESTNGINX.tar.gz"
cd "$BUILDROOT/nginx/nginx-$LATESTNGINX"
sudo ./configure --prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/run/nginx.pid \
--lock-path=/run/lock/subsys/nginx \
--user=www-data \
--group=www-data \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_slice_module \
--with-http_stub_status_module \
--without-select_module \
--without-poll_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--with-openssl="$BUILDROOT/boringssl" \
--with-cc-opt="-g -O2 -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -I $BUILDROOT/boringssl/.openssl/include/" \
--with-ld-opt="-Wl,-Bsymbolic-functions -Wl,-z,relro -L $BUILDROOT/boringssl/.openssl/lib/" \
touch "$BUILDROOT/boringssl/.openssl/include/openssl/ssl.h"
sudo make
sudo make install
nginx mainline mit BoringSSL für TLSv1.3 0-RTT kompilieren
Speichere in deinen Favoriten diesen permalink.