nginx mainline mit BoringSSL für TLSv1.3 0-RTT kompilieren

 !/bin/bash<br></br> LATESTNGINX="1.15.8"<br></br> BUILDROOT="/tmp/boring-nginx"<br></br> sudo apt-get update<br></br> sudo apt-get upgrade -y<br></br> sudo apt-get install -y \<br></br>   build-essential \<br></br>   cmake \<br></br>   git \<br></br>   gnupg \<br></br>   golang \<br></br>   libpcre3-dev \<br></br>   curl \<br></br>   zlib1g-dev \<br></br>   libcurl4-openssl-dev<br></br> make build root dir<br></br> mkdir -p $BUILDROOT<br></br> cd $BUILDROOT<br></br> git clone https://boringssl.googlesource.com/boringssl <br></br> cd boringssl<br></br> mkdir build <br></br> cd $BUILDROOT/boringssl/build<br></br> cmake ..<br></br> make<br></br> mkdir -p "$BUILDROOT/boringssl/.openssl/lib"<br></br> cd "$BUILDROOT/boringssl/.openssl"<br></br> ln -s ../include include<br></br> cd "$BUILDROOT/boringssl"<br></br> cp "build/crypto/libcrypto.a" ".openssl/lib"<br></br> cp "build/ssl/libssl.a" ".openssl/lib"<br></br> Prep nginx<br></br> mkdir -p "$BUILDROOT/nginx"<br></br> cd $BUILDROOT/nginx<br></br> curl -L -O https://nginx.org/keys/nginx_signing.key<br></br> sudo apt-key add nginx_signing.key<br></br> curl -L -O "http://nginx.org/download/nginx-$LATESTNGINX.tar.gz"<br></br> tar xzf "nginx-$LATESTNGINX.tar.gz"<br></br> cd "$BUILDROOT/nginx/nginx-$LATESTNGINX"<br></br> sudo ./configure --prefix=/usr/share/nginx \<br></br>     --sbin-path=/usr/sbin/nginx \<br></br>     --conf-path=/etc/nginx/nginx.conf \<br></br>     --error-log-path=/var/log/nginx/error.log \<br></br>     --http-log-path=/var/log/nginx/access.log \<br></br>         --pid-path=/run/nginx.pid \<br></br>         --lock-path=/run/lock/subsys/nginx \<br></br>         --user=www-data \<br></br>         --group=www-data \<br></br>         --with-threads \<br></br>         --with-file-aio \<br></br>         --with-http_ssl_module \<br></br>         --with-http_v2_module \<br></br>         --with-http_realip_module \<br></br>         --with-http_gunzip_module \<br></br>         --with-http_gzip_static_module \<br></br>         --with-http_slice_module \<br></br>         --with-http_stub_status_module \<br></br>         --without-select_module \<br></br>         --without-poll_module \<br></br>         --without-mail_pop3_module \<br></br>         --without-mail_imap_module \<br></br>         --without-mail_smtp_module \<br></br>     --with-openssl="$BUILDROOT/boringssl" \<br></br>     --with-cc-opt="-g -O2 -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -I $BUILDROOT/boringssl/.openssl/include/" \<br></br>     --with-ld-opt="-Wl,-Bsymbolic-functions -Wl,-z,relro -L $BUILDROOT/boringssl/.openssl/lib/" \<br></br> touch "$BUILDROOT/boringssl/.openssl/include/openssl/ssl.h"<br></br> sudo make<br></br> sudo make install