From 21b14548179e668d3a1fe11c731723f39659560d Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 24 Apr 2024 22:18:50 +0200 Subject: [PATCH] Update Nginx stable and few improvements --- CHANGELOG.md | 9 ++++++++ README.md | 12 +++++------ docs/index.md | 10 ++++----- etc/nginx/nginx.conf | 2 +- nginx-build.sh | 51 +++++++++++++------------------------------- 5 files changed, 36 insertions(+), 48 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a9e9355..9330661 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [Unreleased] - XX-XX-XX +## [3.8.1] - 2024-04-24 + +### Changed + +- Nginx stable release bumped to 1.26.0 +- HTTP/3 now available on both mainline and stable release +- Always download latest zlib library if zlib-cf not supported +- Always download the latest libressl release + ## [3.8.0] - 2024-04-23 ### Added diff --git a/README.md b/README.md index 76e5158..4b3951e 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@

-Automated Nginx compilation from sources with additional modules support +Automated Nginx compilation from sources with HTTP/3 QUIC and additional modules support

--- @@ -45,7 +45,7 @@ Automated Nginx compilation from sources with additional modules support * Nginx built-in modules selection * Nginx Third-party modules selection * Dynamic modules support -* HTTP/3 QUIC Support with Mainline Release +* HTTP/3 QUIC Support * Brotli Support * TLS v1.3 support * OpenSSL or LibreSSL @@ -59,7 +59,7 @@ Automated Nginx compilation from sources with additional modules support ## Additional Third-party modules Nginx current mainline release : **v1.25.5** with HTTP/3 QUIC -Nginx current stable release : **v1.24.0** with Cloudflare HTTP/2 HPACK +Nginx current stable release : **v1.26.0** with HTTP/3 QUIC * [ngx_cache_purge](https://github.com/FRiCKLE/ngx_cache_purge) * [headers-more-nginx-module](https://github.com/openresty/headers-more-nginx-module) @@ -121,7 +121,7 @@ Optional modules : ### HTTP/3 QUIC -**Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html). +**Full support of HTTP/3 QUIC is only available with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html). --- @@ -158,7 +158,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive ### Custom installation -Example : Nginx stable release HTTP/2 with naxsi +Example : Nginx stable release HTTP/3 with naxsi ```bash bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi @@ -168,7 +168,7 @@ bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi Nginx build options : -* `--stable` : compile Nginx stable release with HTTP/2 +* `--stable` : compile Nginx stable release with HTTP/3 * `--full` : Naxsi + RTMP * `--dynamic` : Compile Nginx modules as dynamic modules * `--noconf` : Compile Nginx without any configuring. Useful when you use devops tools like ansible. diff --git a/docs/index.md b/docs/index.md index 71cf4b0..97ca796 100644 --- a/docs/index.md +++ b/docs/index.md @@ -42,7 +42,7 @@ Automated Nginx compilation from sources with additional modules support
  • Nginx built-in modules selection
  • Nginx Third-party modules selection
  • Dynamic modules support
    • -
  • HTTP/3 QUIC Support with Mainline Release
    • +
  • HTTP/3 QUIC Support
  • Brotli Support
  • TLS v1.3 support (Final)
  • OpenSSL or LibreSSL
    • @@ -52,8 +52,8 @@ Automated Nginx compilation from sources with additional modules support

    Additional Third-party modules

    -

    Nginx current mainline release : v1.25.5 with HTTP/3 QUIC -Nginx current stable release : v1.24.0

    with Cloudflare HTTP/2 HPACK +

    Nginx current mainline release : v1.25.5 with HTTP/3 QUIC

    +

    Nginx current stable release : v1.26.0 with HTTP/3 QUIC

    ### HTTP/3 QUIC

    -

    Full support of HTTP/3 QUIC is only available with Nginx mainline release and compiled with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).

    +

    Full support of HTTP/3 QUIC is only available with LibreSSL**. More information [here](https://nginx.org/en/docs/http/ngx_http_v3_module.html).

    Usage

    @@ -133,7 +133,7 @@ sudo bash nginx-build.sh 
    bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --interactive

    Custom installation

    -

    Example : Nginx stable release with HTTP/2 HPACK with naxsi

    +

    Example : Nginx stable release with HTTP/3 with naxsi

    bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --naxsi

    Options available

    diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 113807a..16d4383 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -36,7 +36,7 @@ http server_tokens off; reset_timedout_connection on; - add_header X-Powered-By "Nginx-ee v3.5.2 - Optimized by VirtuBox"; + add_header X-Powered-By "Nginx-ee v3.8.1 - Optimized by VirtuBox"; add_header rt-Fastcgi-Cache $upstream_cache_status; # Limit Request diff --git a/nginx-build.sh b/nginx-build.sh index ef6420c..61b8cab 100755 --- a/nginx-build.sh +++ b/nginx-build.sh @@ -7,7 +7,7 @@ # Copyright (c) 2019-2024 VirtuBox # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.8.0 - 2024-04-23 +# Version 3.8.1 - 2024-04-24 # ------------------------------------------------------------------------- ################################## @@ -26,7 +26,7 @@ _help() { echo " -------------------------------------------------------------------- " echo "" echo "Usage: ./nginx-ee [modules]" - echo "By default, Nginx-ee will compile the latest Nginx mainline release with HTTP/3 and without Naxsi or RTMP module" + echo "By default, Nginx-ee will compile the latest Nginx mainline release without Naxsi or RTMP module" echo " Options:" echo " -h, --help ..... display this help" echo " -i, --interactive ....... interactive installation" @@ -138,8 +138,8 @@ fi DIR_SRC="/usr/local/src" NGINX_EE_VER=$(curl -m 5 --retry 3 -sL https://api.github.com/repos/VirtuBox/nginx-ee/releases/latest 2>&1 | jq -r '.tag_name') NGINX_MAINLINE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 1 2>&1)" -NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.24 2>&1)" -LIBRESSL_VER="3.8.4" +NGINX_STABLE="$(curl -sL https://nginx.org/en/download.html 2>&1 | grep -E -o 'nginx\-[0-9.]+\.tar[.a-z]*' | awk -F "nginx-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | head -n 2 | grep 1.26 2>&1)" +LIBRESSL_VER="$(curl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ 2>&1 | grep -E -o 'libressl\-[0-9.]+\.tar[.a-z]*' | awk -F "libressl-" '/.tar.gz$/ {print $2}' | sed -e 's|.tar.gz||g' | sort -r | head -n 1)" if command_exists openssl; then OPENSSL_BIN_VER=$(openssl version) OPENSSL_VER=${OPENSSL_BIN_VER:0:15} @@ -150,7 +150,6 @@ TLS13_CIPHERS="TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+CHAC readonly OS_ARCH="$(uname -m)" OS_DISTRO_FULL="$(lsb_release -ds)" readonly DISTRO_ID="$(lsb_release -si)" -readonly DISTRO_CODENAME="$(lsb_release -sc)" # Colors CSI='\033[' @@ -206,9 +205,7 @@ if [ "$INTERACTIVE_SETUP" = "1" ]; then while [[ "$SSL_LIB_CHOICE" != "1" && "$SSL_LIB_CHOICE" != "2" ]]; do echo -e "Select an option [1-2]: " && read -r SSL_LIB_CHOICE done - if [ "$SSL_LIB_CHOICE" = "1" ]; then - OPENSSL_LIB=3 - else + if [ "$SSL_LIB_CHOICE" = "2" ]; then LIBRESSL="y" fi echo -e '\nDo you want NAXSI WAF (still experimental)? (y/n)' @@ -236,11 +233,9 @@ fi if [ "$NGINX_RELEASE" = "2" ]; then NGINX_VER="$NGINX_STABLE" - NGX_HPACK="--with-http_v2_hpack_enc" - NGX_QUIC="" + NGX_QUIC="--with-http_v3_module" else NGINX_VER="$NGINX_MAINLINE" - NGX_HPACK="" NGX_QUIC="--with-http_v3_module" fi @@ -285,7 +280,6 @@ else OPENSSL_OPT="enable-tls1_3" fi fi - QUIC_VALID="NO" NGX_SSL_LIB="" OPENSSL_VALID="from system" LIBSSL_DEV="libssl-dev" @@ -323,20 +317,13 @@ echo "" echo -e " - Nginx release : $NGINX_VER" [ -n "$OPENSSL_VALID" ] && { echo -e " - OPENSSL : $OPENSSL_VER" - if [ "$NGINX_RELEASE" = "2" ]; then - echo -e " - HTTP/2 HPACK : YES" - else - echo -e " - with HTTP/3 : YES" - fi + echo -e " - with HTTP/3 : YES" } [ -n "$LIBRESSL_VALID" ] && { echo -e " - LIBRESSL : $LIBRESSL_VALID" - if [ "$NGINX_RELEASE" = "2" ]; then - echo -e " - HTTP/2 HPACK : YES" - else - echo -e " - HTTP/3 QUIC : YES" - fi + echo -e " - HTTP/3 QUIC : YES" + } echo " - Dynamic modules $DYNAMIC_MODULES_VALID" echo " - Naxsi : $NAXSI_VALID" @@ -471,10 +458,8 @@ _dynamic_setup() { } ################################## -# Install gcc7 or gcc8 from PPA +# Install gcc ################################## -# gcc7 if Nginx is compiled with RTMP module -# otherwise gcc8 is used _gcc_setup() { echo -ne ' Installing gcc [..]\r' @@ -589,9 +574,9 @@ _download_zlib() { echo "### configure zlib-cf ###" ./configure --prefix=/usr/local/zlib-cf else - echo "### downloading zlib 1.2.13 ###" + echo "### downloading zlib latest ###" rm -rf zlib - curl -sL http://zlib.net/zlib-1.2.13.tar.gz | /bin/tar zxf - -C "$DIR_SRC" + curl -sL http://zlib.net/current/zlib.tar.gz | /bin/tar zxf - -C "$DIR_SRC" mv zlib-1.2.13 zlib fi @@ -645,8 +630,8 @@ _download_libressl() { { rm -rf /usr/local/src/libressl - curl -sL http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VER}.tar.gz | /bin/tar xzf - -C "$DIR_SRC" - mv /usr/local/src/libressl-${LIBRESSL_VER} /usr/local/src/libressl + curl -sL "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-$LIBRESSL_VER.tar.gz" | /bin/tar xzf - -C "$DIR_SRC" + mv "/usr/local/src/libressl-$LIBRESSL_VER" /usr/local/src/libressl } >>/tmp/nginx-ee.log 2>&1 }; then @@ -728,12 +713,7 @@ _patch_nginx() { echo -ne ' Applying nginx patches [..]\r' { - if [ "$NGINX_RELEASE" = "2" ]; then - curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_for_1.23.4.patch | patch -p1 - else - curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1 - fi - #curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_auto_using_PRIORITIZE_CHACHA.patch | patch -p1 + curl -sL https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1 } >>/tmp/nginx-ee.log 2>&1 }; then @@ -836,7 +816,6 @@ _configure_nginx() { $NGX_USER \ --with-file-aio \ --with-threads \ - $NGX_HPACK \ $NGX_QUIC \ --with-http_v2_module \ --with-http_ssl_module \