├── .gitignore ├── LICENSE ├── README.md ├── app ├── colors.sh ├── installers │ ├── luajit.sh │ ├── nginx.sh │ ├── openssl.sh │ ├── pcre.sh │ └── zlib.sh ├── libs.sh ├── module_deps │ ├── ngx_brotli-install.sh │ ├── ngx_mongo-install.sh │ └── ngx_pagespeed-install.sh ├── nginx_modules.sh └── tests │ └── common_errors.sh ├── config.sh ├── config ├── nginx │ ├── fastcgi_params │ ├── mime.types │ ├── naxsi_core.rules │ ├── nginx │ ├── nginx.conf │ ├── nginx.service │ └── site.conf └── sites │ ├── auth_basic │ └── default.conf │ ├── default.conf │ ├── jwt │ ├── guard.lua │ └── site.conf │ ├── php-fpm │ └── default.conf │ └── ssl │ └── site.conf ├── credits.txt ├── fix ├── aclocal.sh ├── aws_locale.sh └── lc_locale_perl.sh ├── install.sh ├── letsencrypt.sh ├── monnit.sh └── optimizations └── sysconf.sh /.gitignore: -------------------------------------------------------------------------------- 1 | exclude/ -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 Gabriel 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # nginx installer 2 | 3 | This is a nginx installer + configuration + modules + patches for web speed and security. 4 | 5 | Feel free to use, add, modify at will. Apart the normal build dependencies, it will install 6 | ```lua 2.0``` (unless it's installed already), Google's ```brotli``` compression engine 7 | (better for large files), and a number of ```nginx``` modules. If you don't plan on using 8 | all the modules, see the install files to disable them. 9 | 10 | This installer is for ```Ubuntu 16.04``` 11 | 12 | 13 | ## Options 14 | - `--full` _Install server and clean existing repos_ 15 | - `--clean` _Clean local files_ 16 | - `--compile` _Compile from existing directories_ 17 | - `--deps` _Only dependencies_ 18 | - `--down` _Only download modules_ 19 | ## Server Configs 20 | - `--simple` _Simple web server with perfromance modules and standard configuration_ 21 | - `--simple_ssl` _Simple web server but with extra SSL features_ 22 | - `--steroids` _Nginx, Lua, Lua Scripts, JWT, Imagemagik, Compression_ 23 | 24 | ## Configs 25 | _Paths and install locations are set in `config.sh`_ 26 | 27 | ## Install 28 | 29 | ``` 30 | git clone https://github.com/gp187/nginx-builder 31 | cd nginx-builder/ 32 | chmod +x install.sh 33 | sudo ./install.sh --full --steroids 34 | ``` 35 | 36 | > Very important: check that /config.sh has the correct paths for `SCRIPT_PATH` and `ROOT` variables 37 | 38 | 39 | ## Modules 40 | ``` 41 | This is where I got the modules from to import them in the builder https://github.com/agile6v/awesome-nginx 42 | ``` 43 | 44 | ## Known Errors 45 | - `LC_ALL not set` _happens often on AWS instances. Make sure you set country or region you are in! [Fix is here](fix/aws_locale.sh) 46 | - `aclocal-1.15 command not found` _common error due to default `automake` package which is `1.4`. [Fix is Here](fix/aclocal.sh) 47 | 48 | ## DEVMODE 49 | _This is still in dev mode. Feel free to report bugs and use `ONLY` from `./install.sh`. I'm working on making it a service_ 50 | 51 | 52 | *** more to come *** 53 | 54 | 55 | ------ 56 | 57 | ## :computer: Contributors 58 | 59 | | | Nume | Rol | 60 | ----- | ---- | ------- | -------: 61 | :boy: | Gabriel | Owner | 62 | :boy: | Marvin | Coder | 63 | ---------- 64 | 65 | **From Paris with :heart: ** 66 | -------------------------------------------------------------------------------- /app/colors.sh: -------------------------------------------------------------------------------- 1 | 2 | function run_name() { 3 | echo -e "\e[1;39m[ \e[1;42mRunning\e[49m ] ${1}\e[0;39m" 4 | } 5 | function run_ok() { 6 | echo -e "\e[1;39m[ \e[1;32mOK\e[39m ] ${1}\e[0;39m" 7 | } 8 | function run_error() { 9 | echo -e "\e[1;39m[ \e[31mError\e[39m ] ${1}\e[0;39m" 10 | } 11 | function run_install() { 12 | echo -e "\e[1;39m[ \e[1;46mInstalling\e[49m ] ${1}\e[0;39m" 13 | } 14 | function run_compile() { 15 | echo -e "\e[1;39m[ \e[1;46mCompiling\e[49m ] ${1}\e[0;39m" 16 | } 17 | function run_download() { 18 | echo -e "\e[1;39m[ \e[1;46mDownloading\e[49m ] ${1}\e[0;39m" 19 | } 20 | function run_unpack() { 21 | echo -e "\e[1;39m[ \e[1;46mUnpacking\e[49m ] ${1}\e[0;39m" 22 | } 23 | function run_testing() { 24 | echo -e "\e[1;39m[ \e[1;93mCheck\e[39m ] ${1}\e[0;39m" 25 | } 26 | function show_option() { 27 | echo -e "\e[1;39m[ \e[1;46m${1}\e[49m ] ${2}\e[0;39m" 28 | } 29 | function show_title() { 30 | echo -e "\e[1;39m----------------------------\e[0;39m" 31 | echo -e "\e[1;39m\e[1;32m${1}\e[49m \e[0;39m" 32 | echo -e "\e[1;39m----------------------------\e[0;39m" 33 | } 34 | 35 | function show_blue() { 36 | echo -e "\e[1;49m[ \e[1;44m${1}\e[49m ] ${2}\e[49m" 37 | } 38 | function show_red() { 39 | echo -e "\e[1;39m[ \e[31m${1}\e[39m ] ${2}\e[0;39m" 40 | } 41 | function show_blue_bg() { 42 | echo -e "\e[1;39m[ \e[1;46m${1}\e[49m ] ${2}\e[0;39m" 43 | } 44 | function show_yellow() { 45 | echo -e "\e[1;39m[ \e[1;93m${1}\e[39m ] ${2}\e[0;39m" 46 | } 47 | function show_green() { 48 | echo -e "\e[1;39m[ \e[1;32m${1}\e[39m ] ${2}\e[0;39m" 49 | } 50 | -------------------------------------------------------------------------------- /app/installers/luajit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | . config.sh 4 | . app/colors.sh 5 | 6 | # run as root only 7 | if [[ $EUID -ne 0 ]] ; then 8 | run_error "This script must be run with root access\e[49m" 9 | exit 1 10 | fi 11 | [ $# -eq 0 ] && { run_error "Usage: install_lua "; exit; } 12 | if [ -z ${ROOT+x} ]; then show_red "Error" "ROOT system variable is not set! Check config.sh"; exit 1; fi 13 | if [ -z ${CACHE+x} ]; then show_red "Error" "CACHE system variable is not set! Check config.sh"; exit 1; fi 14 | if [ -z ${BUILD+x} ]; then show_red "Error" "BUILD system variable is not set! Check config.sh"; exit 1; fi 15 | 16 | # Set: vars 17 | MAIN_DIR="luajit/" 18 | WORKDIR="${CACHE}${MAIN_DIR}" 19 | FILENAME="LuaJIT-${1}.tar.gz" 20 | # Clear: current install 21 | if [ -d "${WORKDIR}" ] ; then 22 | rm -Rf ${WORKDIR} 23 | fi 24 | # Make: dirs 25 | [ -d "$WORKDIR" ] || mkdir ${WORKDIR} 26 | # Workspace 27 | cd ${WORKDIR} 28 | 29 | 30 | luajit -v >/dev/null 2>&1 || { 31 | show_blue "Install" "LuaJIT from source" 32 | # Run 33 | run_install "LuaJIT-${1}:: Lua programming language with JIT compiler" 34 | 35 | if [ ! -s "${CACHE}${FILENAME}" ] ; then 36 | run_download "${FILENAME}" 37 | wget -O ${CACHE}${FILENAME} http://luajit.org/download/${FILENAME} &> /dev/null 38 | else 39 | show_yellow "Cache" "found ${CACHE}LuaJIT-${1}.tar.gz. Using from cache" 40 | fi 41 | 42 | if [ ! -s "${CACHE}${FILENAME}" ] ; then 43 | rm -Rf ${WORKDIR} 44 | run_error "${CACHE}LuaJIT-${1}.tar.gz not found" 45 | exit 1 46 | else 47 | show_blue_bg "Unpack" "LuaJIT-${1}.tar.gz" 48 | tar -xzf "${CACHE}${FILENAME}" -C ${CACHE} 49 | #mv -b ${CACHE}LuaJIT-${1}/* ${WORKDIR} 50 | cd ${CACHE}LuaJIT-${1} 51 | 52 | run_compile "make" 53 | make install PREFIX=/usr/local 54 | #rm -rf ${CACHE}LuaJIT-${1}.tar.gz ${WORKDIR}LuaJIT-${1} 55 | 56 | run_ok 57 | fi 58 | } 59 | show_yellow "Installed" "LuaJIT is already installed on your system" 60 | 61 | exit 1; -------------------------------------------------------------------------------- /app/installers/nginx.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | . config.sh 4 | . app/colors.sh 5 | 6 | # run as root only 7 | if [[ $EUID -ne 0 ]] ; then 8 | run_error "This script must be run with root access\e[49m" 9 | exit 1 10 | fi 11 | [ $# -eq 0 ] && { run_error "Usage: download_nginx "; exit; } 12 | if [ -z ${ROOT+x} ]; then show_red "Error" "ROOT system variable is not set! Check config.sh"; exit 1; fi 13 | if [ -z ${CACHE+x} ]; then show_red "Error" "CACHE system variable is not set! Check config.sh"; exit 1; fi 14 | if [ -z ${BUILD+x} ]; then show_red "Error" "BUILD system variable is not set! Check config.sh"; exit 1; fi 15 | 16 | # Set: vars 17 | MAIN_DIR="nginx" 18 | WORKDIR="${CACHE}${MAIN_DIR}/" 19 | FILENAME="nginx-${1}.tar.gz" 20 | 21 | # Clear: current install 22 | if [ -d "${WORKDIR}" ] ; then 23 | rm -Rf ${WORKDIR} 24 | fi 25 | # Make: dirs 26 | [ -d "$WORKDIR" ] || mkdir ${WORKDIR} 27 | # Workspace 28 | cd ${WORKDIR} 29 | 30 | 31 | #nginx -v >/dev/null 2>&1 || { 32 | 33 | show_blue "Install" "LuaJIT from source" 34 | # Run 35 | run_install "LuaJIT-${1}:: Lua programming language with JIT compiler" 36 | 37 | if [ ! -s "${CACHE}${FILENAME}" ] ; then 38 | run_download "${FILENAME}" 39 | wget -O ${CACHE}${FILENAME} -q http://nginx.org/download/${FILENAME} &> /dev/null 40 | else 41 | show_yellow "Cache" "found ${CACHE}${FILENAME}. Using from cache" 42 | fi 43 | 44 | if [ ! -s "${CACHE}${FILENAME}" ] ; then 45 | rm -Rf ${WORKDIR} 46 | run_error "${CACHE}${FILENAME} not found" 47 | exit 1 48 | else 49 | show_blue_bg "Unpack" ${FILENAME} 50 | tar -xzf ${CACHE}${FILENAME} -C ${WORKDIR} 51 | mv -b ${WORKDIR}nginx-${1}/* ${WORKDIR} 52 | rm -rf ${WORKDIR}nginx-${1} 53 | cd ${WORKDIR} 54 | 55 | run_ok 56 | fi 57 | #} 58 | #show_yellow "Installed" "LuaJIT is already installed on your system" 59 | 60 | exit 1; -------------------------------------------------------------------------------- /app/installers/openssl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | . config.sh 4 | . app/colors.sh 5 | 6 | # run as root only 7 | if [[ $EUID -ne 0 ]] ; then 8 | run_error "This script must be run with root access\e[49m" 9 | exit 1 10 | fi 11 | [ $# -eq 0 ] && { run_error "Usage: openssl "; exit; } 12 | if [ -z ${ROOT+x} ]; then show_red "Error" "ROOT system variable is not set! Check config.sh"; exit 1; fi 13 | if [ -z ${CACHE+x} ]; then show_red "Error" "CACHE system variable is not set! Check config.sh"; exit 1; fi 14 | if [ -z ${BUILD+x} ]; then show_red "Error" "BUILD system variable is not set! Check config.sh"; exit 1; fi 15 | 16 | # Set: vars 17 | MAIN_DIR="openssl" 18 | WORKDIR="${BUILD}${MAIN_DIR}/" 19 | CACHEDIR="${CACHE}${MAIN_DIR}/" 20 | FILENAME="${MAIN_DIR}-${1}.tar.gz" 21 | # Clear: current install 22 | rm -Rf ${WORKDIR} && mkdir -p ${WORKDIR} 23 | 24 | # Workspace 25 | 26 | 27 | show_blue "Install" "${MAIN_DIR} from source" 28 | # Run 29 | run_install "${MAIN_DIR}-${1}:: required by NGINX Gzip module for headers compression" 30 | 31 | if [ ! -s "${CACHE}${FILENAME}" ] ; then 32 | run_download "${FILENAME}" 33 | wget -O ${CACHE}${FILENAME} wget http://www.openssl.org/source/${FILENAME} &> /dev/null 34 | else 35 | show_yellow "Cache" "found ${FILENAME}. Using from cache" 36 | fi 37 | 38 | cd ${WORKDIR} 39 | if [ ! -s "${CACHE}${FILENAME}" ] ; then 40 | rm -Rf ${WORKDIR} 41 | run_error "${CACHE}${FILENAME} not found" 42 | exit 1 43 | else 44 | cd ${WORKDIR} 45 | show_blue_bg "Unpack" "${MAIN_DIR}-${1}.tar.gz" 46 | tar -xzf "${CACHE}${FILENAME}" -C ${WORKDIR} 47 | cp -PR ${WORKDIR}${MAIN_DIR}-${1}/* ${WORKDIR} 48 | 49 | ./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib shared zlib-dynamic # darwin64-x86_64-cc 50 | make depend && make && make test && make install 51 | run_ok 52 | fi -------------------------------------------------------------------------------- /app/installers/pcre.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | . config.sh 4 | . app/colors.sh 5 | 6 | # run as root only 7 | if [[ $EUID -ne 0 ]] ; then 8 | run_error "This script must be run with root access\e[49m" 9 | exit 1 10 | fi 11 | [ $# -eq 0 ] && { run_error "Usage: pcre "; exit; } 12 | if [ -z ${ROOT+x} ]; then show_red "Error" "ROOT system variable is not set! Check config.sh"; exit 1; fi 13 | if [ -z ${CACHE+x} ]; then show_red "Error" "CACHE system variable is not set! Check config.sh"; exit 1; fi 14 | if [ -z ${BUILD+x} ]; then show_red "Error" "BUILD system variable is not set! Check config.sh"; exit 1; fi 15 | 16 | # Set: vars 17 | MAIN_DIR="pcre" 18 | WORKDIR="${BUILD}${MAIN_DIR}/" 19 | CACHEDIR="${CACHE}${MAIN_DIR}/" 20 | FILENAME="${MAIN_DIR}-${1}.tar.gz" 21 | # Clear: current install 22 | rm -Rf ${WORKDIR} && mkdir -p ${WORKDIR} 23 | 24 | # Workspace 25 | 26 | 27 | show_blue "Install" "${MAIN_DIR} from source" 28 | # Run 29 | run_install "${MAIN_DIR}-${1}:: equired by NGINX Core and Rewrite modules and provides support for regular expressions" 30 | 31 | if [ ! -s "${CACHE}${FILENAME}" ] ; then 32 | run_download "${FILENAME}" 33 | wget -O ${CACHE}${FILENAME} wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${FILENAME} &> /dev/null 34 | else 35 | show_yellow "Cache" "found ${FILENAME}. Using from cache" 36 | fi 37 | 38 | 39 | cd ${WORKDIR} 40 | if [ ! -s "${CACHE}${FILENAME}" ] ; then 41 | rm -Rf ${WORKDIR} 42 | run_error "${CACHE}${FILENAME} not found" 43 | exit 1 44 | else 45 | show_blue_bg "Unpack" "${MAIN_DIR}-${1}.tar.gz" 46 | tar -xzf "${CACHE}${FILENAME}" -C ${WORKDIR} 47 | cp -PR ${WORKDIR}${MAIN_DIR}-${1}/* ${WORKDIR} 48 | cd ${WORKDIR} 49 | ./configure 50 | make && make install 51 | run_ok 52 | fi -------------------------------------------------------------------------------- /app/installers/zlib.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | . config.sh 4 | . app/colors.sh 5 | 6 | # run as root only 7 | if [[ $EUID -ne 0 ]] ; then 8 | run_error "This script must be run with root access\e[49m" 9 | exit 1 10 | fi 11 | [ $# -eq 0 ] && { run_error "Usage: zlib "; exit; } 12 | if [ -z ${ROOT+x} ]; then show_red "Error" "ROOT system variable is not set! Check config.sh"; exit 1; fi 13 | if [ -z ${CACHE+x} ]; then show_red "Error" "CACHE system variable is not set! Check config.sh"; exit 1; fi 14 | if [ -z ${BUILD+x} ]; then show_red "Error" "BUILD system variable is not set! Check config.sh"; exit 1; fi 15 | 16 | # Set: vars 17 | MAIN_DIR="zlib" 18 | WORKDIR="${BUILD}${MAIN_DIR}/" 19 | CACHEDIR="${CACHE}${MAIN_DIR}/" 20 | FILENAME="${MAIN_DIR}-${1}.tar.gz" 21 | # Clear: current install 22 | rm -Rf ${WORKDIR} && mkdir -p ${WORKDIR} 23 | 24 | # Workspace 25 | 26 | 27 | show_blue "Install" "${MAIN_DIR} from source" 28 | # Run 29 | run_install "${MAIN_DIR}-${1}:: required by NGINX Gzip module for headers compression" 30 | 31 | if [ ! -s "${CACHE}${FILENAME}" ] ; then 32 | run_download "${FILENAME}" 33 | wget -O ${CACHE}${FILENAME} http://zlib.net/${FILENAME} &> /dev/null 34 | else 35 | show_yellow "Cache" "found ${FILENAME}. Using from cache" 36 | fi 37 | 38 | cd ${WORKDIR} 39 | if [ ! -s "${CACHE}${FILENAME}" ] ; then 40 | rm -Rf ${WORKDIR} 41 | run_error "${CACHE}${FILENAME} not found" 42 | exit 1 43 | else 44 | show_blue_bg "Unpack" "${MAIN_DIR}-${1}.tar.gz" 45 | tar -xzf "${CACHE}${FILENAME}" -C ${WORKDIR} 46 | cp -PR ${WORKDIR}${MAIN_DIR}-${1}/* ${WORKDIR} 47 | cd ${WORKDIR} 48 | ./configure 49 | make && make install 50 | run_ok 51 | fi -------------------------------------------------------------------------------- /app/libs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | . app/colors.sh 4 | 5 | 6 | # run as root only 7 | if [[ $EUID -ne 0 ]] ; then 8 | run_error "This script must be run with root access" 9 | exit 1 10 | fi 11 | if [ -z ${ROOT+x} ]; then show_red "Error" "ROOT system variable is not set! Check config.sh"; exit 1; fi 12 | if [ -z ${CACHE+x} ]; then show_red "Error" "CACHE system variable is not set! Check config.sh"; exit 1; fi 13 | if [ -z ${BUILD+x} ]; then show_red "Error" "BUILD system variable is not set! Check config.sh"; exit 1; fi 14 | 15 | 16 | function download_nginx_module() { # OK 17 | [ $# -eq 0 ] && { run_error "Usage: install_nginx_module "; exit; } 18 | local WORKDIR="${CACHE}nginx_modules/" 19 | local MODULE=${1} 20 | 21 | [ -d "$WORKDIR" ] || mkdir -p $WORKDIR 22 | cd ${WORKDIR} 23 | 24 | if [ ${NGINX_MODULES[${MODULE}]} ] ; then 25 | show_blue_bg "Download" "${MODULE}" 26 | 27 | if [ -s "${MODULE}.zip" ] ; then 28 | show_yellow "Cache" "found ${MODULE}.zip. Using from cache" 29 | else 30 | wget -q --no-check-certificate ${NGINX_MODULES[${MODULE}]} -O "${MODULE}.zip" 31 | fi 32 | if [ -s "${MODULE}.zip" ] ; then 33 | run_ok 34 | else 35 | run_error "Could not fetch ${MODULE}.zip from ${NGINX_MODULES[${MODULE}]}" 36 | fi 37 | else 38 | run_error "${MODULE} module does not have a download route. Add in lib/nginx_modules.sh or remove ${MODULE} from NGINX_INSTALL_MODULES" 39 | fi 40 | } 41 | function configure_nginx_module() { 42 | # get them from cache and put them in work 43 | [ $# -eq 0 ] && { run_error "Usage: configure_nginx_module "; exit; } 44 | local WORKDIR="${ROOT}nginx_modules/" 45 | local CACHEDIR="${CACHE}nginx_modules/" 46 | local MODULE=${1} 47 | 48 | rm -rf ${WORKDIR}${MODULE} 49 | [ -d "$WORKDIR${MODULE}" ] || mkdir -p ${WORKDIR}${MODULE} 50 | [ -d "${CACHEDIR}${MODULE}.zip" ] || download_nginx_module ${MODULE} 51 | 52 | show_blue_bg "Unpack" "${MODULE}" 53 | 54 | cd ${WORKDIR} 55 | unzip -q -o "${CACHEDIR}${MODULE}.zip" -d ${WORKDIR}${MODULE} 56 | local ROOT_NAME=`find ${MODULE}/* | head -1` 57 | 58 | if [ -z ${ROOT_NAME+x} ]; then 59 | show_red "Error" "${MODULE} root name is not a dir. Check ${CACHEDIR}${MODULE}.zip"; exit 1; 60 | else 61 | cp -RP ${WORKDIR}${ROOT_NAME}/* ${WORKDIR}${MODULE} 62 | rm -rf ${WORKDIR}${ROOT_NAME} 63 | run_ok 64 | fi 65 | } 66 | function configure_lua_modules() { 67 | # get them from cache and put them in work 68 | [ $# -eq 0 ] && { run_error "Usage: configure_lua_modules "; exit; } 69 | local WORKDIR="${ROOT}nginx_lua_dynamic_modules/" 70 | local CACHEDIR="${CACHE}nginx_modules/" 71 | local MODULE=${1} 72 | 73 | rm -rf ${WORKDIR}${MODULE} && mkdir -p ${WORKDIR}${MODULE} 74 | [ -d "${CACHEDIR}${MODULE}.zip" ] || download_nginx_module ${MODULE} 75 | 76 | show_blue_bg "Unpack" "${MODULE}" 77 | 78 | cd ${WORKDIR} 79 | unzip -q -o "${CACHEDIR}${MODULE}.zip" -d ${WORKDIR}${MODULE} 80 | local ROOT_NAME=`find ${MODULE}/* | head -1` 81 | 82 | if [ -z ${ROOT_NAME+x} ]; then 83 | show_red "Error" "${MODULE} root name is not a dir. Check ${CACHEDIR}${MODULE}.zip"; exit 1; 84 | else 85 | cp -RP ${WORKDIR}${ROOT_NAME}/* ${WORKDIR}${MODULE} 86 | rm -rf ${WORKDIR}${ROOT_NAME} 87 | run_ok 88 | fi 89 | } 90 | 91 | function configure_nginx_patches() { 92 | [ $# -eq 0 ] && { run_error "Usage: configure_nginx_patches "; exit; } 93 | local WORKDIR="${ROOT}nginx_patches/" 94 | local MODULE=${1} 95 | 96 | [ -d "$WORKDIR${MODULE}" ] || mkdir -p $WORKDIR${MODULE} 97 | cd ${WORKDIR} 98 | 99 | for file in ${WORKDIR}/* ; do 100 | run_compile "applying patch $(basename $file)" 101 | patch -p1 < $file 102 | done 103 | 104 | run_ok 105 | } 106 | 107 | function make_nginx() { 108 | [ $# -eq 0 ] && { run_error "Usage: make_nginx "; exit; } 109 | 110 | # Set: vars 111 | local MAIN_DIR="nginx" 112 | local WORKDIR="${BUILD}${MAIN_DIR}/" 113 | local MODULES="${ROOT}nginx_modules/" 114 | local FILENAME="nginx-${1}.tar.gz" 115 | local CONFIGURE_PARAMS="" 116 | local DEFAULT_PARAMS=${2} 117 | local MODULE_PARAMS="" 118 | 119 | # clean 120 | rm -rf ${WORKDIR} && mkdir -p ${WORKDIR} 121 | # copy fresh nginx source 122 | cp -PR ${CACHE}${MAIN_DIR} ${BUILD} 123 | 124 | if [ -f "${WORKDIR}configure" ] ; then 125 | show_green "Found nginx" 126 | else 127 | run_error "Cannot find nginx source code in ${WORKDIR}" 128 | exit 1 129 | fi 130 | cd ${WORKDIR} 131 | 132 | # ./configure all modules 133 | for file in ${MODULES}* ; do 134 | if [ -d "$file" ] 135 | then 136 | if [ -f "$file/config" ] ; then 137 | local MODULE=$(basename $file) 138 | # Check: if module has extra things to run and run it(ex: pagespeed) 139 | # SH: takes 1 param:: path to install to 140 | if [ -f ${SCRIPT_PATH}app/module_deps/${MODULE}-install.sh ]; then 141 | chmod u+x ${SCRIPT_PATH}app/module_deps/${MODULE}-install.sh 142 | . ${SCRIPT_PATH}app/module_deps/${MODULE}-install.sh $file/ 143 | fi 144 | # Set configure parameters 145 | CONFIGURE_PARAMS="${CONFIGURE_PARAMS} --add-module=${MODULES}${MODULE}" 146 | MODULE_PARAMS="" 147 | else 148 | show_red "Error" "${MODULE} is not a nginx compilable module. Maybe just a script?" 149 | fi 150 | fi 151 | done 152 | 153 | cd ${WORKDIR} 154 | # make && make install 155 | ./configure ${DEFAULT_PARAMS}${CONFIGURE_PARAMS} 156 | make && make install 157 | 158 | run_ok "END" 159 | } 160 | 161 | function post_install_nginx() { 162 | [ $# -eq 0 ] && { run_error "Usage: post_install_nginx "; exit; } 163 | local NGINX=${1} 164 | local CPUS=$(grep ^processor /proc/cpuinfo | wc -l) 165 | 166 | # Set main nginx config file 167 | mkdir -p ${NGINX}sites-enabled/ 168 | mkdir -p ${NGINX}sites-available/ 169 | mkdir -p ${NGINX}conf.d/ 170 | mkdir -p ${NGINX}lua_modules/ 171 | mkdir -p /var/log/nginx #logs 172 | 173 | # Copy lua modules 174 | rm -rf ${NGINX}lua_modules/* && mkdir -p ${NGINX}lua_modules/ 175 | cp -Rf ${ROOT}nginx_lua_dynamic_modules/* ${NGINX}lua_modules/ 176 | 177 | # Copy main config file 178 | cp -f ${SCRIPT_PATH}config/nginx/* ${NGINX} 179 | chmod +x ${NGINX}nginx.conf 180 | # Paths 181 | sed -i -e "s|\$NGINX_PATH|${NGINX_PATH}|g" ${NGINX}nginx.conf 182 | # Cores 183 | sed -i -e "s|\$CPUS|${CPUS}|g" ${NGINX}nginx.conf 184 | 185 | 186 | # Set: a default site 187 | cp -f ${SCRIPT_PATH}config/nginx/site.conf ${NGINX}sites-enabled/site.conf 188 | chmod +x ${NGINX}sites-enabled/site.conf 189 | sed -i -e "s|\$server_name|${NGINX_SERVER_URL}|g" ${NGINX}sites-enabled/site.conf 190 | sed -i -e "s|\$server_port|${NGINX_SERVER_PORT}|g" ${NGINX}sites-enabled/site.conf 191 | 192 | # Set: init file 193 | cp -f ${SCRIPT_PATH}config/nginx/nginx /etc/init.d/nginx 194 | chmod +x /etc/init.d/nginx 195 | # Paths 196 | sed -i -e "s|\$REPLACE_NGINX_PATH|${NGINX_PATH}|g" /etc/init.d/nginx 197 | sed -i -e "s|\$REPLACE_NGINX_USE_PATH|${NGINX_USE_PATH}|g" /etc/init.d/nginx 198 | # Touch: pid 199 | touch /run/nginx.pid 200 | chmod 0770 /run/nginx.pid 201 | 202 | if [ $DISTRO_VERSION = "16.04" ] || [ $DISTRO_VERSION = "16.10" ] ; then 203 | mkdir -p /usr/lib/systemd/system/ 204 | # Service file for nginx 205 | cp -f ${SCRIPT_PATH}config/nginx/nginx.service /lib/systemd/system/ 206 | sed -i -e "s|\$NGINX_PATH|${NGINX_PATH}|g" /lib/systemd/system/nginx.service 207 | # Restart ctl daemon 208 | systemctl daemon-reload 209 | fi 210 | # if [ $DISTRO_VERSION -eq "15.04" ] || [ $DISTRO_VERSION -eq "15.10" ] ; then 211 | 212 | # fi 213 | # if [ $DISTRO_VERSION -eq "14.04" ] || [ $DISTRO_VERSION -eq "14.10" ] ; then 214 | 215 | # fi 216 | 217 | 218 | # Install modules (the ones that don't install via include) 219 | # TODO:: install lua modules (if needed) 220 | 221 | # Set init.d service 222 | # TODO:: auto start 223 | 224 | 225 | chmod u+x /etc/init.d/nginx 226 | } 227 | 228 | function create_installed_file() { 229 | # Create a config map with all the modules, so I know what's what 230 | # file start 231 | printf "# Nginx Build #${NGINX_VERSION_NO}\n\n" > ${NGINX_USE_PATH}INSTALLED.md 232 | printf "### libraries installed from source\n\n" > ${NGINX_USE_PATH}INSTALLED.md 233 | # versions 234 | local VS=""; 235 | for i in "${!VERSION[@]}" 236 | do 237 | VS="${VS}$i ${VERSION[$i]}, " 238 | done 239 | printf "${VS}" >> ${NGINX_USE_PATH}INSTALLED.md 240 | # modules installed 241 | printf "### nginx modules compiled \n\n" >> ${NGINX_USE_PATH}INSTALLED.md 242 | for i in "${!NGINX_INSTALL_MODULES[@]}" 243 | do 244 | printf ${NGINX_INSTALL_MODULES[$i]}':: '${NGINX_MODULES[${NGINX_INSTALL_MODULES[$i]}]}'\n' >> ${NGINX_USE_PATH}INSTALLED.md 245 | done 246 | printf "\n\n">> ${NGINX_USE_PATH}INSTALLED.md 247 | 248 | # other text? credits 249 | cat ${SCRIPT_PATH}credits.txt >> ${NGINX_USE_PATH}INSTALLED.md 250 | } 251 | 252 | function clean() { 253 | rm -Rf "${ROOT}brotli" 254 | rm -Rf "${ROOT}luajit" 255 | rm -Rf "${ROOT}nginx" 256 | rm -Rf "${ROOT}nginx_modules" 257 | rm -Rf "${ROOT}nginx.tar.gz" 258 | rm -Rf "${NGINX_PATH}" 259 | rm -Rf "${NGINX_USE_PATH}" 260 | 261 | } 262 | -------------------------------------------------------------------------------- /app/module_deps/ngx_brotli-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | # run as root only 5 | if [[ $EUID -ne 0 ]] ; then 6 | run_error "This script must be run with root access\e[49m" 7 | exit 1 8 | fi 9 | [ $# -eq 0 ] && { run_error "Usage: brotli "; exit; } 10 | if [ -z ${ROOT+x} ]; then show_red "Error" "ROOT system variable is not set! Check config.sh"; exit 1; fi 11 | if [ -z ${CACHE+x} ]; then show_red "Error" "CACHE system variable is not set! Check config.sh"; exit 1; fi 12 | if [ -z ${BUILD+x} ]; then show_red "Error" "BUILD system variable is not set! Check config.sh"; exit 1; fi 13 | 14 | 15 | 16 | function ngx_brotli() { 17 | local MAIN_DIR="brotli" 18 | local WORKDIR=${1} #full path 19 | local CACHEDIR="${CACHE}${MAIN_DIR}/" 20 | local FILENAME="${VERSION}.tar.gz" 21 | 22 | # Set: vars 23 | MAIN_DIR="brotli" 24 | WORKDIR="${CACHE}${MAIN_DIR}/" 25 | 26 | 27 | # if [ -d "${BUILD}${MAIN_DIR}" ] ; then 28 | # rm -Rf ${BUILD}${MAIN_DIR} 29 | # fi 30 | # # Clear: current install 31 | # if [ -d "${WORKDIR}" ] ; then 32 | # rm -Rf ${WORKDIR} 33 | # fi 34 | # # Make: dirs 35 | # [ -d "$WORKDIR" ] || mkdir ${WORKDIR} 36 | # # Workspace 37 | # cd ${CACHE} 38 | # ## 39 | 40 | # git clone https://github.com/google/brotli.git ${MAIN_DIR} 41 | 42 | # if [ ! -s ${WORKDIR} ] ; then 43 | # rm -Rf ${WORKDIR} 44 | # run_error "cannot clone to ${WORKDIR}" 45 | # exit 1 46 | # fi 47 | # cd ${WORKDIR} 48 | # run_compile "make" 49 | # python setup.py install 50 | # make 51 | # # move to build 52 | # mkdir -p ${BUILD}${MAIN_DIR} 53 | # mv -b ${WORKDIR}/* ${BUILD}${MAIN_DIR} 54 | 55 | } 56 | ngx_brotli ${1} 57 | 58 | 59 | 60 | ############## 61 | ############## 62 | # CHANGE THIS TO INSTALL USING A LOCAL FUNCTIONS AND DONT OVERWRITE THE MAIN SHIT 63 | ############## 64 | ############## 65 | 66 | 67 | -------------------------------------------------------------------------------- /app/module_deps/ngx_mongo-install.sh: -------------------------------------------------------------------------------- 1 | apt-get install -y libyajl-dev &> /dev/null -------------------------------------------------------------------------------- /app/module_deps/ngx_pagespeed-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ######################## 4 | # 5 | # Use a function in order not to mess up global vars 6 | # 7 | ######################## 8 | 9 | 10 | 11 | # run as root only 12 | if [[ $EUID -ne 0 ]] ; then 13 | run_error "This script must be run with root access\e[49m" 14 | exit 1 15 | fi 16 | [ $# -eq 0 ] && { run_error "Usage: pagespeed "; exit; } 17 | if [ -z ${ROOT+x} ]; then show_red "Error" "ROOT system variable is not set! Check config.sh"; exit 1; fi 18 | if [ -z ${CACHE+x} ]; then show_red "Error" "CACHE system variable is not set! Check config.sh"; exit 1; fi 19 | if [ -z ${BUILD+x} ]; then show_red "Error" "BUILD system variable is not set! Check config.sh"; exit 1; fi 20 | 21 | 22 | 23 | 24 | function ngx_pagespeed() { 25 | # Set: vars 26 | local VERSION="1.11.33.3" 27 | local MAIN_DIR="psol" 28 | local WORKDIR=${1} #full path 29 | local CACHEDIR="${CACHE}${MAIN_DIR}/" 30 | local FILENAME="${VERSION}.tar.gz" 31 | 32 | 33 | rm -rf ${WORKDIR}* 34 | rm -rf ${CACHE}ngx_pagespeed.zip 35 | # Run 36 | run_install "${MAIN_DIR}:: required by pagespeed plugin" 37 | 38 | # 1) get main pagespeed 39 | wget -O ${CACHE}ngx_pagespeed.zip https://github.com/pagespeed/ngx_pagespeed/archive/release-${VERSION}-beta.zip &> /dev/null 40 | if [ ! -f "${CACHE}ngx_pagespeed.zip" ] ; then 41 | show_red "Error" "Cannot find ngx_pagespeed source" 42 | exit 1 43 | fi 44 | # 2) get psol 45 | if [ ! -f "${CACHE}${FILENAME}" ] ; then 46 | run_download "${FILENAME}" 47 | wget -O ${CACHE}${FILENAME} wget https://dl.google.com/dl/page-speed/psol/${FILENAME} &> /dev/null 48 | else 49 | show_yellow "Cache" "found ${FILENAME}. Using from cache" 50 | fi 51 | if [ ! -f "${CACHE}ngx_pagespeed.zip" ] ; then 52 | run_error "${CACHE}ngx_pagespeed.zip not found" 53 | exit 1 54 | else 55 | cd ${WORKDIR} 56 | show_blue_bg "Unpack" "ngx_pagespeed.zip" 57 | unzip ${CACHE}ngx_pagespeed.zip &> /dev/null 58 | cp -PR ${WORKDIR}"ngx_pagespeed-release-1.11.33.3-beta"/* ${WORKDIR} &> /dev/null 59 | show_blue_bg "Unpack" "${FILENAME}" 60 | tar -xzf "${CACHE}${FILENAME}" 61 | run_ok 62 | fi 63 | } 64 | apt-get install -y libgoogle-perftools-dev &> /dev/null 65 | ngx_pagespeed ${1} -------------------------------------------------------------------------------- /app/nginx_modules.sh: -------------------------------------------------------------------------------- 1 | declare -A NGINX_MODULES # where do I get the zip? 2 | # some modules require extra custome work. 3 | # store a .sh in module_deps and declare it here with the same module name 4 | # ex: ngx_brotli --> app/module_deps/ngx_brotli-install.sh (-install, -run, -update, -remove) 5 | 6 | ### 7 | NGINX_MODULES['ngx_brotli']="https://github.com/google/ngx_brotli/zipball/master" 8 | NGINX_MODULES['ngx_headers_more']="https://github.com/openresty/headers-more-nginx-module/zipball/master" #- Set, add, and clear arbitrary output headers. 9 | NGINX_MODULES['ngx_mod_zip']="https://github.com/evanmiller/mod_zip/zipball/master" 10 | NGINX_MODULES['ngx_rtmp']="https://github.com/arut/nginx-rtmp-module/zipball/master" #- NGINX-based Media Streaming Server. 11 | NGINX_MODULES['ngx_set_misc']="https://github.com/agentzh/set-misc-nginx-module/zipball/master" 12 | NGINX_MODULES['ngx_xss']="https://github.com/openresty/xss-nginx-module/zipball/master" #- Native support for cross-site scripting ="XSS" in an nginx. 13 | NGINX_MODULES['ngx_srcache']="https://github.com/openresty/srcache-nginx-module/zipball/master" #- Transparent subrequest-based caching layout for arbitrary nginx locations. 14 | NGINX_MODULES['ngx_replace_filter']="https://github.com/openresty/replace-filter-nginx-module/zipball/master" #- Streaming regular expression replacement in response bodies. 15 | NGINX_MODULES['ngx_echo']="https://github.com/openresty/echo-nginx-module/zipball/master" #- An Nginx module for bringing the power of "echo", "sleep", "time" and more to Nginx's config file. 16 | NGINX_MODULES['ngx_encrypted_session']="https://github.com/openresty/encrypted-session-nginx-module/zipball/master" #- encrypt and decrypt nginx variable values. 17 | NGINX_MODULES['ngx_drizzle']="https://github.com/openresty/drizzle-nginx-module/zipball/master" #- an nginx upstream module that talks to mysql and drizzle by libdrizzle. 18 | NGINX_MODULES['ngx_array_var']="https://github.com/openresty/array-var-nginx-module/zipball/master" #- Add support for array-typed variables to nginx config files. 19 | NGINX_MODULES['ngx_set_misc']="https://github.com/openresty/set-misc-nginx-module/zipball/master" #- Various set_xxx directives added to nginx's rewrite module ="md5/sha1, sql/json quoting, and many more). 20 | NGINX_MODULES['ngx_pagespeed']="https://github.com/pagespeed/ngx_pagespeed/zipball/master" #- Automatic PageSpeed optimization module for Nginx. 21 | NGINX_MODULES['ngx_devel_kit']="https://github.com/simpl/ngx_devel_kit/zipball/master" #- Nginx Development Kit #- an Nginx module that adds additional generic tools that module developers can use in their own modules. 22 | NGINX_MODULES['ngx_cache_purge']="https://github.com/FRiCKLE/ngx_cache_purge/zipball/master" #- nginx module which adds ability to purge content from FastCGI, proxy, SCGI and uWSGI caches. 23 | NGINX_MODULES['ngx_http_concat']="https://github.com/alibaba/nginx-http-concat/zipball/master" #- A Nginx module for concatenating files in a given context: CSS and JS files usually. 24 | NGINX_MODULES['ngx_http_user_agent']="https://github.com/alibaba/nginx-http-user-agent/zipball/master" #- A nginx module to match browsers and crawlers. 25 | NGINX_MODULES['ngx_http_sysguard']="https://github.com/alibaba/nginx-http-sysguard/zipball/master" #- A Nginx module to protect servers when system load or memory use goes too high. 26 | NGINX_MODULES['ngx_tfs']="https://github.com/alibaba/nginx-tfs/zipball/master" #- An Asynchronous Nginx module providing a RESTful API for TFS ="Taobao File System). 27 | NGINX_MODULES['ngx_http_slice']="https://github.com/alibaba/nginx-http-slice/zipball/master" #- Nginx module for serving a file in slices ="reverse byte-range). 28 | NGINX_MODULES['ngx_backtrace']="https://github.com/alibaba/nginx-backtrace/zipball/master" #- A Nginx module to dump backtrace when a worker process exits abnormally. 29 | NGINX_MODULES['ngx_http_footer_filter']="https://github.com/alibaba/nginx-http-footer-filter/zipball/master" #- A nginx module that prints some text in the footer of a request. 30 | NGINX_MODULES['ngx_clojure']="https://github.com/nginx-clojure/nginx-clojure/zipball/master" #- Nginx module for embedding Clojure or Java or Groovy programs, typically those Ring based handlers. 31 | NGINX_MODULES['ngx_audio_track_for_hls']="https://github.com/flavioribeiro/nginx-audio-track-for-hls-module/zipball/master" #- Nginx module that generates audio track for HTTP Live Streaming ="HLS" streams on the fly. 32 | NGINX_MODULES['ngx_access_plus']="https://github.com/nginx-clojure/nginx-access-plus/zipball/master" #- nginx module allows limiting access to certain http request methods and client addresses. 33 | 34 | # Databases and Connectors 35 | NGINX_MODULES['ngx_eval']="https://github.com/vkholodkov/nginx-eval-module/zipball/master" #- A module for evaluating memcached or proxy response into variable. 36 | NGINX_MODULES['ngx_ench_memcache']="https://github.com/bpaquet/ngx_http_enhanced_memcached_module/zipball/master" 37 | NGINX_MODULES['ngx_memc']="https://github.com/openresty/memc-nginx-module/zipball/master" #- An extended version of the standard memcached module that supports set, add, delete, and many more memcached commands.. 38 | NGINX_MODULES['ngx_redis2']="https://github.com/openresty/redis2-nginx-module/zipball/master" #- Nginx upstream module for the Redis 2.0 protocol. 39 | NGINX_MODULES['ngx_mongo']="https://github.com/simpl/ngx_mongo/zipball/master" 40 | NGINX_MODULES['ngx_postgres']="https://github.com/FRiCKLE/ngx_postgres/zipball/master" #- upstream module that allows nginx to communicate directly with PostgreSQL database. 41 | NGINX_MODULES['ngx_couchbase']="https://github.com/couchbaselabs/couchbase-nginx-module/zipball/master" #- The module for nginx webserver to access Couchbase Server. 42 | NGINX_MODULES['ngx_aws_auth']="https://github.com/anomalizer/ngx_aws_auth/zipball/master" #- nginx module to proxy to authenticated AWS services. 43 | NGINX_MODULES['ngx_zeromq']="https://github.com/FRiCKLE/ngx_zeromq" #- ZeroMQ transport for nginx. 44 | NGINX_MODULES['ngx_auth_ldap']="https://github.com/kvspb/nginx-auth-ldap" #- LDAP authentication module for nginx. 45 | 46 | # Friewall 47 | NGINX_MODULES['ngx_naxsi']="https://github.com/nbs-system/naxsi/zipball/master" #- NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX. 48 | 49 | # Transformers 50 | NGINX_MODULES['ngx_small_light']="https://github.com/cubicdaiya/ngx_small_light/zipball/master" #- Dynamic Image Transformation Module For nginx. 51 | NGINX_MODULES['ngx_http_gif_magick']="https://github.com/mschenck/ngx_http_gif_magick/zipball/master" #- nginx http filter module for dynamically resizing gifs with ImageMagick. 52 | NGINX_MODULES['ngx_gm_filter']="https://github.com/liseen/ngx-gm-filter/zipball/master" #- Another image filter based GraphicsMagick.. 53 | NGINX_MODULES['ngx_rds_csv']="https://github.com/openresty/rds-csv-nginx-module/zipball/master" #- Nginx output filter module to convert Resty-DBD-Streams ="RDS" to Comma-Separated Values ="CSV). 54 | 55 | # Load Balancers 56 | NGINX_MODULES['ngx_upstream_fair']="https://github.com/gnosek/nginx-upstream-fair/zipball/master" #- The fair load balancer module for nginx. 57 | 58 | ## 59 | NGINX_MODULES['ngx_push_stream']="https://github.com/wandenberg/nginx-push-stream-module/zipball/master" #- A pure stream http push technology for your Nginx setup. Comet made easy and really scalable. 60 | NGINX_MODULES['ngx_vts']="https://github.com/vozlt/nginx-module-vts/zipball/master" #- Nginx virtual host traffic status module. 61 | NGINX_MODULES['ngx_url']="https://github.com/vozlt/nginx-module-url/zipball/master" #- Nginx url encoding converting module. 62 | NGINX_MODULES['ngx_session_binding_proxy']="https://github.com/wburgers/Session-Binding-Proxy/zipball/master" #- An Nginx module capable of binding the application session to the SSL session by encrypting the application cookie with a secret key and the SSL master key. 63 | NGINX_MODULES['ngx_upload_progress_module']="https://github.com/masterzen/nginx-upload-progress-module/zipball/master" #- Nginx module implementing an upload progress system, that monitors RFC1867 POST uploads as they are transmitted to upstream servers. 64 | NGINX_MODULES['ngx_protobuf_nginx']="https://github.com/dbcode/protobuf-nginx/zipball/master" #- Google Protocol Buffers code generator for nginx module developers. 65 | 66 | 67 | ## NON AUTOMATIC MODULES:: NEED HANDLING 68 | NGINX_MODULES['ngx_modSecurity']="https://github.com/SpiderLabs/ModSecurity/tree/master/nginx/modsecurity" #- ModSecurity is an open source, cross platform web application firewall ="WAF" engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. 69 | 70 | 71 | ###Lua Modules 72 | # Databases and Connectors in Lua 73 | NGINX_MODULES['ngx_lua']="https://github.com/openresty/lua-nginx-module/zipball/master" 74 | NGINX_MODULES['lua_resty_http']="https://github.com/pintsized/lua-resty-http/zipball/master" #- Lua HTTP client cosocket driver for OpenResty / ngx_lua. 75 | NGINX_MODULES['lua_resty_redis']="https://github.com/openresty/lua-resty-redis/zipball/master" #- Lua redis client driver for the ngx_lua based on the cosocket API. 76 | NGINX_MODULES['lua_resty_memcached']="https://github.com/openresty/lua-resty-memcached/zipball/master" #- Lua memcached client driver for the ngx_lua based on the cosocket API. 77 | NGINX_MODULES['lua_resty_mysql']="https://github.com/openresty/lua-resty-mysql/zipball/master" #- Nonblocking Lua MySQL driver library for ngx_lua. 78 | NGINX_MODULES['lua_resty_postgres']="https://github.com/azurewang/lua-resty-postgres/zipball/master" #- Nonblocking Lua PostgreSQL driver library for ngx_lua. 79 | NGINX_MODULES['lua_resty_cassandra']="https://github.com/jbochi/lua-resty-cassandra/zipball/master" #- Pure Lua Cassandra client using CQL binary protocol. 80 | NGINX_MODULES['lua_resty_mongol']="https://github.com/Olivine-Labs/resty-mongol/zipball/master" #- Lua MongoDB driver. 81 | NGINX_MODULES['lua_resty_oceanbase']="https://github.com/hugozhu/lua-resty-oceanbase/zipball/master" #- Lua OceanBase client driver for ngx_lua based on the cosocket API. 82 | NGINX_MODULES['lua_resty_hmac']="https://github.com/jkeys089/lua-resty-hmac/zipball/master" #- HMAC functions for ngx_lua and LuaJIT. 83 | NGINX_MODULES['lua_resty_jwt']="https://github.com/SkyLothar/lua-resty-jwt/zipball/master" #- JWT For The Great Openresty. 84 | NGINX_MODULES['lua_resty_upstream_healthcheck']="https://github.com/openresty/lua-resty-upstream-healthcheck/zipball/master" #- Health Checker for Nginx Upstream Servers in Pure Lua. 85 | NGINX_MODULES['lua_resty_riak']="https://github.com/bakins/lua-resty-riak/zipball/master" #- Lua riak protocol buffer client driver for the ngx_lua based on the cosocket API. 86 | NGINX_MODULES['lua_resty_ssdb']="https://github.com/LazyZhu/lua-resty-ssdb/zipball/master" #- Lua ssdb client driver for the ngx_lua based on the cosocket API, SSDB is a leveldb server. 87 | NGINX_MODULES['lua_resty_kafka']="https://github.com/doujiang24/lua-resty-kafka/zipball/master" #- Lua kafka client driver for the ngx_lua based on the cosocket API. 88 | NGINX_MODULES['lua_resty_rabbitmqstomp']="https://github.com/wingify/lua-resty-rabbitmqstomp/zipball/master" #- Opinionated Lua RabbitMQ client library for the ngx_lua apps based on the cosocket API. 89 | NGINX_MODULES['lua_resty_gearman']="https://github.com/zhhchen/lua-resty-gearman/zipball/master" #- Lua gearman client driver for the ngx_lua based on the cosocket API. 90 | NGINX_MODULES['lua_resty_fastcgi']="https://github.com/benagricola/lua-resty-fastcgi/zipball/master" #- Lua FCGI client driver for ngx_lua based on the cosocket API. 91 | NGINX_MODULES['lua_resty_upload']="https://github.com/openresty/lua-resty-upload/zipball/master" #- Streaming reader and parser for http file uploading based on ngx_lua cosocket. 92 | 93 | 94 | 95 | 96 | # [lua-resty-fastdfs]="https://github.com/azurewang" #- Nonblocking Lua FastDFS driver library for ngx_lua. 97 | # [lua-resty-lrucache]="https://github.com/openresty/lua-resty-lrucache" #- Lua-land LRU Cache based on LuaJIT FFI. 98 | # [lua-resty-core]="https://github.com/openresty/lua-resty-core" #- New FFI-based API for lua-nginx-module. 99 | # [lua-redis-parser]="https://github.com/openresty/lua-redis-parser" #- Lua module for parsing raw redis responses. 100 | # [lua-resty-websocket]="https://github.com/openresty/lua-resty-websocket" #- WebSocket support for the ngx_lua module (and OpenResty). 101 | # [lua-resty-dns]="https://github.com/openresty/lua-resty-dns" #- DNS resolver for the nginx lua module. 102 | # [lua-resty-string]="https://github.com/openresty/lua-resty-string" #- String utilities and common hash functions for ngx_lua and LuaJIT. 103 | # [lua-rds-parser]="https://github.com/openresty/lua-rds-parser" #- Resty DBD Stream (RDS" parser for Lua written in C. 104 | # [lua-resty-template]="https://github.com/bungle/lua-resty-template" #- Templating Engine (HTML" for Lua and OpenResty 105 | # [lua-resty-cookie]="https://github.com/cloudflare/lua-resty-cookie" #- Lua library for HTTP cookie manipulations for OpenResty/ngx_lua. 106 | # [lua-resty-logger-socket]="https://github.com/cloudflare/lua-resty-logger-socket" #- Raw-socket-based Logger Library for Nginx. 107 | # [lua-resty-beanstalkd]="https://github.com/smallfish/lua-resty-beanstalkd" #- non-blocking beanstalkd client lib for ngx_lua. 108 | # [lua-resty-libcjson]="https://github.com/bungle/lua-resty-libcjson" #- LuaJIT FFI-based cJSON library for OpenResty. 109 | # [lua-resty-session]="https://github.com/bungle/lua-resty-session" #- Session library for OpenResty implementing Secure Cookie Protocol. 110 | # [lua-resty-validation]="https://github.com/bungle/lua-resty-validation" #- Validation Library (Input Validation and Filtering" for Lua and OpenResty. 111 | # [lua-resty-random]="https://github.com/bungle/lua-resty-random" #- LuaJIT FFI-based Random Library for OpenResty. 112 | # [lua-resty-scrypt]="https://github.com/bungle/lua-resty-scrypt" #- LuaJIT FFI-based scrypt library for OpenResty. 113 | # [lua-resty-uuid]="https://github.com/bungle/lua-resty-uuid" #- LuaJIT FFI bindings for libuuid, a DCE compatible Universally Unique Identifier library. 114 | # [lua-resty-hoedown]="https://github.com/bungle/lua-resty-hoedown" #- LuaJIT FFI bindings to Hoedown, a standards compliant, fast, secure markdown processing library in C. 115 | # [lua-resty-snappy]="https://github.com/bungle/lua-resty-snappy" #- LuaJIT FFI bindings for Snappy, a fast compressor/decompressor. 116 | # [lua-resty-nettle]="https://github.com/bungle/lua-resty-nettle" #- LuaJIT FFI bindings for Nettle (a low-level cryptographic library). 117 | # [lua-resty-rack]="https://github.com/pintsized/lua-resty-rack" #- A simple and extensible HTTP server framework for OpenResty. 118 | # [lua-resty-upstream]="https://github.com/hamishforbes/lua-resty-upstream" #- Upstream connection load balancing and failover module for Openresty. 119 | # [lua-resty-dns-cache]="https://github.com/hamishforbes/lua-resty-dns-cache" #- Cache wrapper for lua-resty-dns. 120 | # [lua-resty-consul]="https://github.com/hamishforbes/lua-resty-consul" #- Library to interface with the consul HTTP API from ngx_lua. 121 | # [lua-resty-shell]="https://github.com/juce/lua-resty-shell" #- tiny subprocess/shell library to use with OpenResty application server. 122 | # [lua-resty-rsa]="https://github.com/doujiang24/lua-resty-rsa" #- RSA encrypt/decrypt & sign/verify for LuaJIT. 123 | # [lua-resty-smtp]="https://github.com/duhoobo/lua-resty-smtp" #- I must be crazy trying to send mail with Nginx.. 124 | # [lua-resty-iputils]="https://github.com/bakins/lua-resty-riak" #- Utility functions for working with IP addresses in Openresty. 125 | # [lua-resty-qless]="https://github.com/pintsized/lua-resty-qless" #- Lua binding to Qless (Queue / Pipeline management" for OpenResty. 126 | # [lua-resty-kyototycoon]="https://github.com/cloudflare/lua-resty-kyototycoon" #- Lua client driver for KyotoTycoon using its native wire protocol (OpenResty/ngx_lua). 127 | # [lua-resty-libxl]="https://github.com/bungle/lua-resty-libxl" #- LuaJIT FFI-based LibXL (Excel" library for OpenResty. 128 | # [lua-resty-gettext]="https://github.com/bungle/lua-resty-gettext" #- LuaJIT FFI-based gettext library for OpenResty. 129 | # [lua-resty-github]="https://github.com/jamesmarlowe/lua-resty-github" #- Lua library for using the github api in the ngx_lua nginx module. 130 | # [lua-resty-murmurhash2]="https://github.com/bungle/lua-resty-murmurhash2" #- LuaJIT MurmurHash 2 bindings to Nginx / OpenResty murmurhash2 implementation. 131 | # [lua-resty-hipchat]="https://github.com/jamesmarlowe/lua-resty-hipchat" #- Lua library for using the hipchat api. 132 | # [lua-resty-readurl]="https://github.com/jamesmarlowe/lua-resty-readurl" #- Lua library for capturing urls, decoding, and logging results. 133 | # [lua-resty-kyototycoon]="https://github.com/sjnam/lua-resty-kyototycoon" #- kyototycoon's binary protocol. 134 | # [lua-resty-mobile]="https://github.com/isage/lua-resty-mobile" #- Mobile detection for nginx/openresty. 135 | # [lua-resty-fileinfo]="https://github.com/bungle/lua-resty-fileinfo" #- LuaJIT FFI bindings to libmagic, magic number recognition library - tries to determine file types. 136 | # [lua-resty-sass]="https://github.com/bungle/lua-resty-sass" #- LuaJIT FFI bindings for libsass - A C/C++ implementation of a Sass compiler. 137 | # [lua-resty-taglib]="https://github.com/bungle/lua-resty-taglib" #- LuaJIT FFI bindings for TagLib - An Audio Meta-Data Library. 138 | # [lua-resty-woothee]="https://github.com/woothee/lua-resty-woothee" #- Woothee Lua-Openresty implementation. 139 | # [lua-resty-json]="https://github.com/cloudflare/lua-resty-json" #- json lib for lua and C. 140 | # [ngx_lua_waf]="https://github.com/loveshell/ngx_lua_waf" #- lua waf based on ngx_lua. 141 | # [lua-resty-limit-req]="https://github.com/timebug/lua-resty-limit-req" #- Limit the request processing rate between multiple NGINX instances. 142 | # [LuaWeb]="https://github.com/torhve/LuaWeb" #- A very simple blog engine using openresty, nginx, lua, markdown, git and redis. 143 | # [lua-nginx-osm]="https://github.com/miurahr/lua-nginx-osm" #- OpenStreetMap extension for Nginx Lua module. 144 | # [nginx-tcp-lua-module]="https://github.com/bigplum/nginx-tcp-lua-module" #- A TCP server with lua supporting based on nginx. 145 | # [nginx-google-oauth]="https://github.com/agoragames/nginx-google-oauth" #- Lua module to add Google OAuth to nginx. 146 | # [lua-upstream-nginx-module]="https://github.com/openresty/lua-upstream-nginx-module" #- Nginx C module to expose Lua API to ngx_lua for Nginx upstreams. 147 | # [lua-resty-lock]="https://github.com/openresty/lua-resty-lock" #- Simple nonblocking lock API for ngx_lua based on shared memory dictionaries. 148 | 149 | 150 | 151 | ##Tools 152 | # [nginx-devel-utils]="https://github.com/openresty/nginx-devel-utils" #- Utilities for nginx module development. 153 | # [no-pool-nginx]="https://github.com/openresty/no-pool-nginx" #- replace nginx's pool mechanism with plain malloc & free to help tools like valgrind. 154 | # [nginx-dtrace]="https://github.com/openresty/nginx-dtrace" #- An nginx fork that adds dtrace USDT probes. 155 | # [test-nginx]="https://github.com/openresty/test-nginx" #- Data-driven test scaffold for Nginx C module and OpenResty Lua library development. 156 | # [nginx-systemtap-toolkit]="https://github.com/openresty/nginx-systemtap-toolkit" #- Real-time analyzing and diagnosing tools for Nginx based on SystemTap. 157 | # [nginx-gdb-utils]="https://github.com/openresty/nginx-gdb-utils" #- GDB Utilities for Nginx, ngx_lua, LuaJIT, and etc. 158 | # [apache2nginx]="https://github.com/nhnc-nginx/apache2nginx" #- A command line tool, which can be used to generate nginx config file according to given config files of Apache. 159 | # [nginx-build]="https://github.com/cubicdaiya/nginx-build" #- seamless nginx builder. 160 | # [puppet-nginx]="https://github.com/jfryman/puppet-nginx" #- Puppet Module to manage NGINX on various UNIXes. 161 | # [server-configs-nginx]="https://github.com/h5bp/server-configs-nginx" #- Nginx HTTP server boilerplate configs. 162 | # [nginx-boilerplate]="https://github.com/Umkus/nginx-boilerplate" #- Awesome Nginx configuration template. 163 | # [ngxtop]="https://github.com/lebinh/ngxtop" #- Real-time metrics for nginx server. 164 | # [nginx-conf]="https://github.com/lebinh/nginx-conf" #- A collection of useful Nginx configuration snippets. 165 | # [libngxcore]="https://github.com/cubicdaiya/libngxcore" #- libngxcore is the library built from nginx core APIs.. 166 | # [nginx-cache-purge]="https://github.com/perusio/nginx-cache-purge" #- A bash script for deleting items from Nginx cache. 167 | # [ngx-admintools]="https://github.com/rmacd/ngx-admintools" #- Debian Administration Tools for nginx web server. 168 | # [nginx-config-formatter]="https://github.com/1connect/nginx-config-formatter" #- Nginx config file formatter/beautifier written in Python. 169 | 170 | 171 | 172 | # NGINX_MODULES[ngx_http_subrange_module]="https://github.com/Qihoo360/ngx_http_subrange_module" #- Split one big HTTP/Range request to multiple subrange requesets. 173 | # NGINX_MODULES[nginx_tcp_proxy_module]="https://github.com/yaoweibin/nginx_tcp_proxy_module" #- add the feature of tcp proxy with nginx, with health check and status monitor. 174 | # NGINX_MODULES[nginx_ajp_module]="https://github.com/yaoweibin/nginx_ajp_module" #- support AJP protocol proxy with Nginx. 175 | # NGINX_MODULES[ngx_http_substitutions_filter_module]="https://github.com/yaoweibin/ngx_http_substitutions_filter_module" #- a filter module which can do both regular expression and fixed string substitutions for nginx. 176 | # NGINX_MODULES[nginx-sticky-module]="https://github.com/yaoweibin/nginx-sticky-module" #- A nginx module to add an upstream server persistance using cookies. 177 | # NGINX_MODULES[nginx_mod_akamai_g2o]="https://github.com/refractalize/nginx_mod_akamai_g2o" #- Nginx Module for Authenticating Akamai G2O requests. 178 | # NGINX_MODULES[ngx_supervisord]="https://github.com/FRiCKLE/ngx_supervisord" #- nginx module providing API to communicate with supervisord and manage ="start/stop" backends on-demand. 179 | # NGINX_MODULES[ngx_http_google_filter_module]="https://github.com/cuber/ngx_http_google_filter_module" #- Nginx Module for Google Mirror. 180 | # NGINX_MODULES[ngx_http_dyups_module]="https://github.com/yzprofile/ngx_http_dyups_module" #- update upstreams' config by restful interface. 181 | # NGINX_MODULES[ngx_sync_msg_module]="https://github.com/yzprofile/ngx_sync_msg_module" #- This module provides a mechanism to sync messages between workers for your module. 182 | # NGINX_MODULES[nginx-upload-module]="https://github.com/vkholodkov/nginx-upload-module/tree/2.2" #- A module for nginx web server for handling file uploads using multipart/form-data encoding ="RFC 1867). 183 | # NGINX_MODULES[nginx-video-thumbextractor-module]="https://github.com/wandenberg/nginx-video-thumbextractor-module" #- Nginx module to extract thumbs from a video file. 184 | # NGINX_MODULES[nginx-fluentd-module]="https://github.com/fluent/nginx-fluentd-module" #- Nginx module for Fluentd data collector. 185 | # NGINX_MODULES[ngx_cache_viewer]="https://github.com/agile6v/ngx_cache_viewer" #- nginx module which adds ability to view cache node info from FastCGI, proxy, SCGI and uWSGI caches. 186 | # NGINX_MODULES[nginx_http_push_module]="https://github.com/slact/nginx_http_push_module" #- Turn NGiNX into an adept HTTP push server. 187 | # NGINX_MODULES[nginx-selective-cache-purge-module]="https://github.com/wandenberg/nginx-selective-cache-purge-module" #- A module to purge cache by GLOB patterns.. 188 | # NGINX_MODULES[testcookie-nginx-module]="https://github.com/kyprizel/testcookie-nginx-module" #- simple robot mitigation module using cookie based challenge/response technique. 189 | # NGINX_MODULES[nginx_circle_gif]="https://github.com/evanmiller/nginx_circle_gif" #- this module generates simple circle images with the colors and size specified in the URL. 190 | # NGINX_MODULES[ngx_http_estreaming_module]="https://github.com/whatvn/ngx_http_estreaming_module" #- An adaptive hls streaming module for nginx. 191 | # NGINX_MODULES[ngx_mruby]="https://github.com/matsumoto-r/ngx_mruby" #- ngx_mruby #- A Fast and Memory-Efficient Web Server Extension Mechanism Using Scripting Language mruby for nginx. 192 | # NGINX_MODULES[ngx_http_geoip2_module]="https://github.com/leev/ngx_http_geoip2_module" #- creates variables with values from the maxmind geoip2 databases based on the client IP ="supports both IPv4 and IPv6). 193 | # NGINX_MODULES[tcp-nginx-module]="https://github.com/laocai/tcp-nginx-module" #- Use nginx as a common TCP server framework. 194 | # NGINX_MODULES[ngx_openresty]="https://github.com/openresty/ngx_openresty" #- Turning Nginx into a Full-fledged Web App Server. 195 | # NGINX_MODULES[iconv-nginx-module]="https://github.com/calio/iconv-nginx-module" #- a character conversion nginx module using libiconv. 196 | # NGINX_MODULES[form-input-nginx-module]="https://github.com/calio/form-input-nginx-module" #- This is a nginx module that reads HTTP POST and PUT request body encoded in "application/x-www-form-urlencoded", and parse the arguments in request body into nginx variables.. 197 | # NGINX_MODULES[ngx-ip2location]="https://github.com/chaizhenhua/ngx-ip2location" #- Nginx IP2Location Module. 198 | # NGINX_MODULES[nginx-hmux-module]="https://github.com/wangbin579/nginx-hmux-module" #- The module implements resin's hmux protocol in nginx. 199 | # NGINX_MODULES[nginx_ocsp_proxy-module]="https://github.com/kyprizel/nginx_ocsp_proxy-module" #- Nginx OCSP processing module designed for response caching. 200 | # NGINX_MODULES[nginx-hmac-secure-link]="https://github.com/nginx-modules/nginx-hmac-secure-link" #- Alternative Nginx secure link module with support for MD5, SHA-1, and SHA-2 hashes. 201 | # NGINX_MODULES[nginx-mod-so]="https://github.com/hamano/nginx-mod-so" #- nginx_mod_so is dynamic loadable module for Nginx. 202 | # NGINX_MODULES[nginx-xsltproc-module]="https://github.com/yoreek/nginx-xsltproc-module" #- XSLT processor bases on Nginx. 203 | # NGINX_MODULES[nginx-dlg-auth]="https://github.com/algermissen/nginx-dlg-auth" #- NGINX module for delegating authentication and authorization to an HTTP gateway. 204 | # NGINX_MODULES[ngx_http_qqwry_module]="https://github.com/anjuke/ngx_http_qqwry_module" #- A nginx module that creates variables with location info from QQWry. 205 | # NGINX_MODULES[nginx-markdown-module]="https://github.com/gabrielfalcao/nginx-markdown-module" #- renderize markdown as HTML directly from your upstream server. 206 | # NGINX_MODULES[nginx-nonewlines]="https://github.com/vedang/nginx-nonewlines" #- This is an nginx module to strip the served HTML of all newlines ="\n and \r characters). 207 | # NGINX_MODULES[nginx-udplog-module]="https://github.com/vkholodkov/nginx-udplog-module" #- Implementation of logging using BSD Syslog Protocol for nginx ="RFC 3164). 208 | # NGINX_MODULES[nginx-fancyindex]="https://github.com/damm/nginx-fancyindex" #- nginx fancy index module. 209 | # NGINX_MODULES[nginx_ipset_blacklist]="https://github.com/Vasfed/nginx_ipset_blacklist" #- nginx module to use linux netfilter ipsets as blacklists. 210 | # NGINX_MODULES[nginx-mogilefs-module]="https://github.com/vkholodkov/nginx-mogilefs-module" #- MogileFS client for nginx. 211 | # NGINX_MODULES[ngx_http_php_session]="https://github.com/replay/ngx_http_php_session" #- nginx module to parse php sessions. 212 | # NGINX_MODULES[ngx_trace]="https://github.com/zzzcpan/ngx_trace" #- runtime call tracer for nginx. 213 | # NGINX_MODULES[nginx-qrcode]="https://github.com/alexchamberlain/nginx-qrcode" #- Native QR encoding for Nginx Web Server. 214 | # NGINX_MODULES[nginx-dav-ext-module]="https://github.com/arut/nginx-dav-ext-module" #- NGINX WebDAV missing methods support ="PROPFIND & OPTIONS). 215 | # NGINX_MODULES[nginx-gridfs]="https://github.com/mdirolf/nginx-gridfs" #- Nginx module for serving files from MongoDB's GridFS. 216 | -------------------------------------------------------------------------------- /app/tests/common_errors.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | . config.sh 4 | . app/colors.sh 5 | 6 | # run as root only 7 | if [[ $EUID -ne 0 ]] ; then 8 | run_error "This script must be run with root access\e[49m" 9 | exit 1 10 | fi 11 | 12 | # test aclocal-1.5 13 | type aclocal-1.5 >/dev/null 2>&1 || { 14 | show_yellow "Warning" "aclocal-1.5 not found on your system. Trying to fix now..." 15 | ./fix/aclocal.sh 16 | } 17 | -------------------------------------------------------------------------------- /config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | # SCRIPT_PATH:: path to current script; VERY important 5 | #declare SCRIPT_PATH=$(eval echo ~${SUDO_USER})"/nginx-builder/" 6 | declare SCRIPT_PATH=$PWD/ 7 | 8 | # ROOT:: path where all the compiling is done (this is NOT path to installed nginx) 9 | declare -A ROOT=$(eval echo ~${SUDO_USER})"/nginx-build/" #/opt 10 | # NGINX_PATH:: path where nginx will be located. Default is /usr/local/nginx -- don't forget trailing / 11 | declare NGINX_PATH="/usr/local/nginx/" 12 | declare NGINX_USE_PATH="/etc/nginx/" 13 | declare NGINX_VERSION_NO="" 14 | declare NGINX_SERVER_URL="example.com" # 15 | declare NGINX_PROJECT_NAME="example" # 16 | declare NGINX_SERVER_PORT="80" # 17 | 18 | 19 | declare -A CACHE="${ROOT}cache/" 20 | declare -A BUILD="${ROOT}build/" 21 | 22 | declare -A VERSION=(['luajit']='2.0.4' ['nginx']='1.11.8' ['pcre']='8.40' ['zlib']='1.2.11' ['openssl']='1.1.0c') 23 | # ./configure default settings 24 | #declare -A DEFAULT_CONFIGURE_PARAMS="--with-debug " 25 | declare -A DEFAULT_CONFIGURE_PARAMS=" " 26 | declare -A DEBUG=true 27 | 28 | # Nginx config params 29 | declare NGINX_INSTALL_DEPS 30 | declare NGINX_INSTALL_MODULES 31 | declare NGINX_LUA_MODULES 32 | declare NGINX_CONFIGURE 33 | declare NGINX_CONFIGURE_PARAMS 34 | 35 | declare DISTRO_VERSION=$(lsb_release -sr) 36 | 37 | 38 | # Default: build params 39 | DEFAULT_CONFIGURE_PARAMS+="--prefix=${NGINX_PATH} --sbin-path=sbin/nginx --conf-path=nginx.conf --pid-path=logs/nginx.pid --user=www-data " 40 | DEFAULT_CONFIGURE_PARAMS+="--with-pcre=../pcre --with-zlib=../zlib " 41 | DEFAULT_CONFIGURE_PARAMS+="--with-http_realip_module --with-http_gzip_static_module --with-stream " 42 | DEFAULT_CONFIGURE_PARAMS+="--with-stream_ssl_preread_module --with-compat " 43 | DEFAULT_CONFIGURE_PARAMS+="--with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module " 44 | DEFAULT_CONFIGURE_PARAMS+="--with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_random_index_module " 45 | DEFAULT_CONFIGURE_PARAMS+="--with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module " 46 | DEFAULT_CONFIGURE_PARAMS+="--with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module " 47 | DEFAULT_CONFIGURE_PARAMS+="--with-stream_realip_module --with-stream_ssl_module " 48 | 49 | -------------------------------------------------------------------------------- /config/nginx/fastcgi_params: -------------------------------------------------------------------------------- 1 | fastcgi_param QUERY_STRING $query_string; 2 | fastcgi_param REQUEST_METHOD $request_method; 3 | fastcgi_param CONTENT_TYPE $content_type; 4 | fastcgi_param CONTENT_LENGTH $content_length; 5 | 6 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 7 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 8 | fastcgi_param PATH_INFO $fastcgi_path_info; 9 | fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; 10 | fastcgi_param REQUEST_URI $request_uri; 11 | fastcgi_param DOCUMENT_URI $document_uri; 12 | fastcgi_param DOCUMENT_ROOT $document_root; 13 | fastcgi_param SERVER_PROTOCOL $server_protocol; 14 | 15 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 16 | fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; 17 | 18 | fastcgi_param REMOTE_ADDR $remote_addr; 19 | fastcgi_param REMOTE_PORT $remote_port; 20 | fastcgi_param SERVER_ADDR $server_addr; 21 | fastcgi_param SERVER_PORT $server_port; 22 | fastcgi_param SERVER_NAME $server_name; 23 | 24 | fastcgi_param HTTPS $https; -------------------------------------------------------------------------------- /config/nginx/mime.types: -------------------------------------------------------------------------------- 1 | types { 2 | 3 | # Data interchange 4 | 5 | application/atom+xml atom; 6 | application/json json map topojson; 7 | application/ld+json jsonld; 8 | application/rss+xml rss; 9 | application/vnd.geo+json geojson; 10 | application/xml rdf xml; 11 | 12 | 13 | # JavaScript 14 | 15 | # Normalize to standard type. 16 | # https://tools.ietf.org/html/rfc4329#section-7.2 17 | application/javascript js; 18 | 19 | 20 | # Manifest files 21 | 22 | application/manifest+json webmanifest; 23 | application/x-web-app-manifest+json webapp; 24 | text/cache-manifest appcache; 25 | 26 | 27 | # Media files 28 | 29 | audio/midi mid midi kar; 30 | audio/mp4 aac f4a f4b m4a; 31 | audio/mpeg mp3; 32 | audio/ogg oga ogg opus; 33 | audio/x-realaudio ra; 34 | audio/x-wav wav; 35 | image/bmp bmp; 36 | image/gif gif; 37 | image/jpeg jpeg jpg; 38 | image/png png; 39 | image/svg+xml svg svgz; 40 | image/tiff tif tiff; 41 | image/vnd.wap.wbmp wbmp; 42 | image/webp webp; 43 | image/x-jng jng; 44 | video/3gpp 3gp 3gpp; 45 | video/mp4 f4p f4v m4v mp4; 46 | video/mpeg mpeg mpg; 47 | video/ogg ogv; 48 | video/quicktime mov; 49 | video/webm webm; 50 | video/x-flv flv; 51 | video/x-mng mng; 52 | video/x-ms-asf asf asx; 53 | video/x-ms-wmv wmv; 54 | video/x-msvideo avi; 55 | 56 | # Serving `.ico` image files with a different media type 57 | # prevents Internet Explorer from displaying then as images: 58 | # https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee 59 | 60 | image/x-icon cur ico; 61 | 62 | 63 | # Microsoft Office 64 | 65 | application/msword doc; 66 | application/vnd.ms-excel xls; 67 | application/vnd.ms-powerpoint ppt; 68 | application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; 69 | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; 70 | application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; 71 | 72 | 73 | # Web fonts 74 | 75 | application/font-woff woff; 76 | application/font-woff2 woff2; 77 | application/vnd.ms-fontobject eot; 78 | 79 | # Browsers usually ignore the font media types and simply sniff 80 | # the bytes to figure out the font type. 81 | # https://mimesniff.spec.whatwg.org/#matching-a-font-type-pattern 82 | # 83 | # However, Blink and WebKit based browsers will show a warning 84 | # in the console if the following font types are served with any 85 | # other media types. 86 | 87 | application/x-font-ttf ttc ttf; 88 | font/opentype otf; 89 | 90 | 91 | # Other 92 | 93 | application/java-archive ear jar war; 94 | application/mac-binhex40 hqx; 95 | application/octet-stream bin deb dll dmg exe img iso msi msm msp safariextz; 96 | application/pdf pdf; 97 | application/postscript ai eps ps; 98 | application/rtf rtf; 99 | application/vnd.google-earth.kml+xml kml; 100 | application/vnd.google-earth.kmz kmz; 101 | application/vnd.wap.wmlc wmlc; 102 | application/x-7z-compressed 7z; 103 | application/x-bb-appworld bbaw; 104 | application/x-bittorrent torrent; 105 | application/x-chrome-extension crx; 106 | application/x-cocoa cco; 107 | application/x-java-archive-diff jardiff; 108 | application/x-java-jnlp-file jnlp; 109 | application/x-makeself run; 110 | application/x-opera-extension oex; 111 | application/x-perl pl pm; 112 | application/x-pilot pdb prc; 113 | application/x-rar-compressed rar; 114 | application/x-redhat-package-manager rpm; 115 | application/x-sea sea; 116 | application/x-shockwave-flash swf; 117 | application/x-stuffit sit; 118 | application/x-tcl tcl tk; 119 | application/x-x509-ca-cert crt der pem; 120 | application/x-xpinstall xpi; 121 | application/xhtml+xml xhtml; 122 | application/xslt+xml xsl; 123 | application/zip zip; 124 | text/css css; 125 | text/html htm html shtml; 126 | text/mathml mml; 127 | text/plain txt; 128 | text/vcard vcard vcf; 129 | text/vnd.rim.location.xloc xloc; 130 | text/vnd.sun.j2me.app-descriptor jad; 131 | text/vnd.wap.wml wml; 132 | text/vtt vtt; 133 | text/x-component htc; 134 | 135 | } 136 | -------------------------------------------------------------------------------- /config/nginx/naxsi_core.rules: -------------------------------------------------------------------------------- 1 | 2 | 3 | ################################## 4 | ## INTERNAL RULES IDS:1-999 ## 5 | ################################## 6 | #@MainRule "msg:weird request, unable to parse" id:1; 7 | #@MainRule "msg:request too big, stored on disk and not parsed" id:2; 8 | #@MainRule "msg:invalid hex encoding, null bytes" id:10; 9 | #@MainRule "msg:unknown content-type" id:11; 10 | #@MainRule "msg:invalid formatted url" id:12; 11 | #@MainRule "msg:invalid POST format" id:13; 12 | #@MainRule "msg:invalid POST boundary" id:14; 13 | #@MainRule "msg:invalid JSON" id:15; 14 | #@MainRule "msg:empty POST" id:16; 15 | #@MainRule "msg:libinjection_sql" id:17; 16 | #@MainRule "msg:libinjection_xss" id:18; 17 | 18 | ################################## 19 | ## SQL Injections IDs:1000-1099 ## 20 | ################################## 21 | MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000; 22 | MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001; 23 | MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002; 24 | ## Hardcore rules 25 | MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003; 26 | MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004; 27 | MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005; 28 | MainRule "str:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006; 29 | ## end of hardcore rules 30 | MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007; 31 | MainRule "str:;" "msg:; in stuff" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008; 32 | MainRule "str:=" "msg:equal in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009; 33 | MainRule "str:(" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1010; 34 | MainRule "str:)" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1011; 35 | MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1013; 36 | MainRule "str:," "msg:, in stuff" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015; 37 | MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016; 38 | MainRule "str:@@" "msg:double @@" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1017; 39 | 40 | ############################### 41 | ## OBVIOUS RFI IDs:1100-1199 ## 42 | ############################### 43 | MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100; 44 | MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101; 45 | MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102; 46 | MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103; 47 | MainRule "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104; 48 | MainRule "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105; 49 | MainRule "str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1106; 50 | MainRule "str:glob://" "msg:glob:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107; 51 | MainRule "str:phar://" "msg:phar:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108; 52 | MainRule "str:file://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109; 53 | MainRule "str:gopher://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1110; 54 | 55 | ####################################### 56 | ## Directory traversal IDs:1200-1299 ## 57 | ####################################### 58 | MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200; 59 | MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202; 60 | MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203; 61 | MainRule "str:cmd.exe" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204; 62 | MainRule "str:\\" "msg:backslash" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205; 63 | #MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206; 64 | 65 | ######################################## 66 | ## Cross Site Scripting IDs:1300-1399 ## 67 | ######################################## 68 | MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302; 69 | MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303; 70 | MainRule "str:[" "msg:[, possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310; 71 | MainRule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; 72 | MainRule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; 73 | MainRule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; 74 | MainRule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; 75 | 76 | #################################### 77 | ## Evading tricks IDs: 1400-1500 ## 78 | #################################### 79 | MainRule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; 80 | MainRule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; 81 | 82 | ############################# 83 | ## File uploads: 1500-1600 ## 84 | ############################# 85 | MainRule "rx:\.ph|\.asp|\.ht" "msg:asp/php file upload!" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500; 86 | 87 | -------------------------------------------------------------------------------- /config/nginx/nginx: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | #------------------------------------------------------------------------------ 4 | # Functions 5 | #------------------------------------------------------------------------------ 6 | LSB_FUNC=/lib/lsb/init-functions 7 | 8 | # Test that init functions exists 9 | test -r $LSB_FUNC || { 10 | echo "$0: Cannot find $LSB_FUNC! Script exiting." 1>&2 11 | exit 5 12 | } 13 | 14 | . $LSB_FUNC 15 | 16 | #------------------------------------------------------------------------------ 17 | # Consts 18 | #------------------------------------------------------------------------------ 19 | # Include nginx defaults if available 20 | if [ -f /etc/default/nginx ]; then 21 | . /etc/default/nginx 22 | fi 23 | 24 | # Minimize path 25 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 26 | 27 | PS=${PS:-"nginx"} # process name 28 | DESCRIPTION=${DESCRIPTION:-"Nginx Server..."} # process description 29 | NGINXPATH=${NGINXPATH:-$REPLACE_NGINX_PATH} # root path where installed 30 | DAEMON=${DAEMON:-${NGINXPATH}sbin/nginx} # path to daemon binary 31 | NGINX_CONF_FILE=${NGINX_CONF_FILE:-$REPLACE_NGINX_USE_PATHnginx.conf} # config file path 32 | 33 | PIDNAME=${PIDNAME:-"nginx"} # lets you do $PS-slave 34 | PIDFILE=${PIDFILE:-$PIDNAME.pid} # pid file 35 | PIDSPATH=${PIDSPATH:-/run} # default pid location, you should change it 36 | RUNAS=${RUNAS:-root} # user to run as 37 | 38 | SCRIPT_OK=0 # ala error codes 39 | SCRIPT_ERROR=1 # ala error codes 40 | TRUE=1 # boolean 41 | FALSE=0 # boolean 42 | 43 | #------------------------------------------------------------------------------ 44 | # Simple Tests 45 | #------------------------------------------------------------------------------ 46 | 47 | # Test if nginx is a file and executable 48 | test -x $DAEMON || { 49 | echo "$0: You don't have permissions to execute nginx." 1>&2 50 | exit 4 51 | } 52 | 53 | # You can also set your conditions like so: 54 | # set exit condition 55 | # set -e 56 | 57 | #------------------------------------------------------------------------------ 58 | # Functions 59 | #------------------------------------------------------------------------------ 60 | 61 | setFilePerms(){ 62 | if [ -f $PIDSPATH/$PIDFILE ]; then 63 | chmod 400 $PIDSPATH/$PIDFILE 64 | fi 65 | } 66 | 67 | configtest() { 68 | $DAEMON -t -c $NGINX_CONF_FILE 69 | } 70 | 71 | getPSCount() { 72 | return `pgrep -f $PS | wc -l` 73 | } 74 | 75 | isRunning() { 76 | if [ $1 ]; then 77 | pidof_daemon $1 78 | PID=$? 79 | 80 | if [ $PID -gt 0 ]; then 81 | return 1 82 | else 83 | return 0 84 | fi 85 | else 86 | pidof_daemon 87 | PID=$? 88 | 89 | if [ $PID -gt 0 ]; then 90 | return 1 91 | else 92 | return 0 93 | fi 94 | fi 95 | } 96 | 97 | #courtesy of php-fpm 98 | wait_for_pid () { 99 | try=0 100 | 101 | while test $try -lt 35 ; do 102 | case "$1" in 103 | 'created') 104 | if [ -f "$2" ]; then 105 | try='' 106 | break 107 | fi 108 | ;; 109 | 110 | 'removed') 111 | if [ ! -f "$2" ]; then 112 | try='' 113 | break 114 | fi 115 | ;; 116 | esac 117 | 118 | try=`expr $try + 1` 119 | sleep 1 120 | done 121 | } 122 | 123 | status(){ 124 | isRunning 125 | isAlive=$? 126 | 127 | if [ "${isAlive}" -eq $TRUE ]; then 128 | log_warning_msg "$DESCRIPTION found running with processes: `pidof $PS`" 129 | rc=0 130 | else 131 | log_warning_msg "$DESCRIPTION is NOT running." 132 | rc=3 133 | fi 134 | 135 | return 136 | } 137 | 138 | removePIDFile(){ 139 | if [ $1 ]; then 140 | if [ -f $1 ]; then 141 | rm -f $1 142 | fi 143 | else 144 | #Do default removal 145 | if [ -f $PIDSPATH/$PIDFILE ]; then 146 | rm -f $PIDSPATH/$PIDFILE 147 | fi 148 | fi 149 | } 150 | 151 | start() { 152 | log_daemon_msg "Starting $DESCRIPTION" 153 | 154 | isRunning 155 | isAlive=$? 156 | 157 | if [ "${isAlive}" -eq $TRUE ]; then 158 | log_end_msg $SCRIPT_ERROR 159 | rc=0 160 | else 161 | start-stop-daemon --start --quiet --chuid \ 162 | $RUNAS --pidfile $PIDSPATH/$PIDFILE --exec $DAEMON \ 163 | -- -c $NGINX_CONF_FILE 164 | status=$? 165 | setFilePerms 166 | 167 | if [ "${status}" -eq 0 ]; then 168 | log_end_msg $SCRIPT_OK 169 | rc=0 170 | else 171 | log_end_msg $SCRIPT_ERROR 172 | rc=7 173 | fi 174 | fi 175 | 176 | return 177 | } 178 | 179 | stop() { 180 | log_daemon_msg "Stopping $DESCRIPTION" 181 | 182 | isRunning 183 | isAlive=$? 184 | 185 | if [ "${isAlive}" -eq $TRUE ]; then 186 | start-stop-daemon --stop --quiet --pidfile $PIDSPATH/$PIDFILE 187 | 188 | wait_for_pid 'removed' $PIDSPATH/$PIDFILE 189 | 190 | if [ -n "$try" ]; then 191 | log_end_msg $SCRIPT_ERROR 192 | rc=0 # lsb states 1, but under status it is 2 (which is more prescriptive). Deferring to standard. 193 | else 194 | removePIDFile 195 | log_end_msg $SCRIPT_OK 196 | rc=0 197 | fi 198 | else 199 | log_end_msg $SCRIPT_ERROR 200 | rc=7 201 | fi 202 | 203 | return 204 | } 205 | 206 | reload() { 207 | configtest || return $? 208 | 209 | log_daemon_msg "Reloading (via HUP) $DESCRIPTION" 210 | 211 | isRunning 212 | 213 | if [ $? -eq $TRUE ]; then 214 | kill -HUP `cat $PIDSPATH/$PIDFILE` 215 | log_end_msg $SCRIPT_OK 216 | rc=0 217 | else 218 | log_end_msg $SCRIPT_ERROR 219 | rc=7 220 | fi 221 | 222 | return 223 | } 224 | 225 | quietupgrade() { 226 | log_daemon_msg "Peforming Quiet Upgrade $DESCRIPTION" 227 | 228 | isRunning 229 | isAlive=$? 230 | 231 | if [ "${isAlive}" -eq $TRUE ]; then 232 | kill -USR2 `cat $PIDSPATH/$PIDFILE` 233 | kill -WINCH `cat $PIDSPATH/$PIDFILE.oldbin` 234 | 235 | isRunning 236 | isAlive=$? 237 | 238 | if [ "${isAlive}" -eq $TRUE ]; then 239 | kill -QUIT `cat $PIDSPATH/$PIDFILE.oldbin` 240 | wait_for_pid 'removed' $PIDSPATH/$PIDFILE.oldbin 241 | removePIDFile $PIDSPATH/$PIDFILE.oldbin 242 | 243 | log_end_msg $SCRIPT_OK 244 | rc=0 245 | else 246 | log_end_msg $SCRIPT_ERROR 247 | 248 | log_daemon_msg "ERROR! Reverting back to original $DESCRIPTION" 249 | 250 | kill -HUP `cat $PIDSPATH/$PIDFILE` 251 | kill -TERM `cat $PIDSPATH/$PIDFILE.oldbin` 252 | kill -QUIT `cat $PIDSPATH/$PIDFILE.oldbin` 253 | 254 | wait_for_pid 'removed' $PIDSPATH/$PIDFILE.oldbin 255 | removePIDFile $PIDSPATH/$PIDFILE.oldbin 256 | 257 | log_end_msg $SCRIPT_OK 258 | rc=0 259 | fi 260 | else 261 | log_end_msg $SCRIPT_ERROR 262 | rc=7 263 | fi 264 | 265 | return 266 | } 267 | 268 | terminate() { 269 | log_daemon_msg "Force terminating (via KILL) $DESCRIPTION" 270 | 271 | PIDS=`pidof $PS` || true 272 | 273 | [ -e $PIDSPATH/$PIDFILE ] && PIDS2=`cat $PIDSPATH/$PIDFILE` 274 | 275 | for i in $PIDS; do 276 | if [ "$i" = "$PIDS2" ]; then 277 | kill $i 278 | wait_for_pid 'removed' $PIDSPATH/$PIDFILE 279 | removePIDFile 280 | fi 281 | done 282 | 283 | log_end_msg $SCRIPT_OK 284 | rc=0 285 | } 286 | 287 | destroy() { 288 | log_daemon_msg "Force terminating and may include self (via KILLALL) $DESCRIPTION" 289 | killall $PS -q >> /dev/null 2>&1 290 | log_end_msg $SCRIPT_OK 291 | rc=0 292 | } 293 | 294 | pidof_daemon() { 295 | PIDS=`pidof $PS` || true 296 | 297 | [ -e $PIDSPATH/$PIDFILE ] && PIDS2=`cat $PIDSPATH/$PIDFILE` 298 | 299 | for i in $PIDS; do 300 | if [ "$i" = "$PIDS2" ]; then 301 | return 1 302 | fi 303 | done 304 | 305 | return 0 306 | } 307 | 308 | action="$1" 309 | case "$1" in 310 | start) 311 | start 312 | ;; 313 | stop) 314 | stop 315 | ;; 316 | restart|force-reload) 317 | stop 318 | # if [ $rc -ne 0 ]; then 319 | # script_exit 320 | # fi 321 | sleep 1 322 | start 323 | ;; 324 | reload) 325 | $1 326 | ;; 327 | status) 328 | status 329 | ;; 330 | configtest) 331 | $1 332 | ;; 333 | quietupgrade) 334 | $1 335 | ;; 336 | terminate) 337 | $1 338 | ;; 339 | destroy) 340 | $1 341 | ;; 342 | *) 343 | FULLPATH=/etc/init.d/$PS 344 | echo "Usage: $FULLPATH {start|stop|restart|force-reload|reload|status|configtest|quietupgrade|terminate|destroy}" 345 | echo " The 'destroy' command should only be used as a last resort." 346 | exit 3 347 | ;; 348 | esac 349 | 350 | exit $rc 351 | -------------------------------------------------------------------------------- /config/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | user www-data; 4 | worker_processes $CPUS; 5 | worker_rlimit_core 500M; 6 | working_directory /tmp/; 7 | pid /run/nginx.pid; 8 | 9 | events { 10 | worker_connections 1024; 11 | use epoll; 12 | multi_accept on; 13 | } 14 | 15 | http { 16 | 17 | ## 18 | # Basic Settings 19 | ## 20 | types_hash_max_size 2048; 21 | server_tokens off; 22 | 23 | # Keep Alive 24 | sendfile on; 25 | tcp_nopush on; 26 | tcp_nodelay on; 27 | keepalive_timeout 65; 28 | keepalive_requests 100000; 29 | 30 | # Buffer Size 31 | client_body_buffer_size 128k; 32 | client_max_body_size 10m; 33 | client_header_buffer_size 1k; 34 | large_client_header_buffers 4 4k; 35 | output_buffers 1 32k; 36 | postpone_output 1460; 37 | 38 | # Timeouts 39 | client_header_timeout 3m; 40 | client_body_timeout 3m; 41 | send_timeout 3m; 42 | 43 | # Static Asset Serving 44 | open_file_cache max=1000 inactive=20s; 45 | open_file_cache_valid 30s; 46 | open_file_cache_min_uses 5; 47 | open_file_cache_errors off; 48 | 49 | # Gzipping Content 50 | gzip on; 51 | gzip_proxied any; 52 | gzip_min_length 1000; 53 | gzip_comp_level 3; 54 | gzip_buffers 4 4k; 55 | gzip_types application/x-javascript text/css application/javascript text/javascript text/plain text/xml application/json application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/xml font/eot font/opentype font/otf image/svg+xml image/vnd.microsoft.icon; 56 | gzip_disable "MSIE [1-6]\."; 57 | 58 | ## 59 | # Logging Settings 60 | ## 61 | access_log /var/log/nginx/access.log; 62 | ## [ debug | info | notice | warn | error | crit | alert | emerg ] 63 | error_log /var/log/nginx/error.log warn; 64 | log_format main '$remote_addr - $remote_user [$time_local] ' 65 | '"$request" $status $bytes_sent ' 66 | '"$http_referer" "$http_user_agent" ' 67 | '"$gzip_ratio"'; 68 | log_format download '$remote_addr - $remote_user [$time_local] ' 69 | '"$request" $status $bytes_sent ' 70 | '"$http_referer" "$http_user_agent" ' 71 | '"$http_range" "$sent_http_content_range"'; 72 | 73 | #-->Lua install -- lua.resty.nginx.weedfs 74 | #lua_package_path "/usr/local/openresty/lualib/?.lua;;"; 75 | #resolver 8.8.8.8; 76 | 77 | 78 | 79 | include /etc/nginx/mime.types; 80 | default_type application/octet-stream; 81 | #--> Security naxsi filter 82 | #include /etc/nginx/naxsi_core.rules; 83 | 84 | #-->Security 85 | add_header X-Frame-Options SAMEORIGIN; 86 | add_header X-Content-Type-Options nosniff; 87 | add_header X-XSS-Protection "1; mode=block"; 88 | # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy), 89 | # you can tell the browser that it can only download content from the domains you explicitly allow 90 | # http://www.html5rocks.com/en/tutorials/security/content-security-policy/ 91 | # https://www.owasp.org/index.php/Content_Security_Policy 92 | # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval' 93 | # directives for css and js(if you have inline css or js, you will need to keep it too). 94 | # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful 95 | # add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; 96 | 97 | ## 98 | # Virtual Host Configs 99 | ## 100 | include /etc/nginx/conf.d/*.conf; 101 | include /etc/nginx/sites-enabled/*; 102 | } -------------------------------------------------------------------------------- /config/nginx/nginx.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=The NGINX HTTP and reverse proxy server 3 | After=syslog.target network.target remote-fs.target nss-lookup.target 4 | 5 | [Service] 6 | Type=forking 7 | PIDFile=/run/nginx.pid 8 | ExecStartPre=$NGINX_PATHsbin/nginx -t -c /etc/nginx/nginx.conf 9 | ExecStart=$NGINX_PATHsbin/nginx -c /etc/nginx/nginx.conf 10 | ExecReload=/bin/kill -s HUP $MAINPID 11 | ExecStop=/bin/kill -s QUIT $MAINPID 12 | PrivateTmp=true 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | -------------------------------------------------------------------------------- /config/nginx/site.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen $server_port; 3 | 4 | root /srv/$server_name/www; 5 | index index.hh index.php index.html index.htm; 6 | server_name $server_name; 7 | 8 | #-->Client: max size 9 | client_max_body_size 20M; 10 | large_client_header_buffers 4 32k; 11 | #-->Logs 12 | access_log /var/log/nginx/$server_name.access.log; 13 | error_log /var/log/nginx/$server_name.error.log; 14 | #-->Error: pages 15 | error_page 404 /srv/$server_name/www/errors/404.html; 16 | error_page 500 502 503 504 /50x.html; 17 | location = /50x.html { 18 | root /srv/$server_name/www/errors/50x.html; 19 | } 20 | #-->Root: route 21 | location / { 22 | root /srv/$server_name/www; 23 | index index.html index.htm; 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /config/sites/auth_basic/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen $server_name:$server_port; 3 | 4 | root /srv/$server_name/www_admin; 5 | index index.hh index.php index.html index.htm; 6 | server_name $server_name; 7 | 8 | #-->Client: max size 9 | client_max_body_size 20M; 10 | large_client_header_buffers 4 32k; 11 | #-->Logs 12 | access_log /var/log/nginx/$server_name.access.log; 13 | error_log /var/log/nginx/$server_name.error.log; 14 | #-->Error: pages 15 | error_page 404 /srv/$server_name/www_admin/errors/404.html; 16 | error_page 500 502 503 504 /50x.html; 17 | location = /50x.html { 18 | root /srv/$server_name/www_admin/errors/50x.html; 19 | } 20 | #-->Root: route 21 | location / { 22 | root /srv/$server_name/www_admin; 23 | index index.html index.htm; 24 | 25 | # ACCESS 26 | auth_basic "Hello"; 27 | auth_basic_user_file /home/www/s1/codex; 28 | } 29 | #--> Asset Management 30 | location ~ \.(js|css|png|jpg|jpeg|gif|ico|html|woff|ttf|svg|eot|otf|mp3|ogg)$ { 31 | expires 1M; 32 | access_log off; 33 | 34 | # HEADERS 35 | add_header Cache-Control "public"; 36 | add_header "Access-Control-Allow-Origin" "*"; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /config/sites/default.conf: -------------------------------------------------------------------------------- 1 | upstream php7 { server unix:/run/php/php7.0-fpm.sock;} 2 | 3 | 4 | server { 5 | listen $server_port; 6 | 7 | root /srv/$server_name/www; 8 | index index.hh index.php index.html index.htm; 9 | server_name $server_name; 10 | 11 | #-->Client: max size 12 | client_max_body_size 20M; 13 | large_client_header_buffers 4 32k; 14 | #-->Logs 15 | access_log /var/log/nginx/$server_name.access.log; 16 | error_log /var/log/nginx/$server_name.error.log; 17 | #-->Error: pages 18 | error_page 404 /srv/$server_name/www/errors/404.html; 19 | error_page 500 502 503 504 /50x.html; 20 | location = /50x.html { 21 | root /srv/$server_name/www/errors/50x.html; 22 | } 23 | #-->Root: route 24 | location / { 25 | root /srv/$server_name/www; 26 | index index.php index.html index.htm; 27 | } 28 | #-->PHP: process php and hhvm files 29 | location ~ [^/]\.(hh|php)$ { 30 | fastcgi_split_path_info ^(.+?\.php)(/.*)$; 31 | if (!-f $document_root$fastcgi_script_name) { 32 | return 404; 33 | } 34 | # Mitigate https://httpoxy.org/ vulnerabilities 35 | fastcgi_param HTTP_PROXY ""; 36 | #fastcgi_param PATH_INFO $fastcgi_path_info; 37 | #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 38 | fastcgi_pass php7; 39 | fastcgi_index index.php; 40 | include fastcgi_params; 41 | } 42 | #--> Asset Management 43 | location ~ \.(js|css|png|jpg|jpeg|gif|ico|html|woff|ttf|svg|eot|otf|mp3|ogg)$ { 44 | expires 1M; 45 | access_log off; 46 | 47 | # HEADERS 48 | add_header Cache-Control "public"; 49 | add_header "Access-Control-Allow-Origin" "*"; 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /config/sites/jwt/guard.lua: -------------------------------------------------------------------------------- 1 | local jwt = require "resty.jwt" 2 | local jwt_token = ngx.var.arg_jwt 3 | if jwt_token then 4 | ngx.header['Set-Cookie'] = "jwt=" .. jwt_token 5 | else 6 | jwt_token = ngx.var.cookie_jwt 7 | end 8 | 9 | local jwt_obj = jwt:verify(ngx.var.jwt_secret, jwt_token, 0) 10 | 11 | if not jwt_obj["verified"] then 12 | local site = ngx.var.scheme .. "://" .. ngx.var.http_host; 13 | local args = ngx.req.get_uri_args(); 14 | 15 | ngx.status = ngx.status = ngx.HTTP_UNAUTHORIZED 16 | ngx.say(jwt_obj.reason); 17 | ngx.exit(ngx.HTTP_OK) 18 | 19 | -- or you can redirect to your website to get a new jwt token 20 | -- then redirect back 21 | -- return ngx.redirect("http://your-site-host/get_jwt") 22 | end -------------------------------------------------------------------------------- /config/sites/jwt/site.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | 4 | root /srv/$NGINX_PROJECT_NAME/www; 5 | index index.hh index.php index.html index.htm; 6 | server_name $NGINX_SERVER_URL; 7 | 8 | #-->Client: max size 9 | client_max_body_size 20M; 10 | large_client_header_buffers 4 32k; 11 | #-->Logs 12 | access_log /var/log/nginx/$NGINX_SERVER_URL.access.log; 13 | error_log /var/log/nginx/$NGINX_SERVER_URL.error.log; 14 | #-->Error: pages 15 | error_page 404 /srv/$NGINX_PROJECT_NAME/www/errors/404.html; 16 | error_page 500 502 503 504 /50x.html; 17 | location = /50x.html { 18 | root /srv/$NGINX_PROJECT_NAME/www/errors/50x.html; 19 | } 20 | 21 | location / { 22 | root /srv/$NGINX_PROJECT_NAME/www; 23 | index index.html index.htm; 24 | access_log off; 25 | default_type text/plain; 26 | 27 | #------>Custom<-----# 28 | set $jwt_secret "your-own-jwt-secret"; 29 | access_by_lua_file /etc/nginx/lua/guard.lua; 30 | #------>Custom<-----# 31 | #-->Secure: from here down 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /config/sites/php-fpm/default.conf: -------------------------------------------------------------------------------- 1 | upstream php7 { server unix:/run/php/php7.0-fpm.sock;} 2 | upstream hhvm { server unix:/var/run/hhvm/hhvm.sock;} 3 | 4 | server { 5 | listen $server_port; 6 | 7 | root /srv/$NGINX_PROJECT_NAME/www; 8 | index index.hh index.php index.html index.htm; 9 | server_name $NGINX_SERVER_URL; 10 | 11 | #-->Client: max size 12 | client_max_body_size 20M; 13 | large_client_header_buffers 4 32k; 14 | #-->Logs 15 | access_log /var/log/nginx/$NGINX_SERVER_URL.access.log; 16 | error_log /var/log/nginx/$NGINX_SERVER_URL.error.log; 17 | #-->Error: pages 18 | error_page 404 /srv/$NGINX_PROJECT_NAME/www/errors/404.html; 19 | error_page 500 502 503 504 /50x.html; 20 | location = /50x.html { 21 | root /srv/$NGINX_PROJECT_NAME/www/errors/50x.html; 22 | } 23 | #-->Root: route 24 | location / { 25 | root /srv/$NGINX_PROJECT_NAME/www; 26 | index index.html index.htm; 27 | } 28 | 29 | location ~ [^/]\.(hh|php)$ { 30 | fastcgi_split_path_info ^(.+?\.php)(/.*)$; 31 | if (!-f $document_root$fastcgi_script_name) { 32 | return 404; 33 | } 34 | # Mitigate https://httpoxy.org/ vulnerabilities 35 | fastcgi_param HTTP_PROXY ""; 36 | #fastcgi_param PATH_INFO $fastcgi_path_info; 37 | #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 38 | fastcgi_pass php7; 39 | fastcgi_index index.php; 40 | include fastcgi_params; 41 | } 42 | location @fpm { 43 | # Pass 44 | fastcgi_split_path_info ^(.+?\.php)(/.*)$; 45 | fastcgi_pass unix:/run/php/php7.0-fpm.sock; 46 | include fastcgi_params; 47 | 48 | # PARAMETERS 49 | fastcgi_intercept_errors on; 50 | fastcgi_param PATH_INFO $fastcgi_path_info; 51 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /config/sites/ssl/site.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name $NGINX_SERVER_URL www.$NGINX_SERVER_URL; 4 | return 301 https://$server_name$request_uri; 5 | } 6 | server { 7 | listen 443 ssl; 8 | 9 | root /srv/$NGINX_PROJECT_NAME/www; 10 | index index.hh index.php index.html index.htm; 11 | server_name $NGINX_SERVER_URL; 12 | 13 | #-->Client: max size 14 | client_max_body_size 20M; 15 | large_client_header_buffers 4 32k; 16 | #-->Logs 17 | access_log /var/log/nginx/$NGINX_SERVER_URL.access.log; 18 | error_log /var/log/nginx/$NGINX_SERVER_URL.error.log; 19 | #-->Error: pages 20 | error_page 404 /srv/$NGINX_PROJECT_NAME/www/errors/404.html; 21 | error_page 500 502 503 504 /50x.html; 22 | location = /50x.html { 23 | root /srv/$NGINX_PROJECT_NAME/www/errors/50x.html; 24 | } 25 | #-->SSL: certificates 26 | ssl_certificate /etc/letsencrypt/live/$NGINX_SERVER_URL/fullchain.pem; 27 | ssl_certificate_key /etc/letsencrypt/live/$NGINX_SERVER_URL/privkey.pem; 28 | ssl_dhparam /etc/ssl/certs/dhparam.pem; 29 | #ssl_trusted_certificate /etc/letsencrypt/live/$NGINX_SERVER_URL.crt; 30 | 31 | #-->SSL 32 | keepalive_timeout 70; 33 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 34 | ssl_prefer_server_ciphers on; 35 | ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; 36 | ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 37 | ssl_session_cache shared:SSL:10m; 38 | ssl_session_tickets off; 39 | ssl_stapling on; 40 | ssl_stapling_verify on; 41 | resolver 8.8.8.8 8.8.4.4 valid=300s; 42 | resolver_timeout 5s; 43 | add_header Strict-Transport-Security "max-age=2592000; includeSubDomains; preload"; 44 | add_header X-Frame-Options DENY; 45 | add_header X-Content-Type-Options nosniff; 46 | 47 | #-->Root: route 48 | location / { 49 | root /srv/$NGINX_PROJECT_NAME/www; 50 | index index.html index.htm; 51 | } 52 | 53 | } 54 | -------------------------------------------------------------------------------- /credits.txt: -------------------------------------------------------------------------------- 1 | *********************** 2 | Module list from: https://github.com/agile6v/awesome-nginx 3 | Thanks 4 | 5 | 6 | Made by: 7 | https://github.com/gp187 8 | Feel free to: 9 | - suggest new modules 10 | - build new configs 11 | - propose new configs (I can write em) 12 | - send me beer (Corona) 13 | 14 | *********************** -------------------------------------------------------------------------------- /fix/aclocal.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | # run as root only 5 | if [[ $EUID -ne 0 ]] ; then 6 | echo -e "\e[1;39m[ \e[31mError\e[39m ] need root access to run this script\e[0;39m" 7 | exit 1 8 | fi 9 | 10 | function install_automake() { 11 | [ $# -eq 0 ] && { run_error "Usage: install_automake "; exit; } 12 | local VERSION=${1} 13 | wget ftp://ftp.gnu.org/gnu/automake/automake-${VERSION}.tar.gz &> /dev/null 14 | if [ -f "automake-${VERSION}.tar.gz" ]; then 15 | tar -xzf automake-${VERSION}.tar.gz 16 | cd automake-${VERSION}/ 17 | ./configure 18 | make && make install 19 | echo -e "\e[1;39m[ \e[1;32mOK\e[39m ] automake-${VERSION} installed\e[0;39m" 20 | 21 | else 22 | echo -e "\e[1;39m[ \e[31mError\e[39m ] cannot fetch file from ftp://ftp.gnu.org/gnu/automake/ \e[0;39m" 23 | exit 1 24 | fi 25 | } 26 | install_automake 1.15 -------------------------------------------------------------------------------- /fix/aws_locale.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # run as root only 4 | if [[ $EUID -ne 0 ]] ; then 5 | echo "This script must be run with root access\e[49m" 6 | exit 1 7 | fi 8 | 9 | echo LC_ALL="en_US.UTF-8" >> /etc/environment 10 | locale-gen "en_US.UTF-8" 11 | dpkg-reconfigure locales 12 | # Reboot -------------------------------------------------------------------------------- /fix/lc_locale_perl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # run as root only 4 | if [[ $EUID -ne 0 ]] ; then 5 | echo "This script must be run with root access\e[49m" 6 | exit 1 7 | fi 8 | 9 | export LANGUAGE=en_US.UTF-8 10 | export LANG=en_US.UTF-8 11 | export LC_ALL=en_US.UTF-8 12 | echo LC_ALL="en_US.UTF-8" >> /etc/environment 13 | locale-gen "en_US.UTF-8" 14 | dpkg-reconfigure locales 15 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | . config.sh 4 | . app/nginx_modules.sh 5 | . app/libs.sh 6 | . app/colors.sh 7 | 8 | 9 | declare -A DOOPT 10 | 11 | declare -A OPTIONS_DO=( 12 | ['--full']="Install server and clean existing repos" 13 | ['--clean']="Clean local files" 14 | ['--compile']="Compile from existing directories" 15 | ['--deps']="Only dependencies" 16 | ['--down']="Only download modules" 17 | ) 18 | declare -A OPTIONS_TYPE=( 19 | ['--simple']="Simple web server with perfromance modules and standard configuration" 20 | ['--simple_ssl']="Simple web server but with extra SSL features" 21 | ['--steroids']="Nginx, Lua, Lua Scripts, JWT, Imagemagik, Compression" 22 | ) 23 | 24 | 25 | ############################################### 26 | ############ >ADVANCED USERS< ############# 27 | ############################################### 28 | 29 | show_yellow "Test" "system variables and paths" 30 | if [ -z ${ROOT+x} ]; then show_red "Error" "ROOT system variable is not set! Check config.sh"; exit 1; fi 31 | if [ -z ${CACHE+x} ]; then show_red "Error" "CACHE system variable is not set! Check config.sh"; exit 1; fi 32 | if [ -z ${BUILD+x} ]; then show_red "Error" "BUILD system variable is not set! Check config.sh"; exit 1; fi 33 | show_green "OK" 34 | 35 | 36 | # Set: version and dirs 37 | NGINX_VERSION_NO=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) 38 | 39 | # run as root only 40 | if [[ $EUID -ne 0 ]] ; then 41 | run_error "This script must be run with root access\e[49m" 42 | exit 1 43 | fi 44 | [ $# -eq 0 ] && { 45 | show_title " What are we building? " 46 | for i in ${!OPTIONS_DO[*]} 47 | do 48 | echo -e "\e[1;39m[ \e[1;46m${i}\e[49m ] ${OPTIONS_DO[${i}]}\e[0;39m" 49 | done 50 | show_title " How are we building? " 51 | for i in ${!OPTIONS_TYPE[*]} 52 | do 53 | echo -e "\e[1;39m[ \e[1;46m${i}\e[49m ] ${OPTIONS_TYPE[${i}]}\e[0;39m" 54 | done 55 | echo -e "\e[1;39m----------------------------\e[0;39m" 56 | exit 1; 57 | } 58 | DOOPT=${1} 59 | DOTYPE=${2} 60 | 61 | 62 | [ -d "$ROOT" ] || mkdir -p $ROOT 63 | [ -d "$CACHE" ] || mkdir -p $CACHE 64 | [ -d "$BUILD" ] || mkdir -p $BUILD 65 | 66 | # Make everything exectuable 67 | chmod u+x **/*.sh app/**/*.sh app/installers/*.sh app/module_deps/*.sh app/tests/*.sh fix/*.sh 68 | 69 | function deps() { 70 | local -A DEPS_INSTALL="build-essential autogen automake autoconf autotools-dev libreadline-dev libncurses5-dev libpcre3 libpcre3-dev libpng-dev zlib1g-dev libssl-dev openssl git perl libtool tar unzip xutils-dev" 71 | # Install Deps 72 | show_yellow "Check" "system dependencies" 73 | ## 74 | git --version >/dev/null 2>&1 || { 75 | DEPS_INSTALL="${DEPS_INSTALL} git" 76 | } 77 | python2.7 -V >/dev/null 2>&1 || { 78 | DEPS_INSTALL="${DEPS_INSTALL} python2.7 python2.7-dev" 79 | } 80 | # Install 81 | apt-get install -y $DEPS_INSTALL 82 | 83 | # Install: LuaJIT, PCRE, ZLIB, OpenSSL :: mandatory 84 | ./fix/aclocal.sh 85 | ./app/installers/luajit.sh ${VERSION['luajit']} 86 | ./app/installers/pcre.sh ${VERSION['pcre']} 87 | ./app/installers/zlib.sh ${VERSION['zlib']} 88 | ./app/installers/openssl.sh ${VERSION['openssl']} 89 | } 90 | function download() { 91 | # Download: nginx source 92 | ./app/installers/nginx.sh ${VERSION['nginx']} DEBUG 93 | # Clean: modules to fetch them again from cache 94 | rm -rf ${ROOT}nginx_modules/* 95 | # Download: ngnx modules 96 | for i in ${NGINX_INSTALL_MODULES[*]} 97 | do 98 | download_nginx_module $i 99 | done 100 | # Download: ngnx libs 101 | for i in ${NGINX_LUA_MODULES[*]} 102 | do 103 | download_nginx_module $i 104 | done 105 | } 106 | function configure() { 107 | # Unzip: nginx 108 | # Configure || Make: nginx modules 109 | for i in ${NGINX_INSTALL_MODULES[*]} 110 | do 111 | configure_nginx_module $i 112 | done 113 | # Configure || Make: nginx modules 114 | for i in ${NGINX_LUA_MODULES[*]} 115 | do 116 | configure_lua_modules $i 117 | done 118 | 119 | } 120 | function compile() { 121 | # Make nginx 122 | make_nginx ${VERSION['nginx']} "$DEFAULT_CONFIGURE_PARAMS $NGINX_CONFIGURE_PARAMS" 123 | # Config the service 124 | post_install_nginx ${NGINX_USE_PATH} 125 | # Create INSTALLED.md file 126 | create_installed_file 127 | } 128 | 129 | 130 | # Loading functions 131 | show_blue "Loading" "local libraries and preparing scrips" 132 | sleep 1 133 | 134 | ############################################################### 135 | case $DOTYPE in 136 | "--simple") 137 | show_blue "Install" "${OPTIONS_TYPE[${DOTYPE}]}" 138 | sleep 1 139 | # Define: modules to install 140 | NGINX_INSTALL_MODULES=( 141 | "ngx_headers_more" "ngx_encrypted_session" "ngx_devel_kit" "ngx_mod_zip" 142 | "ngx_xss" "ngx_echo" 143 | ) 144 | NGINX_LUA_MODULES=("lua_resty_http" "lua_resty_memcached" "lua_resty_jwt") 145 | # Nginx: params 146 | NGINX_CONFIGURE_PARAMS="--without-http_ssl_module" 147 | ;; 148 | "--simple_ssl") 149 | show_blue "Install" "${OPTIONS_TYPE[${DOTYPE}]}" 150 | sleep 1 151 | # Define: modules to install 152 | NGINX_INSTALL_MODULES=( 153 | "ngx_headers_more" "ngx_encrypted_session" "ngx_devel_kit" "ngx_mod_zip" 154 | "ngx_xss" "ngx_echo" 155 | ) 156 | NGINX_LUA_MODULES=("lua_resty_http" "lua_resty_memcached" "lua_resty_jwt") 157 | # Nginx: params 158 | NGINX_CONFIGURE_PARAMS="--with-http_ssl_module --with-http_v2_module --with-google_perftools_module" 159 | ;; 160 | "--steroids") 161 | show_blue "Compiling" "${OPTIONS_TYPE[${DOTYPE}]}" 162 | sleep 1 163 | # Define: modules to install 164 | NGINX_INSTALL_MODULES=( 165 | "ngx_headers_more" "ngx_encrypted_session" "ngx_devel_kit" "ngx_mod_zip" 166 | "ngx_xss" "ngx_echo" "ngx_clojure" "ngx_memc" "ngx_lua" "ngx_pagespeed" # - not by default "ngx_mongo" 167 | ) 168 | NGINX_LUA_MODULES=("lua_resty_http" "lua_resty_memcached" "lua_resty_jwt" "lua_resty_hmac") 169 | NGINX_CONFIGURE_PARAMS="--with-cc-opt=-Wno-error --with-threads --with-file-aio --with-stream_ssl_module --with-http_ssl_module --with-http_v2_module --with-google_perftools_module " 170 | ;; 171 | *) 172 | ./install.sh 173 | show_red "Error" "$DOTYPE is unknown. Look at option list" 174 | exit 1; 175 | esac 176 | ############################################################### 177 | case $DOOPT in 178 | "--full_clean") 179 | show_blue "Install" "${OPTIONS_DO[${DOOPT}]}" 180 | sleep 1 181 | clean 182 | deps 183 | download 184 | configure 185 | compile 186 | ;; 187 | "--full") 188 | show_blue "Install" "${OPTIONS_DO[${DOOPT}]}" 189 | sleep 1 190 | deps 191 | download 192 | configure 193 | compile 194 | ;; 195 | "--compile") 196 | show_blue "Compiling" "${OPTIONS_DO[${DOOPT}]}" 197 | sleep 1 198 | download 199 | configure 200 | compile 201 | ;; 202 | "--deps") 203 | show_blue "Fetching" "${OPTIONS_DO[${DOOPT}]}" 204 | sleep 1 205 | deps 206 | ;; 207 | "--down") 208 | show_blue "Downloading" "${OPTIONS_DO[${DOOPT}]}" 209 | sleep 2 210 | download 211 | ;; 212 | "--clean") 213 | show_red "Deleting" "${OPTIONS_DO[${DOOPT}]}" 214 | sleep 1 215 | clean 216 | ;; 217 | *) 218 | ./install.sh 219 | show_red "Error" "$DOOPT is unknown. Look at option list" 220 | exit 1; 221 | esac 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | -------------------------------------------------------------------------------- /letsencrypt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | . config.sh 4 | . app/colors.sh 5 | 6 | # Install: let's encrypt certbot 7 | 8 | 9 | #function pre_install() {} 10 | function install() { 11 | git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt 12 | } 13 | function post_install() { 14 | # I need port :80 15 | service nginx stop 16 | } 17 | function install_configs() { 18 | # Run: generate certificate 19 | [ ! -f /etc/letsencrypt/renewal/${SRV_URL}.conf ] && { 20 | /bin/bash /opt/letsencrypt/letsencrypt-auto certonly --standalone -d ${SRV_URL} 21 | service nginx stop 22 | openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 23 | service nginx start 24 | } 25 | } 26 | function install_services() { 27 | # install cron 28 | local CRON="/bin/bash /opt/letsencrypt/letsencrypt-auto renew --force-renewal" 29 | ( crontab -l | grep -v "$CRON" ; echo "0 0 1 * * ${CRON}" ) | crontab - 30 | } 31 | 32 | install 33 | post_install 34 | install_configs 35 | install_services -------------------------------------------------------------------------------- /monnit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | apt-get install -y monit 4 | 5 | ## DO the rest of the config required 6 | ## parse and the custom config files to match nginx and other sevices -------------------------------------------------------------------------------- /optimizations/sysconf.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | # run as root only 5 | if [[ $EUID -ne 0 ]] ; then 6 | echo "This script must be run with root access\e[49m" 7 | exit 1 8 | fi 9 | 10 | # Optimizing TCP stack for better performance 11 | # Optimizing security to limit nofile params 12 | 13 | # USE WITH CAUTION! Check the files 14 | 15 | 16 | # Append: size of the queue for connections waiting for acceptance /etc/sysctl.conf 17 | # echo "net.core.somaxconn = 65536" >> /etc/sysctl.conf 18 | # echo "net.ipv4.tcp_max_tw_buckets = 1440000" >> /etc/sysctl.conf 19 | # echo "net.ipv4.tcp_fin_timeout 15" >> /etc/sysctl.conf 20 | # echo "net.ipv4.tcp_window_scaling = 1" >> /etc/sysctl.conf 21 | # echo "net.ipv4.tcp_max_syn_backlog = 3240000" >> /etc/sysctl.conf 22 | # Append: File Descriptors 23 | # echo "soft nofile 4096" >> /etc/security/limits.conf 24 | # echo "hard nofile 4096" >> /etc/security/limits.conf --------------------------------------------------------------------------------