Ticket #1625: nginx_compile.sh

#!/bin/sh
apt install zlib1g-dev zlib1g libpcre3 libpcre3-dev build-essential git wget 

NGINX_VER=1.15.3
OPENSSL_VER=1.1.1-pre9
NGINX_GPG="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \
           A09CD539B8BB8CBE96E82BDFABD4D3B3F5806B4D \
           4C2C85E705DC730833990C38A9376139A524C53E \
           65506C02EFC250F1B7A3D694ECF0E90B2C172083 \
           B0F4253373F8F6F510D42178520A9993A1C052F8 \
           7338973069ED3F443F4D37DFA64FD5B17ADB39A8"

echo "**** download package ****"
git clone https://github.com/openresty/headers-more-nginx-module --depth=1 /tmp/headers-more-nginx-module 
git clone https://github.com/bagder/libbrotli --depth=1 /tmp/libbrotli 
git clone https://github.com/google/ngx_brotli --depth=1 /tmp/ngx_brotli 
wget -q http://nginx.org/download/nginx-${NGINX_VER}.tar.gz -O /tmp/nginx-${NGINX_VER}.tar.gz 
wget -q http://nginx.org/download/nginx-${NGINX_VER}.tar.gz.asc -O /tmp/nginx-${NGINX_VER}.tar.gz.asc 
wget -q https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz -O /tmp/openssl-${OPENSSL_VER}.tar.gz
git clone https://github.com/grahamedgecombe/nginx-ct --depth=1 /tmp/nginx-ct 

echo "**** compile brotli ****"
cd /tmp/libbrotli
./autogen.sh 
./configure 
mkdir brotli/c/tools/.deps 
touch brotli/c/tools/.deps/brotli-brotli.Po 
make -j 1
make install
cd /tmp/ngx_brotli 
git submodule update --init

echo "**** untar openssl ****"
cd /tmp
tar xzf openssl-${OPENSSL_VER}.tar.gz

echo "**** compile nginx ****"
cd /tmp 
for server in ha.pool.sks-keyservers.net hkp://keyserver.ubuntu.com:80 hkp://p80.pool.sks-keyservers.net:80 pgp.mit.edu; 
    do 
        echo "Fetching GPG key $NGINX_GPGKEY from $server";
        gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys $NGINX_GPG && found=yes && break;
done 
gpg --batch --verify nginx-${NGINX_VER}.tar.gz.asc nginx-${NGINX_VER}.tar.gz
tar xzf nginx-${NGINX_VER}.tar.gz
cd /tmp/nginx-${NGINX_VER}
wget -q https://raw.githubusercontent.com/cujanovic/nginx-dynamic-tls-records-patch/master/nginx__dynamic_tls_records_1.13.0%2B.patch -O dynamic_records.patch
patch -p1 < dynamic_records.patch
./configure --prefix=/etc/nginx \
            --sbin-path=/usr/local/sbin/nginx \
            --http-log-path=/var/log/nginx/logs/nginx_access.log \
            --error-log-path=/var/log/nginx/logs/nginx_error.log \
            --pid-path=/run/nginx.pid \
            --lock-path=/run/nginx.lock \
            --user=nginx --group=nginx \
            --with-http_ssl_module \
            --with-http_realip_module \
            --with-http_addition_module \
            --with-http_sub_module \
            --with-http_dav_module \
            --with-http_flv_module \
            --with-http_mp4_module \
            --with-http_gunzip_module \
            --with-http_gzip_static_module \
            --with-http_random_index_module \
            --with-http_secure_link_module \
            --with-http_stub_status_module \
            --with-threads \
            --with-stream \
            --with-stream_ssl_module \
            --with-http_slice_module \
            --with-mail \
            --with-pcre-jit \
            --with-mail_ssl_module \
            --with-http_v2_module \
            --with-file-aio \
            --with-ipv6 \
            --add-module=/tmp/headers-more-nginx-module \
            --add-module=/tmp/nginx-ct \
            --add-module=/tmp/ngx_brotli \
            --with-cc-opt="-O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -Wno-deprecated-declarations" \
            --with-openssl-opt='no-async enable-ec_nistp_64_gcc_128 no-shared no-ssl2 no-ssl3 no-comp no-idea no-weak-ssl-ciphers -DOPENSSL_NO_HEARTBEATS -O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2' \
            --with-openssl=/tmp/openssl-${OPENSSL_VER} 
make -j 1
make install
useradd --no-create-home nginx