angristan / nginx-autoinstall Goto Github PK

View Code? Open in Web Editor NEW

631.0 51.0 238.0 360 KB

Compile NGINX from source with custom modules and patches on Debian and Ubuntu

License: GNU General Public License v3.0

Shell 99.31% Dockerfile 0.69%

nginx openssl libressl brotli pagespeed geoip alpn http2 chacha20-poly1305 curve25519

nginx-autoinstall's Introduction

nginx-autoinstall

Compile and install NGINX from source with optional features, modules and patches.

Compatibility

Debian 9 and later
Ubuntu 16.04 and later

The script might work on ARM-based architectures, but it's only being regularly tested against x86_64 with GitHub Actions.

Features

Latest mainline or stable version, from source
Optional modules and patches
Custom nginx.conf (default does not work)
Init script for systemd (not provided by default)
Logrotate conf (not provided by default)
Block Nginx installation from APT using pinning, to prevent conflicts

Optional modules/features

LibreSSL from source (CHACHA20, ALPN for HTTP/2, X25519, P-521)
OpenSSL from source (TLS 1.3, CHACHA20, ALPN for HTTP/2, X25519, P-521)
Cloudflare's patch for HTTP/3 with Quiche and BoringSSL.
Cloudflare's TLS Dynamic Record Resizing patch maintained by nginx-modules.
Cloudflare's HTTP/2 HPACK encoding patch (original patch, fixed patch)
ngx_pagespeed: Google performance module
ngx_brotli: Brotli compression algorithm
ngx_headers_more: Custom HTTP headers
ngx_http_geoip2_module with libmaxminddb and GeoLite2 databases ⚠️ Requires license key
ngx_cache_purge: Purge content from FastCGI, proxy, SCGI and uWSGI caches
ngx-fancyindex : fancy file listings
nginx-dav-ext-module: WebDAV PROPFIND, OPTIONS, LOCK, UNLOCK support)
nginx-module-vts: Nginx virtual host traffic status module (install instructions)
ModSecurity-nginx: connector for the ModSecurity open-source web application firewall (WAF)
testcookie-nginx-module: simple robot mitigation module using cookie based challenge/response (example config)
lua-nginx-module: extend NGINX with Lua. Using luajit2 (OpenResty's maintained branch of LuaJIT) and ngx_devel_kit (Nginx Development Kit (NDK))
nginx_substitutions_filter: regular expression and fixed string substitutions for nginx
RTMP module (NGINX-based Media Streaming Server)
nginx-ultimate-bad-bot-blocker: Bad Bot and User-Agent Blocker, Spam Referrer Blocker, Anti DDOS, Bad IP Blocker and Wordpress Theme Detector Blocker

Cache Modules

redis2-nginx-module : Nginx upstream module for the Redis 2.0 protocol
ngx_http_redis : The nginx HTTP redis module for caching with redis
srcache-nginx-module : Transparent subrequest-based caching layout for arbitrary nginx locations
set-misc-nginx-module : Various set_xxx directives added to nginx's rewrite module (md5/sha1, sql/json quoting, and many more)
echo-nginx-module : Brings "echo", "sleep", "time", "exec" and more shell-style goodies to Nginx config file.
- Required to set up Redis with conditional purging
- Install Redis with apt install redis-{tools,server}

Usage

Just download and execute the script :

wget https://raw.githubusercontent.com/angristan/nginx-autoinstall/master/nginx-autoinstall.sh
chmod +x nginx-autoinstall.sh
./nginx-autoinstall.sh

You will be able to:

Install NGINX
Update NGINX (It will install it again and overwrite current files and/or modules.)
Uninstall NGINX with optional cleanup
Self-update the script

Just follow the question!

You can check configuration examples for the custom modules.

Headless use

You can run the script without the prompts with the option HEADLESS set to y. This allows for automated install and scripting. This is what is used to test the script with GitHub Actions.

HEADLESS=y ./nginx-autoinstall.sh

To install Nginx mainline with Brotli:

HEADLESS=y \
NGINX_VER=MAINLINE \
BROTLI=y \
./nginx-autoinstall.sh

To install with Geoip:

HEADLESS=y \
GEOIP=y \
GEOIP2_ACCOUNT_ID=YOUR_ACCOUNT_ID_HERE \
GEOIP2_LICENSE_KEY=YOUR_LICENSE_KEY_HERE \
./nginx-autoinstall.sh

To uninstall Nginx and remove the logs and configuration files:

HEADLESS=y \
OPTION=2 \
RM_CONF=y \
RM_LOGS=y \
./nginx-autoinstall.sh

All the default variables are set at the beginning of the script.

LICENSE

GPL v3.0

nginx-autoinstall's People

Stargazers

Watchers

Forkers

aalsmile vetaco d0xkb scoutinglegion abhishekghosh siamnews aoyawale chinaares nazim techlabs2beyond infinityonhigh9669 punkeel marbastm reagn0x svpn nginx-modules rigelk cengjing demohunter rezaurc x0r2d2 skyformat99 joglomedia nesmon antetna smashingcloud felipepodesta 0613561761za ekarakashi omarx3 angelflo luclu7 studio70 pagespeedplus benhartwich mattybell theworms leurs garzadekoster laminbarrow arun81 indomex consultent hug2008 konstrutor mobilenetlearn raoul1996 katiakweb ersivv quyentruong feeeei brahma-dev ricardorzgz iamgeert cnlubo jomo zhouweiaccp lpan akabit one2ter mikecarcara koljasagorski jangotek alsur ryangege sgseo alsyundawy laurencestruck ngocngv tmiland u53r55 vqiu ultrafunkamsterdam yanik39 peiris maximemichaud mohamednizar rhodesiaxlo hanterrian cloudxtreme westgen fengzhao faster-snail w796933 benjamin-lim akoharu legitosaurus schatzm thonguyenduc2010 nn1k4 adamaayala rjroot sumonst21 euedeep bartzjegr hung119 coeur-digital theforcer xserveraws tawattantan

nginx-autoinstall's Issues

ngx_brotli: brotli v1.0.x

PeterSikora seems no longer supports google/ngx_brotli stable/mainline branches for the latest versions of NGINX.

https://github.com/eustas/ngx_brotli/releases (no longer need C wrapper bagder/libbrotli)

Display errors

Use 2>/dev/null instead of &>/dev/null

(oui j'aurai pu PR)

kernel: 3.10.0-327.el7.x86_64
os: centOS7

checking for OS

Linux 3.10.0-327.el7.x86_64 x86_64
checking for C compiler ... not found

./configure: error: C compiler cc is not found

Enhancement suggestion: Centminmod

Unfornetly I don't use the nginx-auto install.

But we do use ngx_pagespeed.
My nginx -V

nginx -V
nginx version: nginx/1.17.1 (130719-002516-centos7-kvm)
built by gcc 8.3.1 20190311 (Red Hat 8.3.1-3) (GCC) 
built with OpenSSL 1.1.1c  28 May 2019
TLS SNI support enabled
configure arguments: --with-ld-opt='-Wl,-E -L/usr/local/zlib-cf/lib -L/usr/local/lib -ljemalloc -lpcre -Wl,-z,relro -Wl,-rpath,/usr/local/zlib-cf/lib:/usr/local/lib' --with-cc-opt='-I/usr/local/zlib-cf/include -I/usr/local/include -m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -Wno-error=strict-aliasing -fstack-protector-strong -flto --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -gsplit-dwarf' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=130719-002516-centos7-kvm --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --add-dynamic-module=../ngx_http_geoip2_module --add-dynamic-module=../incubator-pagespeed-ngx-1.13.35.2-stable --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.5 --add-dynamic-module=../ngx_devel_kit-0.3.0 --add-dynamic-module=../set-misc-nginx-module-0.32 --add-dynamic-module=../echo-nginx-module-0.61 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.3.7 --add-dynamic-module=../lua-nginx-module-0.10.15 --add-module=../stream-lua-nginx-module-0.0.7 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.31 --add-dynamic-module=../headers-more-nginx-module-0.33 --with-pcre-jit --with-zlib=../zlib-cloudflare-1.3.0 --with-http_ssl_module --with-http_v2_module --with-openssl=../openssl-1.1.1c --with-openssl-opt='enable-ec_nistp_64_gcc_128 enable-tls1_3' --add-dynamic-module=../ModSecurity-nginx

Have a look at https://github.com/centminmod/centminmod. Maybe something great can be done if you work together.

Using Free Let’s Encrypt SSL/TLS Certificates with NGINX

https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04

Option to compile with `http_uwsgi_module`

Please consider adding option for compiling with http_uwsgi_module, by default script has --without-http_uwsgi_module argument. Since I use nginx with uwsgi_pass I have to remember to manually edit the script after each update. Thank you!

Not found link with pagespeed

Debian 9 64:
Nginx is ready to be installed, press any key to continue...

   Installing dependencies        [OK]

./nginx-autoinstall.sh: line 130: cd: ngx_pagespeed-1.12.34.3-stable: No such file or directory
rm: cannot remove '.tar.gz': No such file or directory
Downloading ngx_pagespeed [FAIL]

Please look /tmp/nginx-autoinstall-error.log

root@deb9:~# cat /tmp/nginx-autoinstall-error.log

rm: cannot remove 'ngx_pagespeed-*-stable': No such file or directory
--2018-01-09 04:46:04-- https://github.com/pagespeed/ngx_pagespeed/archive/v1.12.34.3-stable.zip
Resolving github.com (github.com)... 192.30.253.113, 192.30.253.112
Connecting to github.com (github.com)|192.30.253.113|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://github.com/apache/incubator-pagespeed-ngx/archive/v1.12.34.3-stable.zip [following]
--2018-01-09 04:46:05-- https://github.com/apache/incubator-pagespeed-ngx/archive/v1.12.34.3-stable.zip
Reusing existing connection to github.com:443.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/apache/incubator-pagespeed-ngx/zip/v1.12.34.3-stable [following]
--2018-01-09 04:46:05-- https://codeload.github.com/apache/incubator-pagespeed-ngx/zip/v1.12.34.3-stable
Resolving codeload.github.com (codeload.github.com)... 192.30.253.120, 192.30.253.121
Connecting to codeload.github.com (codeload.github.com)|192.30.253.120|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/zip]
Saving to: ‘v1.12.34.3-stable.zip’

 0K .......... .......... .......... .......... ..........  181K
50K .......... .......... .......... .......... ..........  369K

100K .......... .......... .......... .......... ..... 5.76M=0.4s

2018-01-09 04:46:06 (347 KB/s) - ‘v1.12.34.3-stable.zip’ saved [148593]

--2018-01-09 04:46:06-- https://dl.google.com/dl/page-speed/psol/.tar.gz
Resolving dl.google.com (dl.google.com)... 172.217.16.46, 2a00:1450:401b:805::200e
Connecting to dl.google.com (dl.google.com)|172.217.16.46|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2018-01-09 04:46:06 ERROR 404: Not Found.

tar (child): .tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now

Can you add Lua Module?

Can you add Lua?

Option in menu to enable logs

Refactor code

Something like https://stackoverflow.com/a/5196220/6945353

Support gzip

Hi,

I noticed, you're compiling nginx without gzip?
Is there any reason for this or can you add it?

Patching of dynamic TLS records fail with Nginx 1.15.4

When use the script by selecting Nginx 1.15.4, OpenSSL 1.1.1 and TLS Dynamic Records Support only, the patch fail.

The log file:

2018-09-29 09:57:04 (20.6 MB/s) - ‘nginx__1.11.5_dynamic_tls_records.patch’ saved [8243/8243]

patching file src/event/ngx_event_openssl.c
Hunk #1 succeeded at 1267 (offset 136 lines).
Hunk #2 succeeded at 2116 (offset 446 lines).
Hunk #3 succeeded at 2258 (offset 452 lines).
patching file src/event/ngx_event_openssl.h
Hunk #1 succeeded at 64 with fuzz 1 (offset 10 lines).
Hunk #2 FAILED at 89.
Hunk #3 succeeded at 116 (offset 18 lines).
1 out of 3 hunks FAILED -- saving rejects to file src/event/ngx_event_openssl.h.rej
patching file src/http/modules/ngx_http_ssl_module.c
Hunk #1 succeeded at 246 with fuzz 1 (offset 13 lines).
Hunk #2 succeeded at 611 (offset 43 lines).
Hunk #3 succeeded at 683 (offset 45 lines).
Hunk #4 succeeded at 881 with fuzz 1 (offset 49 lines).
patching file src/http/modules/ngx_http_ssl_module.h
Hunk #1 succeeded at 58 (offset 1 line).

Add CI

Add support for Naxsi and ModSecurity nginx modules

It would be great if you add these two modules in your script :) I'm using your script for ISPconfig3 👍

Architecture not supported: armv7l

I am running the setup on a raspbery pi3
Linux 4.14.62-v7+ #1134 SMP Tue Aug 14 17:10:10 BST 2018 armv7l GNU/Linux

Any idea how to fix this?

Nginx is ready to be installed, press any key to continue...
       Installing dependencies        [OK]
       Downloading ngx_pagespeed      [OK]
       Downloading ngx_brotli         [OK]
       Downloading ngx_headers_more   [OK]
       Downloading GeoIP databases    [OK]
       Downloading ngx_cache_purge    [OK]
       Downloading LibreSSL           [OK]
       Configuring LibreSSL           [OK]
       Installing LibreSSL            [OK]
       Downloading Nginx              [OK]
       TLS Dynamic Records support    [OK]
       Configuring Nginx              [FAIL]

Please look at /tmp/nginx-autoinstall.log

error:

checking for sysconf(_SC_NPROCESSORS_ONLN) ... found
checking for sysconf(_SC_LEVEL1_DCACHE_LINESIZE) ... found
checking for openat(), fstatat() ... found
checking for getaddrinfo() ... found
configuring additional modules
adding module in /usr/local/src/nginx/modules/incubator-pagespeed-ngx-1.13.35.2-stable
Architecture not supported: armv7l

GeoIP database error

hey, I see that GeoIP database is change their download URL, the problem is the old one is using .dat but the new one is using tar. I'm not sure about this format change, can you help fixing it?

Brotli does not work

objs/Makefile:1441: recipe for target 'objs/addon/src/ngx_http_brotli_filter_module.o' failed

Will take a look ASAP.

centos

Hello!

I hope soon centos will be avaliable.

cat /tmp/nginx-autoinstall.log

rm: cannot remove '/usr/local/src/nginx/': No such file or directory
./nginx-autoinstall.sh: line 116: apt-get: command not found
./nginx-autoinstall.sh: line 117: apt-get: command not found

Add support for Default Nginx Folders

Please add support so that it can create sites-available and sites-enabled folder automatically. Also include link to sites-enabled/* in nginx.conf file.

http_ssl_module is missing

Bonjour,

Voici le output de nginx -V

ginx version: nginx/1.13.1
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4)
configure arguments: --add-module=/home/leo/ngx_brotli --add-module=/home/leo/ngx_pagespeed-1.12.34.2-beta --add-module=/home/leo/nginx_accept_language_module-master --with-openssl=/home/gregory/nginx/openssl-1.1.0e --prefix=/usr/local/share/nginx --conf-path=/etc/nginx/nginx.conf --with-http_v2_module --with-http_gzip_static_module --sbin-path=/usr/local/sbin --error-log-path=/var/log/nginx/error.log

Le module http_ssl_module est manquant malgres sa presence dans la configuration du script. Que faire ?

Service not working on LXC container

Hi. Trying to use your great installer on an LXC debian 9 container.

Install and compile seemed to work fine but service doesn't work:

nginx.service: Failed to reset devices.list: Operation not permitted
Any known limitations to install on containers?

Last log lines are:

make[1]: se sale del directorio '/usr/local/src/nginx/nginx-1.14.2'
--2019-01-11 22:22:57--  https://raw.githubusercontent.com/Angristan/nginx-autoinstall/master/conf/nginx.service
Resolviendo raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.120.133
Conectando con raw.githubusercontent.com (raw.githubusercontent.com)[151.101.120.133]:443... conectado.
Petición HTTP enviada, esperando respuesta... 200 OK
Longitud: 1096 (1,1K) [text/plain]
Grabando a: “nginx.service”

     0K .                                                     100% 67,3M=0s

2019-01-11 22:22:57 (67,3 MB/s) - “nginx.service” guardado [1096/1096]

Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable nginx
insserv: warning: current start runlevel(s) (empty) of script `nginx' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `nginx' overrides LSB defaults (0 1 6).
Failed to enable unit: Unit file /etc/systemd/system/nginx.service is masked.
--2019-01-11 22:22:57--  https://raw.githubusercontent.com/Angristan/nginx-autoinstall/master/conf/nginx-logrotate
Resolviendo raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.120.133
Conectando con raw.githubusercontent.com (raw.githubusercontent.com)[151.101.120.133]:443... conectado.
Petición HTTP enviada, esperando respuesta... 200 OK
Longitud: 355 [text/plain]
Grabando a: “nginx”

     0K                                                       100% 14,5M=0s

2019-01-11 22:22:57 (14,5 MB/s) - “nginx” guardado [355/355]

Failed to restart nginx.service: Unit nginx.service is masked.

Thanks,.

TLS 1.3

Are you going to add TLS 1.3 support to stable version?

Create /etc/nginx/conf.d directory

Nginx.conf includes /etc/nginx/conf.d/*.conf, but this directory isn't created. Would be nice if the directory is created just like /etc/nginx/sites-available and /etc/nginx/sites-enabled.

deleted

Enhancement suggestion: Add ModSecurity module

Hi,

Before all thanks a lot for your work on this nginx autoinstaller script.
Do you plan to integrate installation of ModSecurity Module in your nginx script ?
https://help.dreamhost.com/hc/en-us/articles/223608748-How-to-Install-libmodsecurity-nginx-on-Ubuntu-14-04
This module is a "must have" for many people to avoid hacking and now that it works on nginx I would like to implement it but I don't know how to do because nginx and other moduls are implemented thru your script.

Thanks again for all !

Add stable release

Add choice for Mainline or Stable

Compiling nginx failed

Compiling failing on clean Debian 9. Tried to install nginx with pagespeed and brotli using system openssl.

Options selected

Modules to install :
PageSpeed 1.12.34.2 [y/n]: y
Brotli [y/n]: y
Headers More 0.32 [y/n]: n
GeoIP [y/n]: n
Cloudflare's TLS Dynamic Record Resizing patch [y/n]: n

Choose your OpenSSL implementation :

System's OpenSSL (1.1.0f)

OpenSSL 1.1.0f from source

LibreSSL 2.6.0 from source

Select an option [1-3]: 1

Nginx is ready to be installed, press any key to continue...
   Installing dependencies        [OK]
   Downloading ngx_pagespeed      [OK]
   Downloading libbrotli          [OK]
   Configuring libbrotli          [OK]
   Compiling libbrotli            [OK]
   Installing libbrotli           [OK]
   Downloading ngx_brotli         [OK]
   Downloading Nginx              [OK]
   Configuring Nginx              [OK]
   Compiling Nginx                [FAIL]

Log

2017-08-31 06:53:15 (12.2 MB/s) - ‘1.12.34.2-x64.tar.gz’ saved [16968086/16968086]

rm: cannot remove 'libbrotli': No such file or directory
Cloning into 'libbrotli'...
Submodule 'brotli' (https://github.com/google/brotli) registered for path 'brotli'
Cloning into '/usr/local/src/libbrotli/brotli'...
configure.ac:7: installing './compile'
configure.ac:7: installing './config.guess'
configure.ac:7: installing './config.sub'
configure.ac:8: installing './install-sh'
configure.ac:8: installing './missing'
Makefile.am: installing './depcomp'
ar: u' modifier ignored since D' is the default (see U') ar: u' modifier ignored since D' is the default (see U')
rm: cannot remove 'ngx_brotli': No such file or directory
Cloning into 'ngx_brotli'...
Submodule 'deps/brotli' (https://github.com/google/brotli.git) registered for path 'deps/brotli'
Cloning into '/usr/local/src/ngx_brotli/deps/brotli'...
rm: cannot remove '/usr/local/src/nginx-*': No such file or directory
--2017-08-31 06:54:40-- https://raw.githubusercontent.com/Angristan/nginx-autoinstall/master/conf/nginx.conf
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.0.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1800 (1.8K) [text/plain]
Saving to: ‘nginx.conf’
 0K .                                                     100% 46.1M=0s
2017-08-31 06:54:40 (46.1 MB/s) - ‘nginx.conf’ saved [1800/1800]

/usr/local/src/ngx_pagespeed-1.12.34.2-stable/src/ngx_pagespeed.cc: In function ‘ngx_int_t net_instaweb::{anonymous}::ps_preaccess_handler(ngx_http_request_t*)’:
/usr/local/src/ngx_pagespeed-1.12.34.2-stable/src/ngx_pagespeed.cc:3011:31: error: ‘ngx_http_core_try_files_phase’ was not declared in this scope
while (ph[i + 1].checker != ngx_http_core_try_files_phase &&
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
make[1]: *** [objs/addon/src/ngx_pagespeed.o] Error 1
make: *** [build] Error 2

Add support for custom modules?

Let's say I want nginx cache purge module or any other module. Script installer has to compile the module and all other things that are required by himself.
This script should give an option where Script installer can input the path to module folder.
Like this: ( I'm not a programmer: 100: )

Do you want to add extra modules ( yes/ no ): Y
Please confirm, you have compiled your modules or anything that is required. We'll not responsible for any errors.
Continue adding moodules (yes/no)? Y (ENTER)
Input the path to module(s) folder (eg: /opt/module/ ): /usr/local/nginx_cache_purge/ (ENTER)
Continue adding moodules (yes/no)? Y (ENTER)
Input the path to module(s) folder (eg: /opt/module/ ): /usr/local/nginx_redis/ (ENTER)
Continue adding moodules (yes/no)? Y (ENTER)
Input the path to module(s) folder (eg: /opt/module/ ): /usr/local/modsecurity/ (ENTER)
Continue adding moodules (yes/no)? NO (ENTER)
All modules are added and ready to be compiled with nginx, press any key to continue:

.....
....
Something like this +1:

Thanks

Latest config won't work on Ubuntu 16.04 (Amazon EC2)

root@ip-172-31-3-187:~# ./nginx-autoinstall.sh

Welcome to the nginx-autoinstall script.

What do you want to do?

Install or update Nginx
Uninstall Nginx
Update the script

Select an option [1-3]: 1

This script will install Nginx 1.10.1 (mainline) with some optional famous modul

Please tell me which modules you want to install.
If you select none, Nginx will be installed with its default modules.

Modules to install :
PageSpeed 1.11.33.4 [y/n]: y
Brotli [y/n]: y
Headers More 0.32 [y/n]: y
GeoIP [y/n]: y

Choose your OpenSSL implementation :

System's OpenSSL (default)
OpenSSL 1.0.2h from source
LibreSSL 2.4.4 from source

Select an option [1-3]: 1

Nginx is ready to be installed, press any key to continue...

   Installing dependencies        [OK]
   Downloading ngx_pagespeed      [OK]
   Downloading libbrotli          [OK]
   Configuring libbrotli          [OK]
   Compiling libbrotli            [OK]
   Installing libbrotli           [OK]
   Downloading ngx_brotli         [OK]
   Downloading ngx_headers_more   [OK]
   Downloading GeoIP databases    [OK]
   Downloading Nginx              [OK]
   **Configuring Nginx              [FAIL]**

Brotli doesn´t work on Subdomains

Hi,

thanks for providing this script. I´ve tried to use the brotli compression by installing nginx with your script, but brotli only works on main domains, not on any subdomain when defined at nginx.conf.

When I set brotli at a subdomain vhost definition directly it´s also not working. Is this by design or is it because your script is missing anything?

Get versions from https://hg.nginx.org/nginx/ instead of hardcoding version.

I think downloading the latest version from the repo is much better than hardcode the last version in the file.

Enhancement suggestion: for PageSpeed, automatically create cache directory

Hi there! First of all: awesome script, I found it by mere chance, and it works so flawlessly that it's actually scary...

Now for a suggestion — I've mostly used this script to add pagespeed & brotli support on nginx. pagespeed in particular has a gazillion options, but one that pretty much everyone will be using is, obviously, adding the cache directory.

By convention — and your script follows this convention! — /var/ngx_pagespeed_cache is the default. However, a common configuration change (at least on Ubuntu/Debian) is to use a tmpfs-mounted directory for the cache, say, /run/ngx_pagespeed_cache (and just use a symlink to keep the rest of the default configuration working).

This has a problem: when rebooting, as expected, the content of /run will be lost, and when nginx starts, it expects /run/ngx_pagespeed_cache to exist, and because it doesn't exist any more (just a broken symlink pointing to it), nginx will fail to run.

On systems using systemd, one simple solution is to add a small file under /usr/lib/tmpfiles.d, which will tell the system what to create when starting up. In fact, a lot of packages (mysql, php-fpm, among so many others...) use this method to set up sockets, for example, which are conveniently created on a tmpfs volume for added speed.

It would be nice if a future version of nginx-autoinstall would be able to create something like that automatically, e.g.:

echo "d /run/ngx_pagespeed_cache 0755 www-data www-data - -" > /usr/lib/tmpfiles.d/nginx.conf
ln -s /run/ngx_pagespeed_cache /var/ngx_pagespeed_cache

This could be one of the (many) extra options for those interested in having a tmpfs-based cache for pagespeed...

Keep updating nginx-autoinstall, great job so far, and thanks again!

Add default vhost

Hi. I just installed ngnix with pagespeed and brotli. When it is finished installing and it has started the server I try to visit the website. http://206.189.221.179/. But there is no welcome page here. Is there any docs on where everything is located at and how I can fix this?

EDIT: The issue was that starting from nginx 1.13 and up they change directories. This works. https://hostup.org/blog/how-to-install-configure-latest-nginx-mainline-version-on-ubuntu/

Compiling error. Please set Nginx 1.13.3 or 1.12.1 (stable). on the site

Compiling error. Please set Nginx 1.13.3 or 1.12.1 (stable). on the site until the issue is resolved.

Thanks,

Mike

Add option to remove systemctl actions

Sometime systemctl isn't available (for example in the official debian docker image).

Maybe this script could benefit of an option to remove the automatic enabling at installation and stop at uninstall.

Problem to install Certbot

Hi,
Please can someone try to help me to find a solution to install Certbot.
I installed Nginx thru your script (because I need pagespeed and brotlib), but because it block nginx packet in APT and certbot package have dependency with nginx package, i receive an error when I try to install the Certbot Nginx package ...
More info on certbot/certbot#6362
If someone can help me to find a solution for this ... I'm not expert of Unix management.
Thanks a lot in advance.

Option for ngx-bad-bot-blocker?

Hello,
It would be nice if we could have the option to install this:

https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker

Stathis

Compile failing on Debian 8.7

it works ok if I skip pagespeed. I did some research and found it's a issue with pagespeed. apache/incubator-pagespeed-ngx#1453
is there any way you add the patch
All together great work. Keep it up

Add String of Options

I'm not too familiar with bash scripting and trying to add the following:

--with-cc-opt='-m64 -march=native -DTCP_FASTOPEN=23 -g -O3'

But, this breaks the makefile.

Any ideas on how to add a line like that with an updated script?

GeoIP 2 support

Salut,

Je viens de m'apercevoir en utilisant ton script d'installation que GeoIP ne fonctionne pas et c'est normal.

Quand tu télécharges les deux fichiers GeoIP, tu les places dans "/usr/local/src/nginx/modules/geoip-db". Le problème c'est que tu les supprimes à la fin du script pour le nettoyage, sans déplacer le dossier "geoip-db" dans "/opt", comme indiquer dans le README.md

nginx-autoinstall/nginx-autoinstall.sh

Lines 193 to 218 in 08093bf

 # GeoIP 

 if [[ "$GEOIP" = 'y' ]]; then 

 # Dependence 

 apt-get install libgeoip-dev -y >> /tmp/nginx-autoinstall.log 2>&1 

 cd /usr/local/src/nginx/modules 

 mkdir geoip-db 

 cd geoip-db 

 echo -ne " Downloading GeoIP databases [..]\r" 

 wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz >> /tmp/nginx-autoinstall.log 2>&1 

 wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz >> /tmp/nginx-autoinstall.log 2>&1 

 gunzip GeoIP.dat.gz 

 gunzip GeoLiteCity.dat.gz 

 mv GeoIP.dat GeoIP-Country.dat 

 mv GeoLiteCity.dat GeoIP-City.dat 

 if [ $? -eq 0 ]; then 

 echo -ne " Downloading GeoIP databases [${CGREEN}OK${CEND}]\r" 

 echo -ne "\n" 

 else 

 echo -e " Downloading GeoIP databases [${CRED}FAIL${CEND}]" 

 echo "" 

 echo "Please look at /tmp/nginx-autoinstall.log" 

 echo "" 

 exit 1 

 fi 

 fi

Add let's encrypt ssl

Thanks for your cool code.
If this script makes ssl certification setting automatically, it will be perfect!

Empty_gif variable for Matomo

Hi,

great script, but can you please insert a new module? The matomo vhost definition for nginx has an empty_gif variable (https://github.com/perusio/piwik-nginx/blob/master/apps/piwik/piwik.conf).

I had to implement the following module line at your script for using this variable:
--with-http_image_filter_module
Also I needed to install the following package: libgd-dev

Can you please implement my suggestion?

Regards,

Compile Nginx Error

Hi,

The compiling of Nginx does not complete.

output /tmp/nginx-autoinstall-error.log
2017-08-11 18:40:39 (735 MB/s) - ‘nginx.conf’ saved [1800/1800]

--2017-08-11 18:40:39-- https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/nginx__1.11.5_dynamic_tls_records.patch
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.56.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.56.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8243 (8.0K) [text/plain]
Saving to: ‘nginx__1.11.5_dynamic_tls_records.patch’

 0K ........                                              100%  138M=0s

2017-08-11 18:40:40 (138 MB/s) - ‘nginx__1.11.5_dynamic_tls_records.patch’ saved [8243/8243]

/usr/local/src/ngx_pagespeed-1.12.34.2-stable/src/ngx_pagespeed.cc: In function ‘ngx_int_t net_instaweb::{anonymous}::ps_preaccess_handler(ngx_http_request_t*)’:
/usr/local/src/ngx_pagespeed-1.12.34.2-stable/src/ngx_pagespeed.cc:3011:31: error: ‘ngx_http_core_try_files_phase’ was not declared in this scope
while (ph[i + 1].checker != ngx_http_core_try_files_phase &&
^
make[1]: *** [objs/addon/src/ngx_pagespeed.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [build] Error 2

  # Certificate(s) and private key
  ssl_certificate /home/ssl/domain.crt;
  ssl_certificate_key /home/ssl/domain.key;

  # openssl dhparam 4096 -out /etc/ssl/dhparam.pem
  ssl_dhparam /home/ssl/dhparam.pem;

  ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
  ssl_prefer_server_ciphers on;
  ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;

  ssl_session_cache shared:TLS:2m;

Enable Geo module.

Hello,

Can you enable the Geo module by default ?

Thanks.
Skid

nginx.service: Failed to read PID from file /run/nginx.pid: Invalid argument

Salut,

Je pense qu'il y a un petit souci avec le fichier "nginx.service" pour systemd.
Avec la commande service nginx status j'ai une petite erreur :

systemd[1]: nginx.service: Failed to read PID from file /run/nginx.pid: Invalid argument

Mais nginx tourne bien....

Using dialog for menu

Just throwing the idea https://askubuntu.com/a/666179/624605

	# GeoIP
	if [[ "$GEOIP" = 'y' ]]; then
	# Dependence
	apt-get install libgeoip-dev -y >> /tmp/nginx-autoinstall.log 2>&1
	cd /usr/local/src/nginx/modules
	mkdir geoip-db
	cd geoip-db
	echo -ne " Downloading GeoIP databases [..]\r"
	wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz >> /tmp/nginx-autoinstall.log 2>&1
	wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz >> /tmp/nginx-autoinstall.log 2>&1
	gunzip GeoIP.dat.gz
	gunzip GeoLiteCity.dat.gz
	mv GeoIP.dat GeoIP-Country.dat
	mv GeoLiteCity.dat GeoIP-City.dat

	if [ $? -eq 0 ]; then
	echo -ne " Downloading GeoIP databases [${CGREEN}OK${CEND}]\r"
	echo -ne "\n"
	else
	echo -e " Downloading GeoIP databases [${CRED}FAIL${CEND}]"
	echo ""
	echo "Please look at /tmp/nginx-autoinstall.log"
	echo ""
	exit 1
	fi
	fi