/nginx-ee

Bash script to compile the latest nginx release from source with additonal modules with EasyEngine, Plesk or from srcratch

Primary LanguageShellMIT LicenseMIT

Nginx-EE

Compile and install the latest nginx releases from source with additional modules with EasyEngine, Plesk Onyx or from scratch

nginx-ee


Features

  • Compile the latest Nginx Mainline or Stable Release
  • Install Nginx or replace Nginx package previously installed
  • Nginx official modules selection
  • Nginx Third-party Additonal selection
  • Brotli Support
  • TLS v1.3 support (Final)
  • Cloudflare HPACK (for Mainline release only)

Additional Third-party modules

Nginx current mainline release : v1.15.7 Nginx current stable release : v1.14.2

optional modules :


Compatibility

Operating System

  • Ubuntu 18.04 LTS (Bionic)
  • Ubuntu 16.04 LTS (Xenial)
  • Debian 8 (Deprecated)

Plesk releases

  • 17.5.x
  • 17.8.x
  • 17.9.x

Usage

Interactive install

bash <(wget -qO - https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/nginx-build.sh)

Non interactive install

bash <(wget -qO - https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/nginx-build.sh) [options] ...

Options available

Nginx release (required) :

  • --mainline : compile nginx mainline release
  • --stable : compile nginx stable release

Additional modules (optional)

  • --pagespeed: compile nginx with ngx_pagespeed latest-stable
  • --pagespeed-beta: compile nginx with ngx_pagespeed latest-beta
  • --naxsi : compile nginx with naxsi
  • --rtmp : compile nginx with rtmp module

Example :

Compile Nginx mailine release with pagespeed stable

bash <(wget -qO - https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/nginx-build.sh) --mainline --pagespeed

Nginx modules

You can choose Nginx official modules and third-party modules you want to compile with Nginx-ee. The list of official modules built by default and optional modules is available on Nginx Docs

To override official modules compiled with nginx-ee, export the variable OVERRIDE_NGINX_MODULES before launching nginx-ee script.

To override third-party modules compiled with nginx-ee, export the variable OVERRIDE_NGINX_ADDITIONAL_MODULES before laucnhing nginx-ee script. Important : If you want to add a third-party module, you will have to download its source in /usr/local/src before launching the compilation.

Examples :

Override list of modules built by default with nginx-ee

# choose modules you want to build
# This is the list of modules built by default with nginx-ee
export OVERRIDE_NGINX_MODULES="--without-http_uwsgi_module \
    --without-mail_imap_module \
    --without-mail_pop3_module \
    --without-mail_smtp_module \
    --with-http_stub_status_module \
    --with-http_realip_module \
    --with-http_auth_request_module \
    --with-http_addition_module \
    --with-http_geoip_module \
    --with-http_gzip_static_module \
    --with-http_image_filter_module \
    --with-http_mp4_module \
    --with-http_sub_module"


# compile nginx-ee with the modules previously selected
bash <(wget -qO - https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/nginx-build.sh)

Override list of third-party modules built by default with nginx-ee

You can add/remove additional third-party modules compiled with nginx-ee. By default Nginx-ee will compile the following third-party modules

    --add-module=/usr/local/src/ngx_http_substitutions_filter_module \
    --add-module=/usr/local/src/srcache-nginx-module \
    --add-module=/usr/local/src/ngx_http_redis \
    --add-module=/usr/local/src/redis2-nginx-module \
    --add-module=/usr/local/src/memc-nginx-module \
    --add-module=/usr/local/src/ngx_devel_kit \
    --add-module=/usr/local/src/set-misc-nginx-module \
    --add-module=/usr/local/src/ngx_http_auth_pam_module \
    --add-module=/usr/local/src/nginx-module-vts \
    --add-module=/usr/local/src/ipscrubtmp/ipscrub

Here an example to add the nginx module mod_zip :

# clone the module repository into /usr/local/src
git clone https://github.com/evanmiller/mod_zip.git /usr/local/src/mod_zip

# add the module to the modules list using the variable OVERRIDE_NGINX_ADDITIONAL_MODULES
# This is the list of third-party modules built by default with nginx-ee + mod_zip module
export OVERRIDE_NGINX_ADDITIONAL_MODULES="--add-module=/usr/local/src/ngx_http_substitutions_filter_module \
    --add-module=/usr/local/src/srcache-nginx-module \
    --add-module=/usr/local/src/ngx_http_redis \
    --add-module=/usr/local/src/redis2-nginx-module \
    --add-module=/usr/local/src/memc-nginx-module \
    --add-module=/usr/local/src/ngx_devel_kit \
    --add-module=/usr/local/src/set-misc-nginx-module \
    --add-module=/usr/local/src/ngx_http_auth_pam_module \
    --add-module=/usr/local/src/nginx-module-vts \
    --add-module=/usr/local/src/ipscrubtmp/ipscrub \
    --add-module=/usr/local/src/mod_zip" # add mod_zip module at the end of the list

# compile nginx-ee with the modules previously selected
bash <(wget -qO - https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/nginx-build.sh)

Troubleshooting

TLS v1.3 do not work or browser show error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH :

Update nginx ssl_ciphers in /etc/nginx/nginx.conf for EasyEngine servers or /etc/nginx/conf.d/ssl.conf for Plesk servers

TLSv1.2 + TLSv1.3

    ##
    # SSL Settings
    ##
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;
    ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;

TLSv1.0 + TLSv1.1 + TLSv1.2 + TLSv1.3

    ##
    # SSL Settings
    ##
    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS13+AESGCM+AES128:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;
    ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;

Nginx configurations


Roadmap

  • Add choice between stable & mainline release
  • Add Nginx configuration examples
  • Add Cloudflare HPACK patch
  • Add support for servers without EasyEngine
  • Add non-interactive installation
  • Add automated update detection
  • Add support for Plesk servers
  • Add Nginx modules choice
  • Add support for Debian 9
  • Add support for Raspbian

Credits

  • centminmod : Nginx, Nginx modules & various other patches
  • hakase : OpenSSL-patch

Published & maintained by VirtuBox