If you would rather have more control, or just in general want know how this software is built, the instructions below provide the steps to do so. Please note that I use Arch. Packages may vary based on distro.
Prep
1
pacman -Sy git gcc cmake mercurial gd base-devel automake
Clone and init
1
git clone --recurse-submodules -j8 https://github.com/icedterminal/ngxqb.git
Build Brotli encoder (if you skip this step, Brotli will be absent)
1
2
3
4
cd ngxqb/ngx_brotli/deps/brotli && mkdir out && cd out
cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_C_FLAGS="-Ofast -m64 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_CXX_FLAGS="-Ofast -m64 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_INSTALL_PREFIX=./installed ..
cmake --build . --config Release --target brotlienc
cd ../../../../nginx
OpenSSL Conf
Per issue #2404, to configure OpenSSL you must explicitly define the conf file before building. Otherwise it will fail.
1
export OPENSSL_CONF=../openssl/apps/openssl.cnf
Due to this build of OpenSSL being statically linked, the security issue mentioned does not apply here.
Configure
You may need to edit the configuration parameters to suit your needs. A complete list is here.
Note: The default web server user is www-data on Debian and http on Arch. If you prefer to use a different user, you can do so before you build.
1
./auto/configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --modules-path=/etc/nginx/modules --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/run/nginx.pid --lock-path=/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=http --group=http --with-debug --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_image_filter_module --with-http_realip_module --with-http_ssl_module --with-http_stub_status_module --with-http_v2_module --with-http_v3_module --with-http_dav_module --with-http_stub_status_module --with-http_slice_module --with-http_sub_module --with-http_secure_link_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-zlib=../zlib --with-pcre=../pcre2-10.44 --with-openssl=../openssl --with-openssl-opt=enable-ktls --with-openssl-opt=enable-fips --add-module=../ngx_brotli --add-module=../ngx_devel_kit --add-module=../set-misc-nginx-module --add-module=../njs/nginx --with-cc-opt='-m64 -march=native -mtune=native -Ofast -flto -funroll-loops -ffunction-sections -fdata-sections -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wl,--gc-sections -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-m64 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -Wl,-s -Wl,--gc-sections'
Build and install
1
make
Once building completes, you won’t have the required structure in place to start NGINX. You’ll need to do this as root:
1
sudo su
Create the initial directories:
1
mkdir -p /etc/nginx/{dh,modules,sites-available,sites-disabled,conf.d,html} /var/cache/nginx/{client_temp,proxy_temp,fastcgi_temp,uwsgi_temp,scgi_temp} /var/log/nginx /var/www/html
Copy the default files to the proper location:
1
cp -r conf/. /etc/nginx/; cp -r docs/html/. /var/www/html/; cp -r docs/html/. /etc/nginx/html/; cp objs/nginx /usr/sbin/nginx;
Set the permissions:
1
chmod 755 /usr/sbin/nginx; chown [www-data|http]:adm /var/log/nginx; chmod 755 /var/log/nginx; find /var/cache/nginx -type d | xargs chown [www-data|http]:root; find /var/cache/nginx -type d | xargs chmod 755
Create a startup service:
1
nano /etc/systemd/system/nginx.service
Paste the following contents in:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[Unit]
Description=NGINX web server
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /run/nginx.pid)"
ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /run/nginx.pid)"
[Install]
WantedBy=multi-user.target
Load the service.
1
systemctl daemon-reload; systemctl enable nginx
Start the service
1
systemctl start nginx
You can check your NGINX build information with nginx -V.
Verify
- https://http3check.net/
- https://geekflare.com/tools/http3-test
- When veryifying Brotli, you must use HTTP 2 or HTTP 3.