acepanel/download
2
0
Fork 0
Code Issues Pull Requests Actions Activity
Files
main
download/openresty/install.sh
耗子 758e1c8799
All checks were successful
Generate Checksums / checksums (push) Successful in 46s
Details
feat: 清理提交
2026-01-31 07:03:45 +08:00

425 lines
13 KiB
Bash
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
source <(curl -f -s --connect-timeout 10 --retry 3 https://dl.acepanel.net/public.sh)
if [ $? -ne 0 ]; then
echo "Download public.sh failed, please check the network or try again later."
exit 1
fi
channel=${1}
version=${2}
nginx_path="${setup_path}/server/nginx"
j=$(calculate_j)
# 安装依赖
if [ ${OS} == "rhel" ]; then
dnf makecache -y
dnf groupinstall "Development Tools" -y
dnf install cmake tar unzip gd gd-devel git-core flex perl oniguruma oniguruma-devel libsodium-devel libxml2-devel libxslt-devel bison curl curl-devel ncurses-devel libevent-devel readline-devel libuuid-devel brotli-devel icu libicu libicu-devel openssl openssl-devel libzstd-devel -y
elif [ ${OS} == "debian" ] || [ ${OS} == "ubuntu" ]; then
apt-get update
apt-get install build-essential cmake tar unzip libgd3 libgd-dev git flex perl libonig-dev libsodium-dev libxml2-dev libxslt1-dev bison curl libcurl4-openssl-dev libncurses5-dev libevent-dev libreadline-dev uuid-dev libbrotli-dev icu-devtools libicu-dev openssl libssl-dev libzstd-dev -y
else
error "Unsupported operating system"
fi
if [ "$?" != "0" ]; then
error "Failed to install dependencies"
fi
# 准备目录
rm -rf ${nginx_path}
mkdir -p ${nginx_path}
cd ${nginx_path}
# 下载源码
dl "${nginx_path}" "/openresty/openresty-${version}.tar.gz"
tar -zxvf openresty-${version}.tar.gz
rm -f openresty-${version}.tar.gz
mv openresty-${version} src
cd src
# tls library
dl "${nginx_path}/src" "/tls/openssl-3.5.4.7z"
7z x openssl-3.5.4.7z
rm -f openssl-3.5.4.7z
mv openssl-3.5.4 openssl
chmod -R 700 openssl
# 加载 tls 模块ktls 需要
modprobe tls
# OpenSSL 补丁
cd openssl
patch -p1 <${nginx_path}/src/patches/openssl-3.5.4-sess_set_get_cb_yield.patch
if [ "$?" != "0" ]; then
rm -rf ${nginx_path}
error "OpenSSL patch application failed"
fi
cd ${nginx_path}/src
# pcre2
dl "${nginx_path}/src" "/nginx/pcre/pcre2-10.46.7z"
7z x pcre2-10.46.7z
rm -f pcre2-10.46.7z
mv pcre2-10.46 pcre2
chmod -R 700 pcre2
# ngx_cache_purge
dl "${nginx_path}/src" "/nginx/modules/ngx_cache_purge-2.3.tar.gz"
tar -zxvf ngx_cache_purge-2.3.tar.gz
rm -f ngx_cache_purge-2.3.tar.gz
mv ngx_cache_purge-2.3 ngx_cache_purge
# nginx-sticky-module
dl "${nginx_path}/src" "/nginx/modules/nginx-sticky-module.zip"
unzip -o nginx-sticky-module.zip
rm -f nginx-sticky-module.zip
# nginx-dav-ext-module
dl "${nginx_path}/src" "/nginx/modules/nginx-dav-ext-module-3.0.0.tar.gz"
tar -xvf nginx-dav-ext-module-3.0.0.tar.gz
rm -f nginx-dav-ext-module-3.0.0.tar.gz
mv nginx-dav-ext-module-3.0.0 nginx-dav-ext-module
# ngx_http_security_headers_module
dl "${nginx_path}/src" "/nginx/modules/ngx_http_security_headers_module.zip"
unzip -o ngx_http_security_headers_module.zip
rm -f ngx_http_security_headers_module.zip
# ngx_http_trim_filter_module
dl "${nginx_path}/src" "/nginx/modules/ngx_http_trim_filter_module.zip"
unzip -o ngx_http_trim_filter_module.zip
rm -f ngx_http_trim_filter_module.zip
# ngx_http_zstd_module
dl "${nginx_path}/src" "/nginx/modules/ngx_http_zstd_module.zip"
unzip -o ngx_http_zstd_module.zip
rm -f ngx_http_zstd_module.zip
# ngx_brotli
dl "${nginx_path}/src" "/nginx/modules/ngx_brotli-a71f931.zip"
unzip -o ngx_brotli-a71f931.zip
mv ngx_brotli-a71f931 ngx_brotli
rm -f ngx_brotli-a71f931.zip
cd ngx_brotli/deps/brotli
mkdir out && cd out
cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_C_FLAGS="-Ofast -march=native -mtune=native -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_CXX_FLAGS="-Ofast -march=native -mtune=native -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_INSTALL_PREFIX=./installed ..
cmake --build . --config Release --target brotlienc
if [ "$?" != "0" ]; then
rm -rf ${nginx_path}
error "ngx_brotli compilation failed"
fi
cd ${nginx_path}/src
chmod +x configure
./configure --user=www --group=www \
--prefix=${nginx_path} --with-luajit \
--add-module=${nginx_path}/src/ngx_cache_purge \
--add-module=${nginx_path}/src/nginx-sticky-module \
--with-openssl=${nginx_path}/src/openssl \
--with-openssl-opt="no-tests enable-ktls" \
--with-pcre=${nginx_path}/src/pcre2 --with-pcre-jit \
--with-ld-opt="-Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections" \
--with-cc-opt="-DNGX_LUA_ABORT_AT_PANIC -march=native -mtune=native -Ofast -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" \
--with-luajit-xcflags="-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT" \
--with-file-aio \
--with-threads \
--with-compat \
--with-http_v2_module --with-http_v3_module \
--with-http_slice_module \
--with-stream --with-stream_ssl_module --with-stream_realip_module --with-stream_ssl_preread_module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_image_filter_module \
--with-http_gzip_static_module --with-http_gunzip_module \
--with-http_sub_module \
--with-http_flv_module \
--with-http_addition_module \
--with-http_realip_module \
--with-http_mp4_module \
--with-http_auth_request_module \
--with-http_secure_link_module \
--with-http_random_index_module \
--with-http_dav_module \
--add-module=${nginx_path}/src/nginx-dav-ext-module \
--add-module=${nginx_path}/src/ngx_http_security_headers_module \
--add-module=${nginx_path}/src/ngx_http_trim_filter_module \
--add-module=${nginx_path}/src/ngx_brotli \
--add-module=${nginx_path}/src/ngx_http_zstd_module
make "-j${j}"
if [ "$?" != "0" ]; then
rm -rf ${nginx_path}
error "Compilation failed"
fi
make install
if [ ! -f "${nginx_path}/nginx/sbin/nginx" ]; then
rm -rf ${nginx_path}
error "Installation failed"
fi
cd ${nginx_path}
# 设置软链接
ln -sf ${nginx_path}/nginx/html ${nginx_path}/html
ln -sf ${nginx_path}/nginx/conf ${nginx_path}/conf
ln -sf ${nginx_path}/nginx/logs ${nginx_path}/logs
ln -sf ${nginx_path}/nginx/sbin ${nginx_path}/sbin
ln -sf ${nginx_path}/nginx/sbin/nginx /usr/local/bin/nginx
# 创建站点目录
mkdir -p ${setup_path}/sites
chmod -R 755 ${setup_path}/sites
# 写入主配置文件
mkdir -p ${nginx_path}/conf/stream
cat >${nginx_path}/conf/nginx.conf <<EOF
user www www;
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 65535;
pcre_jit on;
quic_bpf on;
error_log ${setup_path}/server/nginx/nginx-error.log crit;
pid ${setup_path}/server/nginx/nginx.pid;
stream {
include stream/*.conf;
log_format tcp_format '\$time_local|\$remote_addr|\$protocol|\$status|\$bytes_sent|\$bytes_received|\$session_time|\$upstream_addr|\$upstream_bytes_sent|\$upstream_bytes_received|\$upstream_connect_time';
access_log ${setup_path}/server/nginx/tcp-access.log tcp_format;
error_log ${setup_path}/server/nginx/tcp-error.log;
}
events {
use epoll;
worker_connections 65535;
multi_accept on;
}
http {
include mime.types;
include proxy.conf;
include default.conf;
include acme.conf;
default_type application/octet-stream;
keepalive_timeout 60;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 200m;
client_body_buffer_size 10M;
client_body_in_file_only off;
variables_hash_max_size 2048;
variables_hash_bucket_size 128;
http2 on;
http3 on;
quic_gso on;
aio threads;
aio_write on;
directio 512k;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 8 64k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
zstd on;
zstd_min_length 1k;
zstd_comp_level 10;
zstd_types *;
zstd_static on;
brotli on;
brotli_min_length 1k;
brotli_comp_level 6;
brotli_window 1m;
brotli_types *;
brotli_static on;
gzip on;
gzip_min_length 1k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types *;
gzip_vary on;
gzip_proxied any;
limit_conn_zone \$binary_remote_addr zone=perip:10m;
limit_conn_zone \$server_name zone=perserver:10m;
server_tokens off;
access_log off;
# websocket support
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
# status page
server {
listen 80;
server_name 127.0.0.1;
allow 127.0.0.1;
location /nginx_status {
stub_status on;
access_log off;
}
location ~ ^/phpfpm_status/(?<version>\d+)$ {
fastcgi_pass unix:/tmp/php-cgi-\$version.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$fastcgi_script_name;
}
}
include ${setup_path}/sites/*/config/*.conf;
}
EOF
# 写入pathinfo配置文件
cat >${nginx_path}/conf/pathinfo.conf <<EOF
set \$real_script_name \$fastcgi_script_name;
if (\$fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set \$real_script_name \$1;
set \$path_info \$2;
}
fastcgi_param SCRIPT_FILENAME \$document_root\$real_script_name;
fastcgi_param SCRIPT_NAME \$real_script_name;
fastcgi_param PATH_INFO \$path_info;
EOF
# 写入默认站点页
cat >${nginx_path}/html/index.html <<EOF
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>AcePanel</title>
<style>body{background:#f2f3f5;margin:0;padding:20px;font-family:system-ui,sans-serif}.container{max-width:600px;margin:3em auto;background:#fff;padding:40px;border-radius:12px;box-shadow:0 4px 12px rgba(0,0,0,.05)}h1{font-size:3em;font-weight:600;margin:0 0 30px;color:#1a1a1a}p{color:#5a5a5a;line-height:1.6}a{text-decoration:none;color:#333;font-weight:600}</style>
</head>
<body>
<div class="container">
<h1>AcePanel</h1>
<p>This is the default page of AcePanel!</p>
<p>You see this page because the requested website was not found on this server.</p>
<p><em>Powered by <a target="_blank" href="https://acepanel.net">AcePanel</a></em></p>
</div>
</body>
</html>
EOF
# 写入站点停止页
cat >${nginx_path}/html/stop.html <<EOF
<!DOCTYPE html>
<html lang="zh-Hans">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>AcePanel</title>
<style>body{background:#f2f3f5;margin:0;padding:20px;font-family:system-ui,sans-serif}.container{max-width:600px;margin:3em auto;background:#fff;padding:40px;border-radius:12px;box-shadow:0 4px 12px rgba(0,0,0,.05)}h1{font-size:3em;font-weight:600;margin:0 0 30px;color:#1a1a1a}p{color:#5a5a5a;line-height:1.6}a{text-decoration:none;color:#333;font-weight:600}</style>
</head>
<body>
<div class="container">
<h1>Website Suspended</h1>
<p>You see this page because the website has been stopped by the server administrator.</p>
<p><em>Powered by <a target="_blank" href="https://acepanel.net">AcePanel</a></em></p>
</div>
</body>
</html>
EOF
# 写入默认配置文件
touch ${nginx_path}/conf/acme.conf
# 写入代理默认配置文件
cat >${nginx_path}/conf/proxy.conf <<EOF
proxy_temp_path ${nginx_path}/proxy_temp_dir;
proxy_cache_path ${nginx_path}/proxy_cache_dir levels=1:2 keys_zone=cache_one:20m inactive=1d max_size=5g;
proxy_connect_timeout 10;
proxy_read_timeout 60;
proxy_send_timeout 60;
proxy_buffer_size 32k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_cache cache_one;
EOF
# 写入默认站点配置文件
cat >${nginx_path}/conf/default.conf <<EOF
server
{
listen 80 default_server reuseport;
listen [::]:80 default_server reuseport;
listen 443 ssl default_server reuseport;
listen [::]:443 ssl default_server reuseport;
listen 443 quic default_server reuseport;
listen [::]:443 quic default_server reuseport;
server_name _;
index index.html;
root ${nginx_path}/html;
ssl_reject_handshake on;
}
EOF
# 处理文件权限
chmod -R 755 ${nginx_path}
chmod -R 600 ${nginx_path}/conf
# 写入服务文件
cat >/etc/systemd/system/nginx.service <<EOF
[Unit]
Description=The OpenResty Application Platform
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=${nginx_path}/nginx.pid
ExecStartPre=${nginx_path}/sbin/nginx -t -c ${nginx_path}/conf/nginx.conf
ExecStart=${nginx_path}/sbin/nginx -c ${nginx_path}/conf/nginx.conf
ExecReload=${nginx_path}/sbin/nginx -s reload
ExecStop=${nginx_path}/sbin/nginx -s quit
LimitNOFILE=500000
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
EOF
chmod 644 /etc/systemd/system/nginx.service
systemctl daemon-reload
systemctl enable --now nginx
if [ "$?" != "0" ]; then
error "Failed to start"
fi
acepanel app write openresty ${channel} ${version}
acepanel setting write webserver nginx
echo -e $HR
echo "Installation successful"
echo -e $HR
Reference in New Issue View Git Blame Copy Permalink