#!/bin/bash
: '
Copyright (C) 2022 - now HaoZi Technology Co., Ltd.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .
'
source <(curl -f -s --connect-timeout 10 --retry 3 https://dl.cdn.haozi.net/panel/public.sh)
if [ $? -ne 0 ]; then
echo "下载 public.sh 失败,请检查网络或稍后重试。"
echo "Download public.sh failed, please check the network or try again later."
exit 1
fi
channel=${1}
version=${2}
nginx_path="${setup_path}/server/nginx"
j=$(calculate_j)
# 安装依赖
if [ ${OS} == "rhel" ]; then
dnf makecache -y
dnf groupinstall "Development Tools" -y
dnf install cmake tar unzip gd gd-devel git-core flex perl oniguruma oniguruma-devel libsodium-devel libxml2-devel libxslt-devel bison yajl yajl-devel curl curl-devel ncurses-devel libevent-devel readline-devel libuuid-devel brotli-devel icu libicu libicu-devel openssl openssl-devel -y
elif [ ${OS} == "debian" ] || [ ${OS} == "ubuntu" ]; then
apt-get update
apt-get install build-essential cmake tar unzip libgd3 libgd-dev git flex perl libonig-dev libsodium-dev libxml2-dev libxslt1-dev bison libyajl-dev curl libcurl4-openssl-dev libncurses5-dev libevent-dev libreadline-dev uuid-dev libbrotli-dev icu-devtools libicu-dev openssl libssl-dev -y
else
error "不支持的操作系统"
fi
if [ "$?" != "0" ]; then
error "安装依赖软件失败"
fi
# 预检查
systemctl is-active --quiet nginx
if [ "$?" != "0" ]; then
error "应用运行状态不正常"
fi
# 停止已有服务
systemctl stop nginx
# 准备目录
cd ${nginx_path}
rm -rf src
# 下载源码
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ${nginx_path}/openresty-${version}.tar.gz ${download_url}/nginx/openresty-${version}.tar.gz
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ${nginx_path}/openresty-${version}.tar.gz.sha256 ${download_url}/nginx/openresty-${version}.tar.gz.sha256
if ! sha256sum --status -c openresty-${version}.tar.gz.sha256; then
rm -f openresty-${version}.tar.gz
rm -f openresty-${version}.tar.gz.sha256
error "nginx 校验失败"
fi
tar -zxvf openresty-${version}.tar.gz
rm -f openresty-${version}.tar.gz
rm -f openresty-${version}.tar.gz.sha256
mv openresty-${version} src
cd src
# tls library
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O quictls-1.1.1w.7z ${download_url}/tls/quictls-1.1.1w.7z
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O quictls-1.1.1w.7z.sha256 ${download_url}/tls/quictls-1.1.1w.7z.sha256
if ! sha256sum --status -c quictls-1.1.1w.7z.sha256; then
rm -rf ${nginx_path}/src
error "quictls 校验失败"
fi
7z x quictls-1.1.1w.7z
rm -f quictls-1.1.1w.7z
rm -f quictls-1.1.1w.7z.sha256
mv quictls-1.1.1w quictls
chmod -R 700 quictls
# patch tls library
cd quictls
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O openssl-1.1.1f-sess_set_get_cb_yield.patch ${download_url}/nginx/openssl/openssl-1.1.1f-sess_set_get_cb_yield.patch
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O openssl-1.1.1f-sess_set_get_cb_yield.patch.sha256 ${download_url}/nginx/openssl/openssl-1.1.1f-sess_set_get_cb_yield.patch.sha256
if ! sha256sum --status -c openssl-1.1.1f-sess_set_get_cb_yield.patch.sha256; then
rm -rf ${nginx_path}/src
error "补丁文件校验失败"
fi
patch -p1 ${nginx_path}/conf/enable-php-${phpVersion}.conf <