opensource/download
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a65d23f05b6fbaaad9d5177ddd124b2b1cb45950
download/panel/nginx/update.sh
耗子 a65d23f05b
Some checks failed
Generate Checksums / checksums (push) Has been cancelled
Details
feat: 移除协议
2025-08-22 06:19:40 +08:00

265 lines
11 KiB (Stored with Git LFS)
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
source <(curl -f -s --connect-timeout 10 --retry 3 https://dl.cdn.haozi.net/panel/public.sh)
if [ $? -ne 0 ]; then
echo "下载 public.sh 失败,请检查网络或稍后重试。"
echo "Download public.sh failed, please check the network or try again later."
exit 1
fi
channel=${1}
version=${2}
nginx_path="${setup_path}/server/nginx"
j=$(calculate_j)
# 预检查
systemctl is-active --quiet nginx
if [ "$?" != "0" ]; then
error "应用运行状态不正常"
fi
# 准备目录
cd ${nginx_path}
rm -rf src
# 下载源码
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ${nginx_path}/openresty-${version}.tar.gz ${download_url}/nginx/openresty-${version}.tar.gz
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ${nginx_path}/openresty-${version}.tar.gz.sha256 ${download_url}/nginx/openresty-${version}.tar.gz.sha256
if ! sha256sum --status -c openresty-${version}.tar.gz.sha256; then
rm -f openresty-${version}.tar.gz
rm -f openresty-${version}.tar.gz.sha256
error "nginx 校验失败"
fi
tar -zxvf openresty-${version}.tar.gz
rm -f openresty-${version}.tar.gz
rm -f openresty-${version}.tar.gz.sha256
mv openresty-${version} src
cd src
# tls library
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O openssl-3.5.2.7z ${download_url}/tls/openssl-3.5.2.7z
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O openssl-3.5.2.7z.sha256 ${download_url}/tls/openssl-3.5.2.7z.sha256
if ! sha256sum --status -c openssl-3.5.2.7z.sha256; then
rm -rf ${nginx_path}/src
error "openssl 校验失败"
fi
7z x openssl-3.5.2.7z
rm -f openssl-3.5.2.7z
rm -f openssl-3.5.2.7z.sha256
mv openssl-3.5.2 openssl
chmod -R 700 openssl
# 加载 tls 模块ktls 需要
modprobe tls
# OpenSSL 补丁
cd openssl
patch -p1 < ${nginx_path}/src/patches/openssl-3.5.2-sess_set_get_cb_yield.patch
if [ "$?" != "0" ]; then
rm -rf ${nginx_path}/src
error "OpenSSL 补丁应用失败"
fi
cd ${nginx_path}/src
# pcre2
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O pcre2-10.45.7z ${download_url}/nginx/pcre/pcre2-10.45.7z
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O pcre2-10.45.7z.sha256 ${download_url}/nginx/pcre/pcre2-10.45.7z.sha256
if ! sha256sum --status -c pcre2-10.45.7z.sha256; then
rm -rf ${nginx_path}/src
error "pcre 校验失败"
fi
7z x pcre2-10.45.7z
rm -f pcre2-10.45.7z
rm -f pcre2-10.45.7z.sha256
mv pcre2-10.45 pcre2
chmod -R 700 pcre2
# ngx_cache_purge
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_cache_purge-2.3.tar.gz ${download_url}/nginx/modules/ngx_cache_purge-2.3.tar.gz
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_cache_purge-2.3.tar.gz.sha256 ${download_url}/nginx/modules/ngx_cache_purge-2.3.tar.gz.sha256
if ! sha256sum --status -c ngx_cache_purge-2.3.tar.gz.sha256; then
rm -rf ${nginx_path}/src
error "ngx_cache_purge 校验失败"
fi
tar -zxvf ngx_cache_purge-2.3.tar.gz
rm -f ngx_cache_purge-2.3.tar.gz
rm -f ngx_cache_purge-2.3.tar.gz.sha256
mv ngx_cache_purge-2.3 ngx_cache_purge
# nginx-sticky-module
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O nginx-sticky-module.zip ${download_url}/nginx/modules/nginx-sticky-module.zip
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O nginx-sticky-module.zip.sha256 ${download_url}/nginx/modules/nginx-sticky-module.zip.sha256
if ! sha256sum --status -c nginx-sticky-module.zip.sha256; then
rm -rf ${nginx_path}/src
error "nginx-sticky-module 校验失败"
fi
unzip -o nginx-sticky-module.zip
rm -f nginx-sticky-module.zip
rm -f nginx-sticky-module.zip.sha256
# nginx-dav-ext-module
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O nginx-dav-ext-module-3.0.0.tar.gz ${download_url}/nginx/modules/nginx-dav-ext-module-3.0.0.tar.gz
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O nginx-dav-ext-module-3.0.0.tar.gz.sha256 ${download_url}/nginx/modules/nginx-dav-ext-module-3.0.0.tar.gz.sha256
if ! sha256sum --status -c nginx-dav-ext-module-3.0.0.tar.gz.sha256; then
rm -rf ${nginx_path}/src
error "nginx-dav-ext-module 校验失败"
fi
tar -xvf nginx-dav-ext-module-3.0.0.tar.gz
rm -f nginx-dav-ext-module-3.0.0.tar.gz
rm -f nginx-dav-ext-module-3.0.0.tar.gz.sha256
mv nginx-dav-ext-module-3.0.0 nginx-dav-ext-module
# ngx_http_security_headers_module
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_http_security_headers_module.zip ${download_url}/nginx/modules/ngx_http_security_headers_module.zip
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_http_security_headers_module.zip.sha256 ${download_url}/nginx/modules/ngx_http_security_headers_module.zip.sha256
if ! sha256sum --status -c ngx_http_security_headers_module.zip.sha256; then
rm -rf ${nginx_path}/src
error "ngx_http_security_headers_module 校验失败"
fi
unzip -o ngx_http_security_headers_module.zip
rm -f ngx_http_security_headers_module.zip
rm -f ngx_http_security_headers_module.zip.sha256
# ngx_http_trim_filter_module
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_http_trim_filter_module.zip ${download_url}/nginx/modules/ngx_http_trim_filter_module.zip
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_http_trim_filter_module.zip.sha256 ${download_url}/nginx/modules/ngx_http_trim_filter_module.zip.sha256
if ! sha256sum --status -c ngx_http_trim_filter_module.zip.sha256; then
rm -rf ${nginx_path}/src
error "ngx_http_trim_filter_module 校验失败"
fi
unzip -o ngx_http_trim_filter_module.zip
rm -f ngx_http_trim_filter_module.zip
rm -f ngx_http_trim_filter_module.zip.sha256
# ngx_http_zstd_module
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_http_zstd_module.zip ${download_url}/nginx/modules/ngx_http_zstd_module.zip
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_http_zstd_module.zip.sha256 ${download_url}/nginx/modules/ngx_http_zstd_module.zip.sha256
if ! sha256sum --status -c ngx_http_zstd_module.zip.sha256; then
rm -rf ${nginx_path}/src
error "ngx_http_zstd_module 校验失败"
fi
unzip -o ngx_http_zstd_module.zip
rm -f ngx_http_zstd_module.zip
rm -f ngx_http_zstd_module.zip.sha256
# ngx_brotli
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_brotli-a71f931.zip ${download_url}/nginx/modules/ngx_brotli-a71f931.zip
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_brotli-a71f931.zip.sha256 ${download_url}/nginx/modules/ngx_brotli-a71f931.zip.sha256
if ! sha256sum --status -c ngx_brotli-a71f931.zip.sha256; then
rm -rf ${nginx_path}/src
error "ngx_brotli 校验失败"
fi
unzip -o ngx_brotli-a71f931.zip
mv ngx_brotli-a71f931 ngx_brotli
rm -f ngx_brotli-a71f931.zip
rm -f ngx_brotli-a71f931.zip.sha256
cd ngx_brotli/deps/brotli
mkdir out && cd out
cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_C_FLAGS="-Ofast -march=native -mtune=native -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_CXX_FLAGS="-Ofast -march=native -mtune=native -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_INSTALL_PREFIX=./installed ..
cmake --build . --config Release --target brotlienc
if [ "$?" != "0" ]; then
rm -rf ${nginx_path}/src
error "ngx_brotli 编译失败"
fi
cd ${nginx_path}/src
./configure --user=www --group=www \
--prefix=${nginx_path} --with-luajit \
--add-module=${nginx_path}/src/ngx_cache_purge \
--add-module=${nginx_path}/src/nginx-sticky-module \
--with-openssl=${nginx_path}/src/openssl \
--with-openssl-opt=enable-ktls \
--with-pcre=${nginx_path}/src/pcre2 --with-pcre-jit \
--with-ld-opt="-Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections" \
--with-cc-opt="-DNGX_LUA_ABORT_AT_PANIC -march=native -mtune=native -Ofast -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" \
--with-luajit-xcflags="-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT" \
--with-file-aio \
--with-threads \
--with-compat \
--with-http_v2_module --with-http_v3_module \
--with-http_slice_module \
--with-stream --with-stream_ssl_module --with-stream_realip_module --with-stream_ssl_preread_module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_image_filter_module \
--with-http_gzip_static_module --with-http_gunzip_module \
--with-http_sub_module \
--with-http_flv_module \
--with-http_addition_module \
--with-http_realip_module \
--with-http_mp4_module \
--with-http_auth_request_module \
--with-http_secure_link_module \
--with-http_random_index_module \
--with-http_dav_module \
--add-module=${nginx_path}/src/nginx-dav-ext-module \
--add-module=${nginx_path}/src/ngx_http_security_headers_module \
--add-module=${nginx_path}/src/ngx_http_trim_filter_module \
--add-module=${nginx_path}/src/ngx_brotli \
--add-module=${nginx_path}/src/ngx_http_zstd_module
make "-j${j}"
if [ "$?" != "0" ]; then
error "编译失败"
fi
# 停止已有服务
systemctl stop nginx
make install
if [ ! -f "${nginx_path}/nginx/sbin/nginx" ]; then
error "安装失败"
fi
cd ${nginx_path}
# 自动为所有PHP版本创建配置文件
if [ -d "${setup_path}/server/php" ]; then
cd ${setup_path}/server/php
phpList=$(ls -l | grep ^d | awk '{print $NF}')
for phpVersion in ${phpList}; do
if [ -d "${setup_path}/server/php/${phpVersion}" ]; then
# 写入PHP配置文件
cat >${nginx_path}/conf/enable-php-${phpVersion}.conf <<EOF
location ~ \.php$ {
try_files \$uri =404;
fastcgi_pass unix:/tmp/php-cgi-${phpVersion}.sock;
fastcgi_index index.php;
include fastcgi.conf;
include pathinfo.conf;
}
EOF
fi
done
fi
# 处理文件权限
chmod -R 755 ${nginx_path}
chmod -R 644 ${setup_path}/server/vhost
systemctl daemon-reload
systemctl start nginx
if [ "$?" != "0" ]; then
error "启动失败"
fi
panel-cli app write nginx ${channel} ${version}
echo -e $HR
echo "升级完成"
echo -e $HR
Reference in New Issue View Git Blame Copy Permalink