opensource/download
opensource/download
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
download/panel/nginx/update.sh
耗子 ca7853f354
Some checks failed
Generate Checksums / checksums (push) Has been cancelled
Details
feat: 优化应用更新的停止逻辑
2025-04-20 15:37:18 +08:00

288 lines
12 KiB (Stored with Git LFS)
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
: '
Copyright (C) 2022 - now HaoZi Technology Co., Ltd.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
'
source <(curl -f -s --connect-timeout 10 --retry 3 https://dl.cdn.haozi.net/panel/public.sh)
if [ $? -ne 0 ]; then
echo "下载 public.sh 失败,请检查网络或稍后重试。"
echo "Download public.sh failed, please check the network or try again later."
exit 1
fi
channel=${1}
version=${2}
nginx_path="${setup_path}/server/nginx"
j=$(calculate_j)
# 安装依赖
if [ ${OS} == "rhel" ]; then
dnf makecache -y
dnf groupinstall "Development Tools" -y
dnf install cmake tar unzip gd gd-devel git-core flex perl oniguruma oniguruma-devel libsodium-devel libxml2-devel libxslt-devel bison yajl yajl-devel curl curl-devel ncurses-devel libevent-devel readline-devel libuuid-devel brotli-devel icu libicu libicu-devel openssl openssl-devel libzstd-devel -y
elif [ ${OS} == "debian" ] || [ ${OS} == "ubuntu" ]; then
apt-get update
apt-get install build-essential cmake tar unzip libgd3 libgd-dev git flex perl libonig-dev libsodium-dev libxml2-dev libxslt1-dev bison libyajl-dev curl libcurl4-openssl-dev libncurses5-dev libevent-dev libreadline-dev uuid-dev libbrotli-dev icu-devtools libicu-dev openssl libssl-dev libzstd-dev -y
else
error "不支持的操作系统"
fi
if [ "$?" != "0" ]; then
error "安装依赖软件失败"
fi
# 预检查
systemctl is-active --quiet nginx
if [ "$?" != "0" ]; then
error "应用运行状态不正常"
fi
# 准备目录
cd ${nginx_path}
rm -rf src
# 下载源码
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ${nginx_path}/openresty-${version}.tar.gz ${download_url}/nginx/openresty-${version}.tar.gz
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ${nginx_path}/openresty-${version}.tar.gz.sha256 ${download_url}/nginx/openresty-${version}.tar.gz.sha256
if ! sha256sum --status -c openresty-${version}.tar.gz.sha256; then
rm -f openresty-${version}.tar.gz
rm -f openresty-${version}.tar.gz.sha256
error "nginx 校验失败"
fi
tar -zxvf openresty-${version}.tar.gz
rm -f openresty-${version}.tar.gz
rm -f openresty-${version}.tar.gz.sha256
mv openresty-${version} src
cd src
# tls library
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O openssl-3.5.0.7z ${download_url}/tls/openssl-3.5.0.7z
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O openssl-3.5.0.7z.sha256 ${download_url}/tls/openssl-3.5.0.7z.sha256
if ! sha256sum --status -c openssl-3.5.0.7z.sha256; then
rm -rf ${nginx_path}/src
error "openssl 校验失败"
fi
7z x openssl-3.5.0.7z
rm -f openssl-3.5.0.7z
rm -f openssl-3.5.0.7z.sha256
mv openssl-3.5.0 openssl
chmod -R 700 openssl
# 加载 tls 模块ktls 需要
modprobe tls
# TODO OpenSSL 3.5.0 已经打过补丁,下次更新不要忘记在这里打补丁哦
# pcre2
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O pcre2-10.45.7z ${download_url}/nginx/pcre/pcre2-10.45.7z
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O pcre2-10.45.7z.sha256 ${download_url}/nginx/pcre/pcre2-10.45.7z.sha256
if ! sha256sum --status -c pcre2-10.45.7z.sha256; then
rm -rf ${nginx_path}/src
error "pcre 校验失败"
fi
7z x pcre2-10.45.7z
rm -f pcre2-10.45.7z
rm -f pcre2-10.45.7z.sha256
mv pcre2-10.45 pcre2
chmod -R 700 pcre2
# ngx_cache_purge
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_cache_purge-2.3.tar.gz ${download_url}/nginx/modules/ngx_cache_purge-2.3.tar.gz
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_cache_purge-2.3.tar.gz.sha256 ${download_url}/nginx/modules/ngx_cache_purge-2.3.tar.gz.sha256
if ! sha256sum --status -c ngx_cache_purge-2.3.tar.gz.sha256; then
rm -rf ${nginx_path}/src
error "ngx_cache_purge 校验失败"
fi
tar -zxvf ngx_cache_purge-2.3.tar.gz
rm -f ngx_cache_purge-2.3.tar.gz
rm -f ngx_cache_purge-2.3.tar.gz.sha256
mv ngx_cache_purge-2.3 ngx_cache_purge
# nginx-sticky-module
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O nginx-sticky-module.zip ${download_url}/nginx/modules/nginx-sticky-module.zip
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O nginx-sticky-module.zip.sha256 ${download_url}/nginx/modules/nginx-sticky-module.zip.sha256
if ! sha256sum --status -c nginx-sticky-module.zip.sha256; then
rm -rf ${nginx_path}/src
error "nginx-sticky-module 校验失败"
fi
unzip -o nginx-sticky-module.zip
rm -f nginx-sticky-module.zip
rm -f nginx-sticky-module.zip.sha256
# nginx-dav-ext-module
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O nginx-dav-ext-module-3.0.0.tar.gz ${download_url}/nginx/modules/nginx-dav-ext-module-3.0.0.tar.gz
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O nginx-dav-ext-module-3.0.0.tar.gz.sha256 ${download_url}/nginx/modules/nginx-dav-ext-module-3.0.0.tar.gz.sha256
if ! sha256sum --status -c nginx-dav-ext-module-3.0.0.tar.gz.sha256; then
rm -rf ${nginx_path}/src
error "nginx-dav-ext-module 校验失败"
fi
tar -xvf nginx-dav-ext-module-3.0.0.tar.gz
rm -f nginx-dav-ext-module-3.0.0.tar.gz
rm -f nginx-dav-ext-module-3.0.0.tar.gz.sha256
mv nginx-dav-ext-module-3.0.0 nginx-dav-ext-module
# ngx_http_security_headers_module
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_http_security_headers_module.zip ${download_url}/nginx/modules/ngx_http_security_headers_module.zip
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_http_security_headers_module.zip.sha256 ${download_url}/nginx/modules/ngx_http_security_headers_module.zip.sha256
if ! sha256sum --status -c ngx_http_security_headers_module.zip.sha256; then
rm -rf ${nginx_path}/src
error "ngx_http_security_headers_module 校验失败"
fi
unzip -o ngx_http_security_headers_module.zip
rm -f ngx_http_security_headers_module.zip
rm -f ngx_http_security_headers_module.zip.sha256
# ngx_http_trim_filter_module
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_http_trim_filter_module.zip ${download_url}/nginx/modules/ngx_http_trim_filter_module.zip
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_http_trim_filter_module.zip.sha256 ${download_url}/nginx/modules/ngx_http_trim_filter_module.zip.sha256
if ! sha256sum --status -c ngx_http_trim_filter_module.zip.sha256; then
rm -rf ${nginx_path}/src
error "ngx_http_trim_filter_module 校验失败"
fi
unzip -o ngx_http_trim_filter_module.zip
rm -f ngx_http_trim_filter_module.zip
rm -f ngx_http_trim_filter_module.zip.sha256
# ngx_http_zstd_module
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_http_zstd_module.zip ${download_url}/nginx/modules/ngx_http_zstd_module.zip
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_http_zstd_module.zip.sha256 ${download_url}/nginx/modules/ngx_http_zstd_module.zip.sha256
if ! sha256sum --status -c ngx_http_zstd_module.zip.sha256; then
rm -rf ${nginx_path}/src
error "ngx_http_zstd_module 校验失败"
fi
unzip -o ngx_http_zstd_module.zip
rm -f ngx_http_zstd_module.zip
rm -f ngx_http_zstd_module.zip.sha256
# ngx_brotli
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_brotli-a71f931.zip ${download_url}/nginx/modules/ngx_brotli-a71f931.zip
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ngx_brotli-a71f931.zip.sha256 ${download_url}/nginx/modules/ngx_brotli-a71f931.zip.sha256
if ! sha256sum --status -c ngx_brotli-a71f931.zip.sha256; then
rm -rf ${nginx_path}/src
error "ngx_brotli 校验失败"
fi
unzip -o ngx_brotli-a71f931.zip
mv ngx_brotli-a71f931 ngx_brotli
rm -f ngx_brotli-a71f931.zip
rm -f ngx_brotli-a71f931.zip.sha256
cd ngx_brotli/deps/brotli
mkdir out && cd out
cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_C_FLAGS="-Ofast -march=native -mtune=native -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_CXX_FLAGS="-Ofast -march=native -mtune=native -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_INSTALL_PREFIX=./installed ..
cmake --build . --config Release --target brotlienc
if [ "$?" != "0" ]; then
rm -rf ${nginx_path}/src
error "ngx_brotli 编译失败"
fi
cd ${nginx_path}/src
./configure --user=www --group=www \
--prefix=${nginx_path} --with-luajit \
--add-module=${nginx_path}/src/ngx_cache_purge \
--add-module=${nginx_path}/src/nginx-sticky-module \
--with-openssl=${nginx_path}/src/openssl \
--with-openssl-opt=enable-ktls \
--with-pcre=${nginx_path}/src/pcre2 --with-pcre-jit \
--with-ld-opt="-Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections" \
--with-cc-opt="-DNGX_LUA_ABORT_AT_PANIC -march=native -mtune=native -Ofast -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" \
--with-luajit-xcflags="-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT" \
--with-file-aio \
--with-threads \
--with-compat \
--with-http_v2_module --with-http_v3_module \
--with-http_slice_module \
--with-stream --with-stream_ssl_module --with-stream_realip_module --with-stream_ssl_preread_module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_image_filter_module \
--with-http_gzip_static_module --with-http_gunzip_module \
--with-http_sub_module \
--with-http_flv_module \
--with-http_addition_module \
--with-http_realip_module \
--with-http_mp4_module \
--with-http_auth_request_module \
--with-http_secure_link_module \
--with-http_random_index_module \
--with-http_dav_module \
--add-module=${nginx_path}/src/nginx-dav-ext-module \
--add-module=${nginx_path}/src/ngx_http_security_headers_module \
--add-module=${nginx_path}/src/ngx_http_trim_filter_module \
--add-module=${nginx_path}/src/ngx_brotli \
--add-module=${nginx_path}/src/ngx_http_zstd_module
make "-j${j}"
if [ "$?" != "0" ]; then
error "编译失败"
fi
# 停止已有服务
systemctl stop nginx
make install
if [ ! -f "${nginx_path}/nginx/sbin/nginx" ]; then
error "安装失败"
fi
cd ${nginx_path}
# 自动为所有PHP版本创建配置文件
if [ -d "${setup_path}/server/php" ]; then
cd ${setup_path}/server/php
phpList=$(ls -l | grep ^d | awk '{print $NF}')
for phpVersion in ${phpList}; do
if [ -d "${setup_path}/server/php/${phpVersion}" ]; then
# 写入PHP配置文件
cat >${nginx_path}/conf/enable-php-${phpVersion}.conf <<EOF
location ~ \.php$ {
try_files \$uri =404;
fastcgi_pass unix:/tmp/php-cgi-${phpVersion}.sock;
fastcgi_index index.php;
include fastcgi.conf;
include pathinfo.conf;
}
EOF
fi
done
fi
# 处理文件权限
chmod -R 755 ${nginx_path}
chmod -R 644 ${setup_path}/server/vhost
systemctl daemon-reload
systemctl start nginx
if [ "$?" != "0" ]; then
error "启动失败"
fi
panel-cli app write nginx ${channel} ${version}
echo -e $HR
echo "升级完成"
echo -e $HR
Reference in New Issue View Git Blame Copy Permalink