Update scripts.
This commit is contained in:
parent
97ec8056d6
commit
28ef2b4565
|
@ -7,7 +7,11 @@ if [[ -e "/etc/needrestart/needrestart.conf" ]]; then
|
||||||
sudo sed -E -i "s/(^|#)\\\$nrconf\{restart\}\s*=.*/\$nrconf\{restart\} = 'a';/g" /etc/needrestart/needrestart.conf
|
sudo sed -E -i "s/(^|#)\\\$nrconf\{restart\}\s*=.*/\$nrconf\{restart\} = 'a';/g" /etc/needrestart/needrestart.conf
|
||||||
sudo sed -E -i "s/(^|#)\\\$nrconf\{kernelhints\}\s*=.*/\$nrconf\{kernelhints\} = -1;/g" /etc/needrestart/needrestart.conf
|
sudo sed -E -i "s/(^|#)\\\$nrconf\{kernelhints\}\s*=.*/\$nrconf\{kernelhints\} = -1;/g" /etc/needrestart/needrestart.conf
|
||||||
fi
|
fi
|
||||||
sudo apt-get install -y linux-kernel-headers build-essential
|
sudo apt-get update
|
||||||
|
if [[ -z "$(which git)" ]]; then
|
||||||
|
sudo apt-get install -y git
|
||||||
|
fi
|
||||||
|
sudo apt-get install -y linux-kernel-headers software-properties-common build-essential
|
||||||
org_pwd="$(pwd)"
|
org_pwd="$(pwd)"
|
||||||
cpu_cores="$(nproc --all)"
|
cpu_cores="$(nproc --all)"
|
||||||
if [[ -z "$cpu_cores" ]]; then
|
if [[ -z "$cpu_cores" ]]; then
|
||||||
|
@ -54,11 +58,19 @@ if [[ "$ubuntu_ver" < "16" ]]; then #Need update ca-certificates manual
|
||||||
/usr/bin/c_rehash /etc/ssl/certs"
|
/usr/bin/c_rehash /etc/ssl/certs"
|
||||||
cd "$org_pwd"
|
cd "$org_pwd"
|
||||||
else
|
else
|
||||||
sudo apt-get update
|
|
||||||
sudo apt-get install --reinstall ca-certificates -y
|
sudo apt-get install --reinstall ca-certificates -y
|
||||||
fi
|
fi
|
||||||
|
nginx_configure=""
|
||||||
|
if [ -z $openssl_source_dir ]; then
|
||||||
|
nginx_configure="./configure --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-mail=dynamic --with-mail_ssl_module --add-module=../headers-more-nginx-module"
|
||||||
|
else
|
||||||
|
nginx_configure="./configure --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-mail=dynamic --with-mail_ssl_module --add-module=../headers-more-nginx-module --with-openssl=$openssl_source_dir"
|
||||||
|
fi
|
||||||
install_modsecurity="0"
|
install_modsecurity="0"
|
||||||
if [[ "$1" == "--install-modsecurity" ]] || [[ "$2" == "--install-modsecurity" ]];then
|
install_passenger="0"
|
||||||
|
extra_remove_packages=""
|
||||||
|
extra_build_nginx_cmd="true"
|
||||||
|
if [[ "$@" == *"--install-modsecurity"* ]];then
|
||||||
install_modsecurity="1"
|
install_modsecurity="1"
|
||||||
sudo bash -l -c "
|
sudo bash -l -c "
|
||||||
cd /root &&
|
cd /root &&
|
||||||
|
@ -74,16 +86,44 @@ if [[ "$1" == "--install-modsecurity" ]] || [[ "$2" == "--install-modsecurity"
|
||||||
cd .. &&
|
cd .. &&
|
||||||
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
|
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
|
||||||
"
|
"
|
||||||
fi
|
|
||||||
nginx_configure=""
|
|
||||||
if [ -z $openssl_source_dir ]; then
|
|
||||||
nginx_configure="./configure --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module"
|
|
||||||
else
|
|
||||||
nginx_configure="./configure --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --with-openssl=$openssl_source_dir"
|
|
||||||
fi
|
|
||||||
if [[ "$install_modsecurity" == "1" ]]; then
|
|
||||||
nginx_configure="$nginx_configure --add-dynamic-module=../ModSecurity-nginx"
|
nginx_configure="$nginx_configure --add-dynamic-module=../ModSecurity-nginx"
|
||||||
fi
|
fi
|
||||||
|
if [[ "$@" == *"--install-passenger"* ]];then
|
||||||
|
install_passenger="1"
|
||||||
|
extra_remove_packages="$extra_remove_packages passenger"
|
||||||
|
if [ -e "/etc/profile.d/rvm.sh" ]; then
|
||||||
|
source "/etc/profile.d/rvm.sh"
|
||||||
|
fi
|
||||||
|
if [ -z "$rvm_path" ]; then
|
||||||
|
sudo apt-add-repository -y ppa:rael-gc/rvm
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get install rvm -y
|
||||||
|
sudo usermod -a -G rvm $USER
|
||||||
|
echo 'source "/etc/profile.d/rvm.sh"' >> ~/.bashrc
|
||||||
|
source "/etc/profile.d/rvm.sh"
|
||||||
|
sudo chown $USER:$USER $HOME -R
|
||||||
|
rvm user gemsets
|
||||||
|
sudo chown $USER:$USER /usr/share/rvm -R
|
||||||
|
rvm install 2.7.6 --with-openssl-dir="$openssl_dir"
|
||||||
|
curl -sSL https://rvm.io/mpapis.asc | sudo gpg --import -
|
||||||
|
curl -sSL https://rvm.io/pkuczynski.asc | sudo gpg --import -
|
||||||
|
rvmsudo rvm get stable && rvm reload && rvmsudo rvm repair all
|
||||||
|
fi
|
||||||
|
gem_path=`which gem`
|
||||||
|
path_for_sudo=`sudo bash -l -c 'echo $PATH'`
|
||||||
|
path_for_sudo="PATH=$(dirname $gem_path):$path_for_sudo"
|
||||||
|
sudo bash -l -c "$path_for_sudo $gem_path install passenger"
|
||||||
|
if [ ! -d "/usr/include/curl" ]; then # /usr/include/curl must exist when building passenger nginx
|
||||||
|
sudo apt-get -y install libcurl4-openssl-dev
|
||||||
|
fi
|
||||||
|
|
||||||
|
nginx_configure="$nginx_configure --add-dynamic-module=$(sudo bash -l -c "$path_for_sudo passenger-config --nginx-addon-dir")"
|
||||||
|
nginx_configure="export $path_for_sudo && $nginx_configure"
|
||||||
|
echo $nginx_configure
|
||||||
|
extra_build_nginx_cmd="$extra_build_nginx_cmd && ln -s /usr/lib/nginx/modules/ngx_http_passenger_module.so /etc/nginx/modules-enabled/ngx_http_passenger_module.so && \
|
||||||
|
echo 'load_module /etc/nginx/modules-enabled/ngx_http_passenger_module.so;' > /etc/nginx/modules-enabled/50-mod-http-passenger.conf"
|
||||||
|
fi
|
||||||
|
|
||||||
nginx_ver=""
|
nginx_ver=""
|
||||||
if [[ ! -z "$(which nginx)" ]]; then
|
if [[ ! -z "$(which nginx)" ]]; then
|
||||||
nginx_ver="$(nginx -v 2>&1|xargs|awk '{print $3}'|cut -d '/' -f 2)"
|
nginx_ver="$(nginx -v 2>&1|xargs|awk '{print $3}'|cut -d '/' -f 2)"
|
||||||
|
@ -101,7 +141,7 @@ if [[ ! -f /etc/init.d/nginx ]]; then
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
nginx_target_ver="1.23.1"
|
nginx_target_ver="1.23.1"
|
||||||
if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$install_modsecurity" == "1" ]]; then
|
if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$install_modsecurity" == "1" ]] || [[ "$install_passenger" == "1" ]]; then
|
||||||
if [ -f "/etc/nginx/nginx.conf" ]; then
|
if [ -f "/etc/nginx/nginx.conf" ]; then
|
||||||
nginx_conf_exist="1"
|
nginx_conf_exist="1"
|
||||||
else
|
else
|
||||||
|
@ -114,22 +154,26 @@ if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$ins
|
||||||
#Build nginx and install
|
#Build nginx and install
|
||||||
sudo bash -l -c "
|
sudo bash -l -c "
|
||||||
cd /root && \
|
cd /root && \
|
||||||
|
if [ ! -e headers-more-nginx-module ]; then git clone https://github.com/openresty/headers-more-nginx-module.git; fi && \
|
||||||
wget http://nginx.org/download/nginx-$nginx_target_ver.tar.gz -O nginx-$nginx_target_ver.tar.gz && \
|
wget http://nginx.org/download/nginx-$nginx_target_ver.tar.gz -O nginx-$nginx_target_ver.tar.gz && \
|
||||||
tar -zxvf nginx-$nginx_target_ver.tar.gz && \
|
tar -zxvf nginx-$nginx_target_ver.tar.gz && \
|
||||||
cd nginx-$nginx_target_ver && \
|
cd nginx-$nginx_target_ver && \
|
||||||
apt remove nginx --purge -y && \
|
apt remove nginx ${extra_remove_packages} --purge -y && \
|
||||||
apt-get -y install libpcre3 libpcre3-dev libxml2 libxml2-dev libxslt-dev libgd-dev && \
|
apt-get -y install libpcre3 libpcre3-dev libxml2 libxml2-dev libxslt-dev libgd-dev && \
|
||||||
|
if [ -e Makefile ]; then make clean; fi && \
|
||||||
$nginx_configure && \
|
$nginx_configure && \
|
||||||
make -j$cpu_cores && make install && \
|
make -j$cpu_cores && make install && \
|
||||||
|
mkdir -p /etc/nginx/modules && \
|
||||||
|
if [ ! -e /usr/share/nginx/modules ]; then ln -s /etc/nginx/modules /usr/share/nginx/modules; fi && \
|
||||||
rm -f /usr/sbin/nginx && \
|
rm -f /usr/sbin/nginx && \
|
||||||
ln -s /usr/share/nginx/sbin/nginx /usr/sbin/. && \
|
ln -s /usr/share/nginx/sbin/nginx /usr/sbin/. && $extra_build_nginx_cmd && \
|
||||||
mkdir -p /var/lib/nginx && \
|
mkdir -p /var/lib/nginx && \
|
||||||
|
mkdir -p /etc/nginx/modules-enabled && \
|
||||||
service nginx restart"
|
service nginx restart"
|
||||||
if [[ "$install_modsecurity" == "1" ]]; then
|
if [[ "$install_modsecurity" == "1" ]]; then
|
||||||
sudo bash -l -c "
|
sudo bash -l -c "
|
||||||
cd /root/nginx-$nginx_target_ver && \
|
cd /root/nginx-$nginx_target_ver && \
|
||||||
make modules && \
|
make modules && \
|
||||||
mkdir -p /etc/nginx/modules && \
|
|
||||||
cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && \
|
cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && \
|
||||||
echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && \
|
echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && \
|
||||||
mkdir -p /etc/nginx/modsec && \
|
mkdir -p /etc/nginx/modsec && \
|
||||||
|
@ -186,5 +230,11 @@ if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$ins
|
||||||
"
|
"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
if [[ -z "$(grep -E 'include\s+\/etc\/nginx\/modules-enabled\/\*\.conf;' /etc/nginx/nginx.conf)" ]]; then
|
||||||
|
nginx_conf_path="/etc/nginx/nginx.conf"
|
||||||
|
nginx_conf_contents=`echo "$(echo 'include /etc/nginx/modules-enabled/*.conf;'; cat $nginx_conf_path)"`
|
||||||
|
sudo bash -l -c "echo '$nginx_conf_contents' > $nginx_conf_path"
|
||||||
|
sudo service nginx restart
|
||||||
|
fi
|
||||||
cd "$org_pwd"
|
cd "$org_pwd"
|
||||||
fi
|
fi
|
|
@ -9,9 +9,9 @@ sudo apt update
|
||||||
sudo apt install -y git
|
sudo apt install -y git
|
||||||
org_pwd=$(pwd)
|
org_pwd=$(pwd)
|
||||||
if [[ $ubuntu_version > '22' ]]; then #In ubuntu 22, install linux-libc-dev instead of linux-kernel-headers
|
if [[ $ubuntu_version > '22' ]]; then #In ubuntu 22, install linux-libc-dev instead of linux-kernel-headers
|
||||||
sudo apt install -y linux-libc-dev build-essential
|
sudo apt install -y linux-libc-dev software-properties-common build-essential
|
||||||
else
|
else
|
||||||
sudo apt install -y linux-kernel-headers build-essential
|
sudo apt install -y linux-kernel-headers software-properties-common build-essential
|
||||||
fi
|
fi
|
||||||
if [[ ! -e "/usr/lib/x86_64-linux-gnu/librt.so" ]]; then
|
if [[ ! -e "/usr/lib/x86_64-linux-gnu/librt.so" ]]; then
|
||||||
sudo apt install -y libc6 libc6-dev
|
sudo apt install -y libc6 libc6-dev
|
||||||
|
@ -143,7 +143,7 @@ else
|
||||||
fi
|
fi
|
||||||
sudo apt-get update
|
sudo apt-get update
|
||||||
sudo apt-get remove mongodb-clients --purge
|
sudo apt-get remove mongodb-clients --purge
|
||||||
sudo apt-get install -y mongodb-org=6.0.1 mongodb-org-database=6.0.1 mongodb-org-server=6.0.1 mongodb-mongosh mongodb-org-mongos=6.0.1 mongodb-org-tools=6.0.1
|
sudo apt-get install -y mongodb-org=6.0.2 mongodb-org-database=6.0.2 mongodb-org-server=6.0.2 mongodb-mongosh mongodb-org-mongos=6.0.2 mongodb-org-tools=6.0.2
|
||||||
sudo service mongod stop
|
sudo service mongod stop
|
||||||
sudo rm -f /var/lib/mongodb/mongod.lock
|
sudo rm -f /var/lib/mongodb/mongod.lock
|
||||||
sudo rm -f /tmp/mongodb-27017.sock
|
sudo rm -f /tmp/mongodb-27017.sock
|
||||||
|
@ -264,9 +264,7 @@ if [ -z $(which convert) ]; then
|
||||||
fi
|
fi
|
||||||
## install rvm
|
## install rvm
|
||||||
if [ -z $(which rvm) ]; then
|
if [ -z $(which rvm) ]; then
|
||||||
sudo apt-get install software-properties-common -y
|
|
||||||
sudo apt-get install --reinstall ca-certificates -y
|
sudo apt-get install --reinstall ca-certificates -y
|
||||||
sudo apt-get install dpkg -y
|
|
||||||
sudo apt-add-repository -y ppa:rael-gc/rvm
|
sudo apt-add-repository -y ppa:rael-gc/rvm
|
||||||
sudo apt-get update
|
sudo apt-get update
|
||||||
sudo apt-get install rvm -y
|
sudo apt-get install rvm -y
|
||||||
|
|
Loading…
Reference in New Issue