![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2020-12-01
目錄
Openssl
# Success on C4
wget https://github.com/openssl/openssl/archive/OpenSSL_1_0_1-stable.zip
# Success on C6
wget https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable.zip
unzip OpenSSL_1_0_2-stable.zip
cd openssl-OpenSSL_1_0_2-stable
Config
./config --prefix=/opt/openssl --openssldir=/opt/openssl no-ssl2 no-ssl3 no-shared no-hw no-engine no-dso
* if you specify a non-existent option, then the configure scripts will proceed without warning.
說明
--prefix & --openssldir
必須一樣
no-hw, no-engine
Disables hardware support
no-dso
Disables the OpenSSL DSO API (the library offers a shared object abstraction layer).
no-srp
Disables Secure Remote Password (SRP).
SRP provides mutual authentication independent of trusted authorities, but its rarely offered or used
zlib, zlib-dynamic
zlib: Build with support for zlib compression/decompression. (CLI: openssl zlib)
zlib-dynamic: Like "zlib", but has OpenSSL load the zlib library dynamically when needed.
Remark: zlib
data compression on TLS communication may lead to attacks like CRIME,
thus, building openssl with zlib is better to be done when you need it for an specific data compression task
This is only supported on systems where loading of shared libraries is supported.
# For OpenSSL 1.0.2 and below, its required to update the standard distribution once configuration options change.
# OpenSSL 1.1.0 and above performs the dependency step for you, so you should not see the message.
make depend
make -j2
Install
make install_sw # Only install the OpenSSL software components.
# ls -l /opt/openssl/lib <= 沒有 so 檔
zlib-devel
wget https://www.zlib.net/zlib-1.2.11.tar.gz
tar -zxf zlib-1.2.11.tar.gz; cd zlib-1.2.11
./configure --prefix=/opt/zlib --static
make -j; make install
ls -r /opt/zlib
-rw-r--r-- 1 root root 151466 Mar 9 04:42 libz.a
curl
wget https://curl.haxx.se/download/curl-7.71.1.tar.gz
tar -zxf curl-7.71.1.tar.gz; cd curl-7.71.1
Config
./configure --enable-static --disable-shared \ --prefix=/opt/curl \ --with-ssl=/opt/openssl \ --with-zlib=/opt/zlib \ --with-ca-fallback \ --enable-optimize \ --enable-symbol-hiding \ --disable-ipv6 \ --disable-proxy \ --disable-pop3 \ --disable-imap \ --disable-smb \ --disable-smtp \ --disable-dict \ --disable-tftp \ --disable-rtsp \ --disable-telnet \ --disable-gopher \ --disable-ntlm-wb \ --disable-tls-srp \ --disable-manual
Feature
- DICT
- FILE
- FTP FTPS
- GOPHER
- HTTP HTTPS
- IMAP IMAPS
- POP3 POP3S
- RTSP
- SMB SMBS
- SMTP SMTPS
- TELNET
- TFTP
Opts
--with-ca-fallback Use the built in CA store of the SSL library
make & make install
Checking
/opt/curl/bin/curl -V
ldd /home/opt/curl/bin/curl
linux-gate.so.1 => (0x00d0c000)
librt.so.1 => /lib/librt.so.1 (0x00f01000) # The functions are for Real Time
libpthread.so.0 => /lib/libpthread.so.0 (0x00634000)
libc.so.6 => /lib/libc.so.6 (0x0019f000)
/lib/ld-linux.so.2 (0x00e0e000)Feature: FILE
Read or write local files. curl does not support accessing file:// URL remotely,
but when running on Microsft Windows using the native UNC approach will work.
Feature: DICT
Get the definition of curl from a dictionary:
curl dict://dict.org/m:curl
Feature: Gopher
https://en.wikipedia.org/wiki/Gopher_(protocol)
librsync
Version: 0.9.7
tar -zxf librsync-0.9.7.tar.gz
cd librsync-0.9.7
./configure \ --prefix=/opt/librsync \ --enable-static
make -j 4
make install
ls -l /opt/librsync/lib
total 432 -rw-r--r-- 1 root root 436460 Mar 9 03:32 librsync.a -rwxr-xr-x 1 root root 758 Mar 9 03:32 librsync.la
Version: 2.2.1
* Centos 7 自帶的 2.0.2 沒有 "BUILD_SHARED_LIBS=OFF"
mkdir /usr/src/librsync
cd /usr/src/librsync
wget https://github.com/librsync/librsync/archive/v2.2.1.zip -O librsync-v2.2.1.zip
unzip librsync-v2.2.1.zip
cd librsync-2.2.1
# yum install cmake
cmake \ -DCMAKE_INSTALL_PREFIX=/opt/librsync\ -DBUILD_SHARED_LIBS=OFF \ -DBUILD_RDIFF=OFF .
make -j 4
ls -l /opt/librsync/lib
librsync.a
pcre
http://www.pcre.org/
# pcre-8.43
https://ftp.pcre.org/pub/pcre/
./configure --prefix=/opt/pcre --enable-static
make -j
make install
Nginx
wget http://nginx.org/download/nginx-1.20.1.tar.gz
tar -zxf nginx-1.20.1.tar.gz
#!/bin/bash cd nginx-1.20.1 ./configure --prefix=/opt/nginx \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --lock-path=/var/lock/subsys/nginx \ --pid-path=/var/run/nginx.pid \ --user=www-data --group=www-data \ --http-client-body-temp-path=/var/spool/nginx/client_body_temp \ --http-proxy-temp-path=/var/spool/nginx/proxy_temp \ --with-file-aio \ --with-threads \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_stub_status_module \ --with-http_degradation_module \ --with-http_secure_link_module \ --without-select_module \ --without-poll_module \ --without-http_fastcgi_module \ --without-http_ssi_module \ --without-http_uwsgi_module \ --without-http_scgi_module \ --without-http_memcached_module \ --without-mail_smtp_module \ --without-mail_imap_module \ --without-mail_pop3_module \ --without-http_browser_module
建立要的 Path
useradd -d /var/spool/nginx -s /bin/false nginx -m
mkdir /var/log/nginx
chown nginx:nginx /var/log/nginx
mkdir /var/spool/nginx/client_body_temp
chown nginx:nginx /var/spool/nginx/client_body_temp
mkdir /var/spool/nginx/proxy_temp
chown nginx:nginx /var/spool/nginx/proxy_temp
mkdir /var/spool/nginx/cache
chown nginx:nginx /var/spool/nginx/cache
ln -s /opt/nginx/sbin/nginx /usr/sbin
Static Compile 時可以加入 Library 的 Path
... --with-pcre=/usr/src/pcre-8.43 \ --with-zlib=/usr/src/zlib-1.2.11 \ --with-openssl=/usr/src/openssl-OpenSSL_1_0_2-stable
PCRE JIT
PCRE JIT can speed up processing of regular expressions significantly.
# The JIT is available in PCRE libraries starting from version 8.20 built with the --enable-jit configuration parameter.
./configure opt (V >= 1.1.12)
--with-pcre-jit
Setting
# Enables or disables the use of “just-in-time compilation” (PCRE JIT) for
the regular expressions known by the time of configuration parsing(nginx).
Syntax: pcre_jit on | off; Default: off; Context: main
logrotate
/etc/logrotate.d/nginx
/var/log/nginx/*.log {
create 0640 nginx nginx
daily
rotate 14
dateext
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
[ -s /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
endscript
}# Test
logrotate -f -v /etc/logrotate.d/nginx
git
# 成功 Compile Version
C7 # 2.39.3
U14 # 2.29.3
# Centos 7 準備
yum groupinstall "Development Tools"
yum install wget perl-CPAN gettext-devel perl-devel openssl-devel zlib-devel libcurl-devel
# Debian 準備
apt-get install build-essential
apt-get install libz-dev libssl-dev libcurl4-gnutls-dev libexpat1-dev gettext cmake gcc
# Download source
mkdir /usr/src/git; cd $_
# https://github.com/git/git/tags
export VER="2.39.3"
wget https://github.com/git/git/archive/v${VER}.tar.gz
tar -zxf v${VER}.tar.gz
cd git-$VER
# Config
make configure
GEN configure
# --with-curl support "http(s)://" transports (Default is YES)
# --with-expat support git-push using "http(s)://" transports via WebDAV (Default is YES)
./configure --prefix=/opt/git --with-curl --with-expat
# Install
make -j 2
# make install install-doc install-html install-info
make install
# 用 "yum remove git" 會刪除了 gettext-devel intltool pcre2
mv /usr/bin/git /usr/bin/git.orig
ln -s /opt/git/bin/git /usr/bin/git
git --version
git version 2.39.3