#!/bin/bash # KNEL SSL Stack Compilation Initializer # Compiles OpenSSL, nghttp2, curl, APR, and Apache HTTPd from source # Made from instructions at https://www.tunetheweb.com/performance/http2/ set -euo pipefail echo "Running SSL stack compilation initializer..." # Only run on specific systems or if explicitly requested # This is a resource-intensive operation if [[ $DEV_WORKSTATION_CHECK -gt 0 ]] || [[ "${COMPILE_SSL_STACK:-}" == "true" ]]; then echo "Compiling SSL stack from source..." # Base URLs and files (using original versions from KNELServerBuild) OPENSSL_URL_BASE="https://www.openssl.org/source/" OPENSSL_FILE="openssl-1.1.0h.tar.gz" NGHTTP_URL_BASE="https://github.com/nghttp2/nghttp2/releases/download/v1.31.0/" NGHTTP_FILE="nghttp2-1.31.0.tar.gz" APR_URL_BASE="https://archive.apache.org/dist/apr/" APR_FILE="apr-1.6.3.tar.gz" APR_UTIL_URL_BASE="https://archive.apache.org/dist/apr/" APR_UTIL_FILE="apr-util-1.6.1.tar.gz" APACHE_URL_BASE="https://archive.apache.org/dist/httpd/" APACHE_FILE="httpd-2.4.33.tar.gz" CURL_URL_BASE="https://curl.haxx.se/download/" CURL_FILE="curl-7.60.0.tar.gz" # Create build directory BUILD_DIR="/tmp/ssl-stack-build" mkdir -p "$BUILD_DIR" cd "$BUILD_DIR" # Install build dependencies DEBIAN_FRONTEND="noninteractive" apt-get -y install \ build-essential \ wget \ gcc \ make \ perl \ libpcre3 \ libpcre3-dev \ zlib1g \ zlib1g-dev \ || true # Download and compile OpenSSL echo "Compiling OpenSSL..." wget $OPENSSL_URL_BASE/$OPENSSL_FILE tar xzf $OPENSSL_FILE cd openssl-1.1.0h ./config enable-weak-ssl-ciphers shared zlib-dynamic -DOPENSSL_TLS_SECURITY_LEVEL=0 --prefix=/usr/local/custom-ssl/openssl-1.1.0h make make install ln -sf /usr/local/custom-ssl/openssl-1.1.0h /usr/local/openssl cd - # Download and compile nghttp2 echo "Compiling nghttp2..." wget $NGHTTP_URL_BASE/$NGHTTP_FILE tar xzf $NGHTTP_FILE cd nghttp2-1.31.0 ./configure --prefix=/usr/local/custom-ssl/nghttp make make install cd - # Update ldconfig for custom SSL cat < /etc/ld.so.conf.d/custom-ssl.conf /usr/local/custom-ssl/openssl-1.1.0h/lib /usr/local/custom-ssl/nghttp/lib EOF ldconfig # Download and compile curl echo "Compiling curl..." wget $CURL_URL_BASE/$CURL_FILE tar xzf $CURL_FILE cd curl-7.60.0 ./configure --prefix=/usr/local/custom-ssl/curl --with-nghttp2=/usr/local/custom-ssl/nghttp/ --with-ssl=/usr/local/custom-ssl/openssl-1.1.0h/ make make install cd - # Download and compile APR echo "Compiling APR..." wget $APR_URL_BASE/$APR_FILE tar xzf $APR_FILE cd apr-1.6.3 ./configure --prefix=/usr/local/custom-ssl/apr make make install cd - # Download and compile APR-util echo "Compiling APR-util..." wget $APR_UTIL_URL_BASE/$APR_UTIL_FILE tar xzf $APR_UTIL_FILE tar xzf $APR_UTIL_FILE cd apr-util-1.6.1 ./configure --prefix=/usr/local/custom-ssl/apr-util --with-apr=/usr/local/custom-ssl/apr make make install cd - # Download and compile Apache HTTPd echo "Compiling Apache HTTPd..." wget $APACHE_URL_BASE/$APACHE_FILE tar xzf $APACHE_FILE cd httpd-2.4.33 cp -r ../apr-1.6.3 srclib/apr cp -r ../apr-util-1.6.1 srclib/apr-util ./configure --prefix=/usr/local/custom-ssl/apache \ --with-ssl=/usr/local/custom-ssl/openssl-1.1.0h/ \ --with-pcre=/usr/bin/pcre-config \ --enable-unique-id \ --enable-ssl \ --enable-so \ --with-included-apr \ --enable-http2 \ --with-nghttp2=/usr/local/custom-ssl/nghttp/ make make install ln -sf /usr/local/custom-ssl/apache /usr/local/apache cd - # Cleanup cd / rm -rf "$BUILD_DIR" echo "SSL stack compilation completed" echo "Custom installations available at:" echo " OpenSSL: /usr/local/custom-ssl/openssl-1.1.0h" echo " nghttp2: /usr/local/custom-ssl/nghttp" echo " curl: /usr/local/custom-ssl/curl" echo " APR: /usr/local/custom-ssl/apr" echo " Apache: /usr/local/custom-ssl/apache" else echo "Skipping SSL stack compilation (only runs on dev workstations or when COMPILE_SSL_STACK=true)" fi echo "SSL stack compilation initializer completed"