# TL;rd
```bash
wget http://nginx.org/download/nginx-1.17.4.tar.gz
wget https://www.zlib.net/zlib-1.2.11.tar.gz
wget https://ftp.gnu.org/gnu/readline/readline-8.0.tar.gz
wget https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz
##
git clone https://github.com/hakasenyang/openssl-patch.git

tar -xvf nginx-1.17.4.tar.gz
tar -xvf openssl-1.1.1d.tar.gz
tar -xvf zlib-1.2.11.tar.gz
tar -xvf pcre-8.43.tar.gz

yum -y install patch

cd openssl-1.1.1d/ && patch -p1 < ../openssl-patch/openssl-equal-1.1.1d_ciphers.patch
```
# exp
```bash
cd nginx-1.17.4
#sed -i 's@CFLAGS="$CFLAGS -g"@#CFLAGS="$CFLAGS -g"@' auto/cc/gcc
sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
#./configure --prefix=/data/nginx --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-openssl=../openssl-1.1.1a --with-zlib=../zlib-1.2.11 --with-pcre=../pcre-8.42 --add-module=../ngx_brotli

./configure --prefix=/data/nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_stub_status_module \
--with-http_slice_module \
--with-compat \
--with-file-aio \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-openssl=../openssl-1.1.1d \
--with-zlib=../zlib-1.2.11 \
--with-pcre=../pcre-8.43 \
--with-pcre-jit \
--user=www \
--with-cc-opt='-O3'

# 可选
--add-module=../ngx_brotli \
--add-module=../incubator-pagespeed-ngx-1.13.35.2-stable \
--with-ld-opt="-ljemalloc"

# 创建用户

/sbin/groupadd www
/sbin/useradd www -g www -s /sbin/nologin -M
id www

#
#两年=730天=17520小时=1051200分=63072000秒
#一年=365*24*60*60=31536000秒
```

# ref
* [本博客所使用 nginx 的编译配置](https://blog.rj-bai.com/post/147.html)
* [openssl-patch](https://github.com/hakasenyang/openssl-patch)
* [加密套件](https://cipherli.st/)
* [本博客 Nginx 配置之安全篇](https://imququ.com/post/my-nginx-conf-for-security.html)
* [本博客开始支持 TLS 1.3](https://imququ.com/post/enable-tls-1-3.html)