Add security header (#15)

* Update build.sh

* Update README.md

README.md

@@ -8,6 +8,7 @@
 - Headers More support, powered by [ngx_headers_more](https://github.com/openresty/headers-more-nginx-module)
 - OCSP stapling support, powered by [this patch](https://github.com/kn007/patch/blob/master/Enable_BoringSSL_OCSP.patch)
 - WAF support, powered by [ngx_waf](https://github.com/ADD-SP/ngx_waf)
+- Security Headers support, powered by [ngx_security_headers](https://github.com/GetPageSpeed/ngx_security_headers)
 - Zstandard support, powered by [zstd-nginx-module](https://github.com/tokers/zstd-nginx-module)
 - Use [BoringSSL](https://github.com/google/boringssl), [Cloudflare's zlib](https://github.com/cloudflare/zlib) and [jemalloc](https://github.com/jemalloc/jemalloc)
 - Use OpenSSL's hash functions instead of NGINX's, powered by [this patch](https://github.com/kn007/patch/blob/master/use_openssl_md5_sha1.patch)

build.sh

@@ -27,9 +27,6 @@ cmake -GNinja .. > /dev/null 2>&1
 ninja > /dev/null 2>&1
 echo Fetch additional dependencies.
 cd ../..
-git clone --recursive https://github.com/google/ngx_brotli > /dev/null 2>&1
-git clone https://github.com/openresty/headers-more-nginx-module > /dev/null 2>&1
-git clone https://github.com/tokers/zstd-nginx-module > /dev/null 2>&1
 git clone -b current https://github.com/ADD-SP/ngx_waf > /dev/null 2>&1
 cd ngx_waf
 git clone https://github.com/DaveGamble/cJSON lib/cjson > /dev/null 2>&1
@@ -38,10 +35,15 @@ cd ..
 git clone https://github.com/cloudflare/zlib > /dev/null 2>&1
 cd zlib
 make -f Makefile.in distclean > /dev/null 2>&1
+cd ..
+git clone --recursive https://github.com/google/ngx_brotli > /dev/null 2>&1
+git clone https://github.com/openresty/headers-more-nginx-module > /dev/null 2>&1
+git clone https://github.com/GetPageSpeed/ngx_security_headers > /dev/null 2>&1
+git clone https://github.com/tokers/zstd-nginx-module > /dev/null 2>&1
 echo Build nginx.
-cd ../..
+cd ..
 sed -i 's/CFLAGS=""/CFLAGS="-fstack-protector-strong -Wno-ignored-qualifiers -Wno-sign-compare"/g' rules
-sed -i 's/--sbin-path=\/usr\/sbin\/nginx/--sbin-path=\/usr\/sbin\/nginx --add-module=$(CURDIR)\/debian\/modules\/ngx_brotli --add-module=$(CURDIR)\/debian\/modules\/headers-more-nginx-module --add-module=$(CURDIR)\/debian\/modules\/zstd-nginx-module --add-module=$(CURDIR)\/debian\/modules\/ngx_waf/g' rules
+sed -i 's/--sbin-path=\/usr\/sbin\/nginx/--sbin-path=\/usr\/sbin\/nginx --add-module=$(CURDIR)\/debian\/modules\/ngx_waf --add-module=$(CURDIR)\/debian\/modules\/ngx_brotli --add-module=$(CURDIR)\/debian\/modules\/headers-more-nginx-module --add-module=$(CURDIR)\/debian\/modules\/ngx_security_headers --add-module=$(CURDIR)\/debian\/modules\/zstd-nginx-module/g' rules
 sed -i 's/--with-cc-opt="$(CFLAGS)" --with-ld-opt="$(LDFLAGS)"/--with-http_v3_module --with-stream_quic_module --with-zlib=$(CURDIR)\/debian\/modules\/zlib --with-cc-opt="-I..\/modules\/boringssl\/include $(CFLAGS)" --with-ld-opt="-ljemalloc -L..\/modules\/boringssl\/build\/ssl -L..\/modules\/boringssl\/build\/crypto $(LDFLAGS)"/g' rules
 cd ..
 dpkg-buildpackage -b > /dev/null 2>&1