RPM build Nginx 1.11.x with ALPN on CentOS 6/7 using static OpenSSL 1.1 (v 1.02+ required for http/2 support in Chrome)

Nginx_1.11_Mainline_Cent_6_7_Static_OpenSSL_1.1.sh

#!/bin/bash -e
if [ $UID -ne 0 ]; then
  echo "Run as root." >&2
  exit 1
fi

CENTVER=7
OPENSSL_VERSION=1.0.2h
NGINX_VERSION=1.11.3-1

# epel repo required for GeoIP-devel

yum -y groupinstall 'Development Tools'
yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel pcre-devel

id -u builder || useradd builder

mkdir -p /opt/lib

# Untar, but don't compile openssl to /opt/lib
wget https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz -O /opt/lib/openssl-$OPENSSL_VERSION.tar.gz
tar -xf /opt/lib/openssl-$OPENSSL_VERSION.tar.gz -C /opt/lib

# Build source nginx (no auto-updates), statically link to /opt/lib/openssl* (no OS effects)
rpm -ivh http://nginx.org/packages/mainline/centos/$CENTVER/SRPMS/nginx-$NGINX_VERSION.el$CENTVER.ngx.src.rpm
sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=/opt/lib/openssl-$OPENSSL_VERSION|g" /root/rpmbuild/SPECS/nginx.spec

# Compile it
rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec
# Install it
rpm -ivh --force /root/rpmbuild/RPMS/x86_64/nginx-$NGINX_VERSION.el$CENTVER.centos.ngx.x86_64.rpm

/opt/lib/openssl-$OPENSSL_VERSION/apps/openssl version -a

nginx -V
systemctl daemon-reload
systemctl restart nginx

echo "Other useful queries:"
echo "/opt/lib/openssl-$OPENSSL_VERSION/apps/openssl ciphers | tr ':' '\n' | sort | less"
echo "/opt/lib/openssl-$OPENSSL_VERSION/apps/openssl ecparam -list_curves | less"