### No longer needed as of nginx-1.13.6-1.el7_4.ngx.x86_64.rpm from nginx.org | |
### it was compiled against OpenSSL 1.0.2 from CentoOS 7.4 so it supports ALPN (HTTP2 works) | |
yum -y groupinstall 'Development Tools' | |
yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel rpmdevtools | |
OPENSSL="openssl-1.0.2l" | |
NGINX_VERSION="1.13.5-1" | |
NJS_VERSION="1.13.5.0.1.13-1" | |
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-$NGINX_VERSION.el7.ngx.src.rpm | |
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-geoip-$NGINX_VERSION.el7.ngx.src.rpm | |
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-image-filter-$NGINX_VERSION.el7.ngx.src.rpm | |
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-njs-$NJS_VERSION.el7.ngx.src.rpm | |
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-perl-$NGINX_VERSION.el7.ngx.src.rpm | |
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-xslt-$NGINX_VERSION.el7.ngx.src.rpm | |
sed -i "/Source12: .*/a Source100: https://www.openssl.org/source/$OPENSSL.tar.gz" /root/rpmbuild/SPECS/nginx.spec | |
sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=$OPENSSL|g" /root/rpmbuild/SPECS/nginx.spec | |
sed -i '/%setup -q/a tar zxf %{SOURCE100}' /root/rpmbuild/SPECS/nginx.spec | |
sed -i '/.*Requires: openssl.*/d' /root/rpmbuild/SPECS/nginx.spec | |
# hardening whatnots since 1.11.9 | |
sed -i 's|%define WITH_LD_OPT .*|%define WITH_LD_OPT ""|g' /root/rpmbuild/SPECS/nginx.spec | |
sed -i 's| -fPIC||g' /root/rpmbuild/SPECS/nginx.spec | |
spectool -g -R /root/rpmbuild/SPECS/nginx.spec | |
# if '.rpmmacros' contains "%_sourcedir %{_topdir}/SOURCES/%{name}" | |
#spectool -g -C /root/rpmbuild/SOURCES/nginx/ /root/rpmbuild/SPECS/nginx.spec | |
rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec | |
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-geoip.spec | |
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-image-filter.spec | |
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-njs.spec | |
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-perl.spec | |
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-xslt.spec | |
#rpm -Uvh /root/rpmbuild/RPMS/x86_64/nginx-$NGINX_VERSION.el7.centos.ngx.x86_64.rpm |
This comment has been minimized.
This comment has been minimized.
the last command should add the 'force' option to avoid conflicts.
|
This comment has been minimized.
This comment has been minimized.
Don't forget to restart nginx to make it work. |
This comment has been minimized.
This comment has been minimized.
It would be better to increment the release number than to use --force :) |
This comment has been minimized.
This comment has been minimized.
Hmmm...
How I can fix it? And thx you for nice gist. |
This comment has been minimized.
This comment has been minimized.
Awesome script. Wondering how to add ngx_pagespeed and ModSecurity as a dynamic modules? Thanks. |
This comment has been minimized.
This comment has been minimized.
@johnange, did you checkout http://repo.aerisnetwork.com |
This comment has been minimized.
This comment has been minimized.
what do you mean with line 19 ? |
This comment has been minimized.
This comment has been minimized.
@it-can nginx.org introduced extra compiler and linker arguments in 1.11.9. That affects OpenSSL but I guess it would take just properly configure/make OpenSSL and/or update the right single flag but my knowledge of rpm and building is very little. I don't have time for learning related things or experimenting so it's just compiled the same way as previous versions (wild guess it's "just" some hardening). (RHEL/CentOS 7.4 will bring OpenSSL 1.0.2 anyway.) |
This comment has been minimized.
This comment has been minimized.
Nginx-more is basically nginx stable release |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Thank you for making this available. My current Nginx and OpenSSL are installed via the regular Yum. Nginx is thus the latest stable |
This comment has been minimized.
This comment has been minimized.
Great! |
This comment has been minimized.
This comment has been minimized.
thank you! |
This comment has been minimized.
This comment has been minimized.
If it helps anybody I added a Dockerfile to build this from any other distro https://gist.github.com/nicolasazrak/e96f707e6ba816d31e438aa2e58f27ff#file-dockerfile |
This comment has been minimized.
Marcel,
Great work. FYI, I updated my fork of your gist to support OpenSSL 1.1, under Cent 6 or 7
https://gist.github.com/kennwhite/6b6250e635c45c92a118a7a5cdc052c6