| ### No longer needed as of nginx-1.13.6-1.el7_4.ngx.x86_64.rpm from nginx.org | |
| ### it was compiled against OpenSSL 1.0.2 from CentoOS 7.4 so it supports ALPN (HTTP2 works) | |
| yum -y groupinstall 'Development Tools' | |
| yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel rpmdevtools | |
| OPENSSL="openssl-1.0.2l" | |
| NGINX_VERSION="1.13.5-1" | |
| NJS_VERSION="1.13.5.0.1.13-1" | |
| rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-$NGINX_VERSION.el7.ngx.src.rpm | |
| rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-geoip-$NGINX_VERSION.el7.ngx.src.rpm | |
| rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-image-filter-$NGINX_VERSION.el7.ngx.src.rpm | |
| rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-njs-$NJS_VERSION.el7.ngx.src.rpm | |
| rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-perl-$NGINX_VERSION.el7.ngx.src.rpm | |
| rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-xslt-$NGINX_VERSION.el7.ngx.src.rpm | |
| sed -i "/Source12: .*/a Source100: https://www.openssl.org/source/$OPENSSL.tar.gz" /root/rpmbuild/SPECS/nginx.spec | |
| sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=$OPENSSL|g" /root/rpmbuild/SPECS/nginx.spec | |
| sed -i '/%setup -q/a tar zxf %{SOURCE100}' /root/rpmbuild/SPECS/nginx.spec | |
| sed -i '/.*Requires: openssl.*/d' /root/rpmbuild/SPECS/nginx.spec | |
| # hardening whatnots since 1.11.9 | |
| sed -i 's|%define WITH_LD_OPT .*|%define WITH_LD_OPT ""|g' /root/rpmbuild/SPECS/nginx.spec | |
| sed -i 's| -fPIC||g' /root/rpmbuild/SPECS/nginx.spec | |
| spectool -g -R /root/rpmbuild/SPECS/nginx.spec | |
| # if '.rpmmacros' contains "%_sourcedir %{_topdir}/SOURCES/%{name}" | |
| #spectool -g -C /root/rpmbuild/SOURCES/nginx/ /root/rpmbuild/SPECS/nginx.spec | |
| rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec | |
| rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-geoip.spec | |
| rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-image-filter.spec | |
| rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-njs.spec | |
| rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-perl.spec | |
| rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-xslt.spec | |
| #rpm -Uvh /root/rpmbuild/RPMS/x86_64/nginx-$NGINX_VERSION.el7.centos.ngx.x86_64.rpm |
the last command should add the 'force' option to avoid conflicts.
rpm -Uvh --force /root/rpmbuild/RPMS/x86_64/$NGINX.el7.centos.ngx.x86_64.rpm
Don't forget to restart nginx to make it work.
It would be better to increment the release number than to use --force :)
Hmmm...
At last step:
[root@host etc]# rpm -Uvh --force /root/rpmbuild/RPMS/x86_64/$NGINX.el7.centos.ngx.x86_64.rpm
error: Unmet dependencies:
nginx = 1:1.11.3-1.el7.ngx need for (installed)nginx-module-geoip-1:1.11.3-1.el7.ngx.x86_64
[root@host etc]#
How I can fix it? And thx you for nice gist.
Awesome script. Wondering how to add ngx_pagespeed and ModSecurity as a dynamic modules? Thanks.
@johnange, did you checkout http://repo.aerisnetwork.com
what do you mean with line 19 ?
@it-can nginx.org introduced extra compiler and linker arguments in 1.11.9. That affects OpenSSL but I guess it would take just properly configure/make OpenSSL and/or update the right single flag but my knowledge of rpm and building is very little. I don't have time for learning related things or experimenting so it's just compiled the same way as previous versions (wild guess it's "just" some hardening). (RHEL/CentOS 7.4 will bring OpenSSL 1.0.2 anyway.)
Nginx-more is basically nginx stable release
Thank you for making this available. My current Nginx and OpenSSL are installed via the regular Yum. Nginx is thus the latest stable 1.10.3. I'm happy to upgrade it to the above, but it would be good to have Yum-updatable in the future, so that I don't have to jump through the same hoops in the future. Is this possible, or do I completely move away from the Yum system by executing with this script?
Great!
thank you!
If it helps anybody I added a Dockerfile to build this from any other distro https://gist.github.com/nicolasazrak/e96f707e6ba816d31e438aa2e58f27ff#file-dockerfile
It was really useful for me because I use a vps with low memory and could not build it there. So with the docker.sh script I could build it in my pc and then uploaded to the CentOS server.
Marcel,
Great work. FYI, I updated my fork of your gist to support OpenSSL 1.1, under Cent 6 or 7
https://gist.github.com/kennwhite/6b6250e635c45c92a118a7a5cdc052c6