Skip to content

Instantly share code, notes, and snippets.

@moneytoo

moneytoo/gist:ab3f34e4fddc2110675952f8280f49c5

Last active Mar 22, 2020
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
nginx with OpenSSL 1.0.2 (ALPN) on CentOS 7, also available from https://brouken.com/brouken-centos-7-repo/
Raw
gistfile1.txt
### No longer needed as of nginx-1.13.6-1.el7_4.ngx.x86_64.rpm from nginx.org
### it was compiled against OpenSSL 1.0.2 from CentoOS 7.4 so it supports ALPN (HTTP2 works)
yum -y groupinstall 'Development Tools'
yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel rpmdevtools
OPENSSL="openssl-1.0.2l"
NGINX_VERSION="1.13.5-1"
NJS_VERSION="1.13.5.0.1.13-1"
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-$NGINX_VERSION.el7.ngx.src.rpm
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-geoip-$NGINX_VERSION.el7.ngx.src.rpm
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-image-filter-$NGINX_VERSION.el7.ngx.src.rpm
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-njs-$NJS_VERSION.el7.ngx.src.rpm
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-perl-$NGINX_VERSION.el7.ngx.src.rpm
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-xslt-$NGINX_VERSION.el7.ngx.src.rpm
sed -i "/Source12: .*/a Source100: https://www.openssl.org/source/$OPENSSL.tar.gz" /root/rpmbuild/SPECS/nginx.spec
sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=$OPENSSL|g" /root/rpmbuild/SPECS/nginx.spec
sed -i '/%setup -q/a tar zxf %{SOURCE100}' /root/rpmbuild/SPECS/nginx.spec
sed -i '/.*Requires: openssl.*/d' /root/rpmbuild/SPECS/nginx.spec
# hardening whatnots since 1.11.9
sed -i 's|%define WITH_LD_OPT .*|%define WITH_LD_OPT ""|g' /root/rpmbuild/SPECS/nginx.spec
sed -i 's| -fPIC||g' /root/rpmbuild/SPECS/nginx.spec
spectool -g -R /root/rpmbuild/SPECS/nginx.spec
# if '.rpmmacros' contains "%_sourcedir %{_topdir}/SOURCES/%{name}"
#spectool -g -C /root/rpmbuild/SOURCES/nginx/ /root/rpmbuild/SPECS/nginx.spec
rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-geoip.spec
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-image-filter.spec
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-njs.spec
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-perl.spec
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-xslt.spec
#rpm -Uvh /root/rpmbuild/RPMS/x86_64/nginx-$NGINX_VERSION.el7.centos.ngx.x86_64.rpm
@kennwhite
Copy link

kennwhite commented May 28, 2016

Marcel,
Great work. FYI, I updated my fork of your gist to support OpenSSL 1.1, under Cent 6 or 7
https://gist.github.com/kennwhite/6b6250e635c45c92a118a7a5cdc052c6

@mamboer
Copy link

mamboer commented Jul 1, 2016

the last command should add the 'force' option to avoid conflicts.

rpm -Uvh --force /root/rpmbuild/RPMS/x86_64/$NGINX.el7.centos.ngx.x86_64.rpm

@Youmoo
Copy link

Youmoo commented Aug 5, 2016

Don't forget to restart nginx to make it work.

@kjniemi
Copy link

kjniemi commented Aug 13, 2016

It would be better to increment the release number than to use --force :)

@skazhikadyadya
Copy link

skazhikadyadya commented Aug 27, 2016
edited

Hmmm...
At last step:

[root@host etc]# rpm -Uvh --force /root/rpmbuild/RPMS/x86_64/$NGINX.el7.centos.ngx.x86_64.rpm
error: Unmet dependencies:
        nginx = 1:1.11.3-1.el7.ngx need for (installed)nginx-module-geoip-1:1.11.3-1.el7.ngx.x86_64
[root@host etc]#

How I can fix it? And thx you for nice gist.

@johnange
Copy link

johnange commented Dec 24, 2016

Awesome script. Wondering how to add ngx_pagespeed and ModSecurity as a dynamic modules? Thanks.

@shyam
Copy link

shyam commented Dec 29, 2016

@johnange, did you checkout http://repo.aerisnetwork.com

@it-can
Copy link

it-can commented Jan 25, 2017
edited

what do you mean with line 19 ?

@moneytoo
Copy link
Author

moneytoo commented Jan 25, 2017

@it-can nginx.org introduced extra compiler and linker arguments in 1.11.9. That affects OpenSSL but I guess it would take just properly configure/make OpenSSL and/or update the right single flag but my knowledge of rpm and building is very little. I don't have time for learning related things or experimenting so it's just compiled the same way as previous versions (wild guess it's "just" some hardening). (RHEL/CentOS 7.4 will bring OpenSSL 1.0.2 anyway.)

@terrylinooo
Copy link

terrylinooo commented Feb 5, 2017

Nginx-more is basically nginx stable release

@terrylinooo
Copy link

terrylinooo commented Feb 5, 2017

@johnange

Check out https://modpagespeed.com/doc/build_ngx_pagespeed_from_source

@pkiula
Copy link

pkiula commented Feb 19, 2017

Thank you for making this available. My current Nginx and OpenSSL are installed via the regular Yum. Nginx is thus the latest stable 1.10.3. I'm happy to upgrade it to the above, but it would be good to have Yum-updatable in the future, so that I don't have to jump through the same hoops in the future. Is this possible, or do I completely move away from the Yum system by executing with this script?

@sinedoOo
Copy link

sinedoOo commented Feb 24, 2017

Great!

@maszd
Copy link

maszd commented Apr 2, 2017

thank you!

@nicolasazrak
Copy link

nicolasazrak commented Jun 20, 2017

If it helps anybody I added a Dockerfile to build this from any other distro https://gist.github.com/nicolasazrak/e96f707e6ba816d31e438aa2e58f27ff#file-dockerfile
It was really useful for me because I use a vps with low memory and could not build it there. So with the docker.sh script I could build it in my pc and then uploaded to the CentOS server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment