brouken.com

Fixing what's brouken.com

nginx with OpenSSL 1.0.2 (ALPN) on CentOS 7

May 14, 2016 in Linux by Marcel Dopita (updated 2953 days ago)

Since Google is deprecating support for NPN in Chrome (any day now), you may want to switch to ALPN to be able to keep using HTTP/2.

If you’re using CentOS 7 with the mainline version of nginx, the cleanest solution is to rebuild the very same source package with newer OpenSSL. Here’s the way to do it.

yum -y groupinstall 'Development Tools'
yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel

OPENSSL="openssl-1.0.2h"
NGINX="nginx-1.9.15-1"

mkdir -p /opt/lib
wget https://www.openssl.org/source/$OPENSSL.tar.gz -O /opt/lib/$OPENSSL.tar.gz
tar -zxvf /opt/lib/$OPENSSL.tar.gz -C /opt/lib

rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/$NGINX.el7.ngx.src.rpm
sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=/opt/lib/$OPENSSL|g" /root/rpmbuild/SPECS/nginx.spec
rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec
rpm -ivh /root/rpmbuild/RPMS/x86_64/$NGINX.el7.centos.ngx.x86_64.rpm

More up to date version may be found in my gist.

Leave a comment Cancel reply

You must be logged in to post a comment.