nginx with OpenSSL 1.0.2 (ALPN) on CentOS 7

Since Google is deprecating support for NPN in Chrome (any day now), you may want to switch to ALPN to be able to keep using HTTP/2.

If you’re using CentOS 7 with the mainline version of nginx, the cleanest solution is to rebuild the very same source package with newer OpenSSL. Here’s the way to do it.

yum -y groupinstall 'Development Tools'
yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel


mkdir -p /opt/lib
wget$OPENSSL.tar.gz -O /opt/lib/$OPENSSL.tar.gz
tar -zxvf /opt/lib/$OPENSSL.tar.gz -C /opt/lib

rpm -ivh$NGINX.el7.ngx.src.rpm
sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=/opt/lib/$OPENSSL|g" /root/rpmbuild/SPECS/nginx.spec
rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec
rpm -ivh /root/rpmbuild/RPMS/x86_64/$NGINX.el7.centos.ngx.x86_64.rpm

More up to date version may be found in my gist.

Leave a comment