nginx with OpenSSL 1.0.2 (ALPN) on CentOS 7


Since Google is deprecating support for NPN in Chrome (any day now), you may want to switch to ALPN to be able to keep using HTTP/2.

If you’re using CentOS 7 with the mainline version of nginx, the cleanest solution is to rebuild the very same source package with newer OpenSSL. Here’s the way to do it.

yum -y groupinstall 'Development Tools'
yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel

OPENSSL="openssl-1.0.2h"
NGINX="nginx-1.9.15-1"

mkdir -p /opt/lib
wget https://www.openssl.org/source/$OPENSSL.tar.gz -O /opt/lib/$OPENSSL.tar.gz
tar -zxvf /opt/lib/$OPENSSL.tar.gz -C /opt/lib

rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/$NGINX.el7.ngx.src.rpm
sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=/opt/lib/$OPENSSL|g" /root/rpmbuild/SPECS/nginx.spec
rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec
rpm -ivh /root/rpmbuild/RPMS/x86_64/$NGINX.el7.centos.ngx.x86_64.rpm

More up to date version may be found in my gist.

Leave a comment