nginx with OpenSSL 1.0.2 (ALPN) on CentOS 7

 in Linux by (updated 2741 days ago)

Since Google is deprecating support for NPN in Chrome (any day now), you may want to switch to ALPN to be able to keep using HTTP/2.

If you’re using CentOS 7 with the mainline version of nginx, the cleanest solution is to rebuild the very same source package with newer OpenSSL. Here’s the way to do it.

yum -y groupinstall 'Development Tools'
yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel

OPENSSL="openssl-1.0.2h"
NGINX="nginx-1.9.15-1"

mkdir -p /opt/lib
wget https://www.openssl.org/source/$OPENSSL.tar.gz -O /opt/lib/$OPENSSL.tar.gz
tar -zxvf /opt/lib/$OPENSSL.tar.gz -C /opt/lib

rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/$NGINX.el7.ngx.src.rpm
sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=/opt/lib/$OPENSSL|g" /root/rpmbuild/SPECS/nginx.spec
rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec
rpm -ivh /root/rpmbuild/RPMS/x86_64/$NGINX.el7.centos.ngx.x86_64.rpm

More up to date version may be found in my gist.