Page 2 of 2
Re: [HOWTO] Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2 via ALPN on Debian 8
Posted: Fri Sep 30, 2016 2:10 pm
by huloza
baijianpeng wrote:When I follow this tutorial on
CentOS 7 and run the "./configure" command, I got several errors about certain libraries not found. For example:
checking for C compiler ... not found
./configure: error: C compiler cc is not found
and
checking for PCRE library ... not found
and
checking for zlib library ... not found
and
checking for libxslt ... not found
checking for libxslt in /usr/local/ ... not found
checking for libxslt in /usr/pkg/ ... not found
checking for libxslt in /opt/local/ ... not found
./configure: error: the HTTP XSLT module requires the libxml2/libxslt
libraries. You can either do not enable the module or install the libraries.
... etc.
Then after some Googling, I got this solution:
Just Install prerequisite packages require for Nginx installation before running "./configure" command:
Code: Select all
# yum install gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed -y
Then there will be no errors about ".... not found" . Great!
Thanks! added to the HowTo.
Regards!
Re: [HOWTO] Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2 via ALPN on Debian 8
Posted: Fri Sep 30, 2016 2:21 pm
by huloza
baijianpeng wrote:We celebrate too early. Read this post:
https://imququ.com/post/nginx-http2-post-bug.html .
It said, NginX before v1.11 has POST bug which will cause form submission failed. So we need to upgrade nginx to v1.11 .
But the NginX installed by VestaCP is v1.10.1 . So we need to modify the repo file to do it:
Change the baseurl line to :
Then we can upgrade to nginx by:
Code: Select all
# systemctl stop nginx
# yum clean all & yum upgrade nginx
# systemctl restart nginx
This command will upgrade current nginx 1.10.1 to v1.11, but, it will be "built with OpenSSL 1.0.1e-fips" again .
Then, we have to use above steps , again, to re-compile nginx 1.11.4 with openssl 1.0.2j , finally we still got "built with OpenSSL 1.0.2j".
I readed about this and found a lot of interesting things:
1: Affected Browsers
https://trac.nginx.org/nginx/ticket/959#comment:19
Some clients (notably MS IE/Edge, Safari, iOS applications) show an error or even crash if a stream is rejected;
2: NOT an NGINX bug
https://trac.nginx.org/nginx/ticket/959#comment:20
But please note that this isn't an nginx bug and the affected clients should be fixed.
Now, about your workaround, as said it only affects iOs Browsers mostly, so another solution will be to download nginx 1.11 from source and recompile with that version, i will try this tonight and post the results.
Regards
Re: [HOWTO] Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2 via ALPN on Debian 8
Posted: Thu Feb 02, 2017 8:14 pm
by ctqui
Hi,
I'm on Debian 8 and 2 days ago I've got an Nginx update (1.10.3).
Solution was working nicely till 2 days, now I can't recompile with OpenSSLn I always have this error:
Code: Select all
objs/ngx_modules.o \
-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -ldl -lpthread -lpthread -lcrypt -lpcre /usr/local/src/openssl-1.0.2h/.openssl/lib/libssl.a /usr/local/src/openssl-1 .0.2h/.openssl/lib/libcrypto.a -ldl -lz \
-Wl,-E
/usr/bin/ld: /usr/local/src/openssl-1.0.2h/.openssl/lib/libssl.a(s23_meth.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared objec t; recompile with -fPIC
/usr/local/src/openssl-1.0.2h/.openssl/lib/libssl.a: error adding symbols: Bad value
collect2: error: ld returned 1 exit status
objs/Makefile:310: recipe for target 'objs/nginx' failed
make[1]: *** [objs/nginx] Error 1
make[1]: Leaving directory '/usr/local/src/nginx-1.10.3'
Makefile:8: recipe for target 'build' failed
make: *** [build] Error 2
Did somebody try since last apt-get update && apt-get upgrade ?
Thanks -
Eric
Re: [HOWTO] Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2 via ALPN on Debian 8
Posted: Thu Feb 02, 2017 11:18 pm
by baijianpeng
I had already found a perfect solution to build a "PHP7 + openssl 1.0.2 + nginx 1.11" web environment with VestaCP, it is so simple:
Just use Ubuntu server 16.04 as the OS of your server, then install VestaCP on Ubuntu, all above issues solved!
Re: [HOWTO] Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2 via ALPN on Debian 8
Posted: Thu Feb 09, 2017 2:04 pm
by skurudo
baijianpeng wrote:Just use Ubuntu server 16.04 as the OS of your server, then install VestaCP on Ubuntu, all above issues solved!
Ha-ha! It's really nice solution, but not for everybody ;-)
Re: [HOWTO] Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2 via ALPN on Debian 8
Posted: Sun Jun 25, 2017 12:18 pm
by shanjie
baijianpeng wrote:I had already found a perfect solution to build a "PHP7 + openssl 1.0.2 + nginx 1.11" web environment with VestaCP, it is so simple:
Just use Ubuntu server 16.04 as the OS of your server, then install VestaCP on Ubuntu, all above issues solved!
Whenever I use the "Lets Encrypt Support", I always get PUB_KEY: 4096 bit.
From where can I set so that I will get the 2048 instead of 4096 PUB_KEY?
Cloudfront is not supporting 4096 bit private key.
Re: [HOWTO] Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2 via ALPN on Debian 8
Posted: Sat Jun 16, 2018 8:40 pm
by ouchdigital
Re: [HOWTO] Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2 via ALPN on Debian 8
Posted: Tue Jan 01, 2019 8:25 pm
by kaavain
Hi all! Thanks for great and clear manual... I have the same version of NGINX and parameters line is the same. But while ./configure I've got a lot of "not found"... Is it safe to continue?
checking for sys/filio.h ... not found
checking for O_PATH ... not found
checking for /dev/poll ... not found
checking for kqueue ... not found
checking for crypt() ... not found
checking for F_READAHEAD ... not found
checking for F_NOCACHE ... not found
checking for directio() ... not found
checking for dlopen() ... not found
checking for SO_SETFIB ... not found
checking for SO_ACCEPTFILTER ... not found
checking for IP_RECVDSTADDR ... not found
checking for TCP_FASTOPEN ... not found
checking for kqueue AIO support ... not found
checking for setproctitle() ... not found
checking for PCRE JIT support ... not found
My parameters are:
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --add-dynamic-module=/usr/local/src/njs-1c50334fbea6/nginx --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-openssl=/usr/local/src/openssl-1.0.2h