How Rebuilt Nginx To Support OpenSSL 1.0.2 ?

[9musashi]

Hi, I just update OpenSSL using this

# cd /usr/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz
# cd openssl-1.0.2g
# ./config
# make
# make test
# make install
# mv /usr/bin/openssl /root/
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

# openssl version
OpenSSL 1.0.2g  1 Mar 2016

But nginx still not using it

# nginx -V
nginx version: nginx/1.9.14
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/share --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --modules-path=/usr/share/nginx/modules --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --user=nginx --group=nginx --with-ipv6 --with-file-aio --with-http_v2_module --with-http_ssl_module --with-http_realip_module --with-http_sub_module --with-http_dav_module --with-http_gzip_static_module --with-http_stub_status_module --add-dynamic-module=/usr/share/passenger/ngx_http_passenger_module

How do I rebuilt nginx to support new OpenSSL 1.0.2 version for ALPN support ??

Thank you

 

[9musashi]

I rebuilt nginx 1.9.15 using this

#wget http://nginx.org/download/nginx-1.9.15.tar.gz

#tar -xzvf nginx-1.9.15.tar.gz
#cd nginx-1.9.15

#./configure --prefix=/usr/share --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --modules-path=/usr/share/nginx/modules --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --user=nginx --group=nginx --with-ipv6 --with-file-aio --with-http_v2_module --with-http_ssl_module --with-openssl=/usr/src/openssl-1.0.2g --with-http_realip_module --with-http_sub_module --with-http_dav_module --with-http_gzip_static_module --with-http_stub_status_module

#make
#make install

I remove "--add-dynamic-module=/usr/share/passenger/ngx_http_passenger_module" because the file/folder cannot be found - and I dont use passenger either.

# nginx -V
nginx version: nginx/1.9.15
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC)
built with OpenSSL 1.0.2g  1 Mar 2016
TLS SNI support enabled
configure arguments: --prefix=/usr/share --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --modules-path=/usr/share/nginx/modules --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --user=nginx --group=nginx --with-ipv6 --with-file-aio --with-http_v2_module --with-http_ssl_module --with-openssl=/usr/src/openssl-1.0.2g --with-http_realip_module --with-http_sub_module --with-http_dav_module --with-http_gzip_static_module --with-http_stub_status_module

Please correct me if this is wrong

Thank you

 

[IgorG]

Yes, you can build your own package at your own risk or just wait when we will support Ubuntu 16.04 where we will support ALPN due to openssl 1.0.2 there.

 

[9musashi]

Yes, you can build your own package at your own risk or just wait when we will support Ubuntu 16.04 where we will support ALPN due to openssl 1.0.2 there.

The problem is I use CloudLinux 6 - I relief you confirm that I dont make any wrong here.

 

[helpchrisplz]

if your on centos 6.6 (final) will OpenSSL 1.0.2 be available in yum update any time soon? thanks.