centos 7 nginx http/2 적용 (ALPN)

Centos 7.4에서 openssl이 1.0.2(ALPN)로 업데이트되었습니다.

apache 와 nginx 모두 기본으로 http/2가 적용됩니다.

그동안 사용했던 아래 팁은 이제 필요없습니다.

Centos 7에서 nginx http/2 적용하기 

-------------------------------------
nginx 1.13.2 openssl-1.1.0f
-------------------------------------

cd /usr/local/src/
wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz
tar xvfz openssl-1.1.0f.tar.gz 

rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-1.13.2-1.el7.ngx.src.rpm

sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=/usr/local/src/openssl-1.1.0f|g" /root/rpmbuild/SPECS/nginx.spec
sed -i 's|%define WITH_LD_OPT .*|%define WITH_LD_OPT ""|g' /root/rpmbuild/SPECS/nginx.spec
sed -i 's| -fPIC||g' /root/rpmbuild/SPECS/nginx.spec
rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec
rpm -Uvh /root/rpmbuild/RPMS/x86_64/nginx-1.13.2-1.el7.centos.ngx.x86_64.rpm 
systemctl start nginx.service
systemctl enable nginx.service

 

 

 

-------------------------------------

nginx 1.11.13 openssl-1.1.0e

-------------------------------------

yum -y groupinstall 'Development Tools'
yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel

wget https://www.openssl.org/source/openssl-1.1.0e.tar.gz
tar xvfz openssl-1.1.0e.tar.gz 
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-1.11.13-1.el7.ngx.src.rpm
sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=/usr/local/src/openssl-1.1.0e|g" /root/rpmbuild/SPECS/nginx.spec
sed -i 's|%define WITH_LD_OPT .*|%define WITH_LD_OPT ""|g' /root/rpmbuild/SPECS/nginx.spec
sed -i 's| -fPIC||g' /root/rpmbuild/SPECS/nginx.spec
rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec
rpm -Uvh /root/rpmbuild/RPMS/x86_64/nginx-1.11.13-1.el7.centos.ngx.x86_64.rpm 
systemctl start nginx.service
systemctl enable nginx.service
 

---------------------------

nginx-1.11.4 with OpenSSL 1.0/2j (ALPN) on CentOS 7

-------------------------

 

서버에 openssl 1.0.2를 설치할 필요는 없다.

openssl 최신버전 소스를 다운받아 압축을 푼후 nginx리빌드시 포함만 시키면된다.

기존에 설치된 nginx는 remove한다.

yum update시 nginx가 업데이트 안되도록 조치를 취한다.

 

현재 openssl 및 nginx최신버전은 아래와 같다.

openssl-1.0.2j

nginx-1.11.4-1

 

사전 작업

yum -y groupinstall 'Development Tools'
yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel

 

openssl 최신버전을 다운받아 적당한 위치에 압축을 풀어 놓는다 (필자는 "/usr/local/src" 에 풀어 놓았다.)

cd /usr/local/src

wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz

tar xvfz openssl-1.0.2j.tar.gz

 

nginx 최신버전의 srpm을 설치한다.

/root 디렉토리에 설치된다.

rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-1.11.4-1.el7.ngx.src.rpm

 

빌드 설정에 openssl경로(압축을 푼 위치)를 변경한다.

sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=/usr/local/src/openssl-1.0.2j|g" /root/rpmbuild/SPECS/nginx.spec

 

rpm리빌드
rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec

 

rpm설치

rpm -Uvh /root/rpmbuild/RPMS/x86_64/nginx-1.11.4-1.el7.centos.ngx.x86_64.rpm

 

systemctl start nginx.service

systemctl enable nginx.service

 

-------------------------------------------------------------------------------------------

nginx-1.11.10-1 with OpenSSL 1.1.0e (ALPN) on CentOS 7

-------------------------------------------------------------------------------------------

 

#!/bin/bash
OPENSSL="OpenSSL_1_1_0e"
NGINX="nginx-1.11.10-1"

NGINX_URL="https://nginx.org/packages/mainline/centos/7/SRPMS/$NGINX.el7.ngx.src.rpm"
OPENSSL_URL="https://github.com/openssl/openssl/archive/$OPENSSL.tar.gz"

if ! wget --spider $NGINX_URL 2>/dev/null; then
    echo "Bestaat niet! $NGINX_URL";
    exit
fi

if ! wget --spider $OPENSSL_URL 2>/dev/null; then
    echo "Bestaat niet! $OPENSSL_URL";
    exit
fi

yum -y remove nginx
mv /etc/yum.repos.d/nginx.repo /etc/yum.repos.d/nginx.repo_org
yum clean all
yum -y groupinstall 'Development Tools'
yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel

rm -rf /root/rpmbuild
rm -rf /opt/lib
mkdir -p /opt/lib/openssl
wget $OPENSSL_URL -O /opt/lib/openssl.tar.gz
tar -zxvf /opt/lib/openssl.tar.gz -C /opt/lib/openssl --strip 1

rpm -ivh $NGINX_URL
sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=/opt/lib/openssl|g" /root/rpmbuild/SPECS/nginx.spec
sed -i 's|%define WITH_LD_OPT .*|%define WITH_LD_OPT ""|g' /root/rpmbuild/SPECS/nginx.spec
sed -i 's| -fPIC||g' /root/rpmbuild/SPECS/nginx.spec
rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec
rpm -Uvh --force /root/rpmbuild/RPMS/x86_64/$NGINX.el7.centos.ngx.x86_64.rpm
rm /etc/nginx/conf.d/default.conf
mv -f /etc/nginx/nginx.conf.rpmsave /etc/nginx/nginx.conf
systemctl enable nginx
systemctl restart nginx
rm -rf /root/rpmbuild
rm -rf /opt/lib
rm -rf /etc/nginx/fastcgi_params.rpmsave
rm -rf /etc/logrotate.d/nginx.rpmsave
rm -rf /etc/nginx/nginx.conf.rpmnew