sh RPM使用静态OpenSSL 1.1在CentOS 6/7上使用ALPN构建Nginx 1.11.x(在Chrome中支持http / 2支持需要1.02+)

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sh RPM使用静态OpenSSL 1.1在CentOS 6/7上使用ALPN构建Nginx 1.11.x(在Chrome中支持http / 2支持需要1.02+)相关的知识,希望对你有一定的参考价值。

# Based on CentOS7 fork of @smartmadsoft: https://gist.github.com/moneytoo/ab3f34e4fddc2110675952f8280f49c5

# "6" for CentOS6 or Amazon Linux, "7" for CentOS7
CENTVER="6"

OPENSSL="openssl-1.1.0-pre5"
NGINX="nginx-1.11.0-1"

yum clean all
# Install epel packages (required for GeoIP-devel)
yum -y install http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y groupinstall 'Development Tools'
yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel pcre-devel

useradd builder
groupadd builder

mkdir -p /opt/lib

# Untar, but don't compile openssl to /opt/lib
wget https://www.openssl.org/source/$OPENSSL.tar.gz -O /opt/lib/$OPENSSL.tar.gz
tar -zxvf /opt/lib/open* -C /opt/lib

# Build source nginx (no auto-updates), statically link to /opt/lib/openssl* (no OS effects)
rpm -ivh http://nginx.org/packages/mainline/centos/$CENTVER/SRPMS/$NGINX.el$CENTVER.ngx.src.rpm
sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=/opt/lib/$OPENSSL|g" /root/rpmbuild/SPECS/nginx.spec
# Compile it
rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec
# Install it
rpm -ivh /root/rpmbuild/RPMS/x86_64/$NGINX.el$CENTVER.ngx.x86_64.rpm

mkdir -p /etc/nginx/ssl

# You can just accept defaults, but make sure to use a "real" local dev Common Name, eg: localdev
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

# *** Add /etc/hosts on OSX for localhost (eg, 127.0.0.1 localdev )

cp -p /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf-orig

cat <<'EOT' > /etc/nginx/conf.d/default.conf 
server {
   listen 80 default_server;
   listen 443 ssl http2;
   root /usr/share/nginx/html;
   index index.html index.htm;
   # LOCALDEV-COMMON-NAME is whatever you gave in the certificate setup for Common Name 
   server_name LOCALDEV-COMMON-NAME;
   ssl_certificate /etc/nginx/ssl/nginx.crt;
   ssl_certificate_key /etc/nginx/ssl/nginx.key;
   location / {
      try_files $uri $uri/ =404;
   }
}
EOT

/opt/lib/openssl*/apps/openssl version -a

nginx -V # 2>&1 | sed -r -e 's/\s+--/\n/g' | grep -E 'version|v2' --color=never

# service iptables stop # <-- only for VirtualBox setups

service nginx start

# Other useful queries:
# /opt/lib/openssl*/apps/openssl ciphers | tr ':' '\n' | sort | less
# /opt/lib/openssl*/apps/openssl ecparam -list_curves | less

以上是关于sh RPM使用静态OpenSSL 1.1在CentOS 6/7上使用ALPN构建Nginx 1.11.x(在Chrome中支持http / 2支持需要1.02+)的主要内容,如果未能解决你的问题,请参考以下文章

sh 一个bash脚本,用于为OS X和iOS生成“all-in-one”OpenSSL静态库。该脚本生成胖静态库(i386,x86_64 for

如何像 bdist_wininst 一样使用 bdist_rpm?

使用VS2005编译安装openssl1.1.1c

静态编译OpenSSL并整合到Qt

RPM升级OPENSSH和OPENSSL

从 RPM 规范文件中提取 shell 脚本以进行静态分析