-
-
Save moneytoo/ab3f34e4fddc2110675952f8280f49c5 to your computer and use it in GitHub Desktop.
### No longer needed as of nginx-1.13.6-1.el7_4.ngx.x86_64.rpm from nginx.org | |
### it was compiled against OpenSSL 1.0.2 from CentoOS 7.4 so it supports ALPN (HTTP2 works) | |
yum -y groupinstall 'Development Tools' | |
yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel rpmdevtools | |
OPENSSL="openssl-1.0.2l" | |
NGINX_VERSION="1.13.5-1" | |
NJS_VERSION="1.13.5.0.1.13-1" | |
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-$NGINX_VERSION.el7.ngx.src.rpm | |
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-geoip-$NGINX_VERSION.el7.ngx.src.rpm | |
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-image-filter-$NGINX_VERSION.el7.ngx.src.rpm | |
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-njs-$NJS_VERSION.el7.ngx.src.rpm | |
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-perl-$NGINX_VERSION.el7.ngx.src.rpm | |
rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-module-xslt-$NGINX_VERSION.el7.ngx.src.rpm | |
sed -i "/Source12: .*/a Source100: https://www.openssl.org/source/$OPENSSL.tar.gz" /root/rpmbuild/SPECS/nginx.spec | |
sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=$OPENSSL|g" /root/rpmbuild/SPECS/nginx.spec | |
sed -i '/%setup -q/a tar zxf %{SOURCE100}' /root/rpmbuild/SPECS/nginx.spec | |
sed -i '/.*Requires: openssl.*/d' /root/rpmbuild/SPECS/nginx.spec | |
# hardening whatnots since 1.11.9 | |
sed -i 's|%define WITH_LD_OPT .*|%define WITH_LD_OPT ""|g' /root/rpmbuild/SPECS/nginx.spec | |
sed -i 's| -fPIC||g' /root/rpmbuild/SPECS/nginx.spec | |
spectool -g -R /root/rpmbuild/SPECS/nginx.spec | |
# if '.rpmmacros' contains "%_sourcedir %{_topdir}/SOURCES/%{name}" | |
#spectool -g -C /root/rpmbuild/SOURCES/nginx/ /root/rpmbuild/SPECS/nginx.spec | |
rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec | |
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-geoip.spec | |
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-image-filter.spec | |
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-njs.spec | |
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-perl.spec | |
rpmbuild -ba /root/rpmbuild/SPECS/nginx-module-xslt.spec | |
#rpm -Uvh /root/rpmbuild/RPMS/x86_64/nginx-$NGINX_VERSION.el7.centos.ngx.x86_64.rpm |
Hmmm...
At last step:
[root@host etc]# rpm -Uvh --force /root/rpmbuild/RPMS/x86_64/$NGINX.el7.centos.ngx.x86_64.rpm
error: Unmet dependencies:
nginx = 1:1.11.3-1.el7.ngx need for (installed)nginx-module-geoip-1:1.11.3-1.el7.ngx.x86_64
[root@host etc]#
How I can fix it? And thx you for nice gist.
Awesome script. Wondering how to add ngx_pagespeed and ModSecurity as a dynamic modules? Thanks.
@johnange, did you checkout http://repo.aerisnetwork.com
what do you mean with line 19 ?
@it-can nginx.org introduced extra compiler and linker arguments in 1.11.9. That affects OpenSSL but I guess it would take just properly configure/make OpenSSL and/or update the right single flag but my knowledge of rpm and building is very little. I don't have time for learning related things or experimenting so it's just compiled the same way as previous versions (wild guess it's "just" some hardening). (RHEL/CentOS 7.4 will bring OpenSSL 1.0.2 anyway.)
Nginx-more is basically nginx stable release
Thank you for making this available. My current Nginx and OpenSSL are installed via the regular Yum. Nginx is thus the latest stable 1.10.3
. I'm happy to upgrade it to the above, but it would be good to have Yum-updatable in the future, so that I don't have to jump through the same hoops in the future. Is this possible, or do I completely move away from the Yum system by executing with this script?
Great!
thank you!
If it helps anybody I added a Dockerfile to build this from any other distro https://gist.github.com/nicolasazrak/e96f707e6ba816d31e438aa2e58f27ff#file-dockerfile
It was really useful for me because I use a vps with low memory and could not build it there. So with the docker.sh
script I could build it in my pc and then uploaded to the CentOS server.
It would be better to increment the release number than to use --force :)