2017年4月23日星期日

nginx enable http2 ALPN

$ yum install pcre-devel zlib unzip git

# 1. Install a package with repository for your system:
# On CentOS, install package centos-release-scl available in CentOS repository:
$ sudo yum install centos-release-scl

# On RHEL, enable RHSCL repository for you system:
$ sudo yum-config-manager --enable rhel-server-rhscl-7-rpms

# 2. Install the collection:
$ sudo yum install devtoolset-3-gcc

# 3. Start using software collections:
$ scl enable devtoolset-3 bash

# 4. verify install 
$ gcc --version
# gcc (GCC) 4.9.2 20150212 (Red Hat 4.9.2-6)
# Copyright (C) 2014 Free Software Foundation, Inc.
# This is free software; see the source for copying conditions.  There is NO
# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

# download patch

$ git clone https://github.com/cloudflare/sslconfig.git
# download openssl-1.0.2g
$ wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2g.tar.gz

# untar 
$ tar -zxvf openssl-1.0.2g.tar.gz
$ cd openssl-1.0.2g
$ patch -p1 < openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch
$ ./config --prefix=/usr/local/openssl-1.0.2g --openssldir=/etc/ssl --libdir=lib shared zlib-dynamic
$ make depend
## make && make install

# install nginx
## 
$ git clone https://github.com/grahamedgecombe/nginx-ct.git


## download 
$ wget https://nginx.org/download/nginx-1.10.3.tar.gz
$ tar zxvf nginx-1.10.3.tar.gz
$ cd nginx-1.10.3
$ patch -p1 < ../sslconfig/patches/nginx__dynamic_tls_records.patch
$ ./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx  --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module  --add-module=../nginx-ct --with-openssl=/data/downloads/openssl-1.0.2g/
$ make && make install