LoginSignup
1
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@toryuneko(飛竜猫)

nginx1.22 と openssl3.0 の組み合わせでコンパイルする

Posted at

nginx 1.22 で OpenSSL3.0のビルド可能に

OpenSSL ver 1.1.x が 2023年9月のライフサイクルサポートが切れる前に、nginx の ver 1.22 で OpenSSL3.0のビルドが可能になったようなので、試しにビルドしてみることにしました。
OpenSSL ver 1.1.1 の時に使っていたconfig の tls-1.3 の記述を消したこと、次のパッケージを入れれば,ビルドできました(1.1.1の時は不要だったようで...)。

yum install perl-IPC-Cmd

nginxビルドのコマンドは以下の通り
余分な物も入っていますので、その辺りはカスタムを...

#!/bin/bash

### === version setting =======
## https://www.openssl.org/
sslver=3.0.3

## https://nginx.org/en/download.html
nginxver=1.22.0

## https://www.zlib.net/
zlibver=1.2.12

## slowfs, purge (cache module) version
## http://labs.frickle.com/files/
slowfs=1.9
purge=2.3

## develkit version(misc,lua include module)
## https://github.com/simplresty/ngx_devel_kit/releases
develkit=0.3.1

## misc version 
## https://github.com/openresty/set-misc-nginx-module/tags 
misc=0.32


## ===== source code get ======
# openssl get
if [ -d /usr/local/bin/openssl-$sslver ]; then
	:
else
	cd /usr/local/src
	wget https://www.openssl.org/source/openssl-$sslver.tar.gz
	tar -zxf openssl-$sslver.tar.gz
	rm -f ./openssl-$sslver.tar.gz
fi

# zlib get
if [ -d /opt/zlib/zlib-$zlibver ]; then
	:
else
	cd /usr/local/src
	wget https://zlib.net/zlib-$zlibver.tar.gz
	tar -zxf zlib-$zlibver.tar.gz
	rm -f ./zlib-$zlibver.tar.gz
fi

# nginx
cd /usr/local/src
wget https://nginx.org/download/nginx-$nginxver.tar.gz
tar -zxf nginx-$nginxver.tar.gz
rm -f ./nginx-$nginxver.tar.gz

# slowfs
cd /usr/local/src
wget http://labs.frickle.com/files/ngx_slowfs_cache-$slowfs.tar.gz
tar -zxf ngx_slowfs_cache-$slowfs.tar.gz
rm -f ./ngx_slowfs_cache-$slowfs.tar.gz

# ngx_cache_purge
cd /usr/local/src
wget http://labs.frickle.com/files/ngx_cache_purge-$purge.tar.gz
tar -zxf ngx_cache_purge-$purge.tar.gz
rm -f ./ngx_cache_purge-$purge.tar.gz

# ngx_devel_kit
cd /usr/local/src
wget https://github.com/simplresty/ngx_devel_kit/archive/v$develkit.tar.gz
tar -zxf v$develkit.tar.gz
rm -f ./v$develkit.tar.gz

# misc-nginx-module
cd /usr/local/src
wget https://github.com/openresty/set-misc-nginx-module/archive/v$misc.tar.gz
tar -zxf v$misc.tar.gz
rm -f ./v$misc.tar.gz

### ==== compile & build run ====

# zlib build
if [ -d /usr/local/src/zlib-$zlibver ]; then
	cd /usr/local/src
	cd zlib-$zlibver
	./configure --prefix=/opt/zlib/zlib-$zlibver
	make && make install
fi

# nginx build
cd /usr/local/src/nginx-$nginxver

./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib64/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-compat \
--with-file-aio \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_xslt_module \
--with-pcre-jit \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-zlib=/usr/local/src/zlib-$zlibver \
--with-openssl=/usr/local/src/openssl-$sslver \
--add-module=/usr/local/src/ngx_cache_purge-$purge \
--add-module=/usr/local/src/ngx_slowfs_cache-$slowfs \
--add-module=/usr/local/src/ngx_devel_kit-$develkit \
--add-module=/usr/local/src/set-misc-nginx-module-$misc \
--with-cc-opt='-O3 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' \
--with-ld-opt="-Wl,-E,-rpath,/usr/local/lib"

make
make install

#systemctl restart nginx
#systemctl status nginx

cd /usr/local/src
#rm -rf ./nginx-*

まだ、tls-1.3 が有効であるのかなど、調べてはいませんが...

1
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?