Halo sobat sekolahlinux, kali ini saya coba memberikan tutorial untuk mengaktifkan HTTP2 dan ALPN pada nginx di centos 7, yang mana untuk mengaktifkannya kita perlu build from source menggunakan libressl, karena jika kalian menginstall nginx melalui repository dengan perintah “yum install nginx” dan jika kalian mengetikkan “nginx-V” hasilny nginx yang kalian pakai masih dibuilt memakai openssl “1.0.1e-fips” yang mana belum mendukung ALPN
nginx version: nginx/1.10.1 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --add-dynamic-module=njs-1c50334fbea6/nginx --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'
nah untuk itu kita install nginx dari source filenya agar bisa kita custom, pertama kita install paket-paket penunjang yang dibutuhkan ketika installasi nginx
yum install gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed
masuk ke folder root
cd /root/
selanjutnya jika sudah download file nginx dan module dan ekstrak filenya
wget http://nginx.org/download/nginx-1.10.1.tar.gz tar zxf nginx-1.10.1.tar.gz wget http://hg.nginx.org/njs/archive/tip.tar.gz tar xfv tip.tar.gz wget http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.6.tar.gz tar xfv libressl-2.3.6.tar.gz
jika sudah buat user pada os centos, perintahnyah seperti dibawah
useradd nginx usermod -s /sbin/nologin nginx
masuk kedalam folder hasil ekstrak nginx
cd nginx-1.10.1
lalu configure source nya dengan paramater seperti dibawah
./configure --prefix=/etc/nginx --with-ld-opt=<span class="-lrt" --with-openssl=/root/libressl-2.3.6 --add-dynamic-module=/root/njs-5e7e498eb90d/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'
jika kita lihat diatas ada 2 paramater yang path nya saya arahkan ke folder hasil ekstrak libressl-2.3.6.tar.gz dan tip-tar.gz, dan 1 parameter khusus karena kita menggunakan libressl kira-kira contohnya seperti dibawah
- –with-openssl=/root/libressl-2.3.6
- –add-dynamic-module=/root/njs-5e7e498eb90d/nginx
- –with-ld-opt=“-lrt“
jika sudah jalankan perintah ini untuk compile dan install sourcenya
make && make install
jika sudah buat file nginx untuk systemd, untuk init dan distro linux lainnya kalian bisa ke link berikut (https://www.nginx.com/resources/wiki/start/topics/examples/initscripts/)
vim /usr/lib/systemd/system/nginx.service
lalu isikan dengan parameter dibawah ini
[Unit] Description=The NGINX HTTP and reverse proxy server After=syslog.target network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/var/run/nginx.pid ExecStartPre=/usr/sbin/nginx -t ExecStart=/usr/sbin/nginx ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target
jika sudah jalankan perintah dibawah untuk menjalankan nginx service
systemctl start nginx.service systemctl enable nginx.service
untuk melihat module dan path apa saja yang digunakan oleh nginx bisa dengan menggunakan perintah dibawah
nginx -V
maka hasilnya seperti dibawah ini
nginx version: nginx/1.10.1 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) built with LibreSSL 2.3.6 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --with-openssl=/root/libressl-2.3.6 --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --add-dynamic-module=/root/njs-5e7e498eb90d/nginx --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=gene
sekian tutorial kali ini, semoga bermanfaat ya