Build nginx from source with libressl in centos 7 (HTTP2+ALPN Support)

By
admin
-
0
697

Halo sobat sekolahlinux, kali ini saya coba memberikan tutorial untuk mengaktifkan HTTP2 dan ALPN pada nginx di centos 7, yang mana untuk mengaktifkannya kita perlu build from source menggunakan libressl, karena jika kalian menginstall nginx melalui repository dengan perintah “yum install nginx” dan jika kalian mengetikkan “nginx-V” hasilny nginx yang kalian pakai masih dibuilt memakai openssl “1.0.1e-fips” yang mana belum mendukung ALPN

nginx version: nginx/1.10.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --add-dynamic-module=njs-1c50334fbea6/nginx --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'

nah untuk itu kita install nginx dari source filenya agar bisa kita custom, pertama kita install paket-paket penunjang yang dibutuhkan ketika installasi nginx

yum install gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed

masuk ke folder root

cd /root/

selanjutnya jika sudah download file nginx dan module dan ekstrak filenya

wget http://nginx.org/download/nginx-1.10.1.tar.gz
tar zxf nginx-1.10.1.tar.gz
wget http://hg.nginx.org/njs/archive/tip.tar.gz
tar xfv tip.tar.gz
wget http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.6.tar.gz
tar xfv libressl-2.3.6.tar.gz

jika sudah buat user pada os centos, perintahnyah seperti dibawah

useradd nginx
usermod -s /sbin/nologin nginx

masuk kedalam folder hasil ekstrak nginx

cd nginx-1.10.1

lalu configure source nya dengan paramater seperti dibawah

./configure --prefix=/etc/nginx --with-ld-opt=<span class="-lrt" --with-openssl=/root/libressl-2.3.6 --add-dynamic-module=/root/njs-5e7e498eb90d/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'

jika kita lihat diatas ada 2 paramater yang path nya saya arahkan ke folder hasil ekstrak libressl-2.3.6.tar.gz dan tip-tar.gz, dan 1 parameter khusus karena kita menggunakan libressl kira-kira contohnya seperti dibawah

  • –with-openssl=/root/libressl-2.3.6
  • –add-dynamic-module=/root/njs-5e7e498eb90d/nginx
  • –with-ld-opt=-lrt

jika sudah jalankan perintah ini untuk compile dan install sourcenya

make && make install

jika sudah buat file nginx untuk systemd, untuk init dan distro linux lainnya kalian bisa ke link berikut (https://www.nginx.com/resources/wiki/start/topics/examples/initscripts/)

vim /usr/lib/systemd/system/nginx.service

lalu isikan dengan parameter dibawah ini

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

jika sudah jalankan perintah dibawah untuk menjalankan nginx service

systemctl start nginx.service
systemctl enable nginx.service

untuk melihat module dan path apa saja yang digunakan oleh nginx bisa dengan menggunakan perintah dibawah

nginx -V

maka hasilnya seperti dibawah ini

nginx version: nginx/1.10.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC)
built with LibreSSL 2.3.6
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --with-openssl=/root/libressl-2.3.6 --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --add-dynamic-module=/root/njs-5e7e498eb90d/nginx --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=gene

sekian tutorial kali ini, semoga bermanfaat ya