Skip to content

Enabling Nginx TLS SNI support on CentOS 5

December 21, 2010

By default centos 5.5 has openssl-0.9.8e which is not have tls extention for sni support. this is workaround on how to get nginx 0.8.53.1 rpm with TLS SNI enabled

1 – Download SRPM of Nginx and openssl tarball
# wget http://cerntos.alt.ru/pub/nginx/0.8/RHEL/SRPMS/nginx-0.8.53-1.el5.src.rpm
# wget http://www.openssl.org/source/openssl-0.9.8l.tar.gz

2 – Extract openssl in /usr/local/src and install SRPM
# tar -xzvf http://www.openssl.org/source/openssl-0.9.8l.tar.gz -C /usr/local/src
# rpm -ivh nginx-0.8.53-1.el5.src.rpm

3 – Edit nginx.spec (/usr/src/redhat/SPECS/nginx.spec) and add the following lines:
./configure \
–user=%{nginx_user} \
–group=%{nginx_group} \
–prefix=%{nginx_datadir} \
–sbin-path=%{_sbindir}/%{name} \
–conf-path=%{nginx_confdir}/%{name}.conf \
–error-log-path=%{nginx_logdir}/error.log \
–http-log-path=%{nginx_logdir}/access.log \
–http-client-body-temp-path=%{nginx_home_tmp}/client_body \
–http-proxy-temp-path=%{nginx_home_tmp}/proxy \
–http-fastcgi-temp-path=%{nginx_home_tmp}/fastcgi \
–pid-path=%{_localstatedir}/run/%{name}.pid \
–lock-path=%{_localstatedir}/lock/subsys/%{name} \
–with-openssl=”/usr/local/src/openssl-0.9.8l/” \
–with-openssl-opt=”enable-tlsext” \

–with-http_secure_link_module \
–with-http_random_index_module \
–with-http_ssl_module \
–with-http_realip_module \
–with-http_addition_module \
–with-http_sub_module \
–with-http_dav_module \


below change the following line:

make %{?_smp_mflags}

to:

make

4 – Rebuild the RPM

# rpmbuild -bb nginx.spec

5 – Install and verify the new Nginx
# nginx -V
nginx version: nginx/0.8.53built by gcc 4.1.2 20080704 (Red Hat 4.1.2-48)
TLS SNI support enabled

 

Reference: http://www.kutukupret.com/2010/08/30/nginx-enabling-tls-sni-support-on-centos-5/

From → Linux, nginx

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: