Skip to content

Build script to build Nginx with latest SSL source instead of the default OpenSSL.

Notifications You must be signed in to change notification settings

miaulightouch/PatchedNginx

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 
 
 

Repository files navigation

PatchedNginx

Supported Version:

  • CentOS 7:
    • Nginx 1.10.3
    • Nginx 1.11.10

Nginx Logo

Build script to build current stable Nginx with SSL source list below:

And provide addition feature:

This allows you to use some state-of-the-art crypto features not yet available in the stable branch of OpenSSL, like ChaCha20-Poly1305 as a cipher/MAC combo, and X25519 (aka Curve25519) as the ECDHE curve provider if you want to get away from using unsafe NIST curves (though you probably want to check the X25519 browser support matrix before trying that).

It would compat as RPM package, you can easily install/uninstall via package manager.

Build specified version

Usage: build-*.sh [Option]...

--mainline     Build Nginx Mainline

--boringssl    Use BoringSSL source
--libressl     Use LibreSSL source
--openssl      Use OpenSSL source with ChaCha20_Poly1305 patch

--passenger    Build with passenger module

--hardening    Enable full relro

If you execute ./build-*.sh without parameter, it would be ./build-*.sh --openssl

For example, if you want build stable version with LibreSSL, passenger module, enable full relro:

./build-centos.sh libressl passenger hardening

Enabling Passenger (for Ruby-on-Rails)

To enable Phusion Passenger in Nginx, you need to compile the Passenger module into Nginx. Passenger has a helpful script to do this for you (passenger-install-nginx-module), but that makes it difficult to . Instead, I have developed a version of this script tweaked for Passenger that you can run after installing the Passenger gem and hopefully enable full Passenger support in Nginx.

Install Ruby:

CentOS7: sudo yum install rubygems ruby-devel libcurl-devel
Debian:  sudo apt install ruby ruby-dev

Install Rails:

sudo gem install rails -v 4.2.7

Install Passenger (tool for deploying Rails apps):

sudo gem install passenger

To run the Passenger version of the BoringNginx build script:

./build-*.sh --passenger

Since building in this fashion bypasses Passenger's auto-compile script that automatically builds its module into Nginx for you, you will also miss out on some of the other things the script does.

If you attempt to run a Rails app and end up with the following in your Nginx error.log:

The PassengerAgent binary is not compiled. Please run this command to compile it: /var/lib/gems/2.1.0/gems/passenger-5.0.29/bin/passenger-config compile-agent

You should be able to fix this by running the following command:

sudo $(passenger-config --root)/bin/passenger-config compile-agent

To find out what configuration directives you need to set inside your nginx.conf file before Passenger will function, please see the Nginx Config Reference page on the Passenger site.

For reference, I added the following lines to the http {} block of my Nginx config:

	passenger_root			/var/lib/gems/2.1.0/gems/passenger-5.0.29; # This is the result of "passenger-config --root"
	passenger_ruby			/usr/bin/ruby;

And the following line to my server {} block:

	passenger_enabled		on;

If you have location {} blocks nested within your server {} block, you need to make sure that the passenger_enabled on; directive seen above is included in every location block that should be serving a Rails app.

About

Build script to build Nginx with latest SSL source instead of the default OpenSSL.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%