0

I would like to use HTTP/2 and to fully use its capabilities. ALPN is bundled in OpenSSL 1.0.2, but NGINX doesn't seem to use it. Seems like OpenSSL is already 1.0.2l and I upgraded nginx to 1.13.6 but it still uses OpenSSL 1.0.1t.

# openssl version -v
OpenSSL 1.0.2l  25 May 2017

nginx -V
nginx version: nginx/1.13.6
built by gcc 4.9.2 (Debian 4.9.2-10)
built with OpenSSL 1.0.1t  3 May 2016 (running with OpenSSL 1.0.2l  25 May 2017)
TLS SNI support enabled

Any help to get NGINX to use OpenSSL 1.0.2 or how I can enable ALPN would be greatly appreciated.

  • See [this](https://serverfault.com/questions/775298/debian-jessie-nginx-with-openssl-1-0-2-to-use-alpn-rather-than-npn/) question. – gxx Oct 14 '17 at 16:12
  • thanks @gf_, I read that and installed through jessie-backports, but it was the same result so that's why decided to try to upgrade to 1.13.6. Any other ideas? – Dimitar Petrov Oct 14 '17 at 16:20
  • Is `nginx` build with `HTTP2`? How do you verify, that `HTTP2` is not working? – gxx Oct 14 '17 at 16:28
  • Runnig the test at: https://tools.keycdn.com/http2-test shows me: Website supports HTTP/2.0. ALPN is not supported. – Dimitar Petrov Oct 14 '17 at 18:05
  • Please answer the first question as well, and show your config. – gxx Oct 14 '17 at 19:35
  • yes, it was compiled with --with-http_v2_module. I coumpiled it from source and seems to be fine now. Thanks – Dimitar Petrov Oct 14 '17 at 20:12

1 Answers1

0

I got the same problem. Here is my solution:

  1. Get your nginx current version

nginx -V

  1. You got some info:

nginx version: nginx/1.14.2 built by gcc 4.9.2 (Debian 4.9.2-10+deb8u1) built with OpenSSL 1.0.1t 3 May 2016 (running with OpenSSL 1.0.2l 25 May 2017) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

  1. Next let's create some dir for the next actions:

mkdir $HOME/nginx_http2

cd $HOME/nginx_http2

  1. Now we have to download the same version of Nginx. For me it's 1.14.2

wget http://nginx.org/download/nginx-1.14.2.tar.gz

  1. Unpack the archive

tar xf nginx-1.14.2.tar.gz

  1. Goto unpacked folder

cd nginx-1.14.2

  1. Now you should copy text from "nginx -V" command - all text after "configure arguments:" and run a command:

./configure <put here copied text>

It will looks like:

./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

  1. Now we have to compile nginx. Please, be sure you haven't got any errors due run these commands. If you got any error, don't call next command and try to fix errors

make

make install

/etc/init.d/nginx restart

Now let's check our version:

nginx -V

nginx version: nginx/1.14.2
built by gcc 4.9.2 (Debian 4.9.2-10+deb8u2) 
built with OpenSSL 1.0.2l  25 May 2017
TLS SNI support enabled
...

And now let's check HTTP2 support: