30 nov. 2012

Compile Nginx with custom OpenSSL in Ubuntu 10.04

The problem

We need Server Name Indication (SNI) for nginx, but the OpenSSL version included in Ubuntu 10.04 does not support it.

Edit: I just noticed that I was wrong. SNI  *IS* supported by the version of openssl provided with Ubuntu 10.04:  libssl0.9.8-7ubuntu8.13 

The solution

  • Download, build and install a recent version of OpenSSL
  • Compile nginx against this version of OpenSSL
  • Do not replace the system openssl
Here are the steps I took:

# install dependencies
sudo apt-get install build-essential libpcre3-dev libxml2-dev libxslt1-dev
cd
mkdir -p src; cd src
wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz
tar xzf openssl*
cd openssl*
./config shared zlib-dynamic
make
# This installs everything in /usr/local/ssl
sudo make install
wget http://nginx.org/download/nginx-1.2.5.tar.gz
tar xzf nginx*
cd nginx*
# edit auto/lib/openssl/conf manually or use sed
sed -i -e 's|\.openssl/||' auto/lib/openssl/conf
./configure --with-openssl=/usr/local/ssl --with-http_ssl_module
make
# test if SNI is displayed
./objs/nginx -V
# if everithing is ok, install
sudo make install

References