Packages repository for Red Hat Enterprise Linux и CentOS

CodeIT is software development company (including web-based solutions). Therefore, we regularly need actual server software versions with support for advanced contemporary features. For example, NGINX and Apache httpd, built for industrial distributions with HTTP/2 and brotli compression support. But, we were not able to find ready-to-use packages. That’s why we built our own repository for RHEL/CentOS/Rocky Linux/Alma Linux/Oracle Linux distributions and you are welcome to use it:

Version Supported architectures Status
6.x x86_64 EOL / deprecated since 12.2020
7.x x86_64 Extended support since Jul 2024
8.x x86_64, aarch64 Supported
9.x x86_64, aarch64 Supported

To enable automatic packages update for Linux, please be sure to configure yum repository for RHEL/CentOS distributions.

Ready-to-use binary packages

To configure RPM repository for RHEL/CentOS, please install the following package:

CentOS 7 / RHEL 7:

Stable: yum install -y https://repo.codeit.guru/codeit-repo-release.el7.rpm epel-release

Mainline with QUIC / HTTP/3: yum install -y https://repo.codeit.guru/codeit-repo-release.el7.rpm epel-release && yum-config-manager --enable CodeIT-mainline --save

CentOS 8-9 / RHEL 8-9 / Rocky Linux 8-9 / Alma Linux 8-9:

EL8: yum install -y https://repo.codeit.guru/codeit-repo-release.el8.rpm epel-release

EL9: yum install -y https://repo.codeit.guru/codeit-repo-release.el9.rpm epel-release

Mainline with QUIC stream (1.21.x, 1.23.x, …): dnf module enable -y nginx:codeit-mainline

Stable stream (1.20.x, 1.22.x): dnf module enable -y nginx:codeit-stable

Apache httpd stable: dnf module enable -y httpd:codeit

If you want to see the list of available packages, you can view the repository. Please also note that some packages in our repository rely on libraries can be found in EPEL repository (some of them are apr-util and libnghttp for Apache httpd). So, the easiest way to use our builds of  Apache HTTPd is to add EPEL repository, if you still do not have it: yum install -y epel-release

If you want to see the list of available packages, you can view the mainline repository.

Why should I use this repository?

Here we will publish the latest version of nginx (from “mainline” and “stable” branches). Why these builds are better than official ones?

    • We built them statically against OpenSSL 3.0+ that contains support for ALPN (features http2 negotiation at the stage of TLS connection establishment) and TLS 1.3 RFC 8446. It is important for us, since May 2016 Google Chrome cancels NPN support. Those who have not ALPN, remain with plain HTTP/1.1 over SSL without http2.
    • Content compression support using brotli built via plug ngx_brotli + libbrotli (built as a separate package).

We’re now watching apache httpd, mod_http2, mc, nghttp2, nghttp3, ngtcp2, openssl quictls, nginx and we regularly update our buils on regular basis. In the future we plan to expand the list of software products, please check our blog regularly. Of course, SRPMs are available in the repository. Initial version is built against OpenSSL 1.0.2h. Packages in the repository are signed with our GPG-key, our public key is here.

73 thoughts on “Packages repository for Red Hat Enterprise Linux и CentOS”

  1. Is there no changes. I followed the above procedure, actually, I’m looking for a change on this.
    Please support me.

    HTTP/1.1 200 OK
    Date: Tue, 03 Sep 2019 11:45:54 GMT
    Server: Apache/2.4.41 (codeit) PHP/7.2.22
    Last-Modified: Tue, 03 Sep 2019 11:29:11 GMT
    ETag: “1d-591a465c41698”
    Accept-Ranges: bytes
    Content-Length: 29
    Content-Type: text/html; charset=UTF-8

  2. Hi,

    First of all thanks for your builds, during few years I’ve been using your repot to have my webservers updated.

    I’m writting this coment to request adding LUA Support for your nginx, that would enable using your builds with a lot of external third-party integrations.

    Regards,

  3. Hello,
    please, could you build a separate package which includes support for Virtualmin?
    That is, enough to point to /home for suexec docroot, then you could explain to create a local repo and yum replace httpd –replace-with=your package

    Please, let me know, ok? thank you very much

  4. Installed the latest from codeIT and can’t access the Apache main page on port 80:

    HTTP/1.1 403 Forbidden
    Connection: Keep-Alive
    Content-Length: 318
    Content-Type: text/html; charset=iso-8859-1
    Date: Wed, 26 Aug 2020 22:09:41 GMT
    Keep-Alive: timeout=5, max=100
    Server: Apache/2.4.46 (codeit)

    403 Forbidden

    Forbidden
    You don’t have permission to access this resource.
    Additionally, a 403 Forbidden
    error was encountered while trying to use an ErrorDocument to handle the request.

  5. Hello,

    I still using HTTP/1 on my Centos 7 server with Magento 2.

    How can I upgrade to HTTP/2 ?

    Thanks a lot for answering

    1. Hello,

      We do not provide support for upgrading the installations. Usually, this is easy: just upgrade the httpd package and mod_ssl with our ones, check that ssl.conf contains ciphers list and http2 protocol enabled (default sample already has everything to test it).

      However, if you are not familiar with the Apache httpd settings, please try first to play with upgrading in the test environment or hire system administrator/devops who has experience with these httpd settings.

  6. When I run cd /etc/yum.repos.d && wget https://repo.codeit.guru/codeit.el7.repo, I get:

    –2021-01-12 15:20:51– https://repo.codeit.guru/codeit.el7.repo
    Resolving repo.codeit.guru (repo.codeit.guru)… 144.76.75.67, 2a01:4f8:191:9348::6
    Connecting to repo.codeit.guru (repo.codeit.guru)|144.76.75.67|:443… connected.
    HTTP request sent, awaiting response… 200 OK
    Length: 159 [application/octet-stream]
    codeit.el7.repo: Permission denied
    Cannot write to ‘codeit.el7.repo’ (Success).

    Is something down at the moment? Thanks!

  7. Error: Package: mod_http2-1.15.23-1.codeit.x86_64 (CodeIT)
    Requires: libnghttp2 >= 1.21.1
    Error: Package: 1:mod_ssl-2.4.48-1.codeit.el7.x86_64 (CodeIT)
    Requires: sscg >= 2.2.0
    Error: Package: mod_http2-1.15.23-1.codeit.x86_64 (CodeIT)
    Requires: libnghttp2.so.14()(64bit)
    You could try using –skip-broken to work around the problem
    You could try running: rpm -Va –nofiles –nodigest

    i can see this error msg when i upgrade httpd and connected with
    cd /etc/yum.repos.d && wget https://repo.codeit.guru/codeit.el7.repo

      1. I have the same problem as Sam – CentOS 7. You say “install EPEL repo” but “yum install epel-release” says there is “Nothing to do”. I have followed all steps you listed.

        1. Marc,

          You can always recheck if you are able to install libnghttp2 1.33.0 from EPEL, if you really think that you have EPEL repo, it is enabled, libnghttp2 is not blacklisted, overrided etc.

          We do not provide support unfortunately for the operating system and only provide packages as is.

          1. Indeed, our epel.repo was disabled!
            Thanks!

            sudo nano /etc/yum.repos.d/epel.rep
            Change enabled=0 to enabled=1

  8. Any chance to package pagespeed as a module too? Would pair really well with http/2 and brotli support.
    Cheers and thanks for your great work!

  9. Hi just did the repos install and enable module httpd but get these errors whenever I do a dnf update this is on Almalinux 8.5

    Modular dependency problem:

    Problem: module php:7.2:8030020210119114311:2c7ca891.x86_64 requires module(httpd:2.4), but none of the providers can be installed
    – module httpd:2.4:8060020220510105858:9edba152.x86_64 conflicts with module(httpd:codeit) provided by httpd:codeit:1:el8.noarch
    – module httpd:codeit:1:el8.noarch conflicts with module(httpd:2.4) provided by httpd:2.4:8060020220510105858:9edba152.x86_64
    – module httpd:2.4:8060020220622110449:9edba152.x86_64 conflicts with module(httpd:codeit) provided by httpd:codeit:1:el8.noarch
    – module httpd:codeit:1:el8.noarch conflicts with module(httpd:2.4) provided by httpd:2.4:8060020220622110449:9edba152.x86_64
    – conflicting requests

  10. Dependency issues.
    Transaction check error:
    file /usr/lib64/libbrotlicommon.so.1 from install of libbrotli-1.0.9-1.codeit.el7.x86_64 conflicts with file from package brotli-1.0.7-5.el7.x86_64
    file /usr/lib64/libbrotlidec.so.1 from install of libbrotli-1.0.9-1.codeit.el7.x86_64 conflicts with file from package brotli-1.0.7-5.el7.x86_64
    file /usr/lib64/libbrotlienc.so.1 from install of libbrotli-1.0.9-1.codeit.el7.x86_64 conflicts with file from package brotli-1.0.7-5.el7.x86_64

    Error Summary

  11. Re: Dependency issue above.
    I have both apache and nginx installed. I resolved the issue by upgrading apache first.

      1. FYI EL7 builds are already in the testing repo.
        No issues found, CI/CD and tests pass normally, so please expect OpenSSL 3 transfer in May/June.
        This will require some time where users will have broken dependencies, as soon as we do not want to change OpenSSL package name (we will keep it as openssl-quic-libs; now it is openssl-quic-libs-1.1.1t, will be openssl-quic-libs-3.0.8).
        Thus, it requires preliminary builds put to testing repos.

  12. Hi,

    I am attempting to add the CodeIT repo as a custom repo in Red Hat Satellite 6.11. When attempting a sync of the repo, I see this error: “Katello::Errors::Pulp3Error null value in column “arch” violates not-null constraint DETAIL: Failing row contains (129f0b17-e0bc-4726-8d62-f1aeca3c912f, httpd, codeit, 1, el8, null, [{}], [“httpd-0:2.4.54-1.module_codeit.codeit.el8.x86_64”, “httpd-0:2…., f).”

    According to a support case opened with Red Hat, they reference https://access.redhat.com/solutions/7007535 where is the repo maintainer needs to set the architecture value.

    I have been using your repo for Apache web server for quite a while now and have been very satisfied with it. Perhaps I am over looking something while trying to create the repo sync in Satellite.

    1. Hi,

      The article you provided requires a paid subscription from my side. If you can provide me with clear instructions and a test output, I would be happy to add the arch value in this case.
      createrepo --help and createrepo_mod --help do not provide any options to set this value.

      1. Thanks for getting back. The support rep ran a test of a custom yum/dnf repo.
        Here are the steps they used and the comments made:

        ~~~
        # cat /etc/yum.repos.d/custom.repo
        [custom_repo]
        name = custom_repo
        baseurl = https://repo.codeit.guru/packages/centos/8/x86_64/
        enabled = 1
        metadata_expire = 1
        enabled_metadata = 1
        ~~~

        – Once done, run below command to check the architecture of ‘httpd’ module coming from above mentioned ‘custom_repo’.

        # dnf module info httpd

        Name : httpd
        Stream : codeit
        Version : 1
        Context : el8
        Architecture : <=========== This is BLANK
        Profiles : common
        Default profiles :
        Repo : custom_repo
        Summary : Apache httpd CodeIT Builds
        Description : Apache HTTPd server with HTTP/2, TLSv1.3, Brotli support
        Requires :

        Notice the architecture is blank above. The issue should be addressed from the maintainer of the repository. Ensure that every module in the repository has an Architecture Value set for it.

        1. It looks like the architecture is set in the *-modules.yaml under the “data:” section
          I also use a module repo from Remi for PHP. Here is a snippet from their current YAML


          document: modulemd
          version: 2
          data:
          name: php
          stream: remi-8.0
          version: 20230511155149
          context: 00000000
          arch: x86_64
          summary: PHP scripting language

          1. Russel, thanks for pointing out!

            I used modulemd-tools 0.7 for EL8. My first thought that 0.7 can be outdated and compiled latest variant, 0.13. Unfortunately, it still did not create arch field in the module yaml despite specifying it as httpd:codeit:1:el8:aarch64:

            nsvca Module name, stream version, context and architecture
            in a N:S:V:C:A format

            Of course, I will dig it more, but if you will be able to provide any recipes for dir2module, it will be helpful.

            For this moment I don’t like the idea to patch yaml file with the simple script.

  13. Hi Alexander,

    I have been pressing Red Hat support to give me some insight to help. They have two questions.

    1. “Please confirm, In which tool CodeIT repo maintainer passing .yml file input to generate arch?”
    2. “Please confirm, CodeIT repo maintainer trying to create a custom module?”

    I appreciate your willingness work on this since I would prefer to use your repo instead of the back ported version of httpd Red Hat provides.

    1. Hi Russel!

      1. We use “createrepo_mod” and “dir2module” tools to create the module from directory files
      2. Yes, we created custom nginx and httpd modules so users can select them and install our versions instead of RedHat ones.

      Thanks for the donation!

    2. Please also check if EL8 builds (both x86_64 and aarch) are now parsed properly for you. Manual patching added. If it works, I will add these hacks for EL9.

      Name             : httpd
      Stream           : codeit
      Version          : 1
      Context          : el8
      Architecture     : aarch64
      Profiles         : common
      Default profiles :
      Repo             : CodeIT
      Summary          : Apache httpd CodeIT Builds
      Description      : Apache HTTPd server with HTTP/2, TLSv1.3, Brotli support
      
      1. Alexander,

        The latest sync worked perfectly. Thanks for working to get this going. I know it’s frustrating to manually patch. I do appreciate it.

  14. Dear Codeit,

    we tried to sync your repo with pulp 3 but it fails within step: “Downloading Artifacts”

    traceback:
    SNIP…..
    File \”/usr/local/lib/python3.8/site-packages/pulp_rpm/app/modulemd.py\”, line 202, in parse_modular\n modulemd_all.append(create_modulemd(parsed_data, module))\n File \”/usr/local/lib/python3.8/site-packages/pulp_rpm/app/modulemd.py\”, line 120, in create_modulemd\n data[PULP_MODULE_ATTR.NAME],\n”,
    “description”: “‘name'”
    SNIP…..

    It looks like there ist some complaint about the modulemd restriction or artifacts/content regarding to the repomd. Do you have any idea?

    1. Hello, I do not have any ideas regarding this error unfortunately. We test our repos with yum/dnf only, this is the supported way to use it.
      If you see any anomalies with other software, please report with steps to fix it.

  15. Because Red Hat prohibits the recompilation version, it is expected that a series of versions such as almalinux will hardly survive. We also plan to migrate to the Debian platform. Are you planning to launch a corresponding package for Debian?
    Thanks.

    1. James, why do you think that “almalinux will hardly survive”?

      Please check their blog to find official plans.

      For now I do not see any needs to support Debian for us, but anyway if community really needs it and want to support it, let’s think about it.

      1. Alexander,
        I have seen their plans, although I also like almalinux, but I don’t think their plans will work, I don’t think their staff reserves and technical reserves and financial strength, it is really difficult to keep up with Red Hat’s bugfix and security patches, they don’t have the ability to maintain a release.
        Just a kernel patch, Red Hat can kill other recompiled versions, users will have a great sense of incompleteness, in fact, I am not willing to leave the platform that I have used for 17 years, but at present, almalinux rocky oraclelinux It’s only a matter of time before we leave.

  16. Hi

    How can I remove codeit repo and go back to centos 7 repo? is there a way to do that?

    1. Hi,

      Sure you can. Just remove codeit-repo package or codeit.repo file in your /etc/yum.repos.d.

      Then downgrade httpd and nginx packages to those from base vault repo.

      Please note that these downgraded versions from CentOS have known vulnerabilities.

  17. Hello,

    Thanks for all your efforts.

    Would it be possible to create packages for spamassassin 4.0.0 (and later) for RHEL/Rocky/AlmaLinux 8 (and 9)?

    SA 4.0.0+ versions provide critical Unicode functionality, missing from earlier versions.

    Thanks,
    Nick

    1. Hi Nick,

      CodeIT does not use spamassassin on production deployments, thus we have no plans adding SpamAssassin 4.
      At the same time, it seems we will be able to build it and add it to the pipeline to the separate repo branch on donation basis (“Great Company”+). Please tell me if you are interested.

      1. Hi Alexander,

        I am an engineer at a non-profit public sector Scientific Research institute and I doubt that our org has the accounting flexibility to offer donations.

        What kind of donation would be considered valid?

        Cheers,
        Nick

        1. Hi Nick,

          First of all, if you need CentOS packages, please note that CentOS 7 has finished its 10 years cycle, is considered EOL and is potentionally vulnerable.
          If you need EL7 packages and have <20 IP addresses, please use "Small Company" variant.

          You need to migrate to EL9 as soon as possible and have 8+ years of free support.

          1. Hi Alexander,

            As I mentioned in my initial post, the server in question is currently in EL8, specifically on Rocky 8, so there is no need to migrate any time soon.

            It’s a mail gateway server (for incoming mail) with Postfix (from GhettoForge), Amavis (from EPEL), ClamAV (from EPEL), SpamAssassin (from appstream).

            Cheers,
            Nick

          2. Hi Nick,

            Sorry for the previous reply, I missed the context, now I understand that the question is in SpamAssassin rpms for EL8 and EL9.
            This requires some of work to build pipelines, support and monitoring, at the same time it will be probably used only by your organization.

            That’s why, I ask you to subscribe to “Great Company”+ package to create SA rpms flow for you (as a separate repo to avoid breaking SA for other users) even if it is a single server.
            If you have any questions, please PM me (contacts: https://codeit.guru/2024/07/centos-7-eol/).

            Thanks!

      1. Understood and thank you for the swift response.

        By joining the Patreon and supply the IP (single server) by DM, we should be able to update?

        Thank you.

        Joe

  18. I couldn’t find any other way to contact you. I’m having an issue with access to your repository. CloudFlare is blocking access to it and yum on my server cannot complete anything with your repository enabled. This happens only from a specific IP address. Other servers in the same network range can pull https://repo.codeit.guru/packages/centos/9/x86_64/repodata/repomd.xml without any issues. Can you please take a look? Here’s a CF ray id from a curl request that I made to the above link from the problematic host: 8b7cf684a98b46ce-DFW

    1. Hello Nikolay,

      Probably, Cloudflare resolves your source IP address as russian or belorussian. As Ukrainian based company, we do not want anyway to help aggressor and simply block these ips.

      If no, please provide this ip address, I’ll check

      1. Thank you for reaching out to me so quickly! Can you please check the logs in your CloudFlare firewall event logs? The IP in question is located in Dallas Texas. I personally am Bulgarian and I agree with your preferences, but I don’t think that this is a place for political discussion given the fact that these comments will eventually get indexed by Google. I’ll be more than happy to continue this discussion over email if you contact me on the email that I’ve entered here as point of contact. The email address is under my personal domain name and you can quickly see where the mail server is located. I’d even share the specific IP address and WHOIS data, but not here publicly. Hope you understand.

      2. You can easily check through Cloudflare>codeit.guru>Security>Events. There you need to add a filter, select “Ray ID” “equals” “8b7cf684a98b46ce”.

  19. Did something change with the Centos 7 repo? My server, which is in the US, is getting a 403 forbidden error when trying to connect to it.

  20. Dear Alexander

    I use your newest version for CentOS 9 Stream. I migrated from CentOS 7. In the newest version is it possible to use TLS 1.2 and TLS 1.3 or TLS 1.2 is disabled?

    Sincerely

    Mateusz Kiczela

Leave a Reply

Your email address will not be published. Required fields are marked *