NGINX with HTTP/3 / QUIC support for CentOS 7

We test builds for nginx with http v3 (ex-QUIC) for CentOS 7. To get it, you need to install and configure our test repo:

yum install -y https://repo.codeit.guru/codeit-repo-release.el7.rpm epel-release && yum-config-manager --enable CodeIT-testing --save

The package has version 1.26.1-2, but defined nginx binary version is 1.27.1. This is a known issue. See bundled /etc/nginx/conf.d/default-ssl.conf.example for working HTTP/3 configuration example on port 443/UDP! For testing purposes only!

NGINX with HTTP/3 / QUIC support

We started test builds for nginx with http v3 (ex-QUIC) for CentOS 8 / RHEL 8/ AlmaLinux 8 / Rocky Linux 8. To get it, you need to install and configure our test repo:

yum install -y https://repo.codeit.guru/codeit-repo-release.el8.rpm epel-release && dnf module enable -y nginx:codeit-quic

The package has version 1.26.1-1, but defined nginx binary version is 1.27.1. This is a known issue. See bundled /etc/nginx/conf.d/default-ssl.conf.example for working HTTP/3 configuration example on port 443/UDP!

For testing purposes only!

OpenSSL+quic builds

We started providing builds for OpenSSL+quic project (Akamai and Microsoft initiative) for EL7/EL8. This will allow us to have NGINX HTTP/3 (ex-QUIC) support. libs package does not conflict with bundled OpenSSL libs: so-libs files version is prefixed with “81.”: libssl.81.1.1 and libcrypto.81.1.1 instead of bundled libssl.1.1 and libcrypto.1.1.

To install you can run: dnf install openssl-quic-libs

Devel package is also available: openssl-quic-devel.

Apache httpd 2.4.53 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1m with http2, mod_http2 2.0.2 and ALPN for Red Hat Enterprise Linux 7/8 and CentOS 7, Alma Linux 8, Rocky Linux 8

Apache httpd 2.4.53-1 with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS 7/8, Alma Linux 8, Rocky Linux 8 added to repository. mod_http2 2.0.2 is built dynamically against OpenSSL 1.1.1m. Links:

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Since 2.4.43-4 release we built OpenSSL as a separate package that installs to the separate directory (/opt/codeit/openssl111) and does not affects system libraries. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

NGINX 1.21.6 mainline with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1m for Red Hat Enterprise Linux and CentOS

NGINX 1.21.6 mainline version with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2), ngx cache purge and ngx http geoip2 module support. SSL is built dynamically against OpenSSL 1.1.1m added to the CentOS/RHEL repository. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. To enable TLS 1.3, you must specify:

Since version 1.21.6, the build for EL8 is available.

ssl_protocols TLSv1.2 TLSv1.3;

Since 1.18.0 release for Centos 7 we build OpenSSL as a separate package that installs to the separate directory (/opt/codeit/openssl111) and does not affects system libraries.

NGINX 1.20.2 stable with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1k for Red Hat Enterprise Linux and CentOS

NGINX 1.20.2 stable version with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2), ngx cache purge and ngx http geoip2 module support added to CentOS/RHEL repository. SSL is built dynamically against OpenSSL 1.1.1k. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. To enable TLS 1.3, you must specify:

ssl_protocols TLSv1.2 TLSv1.3;

Since 1.18.0 release for Centos 7 we build OpenSSL as a separate package that installs to the separate directory (/opt/codeit/openssl111) and does not affects system libraries.

Apache httpd 2.4.52 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1l with http2, mod_http2 2.0.2 and ALPN for Red Hat Enterprise Linux 7/8 and CentOS 7, Alma Linux 8, Rocky Linux 8

Apache httpd 2.4.52-1 with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS 7/8, Alma Linux 8, Rocky Linux 8 added to repository. mod_http2 2.0.2 is built dynamically against OpenSSL 1.1.1l. Links:

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Since 2.4.43-4 release we built OpenSSL as a separate package that installs to the separate directory (/opt/codeit/openssl111) and does not affects system libraries. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Apache httpd 2.4.50 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1l with http2, mod_http2 1.15.24 and ALPN for Red Hat Enterprise Linux 7 and CentOS 7

Apache httpd 2.4.50-1 with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS added to repository. Mod_ssl 1.15.24 is built dynamically against OpenSSL 1.1.1l. Links:

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Since 2.4.43-4 release we built OpenSSL as a separate package that installs to the separate directory (/opt/codeit/openssl111) and does not affects system libraries. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Http2 Apache httpd module no longer supports prefork mpm from version 2.4.27. If you need http2 module, please disable prefork mpm and enable evemt mpm in /etc/httpd/conf.modules.d/00-mpm.conf. We already made this in 00-mpm.conf in our packages. If you are updating other vendor installation, please update this file. We already included a minimum required SELinux policy into the package. Feel free to use our CentOS/RHEL repository. Please also note that this package depends on apr-util 1.5.0+ and libnghttp, which you can found in EPEL repository. So, the easiest way to use our builds of Apache HTTPd is to add EPEL repository, if you still do not have it: yum install -y epel-release

Apache httpd 2.4.49 with brotli support, TLS 1.3 final (RFC 8446) built against OpenSSL 1.1.1l with http2, mod_http2 1.15.24 and ALPN for Red Hat Enterprise Linux 7 and CentOS 7

Apache httpd 2.4.49-1 with brotli compression library from Google, TLS 1.3 Final (RFC 8446), http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS added to repository. Mod_ssl 1.15.24 is built dynamically against OpenSSL 1.1.1l.

Links:

Please note that RedHat multiproxy patch cannot be applied to this version due to massive SSL rework and was removed.

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Since 2.4.43-4 release we built OpenSSL as a separate package that installs to the separate directory (/opt/codeit/openssl111) and does not affects system libraries. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Http2 Apache httpd module no longer supports prefork mpm from version 2.4.27. If you need http2 module, please disable prefork mpm and enable evemt mpm in /etc/httpd/conf.modules.d/00-mpm.conf. We already made this in 00-mpm.conf in our packages. If you are updating other vendor installation, please update this file. We already included a minimum required SELinux policy into the package. Feel free to use our CentOS/RHEL repository. Please also note that this package depends on apr-util 1.5.0+ and libnghttp, which you can found in EPEL repository. So, the easiest way to use our builds of Apache HTTPd is to add EPEL repository, if you still do not have it: yum install -y epel-release