NGINX 1.18.0 stable собранный с Brotli, TLS 1.3 final (RFC 8446), OpenSSL 1.1.1g, поддержкой http2 для Red Hat Enterprise Linux и CentOS

В репозиторий добавлены NGINX 1.18.0 stable версий, с поддержкой сжатия brotli от Google, http2, ngx cache purge и ngx http geoip2 module. ssl собран динамически с OpenSSL 1.1.1g.

TLS 1.3 final на сегодня работает в Google Chrome 70+ и Mozilla Firefox 63+.

Для включения TLS 1.3 надо указать:

ssl_protocols TLSv1.2 TLSv1.3;

C версии 1.18.0 для Centos 7 мы собираем OpenSSL отдельно, он устанавливается в /opt/codeit/openssl111 и никак не затрагивает системные библиотеки.

Ссылки:

Или же воспользуйтесь нашим репо

NGINX 1.18.0 stable собранный с Brotli, TLS 1.3 final (RFC 8446), OpenSSL 1.1.1g, поддержкой http2 для Red Hat Enterprise Linux и CentOS: 3 комментария

  1. Hello Alexander & all,

    as you might have noticed, today there has been a release of nginx-1.18.0 stable version.

    Since I have nginx repo somehow forgotten in my list, my webserver got upgraded via yum update and since that nginx stopped working. I fixed the configuration reflecting changes in nginx directives for version 1.18 and got it back functional. But only after I have done that, noted my website is no longer running TLS 1.3

    Having realized this, found out that official nginx repo contains a build compiled still against an ancient OpenSSL version:

    [root@server ~]# nginx -V
    nginx version: nginx/1.18.0
    built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
    built with OpenSSL 1.0.2k-fips 26 Jan 2017
    TLS SNI support enabled

    which is obviously the reason TLS 1.3 not working for me now.

    Will you be creating your CodeIT package built with OpenSSL 1.1.1d or later version for the new nginx anytime soon? I would not like to go back older nginx versions at this point since my configuration seems to work well enough, but it would be great to have your package from CodeIT repository instead.

    Thank you in advance,

    Daniel.

    Ответить

      1. Hello Alexander,

        great news. Yeah OpenSSL 1.1.1g version was also out yesterday, right..

        Do I have the right repository for RHEL7 where to expect it then? 🙂

        I have currently codeit.el7.repo :

        [CodeIT]
        name=CodeIT repo
        baseurl=https://repo.codeit.guru/packages/centos/7/$basearch
        enabled=1
        gpgkey=https://repo.codeit.guru/RPM-GPG-KEY-codeit
        gpgcheck=1

        Thank you,

        Daniel.

        Ответить

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *