В репозиторий добавлен NGINX 1.23.3 mainline с поддержкой HTTP/3, сжатия brotli от Google, http2, ngx cache purge и ngx http geoip2 module. OpenSSL собран динамически с OpenSSL+QUIC 1.1.1s.
TLS 1.3 final на сегодня работает в Google Chrome 70+ и Mozilla Firefox 63+.
RHEL 7 / CentOS 7:
yum upgrade -y codeit-repo-release yum-config-manager --enable CodeIT-quic --save
RHEL 8 / Alma Linux 8 / Rocky Linux 8 / CentOS 8 / Other EL8 репозиторий стал модульным. Для установки надо включить соответствующий стрим:
dnf module enable -y nginx:codeit-quic
Для включения TLS 1.3 надо указать:
ssl_protocols TLSv1.2 TLSv1.3;
C версии 1.21.6 мы собираем OpenSSL+QUIC 1.1.1 отдельно, он устанавливается в /lib64 отдельно с суффиксом .so.81.1.1 и никак не затрагивает системные библиотеки.
Александр, добрый день!
Не спец я по установкам в centos. Может сможете помочь с советом как провести установку. На данный момент установлено:
nginx version: nginx/1.22.1
custom build maintained on github.com/karljohns0n/nginx-more
built by gcc 8.3.1 20190311 (Red Hat 8.3.1-3) (GCC)
built with OpenSSL 3.0.5 5 Jul 2022
TLS SNI support enabled
configure arguments: —prefix=/usr/share/nginx —sbin-path=/usr/sbin/nginx —modules-path=/usr/lib64/nginx/modules —conf-path=/etc/nginx/nginx.conf —error-log-path=/var/log/nginx/error.log —http-log-path=/var/log/nginx/access.log —http-client-body-temp-path=/var/lib/nginx/cache/client_body —http-proxy-temp-path=/var/lib/nginx/cache/proxy —http-fastcgi-temp-path=/var/lib/nginx/cache/fastcgi —http-uwsgi-temp-path=/var/lib/nginx/cache/uwsgi —http-scgi-temp-path=/var/lib/nginx/cache/scgi —pid-path=/var/run/nginx.pid —lock-path=/var/run/nginx.lock —user=nginx —group=nginx —with-compat —with-file-aio —with-http_ssl_module —with-http_realip_module —with-http_addition_module —with-http_image_filter_module —with-http_sub_module —with-http_dav_module —with-http_flv_module —with-http_mp4_module —with-http_gunzip_module —with-http_gzip_static_module —with-http_geoip_module —with-http_random_index_module —with-http_secure_link_module —with-http_degradation_module —with-http_stub_status_module —with-http_auth_request_module —with-http_xslt_module —with-http_v2_module —with-mail —with-mail_ssl_module —with-threads —with-stream —with-stream_ssl_module —with-stream_realip_module —with-http_slice_module —with-stream_ssl_preread_module —with-debug —with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong —param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -DTCP_FASTOPEN=23′ —with-cc=/opt/rh/devtoolset-8/root/usr/bin/gcc —with-openssl=modules/openssl-3.0.5 —with-http_v2_hpack_enc —add-dynamic-module=modules/ngx_modsecurity-1.0.3 —add-module=modules/ngx_headers_more-0.34 —add-module=modules/ngx_cache_purge-2.3 —add-module=modules/ngx_module_vts-0.2.1 —add-module=modules/ngx_pagespeed-1.13.35.2-stable —add-module=modules/ngx_brotli-snap20220505 —add-module=modules/ngx_http_geoip2_module-3.4 —add-module=modules/ngx_echo-0.62
Как мне обновить или переустоновить, что бы устоновить вашу NGINX 1.23.3 QUIC, собранный с Brotli, TLS 1.3, OpenSSL 1.1.1s ???
Александр, добрый день!
Помогите, пожалуйста, с советом как установить вашу сборку NGINX 1.23.3 QUIC, собранный с Brotli, TLS 1.3, OpenSSL 1.1.1s на CentOS 7. Сейчас работает:
nginx version: nginx/1.22.1
custom build maintained on github.com/karljohns0n/nginx-more
built by gcc 8.3.1 20190311 (Red Hat 8.3.1-3) (GCC)
built with OpenSSL 3.0.5 5 Jul 2022
TLS SNI support enabled
configure arguments: —prefix=/usr/share/nginx —sbin-path=/usr/sbin/nginx —modules-path=/usr/lib64/nginx/modules —conf-path=/etc/nginx/nginx.conf —error-log-path=/var/log/nginx/error.log —http-log-path=/var/log/nginx/access.log —http-client-body-temp-path=/var/lib/nginx/cache/client_body —http-proxy-temp-path=/var/lib/nginx/cache/proxy —http-fastcgi-temp-path=/var/lib/nginx/cache/fastcgi —http-uwsgi-temp-path=/var/lib/nginx/cache/uwsgi —http-scgi-temp-path=/var/lib/nginx/cache/scgi —pid-path=/var/run/nginx.pid —lock-path=/var/run/nginx.lock —user=nginx —group=nginx —with-compat —with-file-aio —with-http_ssl_module —with-http_realip_module —with-http_addition_module —with-http_image_filter_module —with-http_sub_module —with-http_dav_module —with-http_flv_module —with-http_mp4_module —with-http_gunzip_module —with-http_gzip_static_module —with-http_geoip_module —with-http_random_index_module —with-http_secure_link_module —with-http_degradation_module —with-http_stub_status_module —with-http_auth_request_module —with-http_xslt_module —with-http_v2_module —with-mail —with-mail_ssl_module —with-threads —with-stream —with-stream_ssl_module —with-stream_realip_module —with-http_slice_module —with-stream_ssl_preread_module —with-debug —with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong —param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -DTCP_FASTOPEN=23′ —with-cc=/opt/rh/devtoolset-8/root/usr/bin/gcc —with-openssl=modules/openssl-3.0.5 —with-http_v2_hpack_enc —add-dynamic-module=modules/ngx_modsecurity-1.0.3 —add-module=modules/ngx_headers_more-0.34 —add-module=modules/ngx_cache_purge-2.3 —add-module=modules/ngx_module_vts-0.2.1 —add-module=modules/ngx_pagespeed-1.13.35.2-stable —add-module=modules/ngx_brotli-snap20220505 —add-module=modules/ngx_http_geoip2_module-3.4 —add-module=modules/ngx_echo-0.62
Устоновил: yum install -y https://repo.codeit.guru/codeit-repo-release.el7.rpm epel-release && yum-config-manager —enable CodeIT-quic —save
Какие мои следуюшие шаги ??? Заранее спасибо!