NGINX 1.25.3 Mainline with Brotli, TLS 1.3, OpenSSL 3.0.12, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

NGINX 1.25.3 mainline with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.12.

Major changes:

  • Changes and fixes in HTTP/2
  • Changes and fixes in HTTP/3

RHEL 7 / CentOS 7:

yum upgrade -y codeit-repo-release
yum-config-manager --disable CodeIT-quic --save
yum-config-manager --enable CodeIT-mainline --save

RHEL 8-9 / Alma Linux 8-9 / Rocky Linux 8-9 / CentOS 8-9 / Other EL8/EL9 repos are modular now.  To install nginx with HTTP/3 support, you need to enable the appropriate stream:

dnf module reset -y nginx
dnf module enable -y nginx:codeit-mainline

We build OpenSSL+QUIC 3.0 separately since v1.21.6, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries.

Exerimental HTTP/3 support added in NGINX 1.25.0 Mainline. We build it with the corresponding module (—with-http_v3_module).

NGINX 1.25.3 Mainline with Brotli, TLS 1.3, OpenSSL 3.0.12, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9: 10 комментариев

  1. Hi Alexander.

    Could you please help and advise what to do… i am trying to update from 1.25.2. I got error:

    Resolving Dependencies
    —> Running transaction check
    —> Package nginx.x86_64 1:1.25.2-1.module_codeit_mainline.codeit.el7 will be updated
    —> Package nginx.x86_64 1:1.25.3-1.module_codeit_mainline.codeit.el7 will be an update
    —> Processing Dependency: libbrotli >= 1.1.0 for package: 1:nginx-1.25.3-1.module_codeit_mainline.codeit.el7.x86_64
    —> Finished Dependency Resolution
    Error: Package: 1:nginx-1.25.3-1.module_codeit_mainline.codeit.el7.x86_64 (CodeIT-mainline)
    Requires: libbrotli >= 1.1.0
    Installed: libbrotli-1.0.9-10.el7.x86_64 (@epel)
    libbrotli = 1.0.9-10.el7
    You could try using —skip-broken to work around the problem
    You could try running: rpm -Va —nofiles —nodigest

    :(((

  2. Hello,

    I’ve installed Nginx using your repo, thank you!!
    Current rpm installed:

    nginx-1.25.3-1.module_codeit_mainline.codeit.el8.x86_64

    I’m running into an issue while trying to use Geoip, I get this error:

    nginx: [emerg] unknown directive «geoip_country» in /etc/nginx/conf.d/xxxxxxxxxxxxx.com.conf:11

    Line 11 of my domain’s conf file:

    geoip_country /etc/nginx/geoIPbd/GeoLite2-Country.mmdb;

    I’m running Almalinux 8.

    nginx -v output:

    nginx version: nginx/1.25.3
    built by gcc 8.5.0 20210514 (Red Hat 8.5.0-18) (GCC)
    built with OpenSSL 3.0.10+quic 1 Aug 2023 (running with OpenSSL 3.0.12+quic 24 Oct 2023)
    TLS SNI support enabled
    configure arguments: —prefix=/etc/nginx —sbin-path=/usr/sbin/nginx —modules-path=/usr/lib64/nginx/modules —conf-path=/etc/nginx/nginx.conf —error-log-path=/var/log/nginx/error.log —http-log-path=/var/log/nginx/access.log —pid-path=/var/run/nginx.pid —lock-path=/var/run/nginx.lock —http-client-body-temp-path=/var/cache/nginx/client_temp —http-proxy-temp-path=/var/cache/nginx/proxy_temp —http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp —http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp —http-scgi-temp-path=/var/cache/nginx/scgi_temp —user=nginx —group=nginx —with-compat —with-file-aio —with-threads —with-http_addition_module —with-http_auth_request_module —with-http_dav_module —with-http_flv_module —with-http_gunzip_module —with-http_gzip_static_module —with-http_mp4_module —with-http_random_index_module —with-http_realip_module —with-http_secure_link_module —with-http_slice_module —with-http_ssl_module —with-http_stub_status_module —with-http_sub_module —with-http_v2_module —with-http_v3_module —with-mail —with-mail_ssl_module —with-stream —with-stream_realip_module —with-stream_ssl_module —with-stream_ssl_preread_module —add-module=modules/ngx_brotli —add-module=modules/ngx_cache_purge —add-module=modules/ngx_http_geoip2_module —with-http_v3_module —with-cc-opt=’-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIC’ —with-ld-opt=’-Wl,-z,relro -Wl,-z,now -pie’

    Nginx’s modules folder (/usr/lib64/nginx/modules) is empty.
    Already tried erasing and reinstalling everything too.

    Current custom nginx.conf file:

    user nginx;
    worker_processes auto;

    worker_rlimit_nofile 8192;

    events {
    worker_connections 1024; # you might need to increase this setting for busy servers
    use epoll; # Linux kernels 2.6.x change to epoll
    }

    http {

    server_names_hash_max_size 2048;
    server_names_hash_bucket_size 512;

    server_tokens off;

    error_log /var/log/nginx/error.log crit;

    include mime.types;
    default_type application/octet-stream;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 10;

    gzip on;
    gzip_disable «msie6»;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 32 16k;
    gzip_http_version 1.1;
    gzip_min_length 128;
    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;

    ignore_invalid_headers on;
    client_max_body_size 20m;
    client_body_buffer_size 15m;
    client_header_timeout 400;
    client_body_timeout 400;
    send_timeout 400;
    connection_pool_size 512;
    client_header_buffer_size 8k;
    large_client_header_buffers 8 64k;
    request_pool_size 8k;
    output_buffers 8 64k;
    postpone_output 1460;

    map $http_accept $webp_suffix {
    default «»;
    «~*webp» «.webp»;
    }

    server {
    location / {
    try_files $uri$webp_suffix $uri $uri/ =404;
    add_header Vary Accept;
    }
    }

    # Cache most accessed static files
    open_file_cache max=10000 inactive=10m;
    open_file_cache_valid 2m;
    open_file_cache_min_uses 1;
    open_file_cache_errors on;

    # Includes
    include «/etc/nginx/conf.d/*.conf»;

    }

    Any help with this is very appreciated. Thank you!!

  3. Hello,

    I’ve installed Nginx using your repo, thank you!
    Current rpm installed:

    nginx-1.25.3-1.module_codeit_mainline.codeit.el8.x86_64

    I’m running into an issue while trying to use Geoip, I get this error:

    nginx: [emerg] unknown directive «geoip_country» in /etc/nginx/conf.d/xxxxxxxxxxxxx.com.conf:11

    Line 11 of my domain’s conf file:

    geoip_country /etc/nginx/geoIPbd/GeoLite2-Country.mmdb;

    I’m running Almalinux 8.

    Nginx’s modules folder (/usr/lib64/nginx/modules) is empty.
    Already tried erasing and reinstalling everything too.

    Thank you!

    1. Hello Sant,

      Sorry for late answer.

      We are using https://github.com/leev/ngx_http_geoip2_module instead of deprectated geoip_module (it can be built only on EL7). Please try to use your database with geoip2 module docs.

      Tech details: geoip_module required geoip libs. And GeoIP Legacy databases have been retired: https://dev.maxmind.com/geoip/release-notes/2022#geoip-legacy-databases-have-been-retired

      Regarding your question about empty modules dir: it’s ok, as this module is built-in.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *