nginx with ALPN support for Enterprise Linux
This project contains a set of scripts and dockerfiles (recipes) to build, sign and push to PackageCloud.io a distribution of nginx with Application-Layer Protocol Negotiation support for RedHat Enterprise Linux and CentOS as a result of bundling together a more recent version (>= 1.0.2) of OpenSSL, instead of using the default distribution provided old version of OpenSSL.
The way these packages are built enables use of the newer OpenSSL just for nginx, without messing with the system-shared libraries. It's a dropin replacement of both the EPEL and official nginx.org build of nginx.
See the following blogpost for the installation procedure of my yum repository: https://bcdonadio.com/2016/nginx-alpn-el/
- nginx: 1.15.0
- openssl: 1.1.0h
- RedHat Enterprise Linux (RHEL) 6
- RedHat Enterprise Linux (RHEL) 7
- CentOS 6
- CentOS 7
Ensure you have the following in your building machine:
- recent version of Docker
In Fedora, you can install these with:
# yum install docker rubygems rpm-sign
Then, if you intend to push the files to Packagecloud.io, install it with:
# gem install package_cloud
This script creates a container for each
$VERSION (space separated) of a
$DIST (single distribution supported currently) listed on the
script, naming it according to the
$REPO parameter, and executes the
according dockerfile in the
recipes folder (simple concatenation of
The resulting artifacts are copied to the host machine on the
This script signs with your GPG key listed in your
~/.rpmmacros file all rpm
packages underneath the
~/.rpmmacros looks like the following:
%_gpg_name Bernardo Donadio (https://www.bcdonadio.com/) <firstname.lastname@example.org> %__gpg /usr/bin/gpg2
Obviously, you need to have the secret-key of the identity listed in the
%_gpg_name directive in your gpg keyring.
Caution: gpg and gpg2 use different keyrings, and both can be installed at the same time.
This script pushes every rpm file underneath the
build folder to
Packagecloud.io, verifying their signatures are valid in the processes. If a
package isn't signed with a valid signature, it aborts the process.
The repository used is the one listed inside the
common.sh script, in the
In the first run, the
package_cloud package will asks your user and password
for the service. Also obviously, you need to have push privileges to the