Recipes for building RPMs of nginx with embedded OpenSSL that supports ALPN and HTTP/2 on Enterprise Linux 7 and 6
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

nginx with ALPN support for Enterprise Linux

Hosted repo for nginx-alpn RPMs | packagecloud Scripts for building nginx with ALPN for Enterprise Linux 6 and 7 | github

This project contains a set of scripts and dockerfiles (recipes) to build, sign and push to a distribution of nginx with Application-Layer Protocol Negotiation support for RedHat Enterprise Linux and CentOS as a result of bundling together a more recent version (>= 1.0.2) of OpenSSL, instead of using the default distribution provided old version of OpenSSL.

The way these packages are built enables use of the newer OpenSSL just for nginx, without messing with the system-shared libraries. It's a dropin replacement of both the EPEL and official build of nginx.

See the following blogpost for the installation procedure of my yum repository:


  • nginx: 1.15.0
  • openssl: 1.1.0h

Supported distributions

  • RedHat Enterprise Linux (RHEL) 6
  • RedHat Enterprise Linux (RHEL) 7
  • CentOS 6
  • CentOS 7



Ensure you have the following in your building machine:

  • recent version of Docker
  • rubygems
  • rpm-sign

In Fedora, you can install these with:

# yum install docker rubygems rpm-sign

Then, if you intend to push the files to, install it with:

# gem install package_cloud


This script creates a container for each $VERSION (space separated) of a $DIST (single distribution supported currently) listed on the script, naming it according to the $REPO parameter, and executes the according dockerfile in the recipes folder (simple concatenation of $DIST, $VERSION and .dockerfile).

The resulting artifacts are copied to the host machine on the build folder.

This script signs with your GPG key listed in your ~/.rpmmacros file all rpm packages underneath the build folder.

A valid ~/.rpmmacros looks like the following:

%_gpg_name Bernardo Donadio ( <>
%__gpg /usr/bin/gpg2

Obviously, you need to have the secret-key of the identity listed in the %_gpg_name directive in your gpg keyring.

Caution: gpg and gpg2 use different keyrings, and both can be installed at the same time.

This script pushes every rpm file underneath the build folder to, verifying their signatures are valid in the processes. If a package isn't signed with a valid signature, it aborts the process.

The repository used is the one listed inside the script, in the $REPO directive.

In the first run, the package_cloud package will asks your user and password for the service. Also obviously, you need to have push privileges to the repository.