CentOS 7: Enable HTTP/2 and ALPN on NGINX

  Nginx

ALPN

Step 1. Manually update your openssl

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

# yum install pcre-devel -y
# cd /usr/local/src/
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz
# cd openssl-1.0.2k/
# ./config
# make depend
# make
# make test
# make install
# mv /usr/bin/openssl /usr/bin/openssl_1.0.1e
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

# openssl version
OpenSSL 1.0.2k 26 Jan 2017

Step 2. Manually update NGINX

I grabbed the configure arguments from nginx -V then only addition was --with-openssl=/usr/local/src/openssl-1.0.2k/ then.

# nginx -V
nginx version: nginx/1.10.2
built with OpenSSL 1.0.1e-fips 11 Feb 2013

# cd /usr/local/src/
# wget http://nginx.org/download/nginx-1.10.3.tar.gz
# tar zxvf nginx-1.10.3.tar.gz
# cd nginx-1.10.3
# ./configure --with-openssl=/usr/local/src/openssl-1.0.2k/

I needed to install a bunch of stuff at this point:

# yum groupinstall development
# yum install perl-ExtUtils-Embed geoip geoip-devel google-perftools google-perftools-devel -y

This got be through ./configure I then had a load of issues with make refering to fPIC / openssl no matter how I recomiled openssl it just didn’t work so I found a cheat:
# export CC="gcc -fPIC"
# export CXX="g++ -fPIC"
# make
# make install
# env -i bash
# systemctl restart nginx

# nginx -V
nginx version: nginx/1.10.3
built with OpenSSL 1.0.2k 26 Jan 2017

Enable HTTP/2

Step 1. In your nginx config file, change;

server {
listen 443;
ssl on;

to

server {
listen 443 http2;
ssl on;

Step 2. Restart Nginx

Easy.