SPDY (pronounced as speedy) is an open networking protocol developed primarily at Google for transporting web content. Nginx version 1.4.x+ supports SPDY out of the box. You need openssl version 1.0.1 or above to compile and use nginx.
| Tutorial details | |
|---|---|
| Difficulty | Advanced (rss) |
| Root privileges | Yes |
| Requirements | libopenssl v1.0.1/libpcre v3 |
| Time | 20m |
Required softwares
- Openssl and Openssl development (libssl) libs version 1.0.1+. Please note that CentOS/RHEL v6.x.x comes with OpenSSL version 1.0.0 only. This is needed in order to accept both HTTPS and SPDY connections simultaneously on the same port, OpenSSL library used should support “Next Protocol Negotiation” TLS extension, available since OpenSSL version 1.0.1. If you are using RHEL / CentOS version 6.x or older, you need to install OpenSSL v1.0.1. The latest version of RHEL/CentOS 6.5 comes with OpenSSL 1.0.1e-fips i.e. you can compile nginx on CentOS/RHEL version 6.5. See this guide for more information.
- GNU C compiler and build tools.
- Libpcre version 3 and libpcre3-dev.
- Latest stable nginx version 1.4.x+.
- One of the following web-browser:
- Google Chrome or Chromium (cross platform)
- Mozilla Firefox (cross platform)Opera (cross platform)
- Opera (cross platform)
Please note that both IE or Safari does not supports SPDY. See this compatibility table for support of SPDY networking protocol in desktop and mobile browsers.
Install required softwares
Open a terminal and/or login using the ssh client, type:
$ sudo apt-get install libssl-dev libpcre3 libpcre3-dev
Install compilers and build tools on Debian or Ubuntu Linux:
$ sudo apt-get install build-essential
Verify version
Type the following command:
gcc --version make --version openssl version
Sample outputs:
Fig.01: Finding out installed version of gcc/make/openssl and operating systems.
Download latest nginx
Use the wget command to download nginx, type:
$ cd /tmp
$ wget http://nginx.org/download/nginx-1.6.0.tar.gz
Sample outputs:
--2013-05-19 16:22:53-- http://nginx.org/download/nginx-1.6.0.tar.gz Resolving nginx.org (nginx.org)... 206.251.255.63 Connecting to nginx.org (nginx.org)|206.251.255.63|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 767107 (749K) [application/octet-stream] Saving to: `nginx-1.6.0.tar.gz' 100%[======================================>] 7,67,107 154K/s in 4.9s 2013-05-19 16:22:59 (154 KB/s) - `nginx-1.6.0.tar.gz' saved [767107/767107]
To untar a tar ball called nginx-1.6.0.tar.gz, enter:
$ tar xvf nginx-1.6.0.tar.gz
Configure nginx with spdy support
Cd into nginx-1.6.0 directory:
$ cd nginx-1.6.0
Configure nginx command, enter:
$ ./configure --with-http_spdy_module --with-http_ssl_module
You may need to pass the additional options to the ./configure such as:
$ ./configure --prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_spdy_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-file-aio \
--with-ipv6 \
--with-debug \
'--with-cc-opt=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic '
Sample outputs:
checking for OS + Linux 3.5.0-30-generic x86_64 checking for C compiler ... found + using GNU C compiler + gcc version: 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) checking for gcc -pipe switch ... found checking for gcc builtin atomic operations ... found checking for C99 variadic macros ... found checking for gcc variadic macros ... found checking for unistd.h ... found ... .. ...Configuration summary + using system PCRE library + using system OpenSSL library + md5: using OpenSSL library + sha1: using OpenSSL library + using system zlib library nginx path prefix: "/etc/nginx" nginx binary file: "/usr/sbin/nginx" nginx configuration prefix: "/etc/nginx" nginx configuration file: "/etc/nginx/nginx.conf" nginx pid file: "/var/run/nginx.pid" nginx error log file: "/var/log/nginx/error.log" nginx http access log file: "/var/log/nginx/access.log" nginx http client request body temporary files: "/var/lib/nginx/body" nginx http proxy temporary files: "/var/lib/nginx/proxy" nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi" nginx http uwsgi temporary files: "/var/lib/nginx/uwsgi" nginx http scgi temporary files: "/var/lib/nginx/scgi"
Compile and install nginx
Type the following command:
$ make
Sample outputs:
make -f objs/Makefile make[1]: Entering directory `/tmp/nginx-1.6.0' cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs \ -o objs/src/core/nginx.o \ src/core/nginx.c cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs \ -o objs/src/core/ngx_log.o \ src/core/ngx_log.c ... .. .. objs/src/mail/ngx_mail_smtp_module.o \ objs/src/mail/ngx_mail_smtp_handler.o \ objs/src/mail/ngx_mail_auth_http_module.o \ objs/src/mail/ngx_mail_proxy_module.o \ objs/ngx_modules.o \ -lpthread -lcrypt -lpcre -lssl -lcrypto -ldl -lz make[1]: Leaving directory `/tmp/nginx-1.6.0' make -f objs/Makefile manpage make[1]: Entering directory `/tmp/nginx-1.6.0' sed -e "s|%%PREFIX%%|/etc/nginx|" \ -e "s|%%PID_PATH%%|/var/run/nginx.pid|" \ -e "s|%%CONF_PATH%%|/etc/nginx/nginx.conf|" \ -e "s|%%ERROR_LOG_PATH%%|/var/log/nginx/error.log|" \ objs/nginx.8 make[1]: Leaving directory `/tmp/nginx-1.6.0'
You need to remove existing nginx packages:
$ dpkg -l | grep nginx
OR
$ dpkg -l '*nginx*'
Sample outputs:
Fig.02: Find and delete nginx-full and nginx-common version 1.1.19 packages
## backup config files, just in case ## sudo mkdir -p /root/old.nginx/etc_nginx/ sudo cp -avr /etc/nginx/* /root/old.nginx/etc_nginx/ ## delete it ## sudo apt-get remove nginx-full nginx-common
Sample outputs:
Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: nginx-common nginx-full 0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded. After this operation, 1,140 kB disk space will be freed. Do you want to continue [Y/n]? y (Reading database ... 258710 files and directories currently installed.) Removing nginx-full ... Stopping nginx: nginx. Removing nginx-common ... Processing triggers for ufw ... Processing triggers for ureadahead ... Processing triggers for man-db ...
Finally, install nginx, enter:
$ sudo make install
Sample outputs:
make -f objs/Makefile install make[1]: Entering directory `/tmp/nginx-1.6.0' test -d '/etc/nginx' || mkdir -p '/etc/nginx' test -d '/usr/sbin' || mkdir -p '/usr/sbin' test ! -f '/usr/sbin/nginx' || mv '/usr/sbin/nginx' '/usr/sbin/nginx.old' cp objs/nginx '/usr/sbin/nginx' test -d '/etc/nginx' || mkdir -p '/etc/nginx' cp conf/koi-win '/etc/nginx' cp conf/koi-utf '/etc/nginx' cp conf/win-utf '/etc/nginx' test -f '/etc/nginx/mime.types' || cp conf/mime.types '/etc/nginx' cp conf/mime.types '/etc/nginx/mime.types.default' test -f '/etc/nginx/fastcgi_params' || cp conf/fastcgi_params '/etc/nginx' cp conf/fastcgi_params '/etc/nginx/fastcgi_params.default' test -f '/etc/nginx/fastcgi.conf' || cp conf/fastcgi.conf '/etc/nginx' cp conf/fastcgi.conf '/etc/nginx/fastcgi.conf.default' test -f '/etc/nginx/uwsgi_params' || cp conf/uwsgi_params '/etc/nginx' cp conf/uwsgi_params '/etc/nginx/uwsgi_params.default' test -f '/etc/nginx/scgi_params' || cp conf/scgi_params '/etc/nginx' cp conf/scgi_params '/etc/nginx/scgi_params.default' test -f '/etc/nginx/nginx.conf' || cp conf/nginx.conf '/etc/nginx/nginx.conf' cp conf/nginx.conf '/etc/nginx/nginx.conf.default' test -d '/var/run' || mkdir -p '/var/run' test -d '/var/log/nginx' || mkdir -p '/var/log/nginx' test -d '/etc/nginx/html' || cp -R html '/etc/nginx' test -d '/var/log/nginx' || mkdir -p '/var/log/nginx' make[1]: Leaving directory `/tmp/nginx-1.6.0'
Nginx SPDY configuration
First, you need to generate and install SSL certificates for Nginx. See how to setup SSL reverse proxy / load balanced SSL proxy using nginx for more information. Next, edit nginx.conf, type:
$ sudo vi /usr/local/ngnix/conf/nginx.conf
OR
$ sudo vi /etc/nginx/nginx.conf
Find line that read as follows:
listen 202.54.1.1:443 ssl;Update it as follows
listen 202.54.1.1:443 ssl spdy;Save and close the file. Here is complete file:
server { ### server port and name ### listen 202.54.1.1:443 ssl spdy; server_name nixcraft.in; ### SSL log files ### access_log logs/ssl-access.log; error_log logs/ssl-error.log; ### SSL cert files ### ssl_certificate ssl/nixcraft.in.crt; ssl_certificate_key ssl/nixcraft.in.key; ### Add SSL specific settings here ### ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; keepalive_timeout 60; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ### We want full access to SSL via backend ### location / { proxy_pass http://nixcraft; ### force timeouts if one of backend is died ## proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; ### Set headers #### proxy_set_header Accept-Encoding ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ### Most PHP, Python, Rails, Java App can use this header ### #proxy_set_header X-Forwarded-Proto https;## #This is better## proxy_set_header X-Forwarded-Proto $scheme; add_header Front-End-Https on; ## Let the browser know about spdy ## add_header Alternate-Protocol 443:npn-spdy/2; ### By default we don't want to redirect it #### proxy_redirect off; }
Finally, reload the nginx server, type:
$ sudo /usr/sbin/nginx -s reload
How do I test spdy is working or not?
- Firefox user try browser SPDY indicator add-on.
- Google Chrome or Chromium user, try browser SPDY indicator add-on.
Alternatively, Google Chrome or Chromium user can type the following in address-bar:
chrome://net-internals/#spdy
References
- CentOS / Redhat Linux: Install Keepalived To Provide IP Failover For Web Cluster
- CentOS / Redhat: Install nginx As Reverse Proxy Load Balancer
- Handling nginx Failover With KeepAlived
- nginx: Setup SSL Reverse Proxy (Load Balanced SSL Proxy)
- mod_extforward: Lighttpsd Log Clients Real IP Behind Reverse Proxy / Load Balancer
- HowTo: Merge Apache / Lighttpsd / Nginx Server Log Files
- Linux nginx: Chroot (Jail) Setup
- HowTo: SPDY SSL Installation and Configuration
- Install Nginx Using Yum Command on CentOS/RHEL
- Create a Self-Signed SSL Certificate on Nginx
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 4 comments... add one ↓
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
I followed this step by step and was stuck at the end where you say
i would get an invalid PID number error.
so all i had to do was
to start nginx in the first place!
Nginx packages from the official repo for CentOS/RHEL now support SPDY out of the box, so there is no need for (re)compiling of nginx.
Hi, excuse me, are there any way to have the final compiled as a .deb to just copy it and install it to another server?
Thanks in advance.
I know this is 8 months later, but to build a .deb instead of a `make install` do:
$ make $ sudo checkinstall --install=no -y $ sudo dpkg -i nginx_1.6.0-1_amd64.debI put nginx 1.6.0 for continuity with the blog post, but replace it the version of nginx you just built with make. There will be a .deb package in the current directory which you built with checkinstall.