Hello,
I have successfully built and tested nginx on Ubuntu at home and want to
now test it on my real server running Centos 5. I can build without ssl
option fine and it all works.
Now I want to build with ssl. I have provided the correct options afaik
and it configures ok but during the build it gives the errors below
(actually a huge list of linker errors but I cut just the first bit):
-- snip snip --
objs/src/http/modules/ngx_http_browser_module.o \
objs/src/http/modules/ngx_http_upstream_ip_hash_module.o \
objs/ngx_modules.o \
-lcrypt -lpcre /usr/lib/libssl.a /usr/lib/libcrypto.a -ldl -lz
/usr/lib/libssl.a(kssl.o): In function `get_rc_clockskew':
(.text+0x111): undefined reference to `krb5_rc_default'
/usr/lib/libssl.a(kssl.o): In function `get_rc_clockskew':
(.text+0x12c): undefined reference to `krb5_rc_initialize'
/usr/lib/libssl.a(kssl.o): In function `get_rc_clockskew':
-- snip snip --
Here is the configure line:
./configure --with-openssl=/usr/lib --with-http_ssl_module
--conf-path=/etc/nginx/nginx.conf --with-md5=auto/lib/md5
--with-sha1=auto/lib/sha1
seems like something wrong between krb5 and openssl. I checked that both
were updated with yum but I don't know what to look at next.
Any suggestions gratefully requested.
Thanks,
Chris :)
on 15.08.2008 15:03
on 15.08.2008 17:54
On Fri, Aug 15, 2008 at 07:58:01PM +0700, Chris Savery wrote: > objs/src/http/modules/ngx_http_upstream_ip_hash_module.o \ > ./configure --with-openssl=/usr/lib --with-http_ssl_module > --conf-path=/etc/nginx/nginx.conf --with-md5=auto/lib/md5 > --with-sha1=auto/lib/sha1 > > seems like something wrong between krb5 and openssl. I checked that both > were updated with yum but I don't know what to look at next. --with-openssl=, --with-md5=, and --with-sha1= must point to directory with library sources. Remove them: nginx's configure will find all by itself.
on 15.08.2008 21:28
Thank you very much for that. It did the trick and I was able to build
easily then.
My next problem seems to be that SSL doesn't want to work. Here is my
conf that I'm testing with - I have another server on port 443 so I'm
testing on 1443 here. But I cannot connect - just says connecting and
then never seems to get it. Nginx is werving fine on non-ssl though. No
messages in error log but at first it said cannot bind as I mistakenly
tried using port 443. Then I changed that.
If you see anything obvious here please let me know as I plug away on
it.
Chris :)
server {
listen 74.223.185.26:1443;
server_name mydomain.com www.mydomain.com n1.mydomain.com;
root /var/www/mydomain/adminX;
ssl on;
ssl_certificate /var/local/ssl/certs/wild.mydomain.crt;
ssl_certificate_key /var/local/ssl/private/wild.mydomain.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; include
fastcgi_params; }
}
on 15.08.2008 21:35
On Sat, Aug 16, 2008 at 02:18:36AM +0700, Chris Savery wrote: > If you see anything obvious here please let me know as I plug away on it. > > ssl_session_timeout 5m; > > ssl_protocols SSLv2 SSLv3 TLSv1; > ssl_ciphers > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; > ssl_prefer_server_ciphers on; > > location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; include > fastcgi_params; } > } Try "telnet 74.223.185.26 1443", if it says only Trying 74.223.185.26... and does not say then Connected to [...] then you have some network problems: firewalls or so.
on 15.08.2008 22:36
Igor Sysoev wrote: >> messages in error log but at first it said cannot bind as I mistakenly >> ssl on; >> location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; include > Connected to [...] > > then you have some network problems: firewalls or so. > > > Yes. Thank You. Sorry to bother you. I'm used to testing at home where I'm inside the firewall that I didn't even think about that. It's my firewall at the data center. Simply escaped me. Chris :)