Hello,
I have successfully built and tested nginx on Ubuntu at home and want to
now test it on my real server running Centos 5. I can build without ssl
option fine and it all works.
Now I want to build with ssl. I have provided the correct options afaik
and it configures ok but during the build it gives the errors below
(actually a huge list of linker errors but I cut just the first bit):
– snip snip –
objs/src/http/modules/ngx_http_browser_module.o
objs/src/http/modules/ngx_http_upstream_ip_hash_module.o
objs/ngx_modules.o
-lcrypt -lpcre /usr/lib/libssl.a /usr/lib/libcrypto.a -ldl -lz
/usr/lib/libssl.a(kssl.o): In function get_rc_clockskew': (.text+0x111): undefined reference to
krb5_rc_default’
/usr/lib/libssl.a(kssl.o): In function get_rc_clockskew': (.text+0x12c): undefined reference to
krb5_rc_initialize’
/usr/lib/libssl.a(kssl.o): In function `get_rc_clockskew’:
– snip snip –
Here is the configure line:
./configure --with-openssl=/usr/lib --with-http_ssl_module
–conf-path=/etc/nginx/nginx.conf --with-md5=auto/lib/md5
–with-sha1=auto/lib/sha1
seems like something wrong between krb5 and openssl. I checked that both
were updated with yum but I don’t know what to look at next.
Any suggestions gratefully requested.
Thanks,
Chris
On Fri, Aug 15, 2008 at 07:58:01PM +0700, Chris S. wrote:
objs/src/http/modules/ngx_http_upstream_ip_hash_module.o
./configure --with-openssl=/usr/lib --with-http_ssl_module
–conf-path=/etc/nginx/nginx.conf --with-md5=auto/lib/md5
–with-sha1=auto/lib/sha1
seems like something wrong between krb5 and openssl. I checked that both
were updated with yum but I don’t know what to look at next.
–with-openssl=, --with-md5=, and --with-sha1= must point to directory
with
library sources. Remove them: nginx’s configure will find all by itself.
Thank you very much for that. It did the trick and I was able to build
easily then.
My next problem seems to be that SSL doesn’t want to work. Here is my
conf that I’m testing with - I have another server on port 443 so I’m
testing on 1443 here. But I cannot connect - just says connecting and
then never seems to get it. Nginx is werving fine on non-ssl though. No
messages in error log but at first it said cannot bind as I mistakenly
tried using port 443. Then I changed that.
If you see anything obvious here please let me know as I plug away on
it.
Chris
server {
listen 74.223.185.26:1443;
server_name mydomain.com www.mydomain.com n1.mydomain.com;
root /var/www/mydomain/adminX;
ssl on;
ssl_certificate /var/local/ssl/certs/wild.mydomain.crt;
ssl_certificate_key /var/local/ssl/private/wild.mydomain.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; include
fastcgi_params; }
}
On Sat, Aug 16, 2008 at 02:18:36AM +0700, Chris S. wrote:
If you see anything obvious here please let me know as I plug away on it.
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; include
fastcgi_params; }
}
Try “telnet 74.223.185.26 1443”, if it says only
Trying 74.223.185.26…
and does not say then
Connected to […]
then you have some network problems: firewalls or so.
Igor S. wrote:
messages in error log but at first it said cannot bind as I mistakenly
ssl on;
location ~ .php$ { fastcgi_pass 127.0.0.1:9000; include
Connected to […]
then you have some network problems: firewalls or so.
Yes. Thank You. Sorry to bother you. I’m used to testing at home where
I’m inside the firewall that I didn’t even think about that. It’s my
firewall at the data center. Simply escaped me.
Chris