Category Archives: Linux

Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2

No matter how “stable” your “surroundings” are, eventually you will face HTTP/2 and all those requirements to run it on your server using Linux and some HTTP daemon. One of those requirements will be the OpenSSL version 1.0.2 (with ALPN support).

You might be lucky and you will find proper package of the OpenSSL for your Linux distribution. But then, you might be required to recompile your HTTP daemon from source. Yes, I’m in this situation now: Debian 8, OpenSSL 1.0.2 from “backports” and NGINX 1.10 (from DotDeb.org or NGINX.org).

Thanks to the Ram┼źnas (colleague of mine) for the link Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2 via ALPN – Ubuntu 14.04 – this helps me to deal quicker with NGINX on Debian 8 at least for development environment.

NGINX in Ubuntu

That small but fast, flexible and powerful HTTP server, NGINX, with HTTP/2 support, that help many high-load project to deal with traffic and load-balancing, looks like has some issues on Ubuntu – The Road Ahead for NGINX in Ubuntu.

By the way, OpenSSL and HTTP/2 gets more and more traction in different Linux distributions, for example Debian added OpenSSL version 1.0.2 to “testing” and “backports” of “stable”.

HTTP/2 and speed of web

Deep dive into the HTTP/2: history of HTTP protocol, why HTTP/2 is better, HTTP/2 features and HTTP/2 performance – all that in one big nice article How HTTP/2 Will Speed Up the Web. So, keep up with the rapidly changing Web!

Now, after reading this, go and try to install it on current stable Linux and try how it works with modern browsers. You are lucky, if your Linux has openssl 1.0.2 with ALPN protocol support.

Encrypt password on Ubuntu/Debian

Sometimes I need to encrypt password same “way” as it done in /etc/shadow. For example: to place it in the Puppet config. I think there is a plenty of ways to do it. Here is my favorite: mkpasswd

# Install "whois" package in case we don't have it
sudo apt-get install whois
# Get available encryption methods
mkpasswd -m help
# Encrypt using SHA-256
mkpasswd -m sha-256
# Encrypt using SHA-512
mkpasswd -m sha-512