Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2

No matter how “stable” your “surroundings” are, eventually you will face HTTP/2 and all those requirements to run it on your server using Linux and some HTTP daemon. One of those requirements will be the OpenSSL version 1.0.2 (with ALPN support).

You might be lucky and you will find proper package of the OpenSSL for your Linux distribution. But then, you might be required to recompile your HTTP daemon from source. Yes, I’m in this situation now: Debian 8, OpenSSL 1.0.2 from “backports” and NGINX 1.10 (from DotDeb.org or NGINX.org).

Thanks to the Ramūnas (colleague of mine) for the link Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2 via ALPN – Ubuntu 14.04 – this helps me to deal quicker with NGINX on Debian 8 at least for development environment.

NGINX in Ubuntu

That small but fast, flexible and powerful HTTP server, NGINX, with HTTP/2 support, that help many high-load project to deal with traffic and load-balancing, looks like has some issues on Ubuntu – The Road Ahead for NGINX in Ubuntu.

By the way, OpenSSL and HTTP/2 gets more and more traction in different Linux distributions, for example Debian added OpenSSL version 1.0.2 to “testing” and “backports” of “stable”.

HTTP/2 and speed of web

Deep dive into the HTTP/2: history of HTTP protocol, why HTTP/2 is better, HTTP/2 features and HTTP/2 performance – all that in one big nice article How HTTP/2 Will Speed Up the Web. So, keep up with the rapidly changing Web!

Now, after reading this, go and try to install it on current stable Linux and try how it works with modern browsers. You are lucky, if your Linux has openssl 1.0.2 with ALPN protocol support.

Encrypt password on Ubuntu/Debian

Sometimes I need to encrypt password same “way” as it done in /etc/shadow. For example: to place it in the Puppet config. I think there is a plenty of ways to do it. Here is my favorite: mkpasswd

# Install "whois" package in case we don't have it
sudo apt-get install whois
# Get available encryption methods
mkpasswd -m help
# Encrypt using SHA-256
mkpasswd -m sha-256
# Encrypt using SHA-512
mkpasswd -m sha-512

CentOS Console Resolution


Warning: Illegal string offset 'lang' in /home/kurakin/domains/kurakin.info/public_html/wp-content/plugins/wp-highlightjs/wp_highlight.js.php on line 119

Warning: Illegal string offset 'lang' in /home/kurakin/domains/kurakin.info/public_html/wp-content/plugins/wp-highlightjs/wp_highlight.js.php on line 119

Warning: Illegal string offset 'lang' in /home/kurakin/domains/kurakin.info/public_html/wp-content/plugins/wp-highlightjs/wp_highlight.js.php on line 119

Warning: Illegal string offset 'lang' in /home/kurakin/domains/kurakin.info/public_html/wp-content/plugins/wp-highlightjs/wp_highlight.js.php on line 119

Sometimes you need just a bit bigger console window when you working with your CentOS virtual installation with only NAT network enabled and you are too lazy to mess with port forwarding on VirtualBox or your preferred Virtualization software. Just for few small short experiments.

So, in grub.conf you’ll find something like that (default install using NetInstall image):

title CentOS (2.6.18-238.19.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.19.1.el5 ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-238.19.1.el5.img

And you need to add next string to kernel:

console=ttyS0,57600 console=tty0 vga=792

So it would look like:

title CentOS (2.6.18-238.19.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.19.1.el5 ro root=/dev/VolGroup00/LogVol00 console=ttyS0,57600 console=tty0 vga=792
initrd /initrd-2.6.18-238.19.1.el5.img

Other values for vga parameter:

791 - 1024x768, 16 bit
792 - 1024x768, 24 bit
794 - 1280x1024, 16 bit
795 - 1280x1024, 24 bit

After reboot it should work.

CentOS 5 NetInstall HTTP hint

I’m always searching for next two string when I’m doing a NetInstall of CentOS using HTTP as media: “Website Name” and “CentOS Directory”.

As example, to install CentOS 5.6 from mirror.centos.org for 32 bit platform:
Website Name: mirror.centos.org
CentOS Directory: centos/5.6/os/i386

For 64 bit platform:
Website Name: mirror.centos.org
CentOS Directory: centos/5.6/os/x86_64

For my current location and 64 bit platform best chose would be:
Website Name: mirror.duomenucentras.lt
CentOS Directory: centos/5.6/os/x86_64

Yep, it’s easy to remember or to find on the Internet, but I’ll keep them here just for me. I’m sure I’ll forgot this two when I’ll be doing next install someday.

Install SRC.RPM on RHEL4 if no rpmbuild present

Last Friday I had a new challenge in my life as a system administrator. The challenge was to install Munin-node on Red Hat Enterprise Linux 4 Nahant 4. I thought it was easy, until I noticed that it were few x86_64 architecture servers with minimal install, so I had small troubles with SRC.RPMs.

As you may notice from Munin installation instructions there are some dependencies and those dependencies have some more dependencies… and so on… One of them that I had trouble with was sysstat. Dag’s repository that I used for Munin RPM doesn’t have sysstat RPM package at all and in RPM Find you will find only SRC.RPM package for x86_64 (actually sysstat-5.0.5-16.rhel4.src.rpm).

Of course, it would be easy to download and build that SRC.RPM package if rpmbuild would be installed on one of those servers, but it was minimal install and there was no rpmbuild utility. I couldn’t find any proper RHEL4 repository on-line. The only solution I’ve found on-line was to use CentOS 4 RPM. As far as I know from my contacts and RHEL conference – CentOS 4 is compatible with RHEL 4.

So I used the nearest CentOS 4 RPMS mirror (for example <ftp://ftp.pbone.net/mirror/ftp.centos.org/4.8/os/x86_64/CentOS/RPMS/>) and downloaded next RPMs rpm-4.3.3-32_nonptl.x86_64.rpm, rpm-build-4.3.3-32_nonptl.x86_64.rpm, rpm-libs-4.3.3-32_nonptl.x86_64.rpm, rpm-python-4.3.3-32_nonptl.x86_64.rpm (and any dependency they will require) and installed them:

  1. rpm -Uvh rpm-python-4.3.3-32_nonptl.x86_64.rpm rpm-4.3.3-32_nonptl.x86_64.rpm rpm-libs-4.3.3-32_nonptl.x86_64.rpm
  2. rpm -Uvh rpm-build-4.3.3-32_nonptl.x86_64.rpm

Now I can build required SRC.RPM packages.

In order to install SRC.RPM package I use command rpm -ivh, in my case: rpm -ivh sysstat-5.0.5-16.rhel4.src.rpm. Source package will be placed in /usr/src/redhat/SRPMS directory and spec file (that we need for rpmbuild) in /usr/src/redhat/SPECS
Now we need to run rpmbuild -ba with proper path spec file, in my case rpmbuild -ab /usr/src/redhat/SPECS/sysstat.spec.
If everything is OK, at the end you will find RPM package in /usr/src/redhat/RPMS.

Now you can install you package with command rpm -Uvh and I can install my sysstat RPM: rpm -Uvh /usr/src/redhat/RPMS/x86_64/sysstat-5.0.5-16.rhel4.x86_64.rpm

I was lucky – all servers that required Munin-node was x86_64 and created RPM package were compatible with all servers and I didn’t have to repeat all operation with SRC.RPM all over again. I just had to upload it to the server and run rpm -Uvh sysstat-5.0.5-16.rhel4.x86_64.rpm.