Thanks ryd994. I eventually build the RPM ok.
I am attempting to build a stripped down nginx RPM with minimal modules, but also with modsec. I found a suggested config at - https://www.digitalocean.com/community/tutorials/how-to-compile-nginx-from-source-on-a-centos-6-4-x64-vps ./configure \ --user=nginx \ --group=nginx \ --prefix=/etc/nginx \ --sbin-path=/usr/sbin/nginx \ --conf-path=/etc/nginx/nginx.conf \ --pid-path=/var/run/nginx.pid \ --lock-path=/var/run/nginx.lock \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --with-http_gzip_static_module \ --with-http_stub_status_module \ --with-http_ssl_module \ --with-pcre \ --with-file-aio \ --with-http_realip_module \ --without-http_scgi_module \ --without-http_uwsgi_module \ --without-http_fastcgi_module I was able to build the RPM with the following in the nginx.spec file - %build ./configure \ --prefix=%{_sysconfdir}/nginx \ --sbin-path=%{_sbindir}/nginx \ --conf-path=%{_sysconfdir}/nginx/nginx.conf \ --error-log-path=%{_localstatedir}/log/nginx/error.log \ --http-log-path=%{_localstatedir}/log/nginx/access.log \ --pid-path=%{_localstatedir}/run/nginx.pid \ --lock-path=%{_localstatedir}/run/nginx.lock \ --user=%{nginx_user} \ --group=%{nginx_group} \ --with-http_gzip_static_module \ --with-http_stub_status_module \ --with-http_ssl_module \ --with-pcre \ --with-file-aio \ --with-http_realip_module \ --without-http_scgi_module \ --without-http_uwsgi_module \ --without-http_fastcgi_module \ %{?with_spdy:--with-http_spdy_module} \ --with-cc-opt="%{optflags} $(pcre-config --cflags)" \ --add-module=%{_builddir}/%{name}-%{version}/modsecurity-2.9.0/nginx/modsecurity $* I am unsure on the a couple of lines at the bottom - %{?with_spdy:--with-http_spdy_module} \ --with-cc-opt="%{optflags} $(pcre-config --cflags)" \ The RPM installs fine (apr-devel rpm dependency). Version outputs the following - nginx -V nginx version: nginx/1.8.0 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-11) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-file-aio --with-http_realip_module --without-http_scgi_module --without-http_uwsgi_module --without-http_fastcgi_module --with-http_spdy_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --add-module=/home/test/rpmbuild/BUILD/nginx-1.8.0/modsecurity-2.9.0/nginx/modsecurity Basically I want a minimal nginx install to serve static files over SSL. Might you have any suggestions to improve this? I also found a separate issue which I discovered when modsec is compiled - "configure: WARNING: APR util was not compiled with crypto support. SecRemoteRule will not support the parameter 'crypto'" Basically the rhel6 apr-devel rpm does not have crypto support. Trying to determine what are the ramifications are here. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,259622,259636#msg-259636 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
