#2612 closed defect (duplicate)
Unable to build nginx with latests BoringSSL version
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | major | Milestone: | nginx-1.26 |
Component: | nginx-core | Version: | 1.25.x |
Keywords: | Cc: | iz8mbw@… | |
uname -a: | Linux ubuntu 6.5.0-21-generic #21~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Feb 9 13:32:52 UTC 2 x86_64 x86_64 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.25.4
built by gcc 12.3.0 (Ubuntu 12.3.0-1ubuntu1~22.04) built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) TLS SNI support enabled configure arguments: --with-http_ssl_module --with-http_v3_module --with-cc-opt=-I/opt/boringssl/include --with-ld-opt='-L/opt/boringssl/build/ssl -L/opt/boringssl/build/crypto' --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --with-debug --with-stream --with-http_v2_module --with-pcre=/opt/pcre2 --with-pcre-jit --with-http_perl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --add-module=/root/autobuild/ngx_http_substitutions_filter_module-master --add-module=/root/autobuild/ngx_brotli |
Description
Hello.
My system is Linux, Ubuntu 22.04, x86_64, gcc 12.3.0, OpenSSL system version 3.0.2.
I was able to build nginx with BoringSSL but since some days, using the latests version of BoringSSL, I cannot do it anymore.
I suppose this BoringSSL Commit create the issue: https://github.com/google/boringssl/commit/23824fa0fed94f4660ffafb15aaea8b317f2c8a6
In details, during Configure, it seems nginx is not able to detect OpenSSL:
adding module in /root/autobuild/ngx_http_substitutions_filter_module-master + ngx_http_subs_filter_module was configured adding module in /root/autobuild/ngx_brotli + ngx_brotli was configured checking for OpenSSL library ... not found checking for OpenSSL library in /usr/local/ ... not found checking for OpenSSL library in /usr/pkg/ ... not found checking for OpenSSL library in /opt/local/ ... not found /root/autobuild/nginx-1.25.4/configure: error: SSL modules require the OpenSSL library. You can either do not enable the modules, or install the OpenSSL library into the system, or build the OpenSSL library statically from the source with nginx by using --with-openssl=<path> option.
This is my configure:
configure --with-http_v3_module --with-cc-opt="-I/opt/boringsslnew/include" --with-ld-opt="-L/opt/boringsslnew/build/ssl -L/opt/boringsslnew/build/crypto" --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --with-debug --with-stream --with-http_v2_module --with-pcre=/opt/pcre2 --with-pcre-jit --with-http_perl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --add-module=$path/ngx_http_substitutions_filter_module-master --add-module=$path/ngx_brotli
Instead, if I use an older version of BoringSSL (a version before 16 Feb 2024), I'm able to build it:
nginx version: nginx/1.25.4 built by gcc 12.3.0 (Ubuntu 12.3.0-1ubuntu1~22.04) built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) TLS SNI support enabled configure arguments: --with-http_ssl_module --with-http_v3_module --with-cc-opt=-I/opt/boringssl/include --with-ld-opt='-L/opt/boringssl/build/ssl -L/opt/boringssl/build/crypto' --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --with-debug --with-stream --with-http_v2_module --with-pcre=/opt/pcre2 --with-pcre-jit --with-http_perl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --add-module=/root/autobuild/ngx_http_substitutions_filter_module-master --add-module=/root/autobuild/ngx_brotli
I hope there will be a fix.
Many thanks!
Change History (3)
comment:1 by , 9 months ago
Resolution: | → duplicate |
---|---|
Status: | new → closed |
comment:2 by , 9 months ago
Hi all.
I was able to fix.
Since I would like to use the latest version of PCRE (and so not the PCRE version available into the Operating System), I normally configure/compile nginx by specify the source code on PCRE, I do this with
--with-pcre=/opt/pcre2_source_code
.
Since now we are "forcing" the nginx building with
--with-cc=c++
to fix the BoringSSL issues, I suppose this broke the building of PCRE.
So what I did is to build PCRE (before to build nginx) and after, when going to configure nginx, provide to nginx the path where find PCRE.
This is the part of "configure" about BoringSSL (previously built) and PCRE (previously built):
configure --with-cc=c++ --with-cc-opt="-I/opt/boringsslnew/include -I/opt/pcre2built/include -x c" --with-ld-opt="-L/opt/boringsslnew/build/ssl -L/opt/boringsslnew/build/crypto -L/opt/pcre2built/lib"
Regards.
Duplicate of #2605