I now have SPDY support on my website. Though I don't know if I've done it the right way. My site is on a VPS running Debian 6. This means the version of OpenSSL in the repositories is version 0.9.8, SPDY requires at least version 1.0.1.
So, time to get the latest OpenSSL. I have left the repo version installed and then compiled the latest from source letting it install in the default
cd ssl-source curl -O http://www.openssl.org/source/openssl-1.0.1e.tar.gz tar -xzf openssl-1.0.1e.tar.gz cd openssl-1.0.1e ./config make make test sudo make install
We now have the default OpenSSL 0.9.8 installed by Debian and our own version installed to
/usr/local/ssl/bin. If we type
openssl to the prompt Debian looks for a binary of the same name in the $PATH variable. We have to add
/usr/local/ssl/bin to this variable so we can actually use our new version. To do this system wide on Debian we can add an
openssl.sh file to directory
/etc/profile.d/ containing the lines
PATH='/usr/local/ssl/bin:$PATH' export PATH
This is the only way I could get to work. If you are running a different distro of Linux then you'll need to refer to the appropriate documentation of editing the $PATH variable. Thus, now when we type
openssl, it'll look in
/usr/local/ssl/bin first. Now it's time to compile nginx against the newer OpenSSL. We also need to apply the SPDY patch. Further we need to edit the source files to work with a custom OpenSSL location:
$ cd nginx-source $ curl -O http://nginx.org/download/nginx-1.3.14.tar.gz $ tar -xzf nginx-1.3.14.tar.gz $ cd nginx-1.3.14 $ curl -O http://nginx.org/patches/spdy/patch.spdy.txt $ patch -p1 < patch.spdy.txt $ sed -i -e 's|\\.openssl/||' auto/lib/openssl/conf $ ./configure --sbin-path=/usr/local/sbin --with-openssl=/usr/local/ssl --with-http_ssl_module --with-http_spdy_module $ make $ sudo make install
Obviously you may want to install the nginx binary to a different sbin path. I don't know why the openssl conf has
.openssl directories that work with the default openssl installation but not our self-compiled installation. But that's it, now you should be able to add the spdy directive to the relevant config files and your sites should be SPDY enabled.
Edit: nginx have now released a new development version, 1.3.15, which includes the relevant SPDY patches. So we do not need to apply these patches, but we still need to run the
sed command on the nginx source to compile against our self-installed version of OpenSSL.