Getting SPDY support

I now have SPDY support on my website. Though I don't know if I've done it the right way. My site is on a VPS running Debian 6. This means the version of OpenSSL in the repositories is version 0.9.8, SPDY requires at least version 1.0.1.

So, time to get the latest OpenSSL. I have left the repo version installed and then compiled the latest from source letting it install in the default /usr/local/ssl:

$ cd ssl-source
$ curl -O http://www.openssl.org/source/openssl-1.0.1e.tar.gz
$ tar -xzf openssl-1.0.1e.tar.gz
$ cd openssl-1.0.1e
$ ./config
$ make
$ make test
$ sudo make install

We now have the default OpenSSL 0.9.8 installed by Debian and our own version installed to /usr/local/ssl/bin. If we type openssl to the prompt Debian looks for a binary of the same name in the $PATH variable. We have to add /usr/local/ssl/bin to this variable so we can actually use our new version. To do this system wide on Debian we can add an openssl.sh file to directory /etc/profile.d/ containing the lines

PATH='/usr/local/ssl/bin:$PATH'
export PATH

This is the only way I could get to work. If you are running a different distro of Linux then you'll need to refer to the appropriate documentation of editing the $PATH variable. Thus, now when we type openssl, it'll look in /usr/local/ssl/bin first. Now it's time to compile nginx against the newer OpenSSL. We also need to apply the SPDY patch. Further we need to edit the source files to work with a custom OpenSSL location:

$ cd nginx-source
$ curl -O http://nginx.org/download/nginx-1.3.14.tar.gz
$ tar -xzf nginx-1.3.14.tar.gz
$ cd nginx-1.3.14
$ curl -O http://nginx.org/patches/spdy/patch.spdy.txt
$ patch -p1 < patch.spdy.txt
$ sed -i -e 's|\\.openssl/||' auto/lib/openssl/conf
$ ./configure --sbin-path=/usr/local/sbin --with-openssl=/usr/local/ssl --with-http_ssl_module --with-http_spdy_module
$ make
$ sudo make install

Obviously you may want to install the nginx binary to a different sbin path. I don't know why the openssl conf has .openssl directories that work with the default openssl installation but not our self-compiled installation. But that's it, now you should be able to add the spdy directive to the relevant config files and your sites should be SPDY enabled.

Edit: nginx have now released a new development version, 1.3.15, which includes the relevant SPDY patches. So we do not need to apply these patches, but we still need to run the sed command on the nginx source to compile against our self-installed version of OpenSSL.