While looking at SSO solutions I decided to investigate a bit more options how I could use Nginx with solutions like Okta to protect my resources. One of interesting ones was using authentication proxy with Nginx.
The afore functionality is available through use of http_auth_request_module. However this module is not compiled by default. This got me the idea that would be nice to exercise going step by step through compiling Nginx with auth module Centos 7.
Yes – I do know that there are solutions on the market/internet which would save me from this – however I value the learning process in this challenge as well π If you have interesting links to alternatives please leave them in the comment section.
Getting the sources
Our journey begins with getting the sources. I have tried following the official Nginx documentation but I find it …. somehow not up to the task. Hence there are some modifications or additions that I did to get this through π
mkdir nginx-from-source && cd $_
Once we have our new folder we can download the pre-reqs
Here we are taking Nginx version 1.19.0 – please be sure to check whats the latest version before running the command
wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz
wget http://zlib.net/zlib-1.2.11.tar.gz
wget http://www.openssl.org/source/openssl-1.1.1g.tar.gz
wget https://nginx.org/download/nginx-1.19.0.tar.gz
tar zxf nginx-1.19.0.tar.gz
Compile PCRE
tar -zxf pcre-8.44.tar.gz
cd pcre-8.44
./configure
make
sudo make install
Compile ZLIB
tar -zxf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make
sudo make install
Compiling OpenSSL
OpenSSL deserves spot for bit more insights than just dry code. We will use never version than the one running on the box right now.
Pre-reqs
We will start off by installing required packages via yum and extracting the content of downloaded archive
yum group install 'Development Tools'
yum install perl-core zlib-devel -y
tar -xf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g
Configure & install OpenSSL
sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
sudo make
sudo make test
sudo make install
Configure shared libraries
Navigate to /etc/ld.so.conf.d
and run the following
sudo echo "/usr/local/ssl/lib" >> /etc/ld.so.conf.d/openssl-1.1.1g.conf
ldconfig is used to create, update and remove symbolic links for the current shared libraries based on the lib directories present in the /etc/ld.so.conf
Reload with verbose
sudo ldconfig -v
Configure OpenSSL binary
Start with backing up the current OpenSSL
sudo mv /bin/openssl /bin/openssl.backup
Create script which will be executed on the system…
sudo vi /etc/profile.d/openssl.sh
… and set contents to
OPENSSL_PATH="/usr/local/ssl/bin"
export OPENSSL_PATH
PATH=$PATH:$OPENSSL_PATH
export PATH
Once done we need to make sure that the script is allowed to be executed
sudo chmod +x /etc/profile.d/openssl.sh
Next reload the profile to get the openSSL new binary with your PATH
source /etc/profile.d/openssl.sh
Verify openSSL version
which openssl
openssl version -a

If you reached this moment then we are ready to move on the next part π
Compiling Nginx with extra modules
Create user under which the process will be running
useradd -s/sbin/nologin -d/usr/local/nginx -M nginx
Navigate to folder with nginx sources created during download of our pre-reqs and run the config command
./configure
--user=nginx
--group=nginx
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--sbin-path=/usr/local/nginx/nginx
--pid-path=/usr/local/nginx/nginx.pid
--with-pcre=../pcre-8.44
--with-zlib=../zlib-1.2.11
--with-http_auth_request_module
--with-http_geoip_module
--with-http_gzip_static_module
--with-http_gunzip_module
--with-http_realip_module
--with-http_secure_link_module
--with-http_slice_module
--with-http_ssl_module
--with-http_v2_module
The above compiles Nginx with extra modules. For a comprehensive list with detailed information about each of the extra modules please refer to official Nginx documentation.
Once the above command finishes run
make
make install
When the above process finishes you should have nginx installed in /usr/local/nginx
Initial configuration of Nginx
In order to use Nginx we need to configure it. Right now our system knows nothing about running it.
Run vi /etc/systemd/system/nginx.service
and set the content to
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/nginx.pid
ExecStartPre=/usr/local/nginx/nginx -t
ExecStart=/usr/local/nginx/nginx
ExecReload=/usr/local/nginx/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
Now when you run systemctl status nginx
you should see our service available.
Go ahead and run it! Type systemctl start nginx
At this moment you should have Nginx running with extra modules compiled!