Thanks ryd994.
I eventually build the RPM ok.
I am attempting to build a stripped down nginx RPM with minimal modules, but also with modsec. I found a suggested config at -
https://www.digitalocean.com/community/tutorials/how-to-compile-nginx-from-source-on-a-centos-6-4-x64-vps
./configure \
--user=nginx \
--group=nginx \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-pcre \
--with-file-aio \
--with-http_realip_module \
--without-http_scgi_module \
--without-http_uwsgi_module \
--without-http_fastcgi_module
I was able to build the RPM with the following in the nginx.spec file -
%build
./configure \
--prefix=%{_sysconfdir}/nginx \
--sbin-path=%{_sbindir}/nginx \
--conf-path=%{_sysconfdir}/nginx/nginx.conf \
--error-log-path=%{_localstatedir}/log/nginx/error.log \
--http-log-path=%{_localstatedir}/log/nginx/access.log \
--pid-path=%{_localstatedir}/run/nginx.pid \
--lock-path=%{_localstatedir}/run/nginx.lock \
--user=%{nginx_user} \
--group=%{nginx_group} \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-pcre \
--with-file-aio \
--with-http_realip_module \
--without-http_scgi_module \
--without-http_uwsgi_module \
--without-http_fastcgi_module \
%{?with_spdy:--with-http_spdy_module} \
--with-cc-opt="%{optflags} $(pcre-config --cflags)" \
--add-module=%{_builddir}/%{name}-%{version}/modsecurity-2.9.0/nginx/modsecurity
$*
I am unsure on the a couple of lines at the bottom -
%{?with_spdy:--with-http_spdy_module} \
--with-cc-opt="%{optflags} $(pcre-config --cflags)" \
The RPM installs fine (apr-devel rpm dependency).
Version outputs the following -
nginx -V
nginx version: nginx/1.8.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-11) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-file-aio --with-http_realip_module --without-http_scgi_module --without-http_uwsgi_module --without-http_fastcgi_module --with-http_spdy_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --add-module=/home/test/rpmbuild/BUILD/nginx-1.8.0/modsecurity-2.9.0/nginx/modsecurity
Basically I want a minimal nginx install to serve static files over SSL. Might you have any suggestions to improve this?
I also found a separate issue which I discovered when modsec is compiled -
"configure: WARNING: APR util was not compiled with crypto support. SecRemoteRule will not support the parameter 'crypto'"
Basically the rhel6 apr-devel rpm does not have crypto support. Trying to determine what are the ramifications are here.