<div dir="ltr">Congratulations for get the RPM. <div><br></div><div>If you search in spec file for "<span style="font-size:13.1999998092651px;line-height:15.8399991989136px">with_spdy", you should find that tag (think it as some variable) around.</span></div><div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px">I'm not quite sure about --with-cc-opt="%{optflags} $(pcre-config --cflags)". Seems it is there to keep nginx compiled with same options of pcre lib.</span></div><div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px"><br></span></div><div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px">If all you need is a static file server, I guess you can remove follwing:</span></div><div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px">    --with-http_gzip_static_</span><span style="font-size:13.1999998092651px;line-height:15.8399991989136px">module (pre compressed file)</span><br style="font-size:13.1999998092651px;line-height:15.8399991989136px"><span style="font-size:13.1999998092651px;line-height:15.8399991989136px">    --with-http_stub_status_</span><span style="font-size:13.1999998092651px;line-height:15.8399991989136px">module (stub page might be used by some monitoring tools, like longview)</span></div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px">    --with-http_realip_module (parse X-Forwarded-For)</span><div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px">    </span><span style="font-size:13.1999998092651px;line-height:15.8399991989136px">--with-pcre (regex)</span></div><div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px">If you want to rip off more, you can try add --without-* options:</span></div><div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px"><a href="http://wiki.nginx.org/Modules">http://wiki.nginx.org/Modules</a></span></div><div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px">Wiki is somewhat outdated. If you get invalid options, that module might already excluded from default build. Don't worry for that. Also, You can always recompile again if you cut off too much. Shouldn't take long.</span></div><div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px"><br></span></div><div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px">I never used modsec before, so I can't help with the APR issue. Maybe you should rebuild and install apr first.</span></div><div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px"><br></span></div><div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px">Regards,<br></span><div><span style="font-size:13.1999998092651px;line-height:15.8399991989136px"><br></span></div><div><br><div class="gmail_quote"><div dir="ltr">On Mon, Jun 15, 2015 at 11:59 PM ajjH6 <<a href="mailto:nginx-forum@nginx.us">nginx-forum@nginx.us</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thanks ryd994.<br>
<br>
I eventually build the RPM ok.<br>
<br>
I am attempting to build a stripped down nginx RPM with minimal modules, but<br>
also with modsec. I found a suggested config at -<br>
<br>
<a href="https://www.digitalocean.com/community/tutorials/how-to-compile-nginx-from-source-on-a-centos-6-4-x64-vps" rel="noreferrer" target="_blank">https://www.digitalocean.com/community/tutorials/how-to-compile-nginx-from-source-on-a-centos-6-4-x64-vps</a><br>
<br>
./configure \<br>
--user=nginx                          \<br>
--group=nginx                         \<br>
--prefix=/etc/nginx                   \<br>
--sbin-path=/usr/sbin/nginx           \<br>
--conf-path=/etc/nginx/nginx.conf     \<br>
--pid-path=/var/run/nginx.pid         \<br>
--lock-path=/var/run/nginx.lock       \<br>
--error-log-path=/var/log/nginx/error.log \<br>
--http-log-path=/var/log/nginx/access.log \<br>
--with-http_gzip_static_module        \<br>
--with-http_stub_status_module        \<br>
--with-http_ssl_module                \<br>
--with-pcre                           \<br>
--with-file-aio                       \<br>
--with-http_realip_module             \<br>
--without-http_scgi_module            \<br>
--without-http_uwsgi_module           \<br>
--without-http_fastcgi_module<br>
<br>
<br>
I was able to build the RPM with the following in the nginx.spec file -<br>
<br>
%build<br>
./configure \<br>
        --prefix=%{_sysconfdir}/nginx \<br>
        --sbin-path=%{_sbindir}/nginx \<br>
        --conf-path=%{_sysconfdir}/nginx/nginx.conf \<br>
        --error-log-path=%{_localstatedir}/log/nginx/error.log \<br>
        --http-log-path=%{_localstatedir}/log/nginx/access.log \<br>
        --pid-path=%{_localstatedir}/run/nginx.pid \<br>
        --lock-path=%{_localstatedir}/run/nginx.lock \<br>
        --user=%{nginx_user} \<br>
        --group=%{nginx_group} \<br>
        --with-http_gzip_static_module        \<br>
        --with-http_stub_status_module        \<br>
        --with-http_ssl_module                \<br>
        --with-pcre                           \<br>
        --with-file-aio                       \<br>
        --with-http_realip_module             \<br>
        --without-http_scgi_module            \<br>
        --without-http_uwsgi_module           \<br>
        --without-http_fastcgi_module           \<br>
        %{?with_spdy:--with-http_spdy_module} \<br>
        --with-cc-opt="%{optflags} $(pcre-config --cflags)" \<br>
<br>
--add-module=%{_builddir}/%{name}-%{version}/modsecurity-2.9.0/nginx/modsecurity<br>
        $*<br>
<br>
<br>
I am unsure on the a couple of lines at the bottom -<br>
<br>
        %{?with_spdy:--with-http_spdy_module} \<br>
        --with-cc-opt="%{optflags} $(pcre-config --cflags)" \<br>
<br>
<br>
The RPM installs fine (apr-devel rpm dependency).<br>
<br>
Version outputs the following -<br>
<br>
nginx -V<br>
nginx version: nginx/1.8.0<br>
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-11) (GCC)<br>
built with OpenSSL 1.0.1e-fips 11 Feb 2013<br>
TLS SNI support enabled<br>
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx<br>
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log<br>
--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid<br>
--lock-path=/var/run/nginx.lock --user=nginx --group=nginx<br>
--with-http_gzip_static_module --with-http_stub_status_module<br>
--with-http_ssl_module --with-pcre --with-file-aio --with-http_realip_module<br>
--without-http_scgi_module --without-http_uwsgi_module<br>
--without-http_fastcgi_module --with-http_spdy_module --with-cc-opt='-O2 -g<br>
-pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector<br>
--param=ssp-buffer-size=4 -m64 -mtune=generic'<br>
--add-module=/home/test/rpmbuild/BUILD/nginx-1.8.0/modsecurity-2.9.0/nginx/modsecurity<br>
<br>
<br>
Basically I want a minimal nginx install to serve static files over SSL.<br>
Might you have any suggestions to improve this?<br>
<br>
<br>
I also found a separate issue which I discovered when modsec is compiled -<br>
<br>
"configure: WARNING: APR util was not compiled with crypto support.<br>
SecRemoteRule will not support the parameter 'crypto'"<br>
<br>
Basically the rhel6 apr-devel rpm does not have crypto support. Trying to<br>
determine what are the ramifications are here.<br>
<br>
Posted at Nginx Forum: <a href="http://forum.nginx.org/read.php?2,259622,259636#msg-259636" rel="noreferrer" target="_blank">http://forum.nginx.org/read.php?2,259622,259636#msg-259636</a><br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div></div></div></div>