OpenWrt Forum Archive

Topic: [How-To] Compiling NGINX with SSL (or other opts) for your router

The content of this topic has been archived on 16 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Praise and comments to follow big_smile

And bug reports / questions...

(Last edited by mys5droid on 18 Feb 2017, 17:46)

You will be able to post links after your post count reaches 10.

nitroshift

nitroshift wrote:

You will be able to post links after your post count reaches 10.

nitroshift

Thanks... I've fixed the SSL and I am updating it now.... Pls stand by....

Fix Complete!

I have 7 working servers forwarded using NGINX HTTP/S + RealIP:D

Someone please test out this method and post if support needed. Thank you!

(Last edited by mys5droid on 20 Feb 2017, 02:56)

Hello, I think I was going down the same track as you and wanting to use certificates with nginx so I am glad you have made this guide.
I'm not an expert by any means, so I am following your steps but not completely sure what I am doing.

I was getting stuck at the step

make menuconfig

When I entered this from the SDK root folder I got these errors.

me@ubuntu:~/OpenWrt-SDK-15.05.1-ar71xx-generic_gcc-4.8-linaro_uClibc-0.9.33.2.Linux-x86_64$ make menuconfig
tmp/.config-package.in:8:warning: ignoring type redefinition of 'PACKAGE_base-files' from 'boolean' to 'tristate'
tmp/.config-package.in:54:warning: ignoring type redefinition of 'PACKAGE_busybox' from 'boolean' to 'tristate'
feeds/base/package/utils/busybox/config/Config.in:818: glob failed: No files found "package/utils/busybox/config/libbb/Config.in"
/home/me/OpenWrt-SDK-15.05.1-ar71xx-generic_gcc-4.8-linaro_uClibc-0.9.33.2.Linux-x86_64/include/toplevel.mk:116: recipe for target 'menuconfig' failed
make: *** [menuconfig] Error 1

I have resolved this by making a symbolic link in the package folder that points to the feeds/base/package/utils folder as follows:

ln -s ../feeds/base/package/utils package/utils

I noticed that you have this step later on before running 'make' on the customised build.

menuconfig then runs OK

(Last edited by arthurdented on 26 Feb 2017, 08:25)

Last problem - which I have also resolved.

I ended up with a small pile of .ipk files which I was able to scp to the router.

When I attempt to install them with:

opkg install *.ipk

I ended up with a lot of error messages like this:

Collected errors:
 * opkg_install_pkg: Package ldconfig sha256sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'.
 * opkg_install_cmd: Cannot install package ldconfig.
 * opkg_install_pkg: Package ldd sha256sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'.
 * opkg_install_cmd: Cannot install package ldd.
...<snip>.

I used the --force-checksum option with opkg to make it ignore the checksum like this:

opkg install --force-checksum *.ipk

this seems to install all the components but we get this warning at the end which I am going to ignore in the hope that it is something that I can safely ignore.

Collected errors:
 * resolve_conffiles: Existing conffile /etc/ssl/openssl.cnf is different from the conffile in the new package. The new conffile will be placed at /etc/ssl/openssl.cnf-opkg.

(Last edited by arthurdented on 26 Feb 2017, 08:25)

arthurdented wrote:

Last problem - which I have also resolved.

I ended up with a small pile of .ipk files which I was able to scp to the router.

When I attempt to install them with:

opkg install *.ipk

I ended up with a lot of error messages like this:

Collected errors:
 * opkg_install_pkg: Package ldconfig sha256sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'.
 * opkg_install_cmd: Cannot install package ldconfig.
 * opkg_install_pkg: Package ldd sha256sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'.
 * opkg_install_cmd: Cannot install package ldd.
...<snip>.

I used the --force-checksum option with opkg to make it ignore the checksum like this:

opkg install --force-checksum *.ipk

this seems to install all the components but we get this warning at the end which I am going to ignore in the hope that it is something that I can safely ignore.

Collected errors:
 * resolve_conffiles: Existing conffile /etc/ssl/openssl.cnf is different from the conffile in the new package. The new conffile will be placed at /etc/ssl/openssl.cnf-opkg.

Nice work! I was going to move this off to my wiki and delete the post... But I will keep it! Thanks for replying!

That last error is telling you that the existing configuration file has modifications, so the package installer has installed the new package configuration file in a different location - /etc/ssl/openssl.cnf-opkg - so you can ignore this unless there are new configuration options you wish to use...

You might want to:

mv /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.bak
mv /etc/ssl/openssl.cnf-opkg /etc/ssl/openssl.cnf
nano /etc/ssl/openssl.cnf

and configure it again with the new configuration file.

(Last edited by mys5droid on 23 Apr 2017, 18:24)

The discussion might have continued from here.