DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th November 2018
gessler gessler is offline
New User
 
Join Date: Apr 2012
Posts: 8
Default Build Nginx with openssl

Hi everybody, I´ve got serious performance problems with ssl, I already tested httpd and nginx, same results, with https://... downloads are more than 50% slower than via http://..., did every tweak(and without, .conf just as simple as possible) you can imagine, but no luck, I guess it´s libre ssl that slows things down .
So my question, how can I compile nginx port on openbsd 6.4 amd64 with opensssl instead of libressl?
Kind regards and thanks in advance
Reply With Quote
  #2   (View Single Post)  
Old 18th November 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Welcome back!

You are warned by $ pkg_info openssl:
Quote:
This package is not intended for general-purpose use in OpenBSD -
it is present to provide support for applications which cannot be made
compatible with LibReSSL (mostly due to use of removed APIs), and for
test/comparison purposes.
If that does not dissuade you, you might start with the www/nginx port, and modify it to point to the OpenSSL libraries instead.
Reply With Quote
  #3   (View Single Post)  
Old 18th November 2018
gessler gessler is offline
New User
 
Join Date: Apr 2012
Posts: 8
Default

Does not, I already read that warning, but I need some solution, right now I would like to compile nginx with openssl and test that to be sure if it´s libressl or not. Yesterday I set up a test vps with freebsd, on the same location as my openbsd machine, and to my surprise the freebsd with nginx and the same conf didn´t have any speed difference between https and http, on the freebsd machine nginx -V showed: built with openssl. That´s why I think it´s the crypto on openbsd that slows it down so much. Just don´t know how and wher to make the necessary changes in makefile etc. to build nginx with openssl rather than libressl....
I have little to no experience with ports and since libressl is in the base system I´m kinda lost, sorry.
Reply With Quote
  #4   (View Single Post)  
Old 18th November 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

If you look at what gets installed with the openssl package with $ pkg_info -L openssl you will see that the openssl library (either version 1.0.2 or version 1.1) is named eopenssl.
  • Whether you begin with the OpenBSD port or not, you will need to provision the build tool chain to point to these include files and library. The Makefile for net/nagios/nrpe shows example changes to $CFLAGS and $LDFLAGS to point its tools to eopenssl.
  • I recommend you start with the www/nginx port because it includes OpenBSD-specific patches for nginx, and it has a working build tool chain with a working configuration.
Reply With Quote
  #5   (View Single Post)  
Old 18th November 2018
gessler gessler is offline
New User
 
Join Date: Apr 2012
Posts: 8
Default

Thank you very much, i´ll give the nginx port a try and test then.
Reply With Quote
  #6   (View Single Post)  
Old 18th November 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Please note the build tools vary by architecture. The www/nginx $COMPILER string is "base-clang ports-gcc base-gcc". The first match will be chosen. The output of $ make show=CHOSEN_COMPILER will let you know which is being used for your build.

You may find the ports(7) and bsd.port.mk(5) man pages helpful.
Reply With Quote
  #7   (View Single Post)  
Old 19th November 2018
gessler gessler is offline
New User
 
Join Date: Apr 2012
Posts: 8
Default

Well after trying whole day I´ll give up on that, I´m just not capable it seems to get into these ports, just get errors everything I try. Just not worth it, and just for testing if it´s libressl or not... I still try tomorrow the previous version of openbsd since there were quite some changes in libressl recently, if that´s not better > Freebsd for that webserver, sad but with such slow https performance no way, it´s just slow, especially the photogallery is just at least 3 to 4 times slower with https. Anyway thank you very much.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Installing openssl-devel drhowarddrfine FreeBSD Security 0 9th September 2017 12:53 AM
Please Put OpenSSL Out of Its Misery J65nko News 12 25th April 2014 02:44 PM
OpenSSL challenge Ooonak OpenBSD Security 1 9th July 2012 02:47 PM
OpenSSL fixes DoS bug in recent bug fix J65nko News 0 20th January 2012 12:02 AM
OpenSSL updates fix vulnerabilities J65nko News 0 4th June 2010 12:48 PM


All times are GMT. The time now is 11:57 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick