Nginx module not binary compatible after compilation on Centos 7
Solution 1
Turns out, the --with-compat option was causing the issue. I added it because the guide on nginx.com said so, but after removing it and compiling one more time, nginx -t tells me that the config is good.
Solution 2
Removing --with-compat option cannot possibly solve it.
If you got the error about binary incompatible module that was compiled with this option, it only means that you compiled it for one version and loaded into a different version. E.g. module was compiled against NGINX source 1.16.0 while you're loading it (using) in NGINX 1.12.2. And that version is very old by the way, and has HTTP/2 security vulnerabilities, for which you have to update.
If anything, there's not much reason not to use --with-compat.
I am very biased in saying this, but GetPageSpeed repo, while being not gratis for CentOS 7 (free for CentOS/RHEL 8 as of this writing), allows you to get always up-to-date modules for new NGINX versions, which are released on a regular basis and address new security issues as well as added features. Otherwise, you have to continuously recompile modules as opposed to yum update, and potentially end up with compilation software on the production system. Which is a security issue of its own.
The GetPageSpeed alternative is subscribing to NGINX Plus, which costs far more than a few dollars.
Solution 3
A more compatible way:
- find out the current nginx instance version via
nginx -v - clone the nginx source code and checkout that tag, like "release-1.18.0".
- configure the source with exactly the same options via:
auto/configure --add-dynamic-module=/path/to/your/module `nginx -V`
- make
Related videos on Youtube
11 : 01
02 : 38
05 : 53
13 : 24
06 : 24
user153991
Updated on September 18, 2022Comments
-
user153991 over 1 year
I need to use the Nginx module ngx_http_auth_pam_module on a Centos 7 server. As a package is only available through the getpagespeed repository, which isn't gratis, I want to compile it myself.
Following various instructions I found, I downloaded the sources for the module and for Nginx, listed the compile options for the version of Nginx installed with
nginx -V, then compiled the module with./configurethenmake modules, installing some packages to fix the various errors in the process.However, when I try to configure Nginx to use the newly compiled module,
nginx -tgives menginx: [emerg] module "/opt/nginx/modules/ngx_http_auth_pam_module.so" is not binary compatible in /usr/share/nginx/modules/mod-http-auth-pam.conf:1From what I read, this "not binary compatible" error is due to different compile flags in the installed version of Nginx vs the module, however I made sure to copy all those given by
nginx -V. I also made sure to download the source code for the same version of Nginx as installed.Any idea what could be causing the issue ? Should I just uninstall Nginx and reinstall the compiled version, or does that come with its own issues ?
Appendix :
here is the entire
./configurecommand :./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_auth_request_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' --with-compat --add-dynamic-module=../ngx_http_auth_pam_module/And here the
nginx -Vnginx version: nginx/1.12.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_auth_request_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' -
Phil over 4 yearsI confirm that removing --with-compat effectively solves the problem (if Nginx hasn't been built with itself with -with-compat). Anyway, everybody is free to try.
-
Florian Holzner about 4 yearsI can confirm that removing
--with-compatsolves this exact problem. Weird. -
clarkttfu almost 4 yearsAnd it would be good to build the binary with same Linux distribution :) -
Khom Nazid over 3 yearsGetPageSpeed module now costs $50 per month so is impractical for most people other than 'enterprise' folks. Good for the programmer of that lovely repo, but it's not a good answer. Meanwhile your info is correct: compiling the module with or without--with-compatis irrelevant to this issue. Something else is happeninng. -
Khom Nazid over 3 yearsThat's not the issue. Removing with compat does nothing.
-
Danila Vershinin over 3 yearsDo the math. Compared to NGINX Plus which runs at $2.5K/year for a single instance, GetPageSpeed repo is only $600 per year and has nearly a hundred of installable NGINX modules (not talking about other software which is also included). It is not only for "enterprise": any small/medium business interested in boosting their online shops like Magento 2 etc. can easily afford that, and there is no limit on instance use as long as it shows up as a single IP address.
-
PKHunter over 3 yearsThank you Danila. Yes I think it’s a great price for companies making money online. It s a well done repo with excellent modules. I miss it for free use.
