nginx升級openssl
阿新 • • 發佈:2021-06-13
#升級openssl-1.1.1d mkdir -p /usr/local/openssl #wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz tar -xf openssl-1.1.1d.tar.gz -C /usr/local cd /usr/local/openssl-1.1.1d ./config --prefix=/usr/local/openssl ./config -t make && make install ldd /usr/local/openssl/bin/openssl #檢查openssl命令路徑 #root@node1 openssl-1.1.1d]# which openssl #/usr/bin/openssl #檢查現有版本 openssl version -a #移除老版本 mv /usr/bin/openssl /usr/bin/openssl.bak mv /usr/include/openssl /usr/include/openssl.bak #載入新版本 echo "/usr/local/openssl/lib" >> /etc/ld.so.conf ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl ln -s /usr/local/openssl/include/openssl /usr/include/openssl ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1 ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1 openssl version -a #更新nginx ssl yum install -y pcre pcre-devel zlib zlib-devel cd /root && wget http://nginx.org/download/nginx-1.17.2.tar.gz tar xf nginx-1.17.2.tar.gz cd /root/nginx-1.17.2 ./configure --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx \ --conf-path=/usr/local/nginx/conf/nginx.conf \ --error-log-path=/usr/local/nginx/logs/error.log \ --http-log-path=/usr/local/nginx/logs/access.log --pid-path=/var/run/nginx.pid \ --lock-path=/var/lock/subsys/nginx --with-openssl=/usr/local/openssl \ --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre #報錯: [root@node1 nginx-1.17.2]# make make -f objs/Makefile make[1]: Entering directory `/root/nginx-1.17.2' cd /usr/local/openssl \ && if [ -f Makefile ]; then make clean; fi \ && ./config --prefix=/usr/local/openssl/.openssl no-shared no-threads \ && make \ && make install_sw LIBDIR=lib /bin/sh: line 2: ./config: No such file or directory make[1]: *** [/usr/local/openssl/.openssl/include/openssl/ssl.h] Error 127 make[1]: Leaving directory `/root/nginx-1.17.2' make: *** [build] Error 2 #解決 vim /root/nginx-1.17.2/auto/lib/openssl/conf [註釋4行 增加4行] #CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include" #CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h" #CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a" #CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a" CORE_INCS="$CORE_INCS $OPENSSL/include" CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h" CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a" CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"
cd /root/nginx-1.17.2/ make clean ./configure --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx \ --conf-path=/usr/local/nginx/conf/nginx.conf \ --error-log-path=/usr/local/nginx/logs/error.log \ --http-log-path=/usr/local/nginx/logs/access.log --pid-path=/var/run/nginx.pid \ --lock-path=/var/lock/subsys/nginx --with-openssl=/usr/local/openssl \ --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre make && make install #檢查: [root@node1 nginx-1.17.2]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.17.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.1.1d 10 Sep 2019 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --error-log-path=/usr/local/nginx/logs/error.log --http-log-path=/usr/local/nginx/logs/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --with-openssl=/usr/local/openssl --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre