openssl升級nginx升級支援openssl http2
阿新 • • 發佈:2021-06-14
##openssl安裝 #wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz mkdir /usr/local/openssl tar xf openssl-1.1.1d.tar.gz -C /usr/local/openssl/ cd /usr/local/openssl/openssl-1.1.1d ./config --prefix=/usr/local/openssl ./config -t make -j 8 && make install #設定依賴 ldd /usr/local/openssl/bin/openssl #檢查當前openssl which openssl \mv /usr/bin/openssl /usr/bin/openssl.bak \mv /usr/include/openssl /usr/include/openssl.bak ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl ln -s /usr/local/openssl/include/openssl /usr/include/openssl ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1 ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1 echo "/usr/local/openssl/lib" >> /etc/ld.so.conf openssl version -a #nginx新增openssl cd /root yum install -y pcre pcre-devel zlib zlib-devel wget http://nginx.org/download/nginx-1.17.2.tar.gz tar xf nginx-1.17.2.tar.gz useradd -s /sbin/nologin www cd nginx-1.17.2/ #修改支援openssl vim /root/nginx-1.17.2/auto/lib/openssl/conf #找到這麼一段程式碼: CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include" CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h" CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a" CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a" CORE_LIBS="$CORE_LIBS $NGX_LIBDL" #修改成以下程式碼: CORE_INCS="$CORE_INCS $OPENSSL/include" CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h" CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a" CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a" CORE_LIBS="$CORE_LIBS $NGX_LIBDL" #命令替換 sed -i 's#CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"#CORE_INCS="$CORE_INCS $OPENSSL/include"#g' /root/nginx-1.17.2/auto/lib/openssl/conf sed -i 's#CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"#CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"#g' /root/nginx-1.17.2/auto/lib/openssl/conf sed -i 's#CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"#CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"#g' /root/nginx-1.17.2/auto/lib/openssl/conf sed -i 's#CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"#CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"#g' /root/nginx-1.17.2/auto/lib/openssl/conf sed -i 's#CORE_LIBS="$CORE_LIBS $NGX_LIBDL"#CORE_LIBS="$CORE_LIBS $NGX_LIBDL"#g' /root/nginx-1.17.2/auto/lib/openssl/conf #編譯nginx ./configure \ --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx \ --conf-path=/usr/local/nginx/conf/nginx.conf --error-log-path=/usr/local/nginx/logs/error.log \ --http-log-path=/usr/local/nginx/logs/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx \ --with-openssl=/usr/local/openssl --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre #安裝 make make install #新增系統啟動 cat << EOF >/lib/systemd/system/nginx.service [Unit] Description=The NGINX HTTP and reverse proxy server After=syslog.target network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service] Type=forking IDFile=/var/run/nginx.pid ExecStartPre=/usr/local/nginx/sbin/nginx -t ExecStart=/usr/local/nginx/sbin/nginx ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl start nginx.service systemctl status nginx.service systemctl enable nginx.service #新增環境變數: #export PATH="$PATH:/usr/local/nginx/sbin" #echo 'export PATH="$PATH:/usr/local/nginx/sbin"' >>/etc/profile #source /etc/profile