1. 程式人生 > >nginx升級OpenSSL

nginx升級OpenSSL

nginx

nginx版本:nginx-1.11.12
openssl版本:openssl-1.0.2j
操作系統版本:centos 6.8

步驟:
升級openssl-1.0.2j

#yum -y install gcc*
安裝第三方庫

yum install -y pcre pcre-devel //使nginx支持正則表達式

yum install -y zlib zlib-devel //使nginx支持http包的內容做gzip的壓縮

yum install -y openssl openssl-devel//使nginx支持ssl協議和MD5,sha1等散列函數

cd /home && wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz

tar xf openssl-1.0.2j.tar.gz
cd openssl-1.0.2j/ && ./config --prefix=/usr/local/openssl
make && make install

mv /usr/bin/openssl /usr/bin/openssl.OFF
mv /usr/include/openssl /usr/include/openssl.OFF
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl

echo "/usr/local/openssl/lib">>/etc/ld.so.conf
ldconfig -v

echo ‘export OPENSSL=/usr/local/openssl/bin‘ >>/etc/profile
echo ‘export PATH=$OPENSSL:$PATH:$HOME/bin‘ >>/etc/profile
source /etc/profile
openssl version -a

安裝nginx-1.11.12

cd /home && wget http://nginx.org/download/nginx-1.11.12.tar.gz

/usr/local/nginx/sbin/nginx -s stop
mv /usr/local/nginx/ /opt/

tar -xf nginx-1.11.12.tar.gz && cd nginx-1.11.12

vim /home/nginx-1.11.12/auto/lib/openssl/conf

CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"
改成
CORE_INCS="$CORE_INCS $OPENSSL/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-openssl=/usr/local/openssl/
make && make install

nginx升級OpenSSL