mkdir -p /usr/local/openssl #wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz tar -xf openssl-1.1.1d.tar.gz -C /usr/local cd /usr/local/openssl-1.1.1d ./config --prefix=/usr/local/openssl ./config -t make -j 8 && make install ldd /usr/local/openssl/bin/openssl #检查openssl命令路径 #root@node1 openssl-1.1.1d]# which openssl #/usr/bin/openssl #检查现有版本 openssl version -a #移除老版本 mv /usr/bin/openssl /usr/bin/openssl.bak mv /usr/include/openssl /usr/include/openssl.bak #加载新版本 echo "/usr/local/openssl/lib" >> /etc/ld.so.conf ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl ln -s /usr/local/openssl/include/openssl /usr/include/openssl ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1 ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1 #ln -s /usr/local/openssl-1.1.1d /usr/local/openssl 测试 openssl version -a ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl wget http://nginx.org/download/nginx-1.17.2.tar.gz yum -y install zlib pcre pcre-devel openssl openssl-devel tar xf nginx-1.17.2.tar.gz -C /usr/local/src/ cd /usr/local/src/nginx-1.17.2 ./configure \ --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx \ --conf-path=/usr/local/nginx/conf/nginx.conf --error-log-path=/usr/local/nginx/logs/error.log \ --http-log-path=/usr/local/nginx/logs/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx \ --with-openssl=/usr/local/openssl --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre #打开nginx源文件下的/usr/local/src/nginx-1.17.2/auto/lib/openssl/conf文件: 找到这么一段代码: CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include" CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h" CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a" CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a" CORE_LIBS="$CORE_LIBS $NGX_LIBDL" 修改成以下代码: CORE_INCS="$CORE_INCS $OPENSSL/include" CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h" CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a" CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a" CORE_LIBS="$CORE_LIBS $NGX_LIBDL" #上面修改比较麻烦 可以通过sed进行修改: sed -i 's#CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"#CORE_INCS="$CORE_INCS $OPENSSL/include"#g' /usr/local/src/nginx-1.17.2/auto/lib/openssl/conf sed -i 's#CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"#CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"#g' /usr/local/src/nginx-1.17.2/auto/lib/openssl/conf sed -i 's#CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"#CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"#g' /usr/local/src/nginx-1.17.2/auto/lib/openssl/conf sed -i 's#CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"#CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"#g' /usr/local/src/nginx-1.17.2/auto/lib/openssl/conf sed -i 's#CORE_LIBS="$CORE_LIBS $NGX_LIBDL"#CORE_LIBS="$CORE_LIBS $NGX_LIBDL"#g' /usr/local/src/nginx-1.17.2/auto/lib/openssl/conf #再次执行: ./configure \ --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx \ --conf-path=/usr/local/nginx/conf/nginx.conf --error-log-path=/usr/local/nginx/logs/error.log \ --http-log-path=/usr/local/nginx/logs/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx \ --with-openssl=/usr/local/openssl --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre make -j 8 make install #添加环境变量: export PATH="$PATH:/usr/local/nginx/sbin" echo 'export PATH="$PATH:/usr/local/nginx/sbin"' >>/etc/profile source /etc/profile
openssl升级nginx升级支持openssl http2
原创
©著作权归作者所有:来自51CTO博客作者妙手折花的原创作品,请联系作者获取转载授权,否则将追究法律责任
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
自签openssl证书(包含泛域名)
实现https自签证书(泛域名)
服务器 html IP -
升级OpenSSL
CVE-2020-1971: OpenSSL 拒绝服务漏洞修复背景:2020年12月8日openssl 发布了 openssl 拒绝服务漏洞 的风险通告,该漏洞编号
linux openssl centos python mysql
