##openssl安装
#wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz
mkdir /usr/local/openssl
tar xf openssl-1.1.1d.tar.gz -C /usr/local/openssl/
cd /usr/local/openssl/openssl-1.1.1d
./config --prefix=/usr/local/openssl
./config -t
make -j 8 && make install
#设置依赖
ldd /usr/local/openssl/bin/openssl
#检查当前openssl
which openssl
\mv /usr/bin/openssl /usr/bin/openssl.bak
\mv /usr/include/openssl /usr/include/openssl.bak
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
openssl version -a
#nginx添加openssl
cd /root
yum install -y pcre pcre-devel zlib zlib-devel
wget http://nginx.org/download/nginx-1.17.2.tar.gz
tar xf nginx-1.17.2.tar.gz
useradd -s /sbin/nologin www
cd nginx-1.17.2/
#修改支持openssl
vim /root/nginx-1.17.2/auto/lib/openssl/conf
#找到这么一段代码:
CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"
CORE_LIBS="$CORE_LIBS $NGX_LIBDL"
#修改成以下代码:
CORE_INCS="$CORE_INCS $OPENSSL/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"
CORE_LIBS="$CORE_LIBS $NGX_LIBDL"
#命令替换
sed -i ‘s#CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"#CORE_INCS="$CORE_INCS $OPENSSL/include"#g‘ /root/nginx-1.17.2/auto/lib/openssl/conf
sed -i ‘s#CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"#CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"#g‘ /root/nginx-1.17.2/auto/lib/openssl/conf
sed -i ‘s#CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"#CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"#g‘ /root/nginx-1.17.2/auto/lib/openssl/conf
sed -i ‘s#CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"#CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"#g‘ /root/nginx-1.17.2/auto/lib/openssl/conf
sed -i ‘s#CORE_LIBS="$CORE_LIBS $NGX_LIBDL"#CORE_LIBS="$CORE_LIBS $NGX_LIBDL"#g‘ /root/nginx-1.17.2/auto/lib/openssl/conf
#编译nginx
./configure --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --error-log-path=/usr/local/nginx/logs/error.log --http-log-path=/usr/local/nginx/logs/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --with-openssl=/usr/local/openssl --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre
#安装
make
make install
#添加系统启动
cat << EOF >/lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
IDFile=/var/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start nginx.service
systemctl status nginx.service
systemctl enable nginx.service
#添加环境变量:
#export PATH="$PATH:/usr/local/nginx/sbin"
#echo ‘export PATH="$PATH:/usr/local/nginx/sbin"‘ >>/etc/profile
#source /etc/profile
openssl升级nginx升级支持openssl http2