安装依赖
yum install gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed dpkg-dev libpcrecpp0 libgd2-xpm-dev libgeoip-dev libperl-dev -y
https://www.joomlagate.com/index.php?option=com_content&view=article&id=325:recompile-nginx-with-openssl-1-0-2-on-centos-to-support-http-2&Itemid=19
centos 6 yum install nginx 的openssl 默认版本是 1.0.1e,这是一个有诸多漏洞的版本,而nginx 不支持yum update,只能重新编译nginx
切换目录到/usr/local/src
从https://www.openssl.org/source/下载
openssl-1.1.0h.tar.gz |
解压后如下
/usr/local/src/openssl-1.1.0h
从 http://nginx.org/en/download.html 下载稳定版本或者与原来系统上一致的版本
解压
切换到nginx目录下/usr/local/src/nginx-1.14.0
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-openssl=/usr/local/src/openssl-1.1.0h --user=www-data --group=www-data --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_v2_module --with-ipv6 --with-compat --with-stream_realip_module --with-stream_ssl_preread_module
然后
make
make install
1 #!/bin/sh
2 #
3 # nginx Startup script for nginx
4 #
5 # chkconfig: - 85 15
6 # processname: nginx
7 # config: /etc/nginx/nginx.conf
8 # config: /etc/sysconfig/nginx
9 # pidfile: /var/run/nginx.pid
10 # description: nginx is an HTTP and reverse proxy server
11 #
12 ### BEGIN INIT INFO
13 # Provides: nginx
14 # Required-Start: $local_fs $remote_fs $network
15 # Required-Stop: $local_fs $remote_fs $network
16 # Default-Start: 2 3 4 5
17 # Default-Stop: 0 1 6
18 # Short-Description: start and stop nginx
19 ### END INIT INFO
20 # Source function library.
21 . /etc/rc.d/init.d/functions
22 if [ -L $0 ]; then
23 initscript=`/bin/readlink -f $0`
24 else
25 initscript=$0
26 fi
27 sysconfig=`/bin/basename $initscript`
28 if [ -f /etc/sysconfig/$sysconfig ]; then
29 . /etc/sysconfig/$sysconfig
30 fi
31 nginx=${NGINX:-/usr/sbin/nginx}
32 prog=`/bin/basename $nginx`
33 conffile=${CONFFILE:-/etc/nginx/nginx.conf}
34 lockfile=${LOCKFILE:-/var/lock/subsys/nginx}
35 pidfile=${PIDFILE:-/var/run/nginx.pid}
36 SLEEPSEC=${SLEEPSEC:-1}
37 UPGRADEWAITLOOPS=${UPGRADEWAITLOOPS:-5}
38 CHECKSLEEP=${CHECKSLEEP:-3}
39 RETVAL=0
40 start() {
41 echo -n $"Starting $prog: "
42 daemon --pidfile=${pidfile} ${nginx} -c ${conffile}
43 RETVAL=$?
44 echo
45 [ $RETVAL = 0 ] && touch ${lockfile}
46 return $RETVAL
47 }
48 stop() {
49 echo -n $"Stopping $prog: "
50 killproc -p ${pidfile} ${prog}
51 RETVAL=$?
52 echo
53 [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
54 }
55 reload() {
56 echo -n $"Reloading $prog: "
57 killproc -p ${pidfile} ${prog} -HUP
58 RETVAL=$?
59 echo
60 }
61 upgrade() {
62 oldbinpidfile=${pidfile}.oldbin
63 configtest -q || return
64 echo -n $"Starting new master $prog: "
65 killproc -p ${pidfile} ${prog} -USR2
66 echo
67 for i in `/usr/bin/seq $UPGRADEWAITLOOPS`; do
68 /bin/sleep $SLEEPSEC
69 if [ -f ${oldbinpidfile} -a -f ${pidfile} ]; then
70 echo -n $"Graceful shutdown of old $prog: "
71 killproc -p ${oldbinpidfile} ${prog} -QUIT
72 RETVAL=$?
73 echo
74 return
75 fi
76 done
77 echo $"Upgrade failed!"
78 RETVAL=1
79 }
80 configtest() {
81 if [ "$#" -ne 0 ] ; then
82 case "$1" in
83 -q)
84 FLAG=$1
85 ;;
86 *)
87 ;;
88 esac
89 shift
90 fi
91 ${nginx} -t -c ${conffile} $FLAG
92 RETVAL=$?
93 return $RETVAL
94 }
95 rh_status() {
96 status -p ${pidfile} -b ${nginx} ${nginx}
97 }
98 check_reload() {
99 templog=`/bin/mktemp --tmpdir nginx-check-reload-XXXXXX.log`
100 trap '/bin/rm -f $templog' 0
101 /usr/bin/tail --pid=$$ -n 0 --follow=name /var/log/nginx/error.log > $templog &
102 /bin/sleep 1
103 /bin/echo -n $"Sending reload signal to $prog: "
104 killproc -p ${pidfile} ${prog} -HUP
105 /bin/echo
106 /bin/sleep $CHECKSLEEP
107 /bin/grep -E "\[emerg\]|\[alert\]" $templog
108 }
109 # See how we were called.
110 case "$1" in
111 start)
112 rh_status >/dev/null 2>&1 && exit 0
113 start
114 ;;
115 stop)
116 stop
117 ;;
118 status)
119 rh_status
120 RETVAL=$?
121 ;;
122 restart)
123 configtest -q || exit $RETVAL
124 stop
125 start
126 ;;
127 upgrade)
128 rh_status >/dev/null 2>&1 || exit 0
129 upgrade
130 ;;
131 condrestart|try-restart)
132 if rh_status >/dev/null 2>&1; then
133 stop
134 start
135 fi
136 ;;
137 force-reload|reload)
138 reload
139 ;;
140 configtest)
141 configtest
142 ;;
143 check-reload)
144 check_reload
145 RETVAL=0
146 ;;
147 *)
148 echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|upgrade|reload|status|help|configtest|check-reload}"
149 RETVAL=2
150 esac
151 exit $RETVAL
/etc/init.d下新建nginx 文件 内容如上
# chmod 755 /etc/init.d/nginx
# chkconfig --add nginx (注意add前面是两个短横线-)
service nginx start
openssl-1.1.0h.tar.gz |