nginx升级OpenSSL

nginx版本：nginx-1.11.12
openssl版本：openssl-1.0.2j
操作系统版本：centos 6.8

步骤：
升级openssl-1.0.2j

#yum -y install gcc*
安装第三方库

yum install -y pcre pcre-devel //使nginx支持正则表达式

yum install -y zlib zlib-devel //使nginx支持http包的内容做gzip的压缩

yum install -y openssl openssl-devel//使nginx支持ssl协议和MD5，sha1等散列函数

cd /home && wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz

tar xf openssl-1.0.2j.tar.gz
cd openssl-1.0.2j/ && ./config --prefix=/usr/local/openssl
make && make install

mv /usr/bin/openssl /usr/bin/openssl.OFF
mv /usr/include/openssl /usr/include/openssl.OFF
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
echo "/usr/local/openssl/lib">>/etc/ld.so.conf
ldconfig -v

echo 'export OPENSSL=/usr/local/openssl/bin' >>/etc/profile
echo 'export PATH=$OPENSSL:$PATH:$HOME/bin' >>/etc/profile
source /etc/profile
openssl version -a

安装nginx-1.11.12

cd /home && wget http://nginx.org/download/nginx-1.11.12.tar.gz
/usr/local/nginx/sbin/nginx -s stop
mv /usr/local/nginx/ /opt/

tar -xf nginx-1.11.12.tar.gz && cd nginx-1.11.12

vim /home/nginx-1.11.12/auto/lib/openssl/conf
把
CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"
改成
CORE_INCS="$CORE_INCS $OPENSSL/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-openssl=/usr/local/openssl/
make && make install

转载于:https://blog.51cto.com/yenokia/2083065