需要部署nginx的https环境,之前是yum安装的openssl,版本比较低,如下:
1
2
3
4
5
6
7
8
9
10
|
[root@nginx ~]
# yum install -y pcre pcre-devel openssl openssl-devel gcc
[root@nginx ~]
# openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Wed Mar 22 21:43:28 UTC 2017
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler:
gcc
-fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR:
"/etc/pki/tls"
engines: rdrand dynamic
|
默认yum安装的openssl版本是1.0.1,现在需要将版本升级到1.1.0。升级的操作记录如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
[root@nginx ~]
# wget https://www.openssl.org/source/openssl-1.1.0g.tar.gz
[root@nginx ~]
# tar -zvxf openssl-1.1.0g.tar.gz
[root@nginx ~]
# cd openssl-1.1.0g
[root@nginx openssl-1.1.0g]
# ./config shared zlib
[root@nginx openssl-1.1.0g]
# make
[root@nginx openssl-1.1.0g]
# make install
[root@nginx openssl-1.1.0g]
# mv /usr/bin/openssl /usr/bin/openssl.bak
[root@nginx openssl-1.1.0g]
# mv /usr/include/openssl /usr/include/openssl.bak
[root@nginx openssl-1.1.0g]
# find / -name openssl
/etc/pki/ca-trust/extracted/openssl
/data/software/nginx-1
.12.2
/auto/lib/openssl
/data/software/openssl-1
.1.0g
/apps/openssl
/data/software/openssl-1
.1.0g
/include/openssl
/usr/lib64/openssl
/usr/local/share/doc/openssl
/usr/local/include/openssl
/usr/local/bin/openssl
/usr/include/openssl
/usr/bin/openssl
[root@nginx openssl-1.1.0g]
# ln -s /usr/local/bin/openssl /usr/bin/openssl
[root@nginx openssl-1.1.0g]
# ln -s /usr/local/include/openssl /usr/include/openssl
[root@external-lb01 ~]
# find / -name "libssl*"
/data/software/openssl-1
.1.0g
/libssl
.pc
/data/software/openssl-1
.1.0g
/libssl
.so
/data/software/openssl-1
.1.0g
/libssl
.a
/data/software/openssl-1
.1.0g
/libssl
.so.1.1
/data/software/openssl-1
.1.0g
/util/libssl
.num
/usr/lib64/libssl3
.so
/usr/lib64/pkgconfig/libssl
.pc
/usr/lib64/libssl
.so.1.0.1e
/usr/lib64/libssl
.so
/usr/lib64/libssl
.so.10
/usr/local/lib64/libssl
.a
/usr/local/lib64/pkgconfig/libssl
.pc
/usr/local/lib64/libssl
.so
/usr/local/lib64/libssl
.so.1.1
[root@nginx openssl-1.1.0g]
# echo "/usr/local/lib64/" >> /etc/ld.so.conf
[root@nginx openssl-1.1.0g]
# ldconfig
[root@nginx openssl-1.1.0g]
# openssl version -a
OpenSSL 1.1.0g 2 Nov 2017
built on: reproducible build,
date
unspecified
platform: linux-x86_64
compiler:
gcc
-DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR=
"\"/usr/local/ssl\""
-DENGINESDIR=
"\"/usr/local/lib64/engines-1.1\""
-Wa,--noexecstack
OPENSSLDIR:
"/usr/local/ssl"
ENGINESDIR:
"/usr/local/lib64/engines-1.1"
|
***************当你发现自己的才华撑不起野心时,就请安静下来学习吧***************
本文转自散尽浮华博客园博客,原文链接:http://www.cnblogs.com/kevingrace/p/8058535.html,如需转载请自行联系原作者