随记

[随记]升级openssl以支持HTTP2

本文阅读量 Posted by Kird on 2020-02-20

服务器环境

1
2
3
4
5
CentOS release 6.8 (Final)
2.6.32-642.6.2.el6.x86_64
OpenSSL 1.0.1e (不支持ALPN)
nginx/1.10.0
Nginx满足支持HTTP2,但是openssl版本太低,需要升级。

升级openssl

1
2
3
4
5
6
7
8
9
10
11
12
cd ~
wget --no-check-certificate https://www.openssl.org/source/openssl-1.0.2j.tar.gz
tar zxvf openssl-1.0.2j.tar.gz
cd openssl-1.0.2j
./config shared zlib
make && make install
mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/include/openssl /usr/include/openssl.old
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig -v

在make阶段可能需要下载的环境,列举如下:

1
2
yum install -y zlib
yum install -y zlib-devel

完成后openssl version查看版本为1.0.2j

重编译Nginx

官网下载对应版本

1
2
3
wget http://nginx.org/download/nginx-1.10.0.tar.gz
tar zxvf nginx-1.10.0.tar.gz
cd nginx-1.10.0

vi auto/lib/openssl/conf,修改内容:

1
2
3
4
5
6
7
8
9
CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"
改为:
CORE_INCS="$CORE_INCS $OPENSSL/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"

编译安装,添加参数--with-openssl=/usr/local/ssl

1
--prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-ld-opt=' -Wl,-E' --with-openssl=/usr/local/ssl --with-http_geoip_module=dynamic

编译过程可能需要安装以下环境:

1
2
3
4
5
6
7
8
9
yum -y install pcre pcre-devel
yum -y install gcc-c++ autoconf automake
yum -y install libxml2 libxml2-dev
yum -y install libxslt-devel
yum -y install gd-devel
yum -y install perl
yum -y install perl-devel perl-ExtUtils-Embed
yum -y install libgeoip-dev
yum -y install GeoIP GeoIP-devel GeoIP-data

make之后将得到二进制文件./objs/nginx,停止nginx后替换二进制文件即可。重新启动出现如下报错:

1
nginx: [emerg] module "/usr/lib64/nginx/modules/ngx_http_geoip_module.so" version 1010003 instead of 1010000 in /usr/share/nginx/modules/mod-http-geoip.conf:1

可使用yum remove nginx-mod* 后复制替换二进制文件,和配置文件,即可解决。

纪念一下

HTTP1

HTTP2

PS:图中的蓝色闪电是Chrome上快速查看网页是否支持HTTP2的插件哦
HTTP/2 and SPDY indicator


支付宝打赏 微信打赏

赞赏支持一下



FEATURED TAGS
随记
FRIENDS