使用Nginx 1.22和OpenSSL 3.0的组合进行编译

2 年 ago
宇, 华
3 minutes

在nginx 1.22版本中,可以构建使用OpenSSL 3.0 的版本。

由于据说在 2023 年 9 月之前 OpenSSL ver 1.1.x 将停止生命周期支持,而 nginx 的 ver 1.22 可以构建 OpenSSL3.0,所以我决定试一试进行构建。

我删除了在 OpenSSL ver 1.1.1 时使用的 tls-1.3 的配置,安装了下一个软件包,然后构建就成功了(在 1.1.1 时似乎不需要这个包)。

yum install perl-IPC-Cmd

以下是构建nginx的命令:
由于其中包括了一些额外的内容,所以您可以进行定制…

#!/bin/bash

### === version setting =======
## https://www.openssl.org/
sslver=3.0.3

## https://nginx.org/en/download.html
nginxver=1.22.0

## https://www.zlib.net/
zlibver=1.2.12

## slowfs, purge (cache module) version
## http://labs.frickle.com/files/
slowfs=1.9
purge=2.3

## develkit version(misc,lua include module)
## https://github.com/simplresty/ngx_devel_kit/releases
develkit=0.3.1

## misc version 
## https://github.com/openresty/set-misc-nginx-module/tags 
misc=0.32


## ===== source code get ======
# openssl get
if [ -d /usr/local/bin/openssl-$sslver ]; then
	:
else
	cd /usr/local/src
	wget https://www.openssl.org/source/openssl-$sslver.tar.gz
	tar -zxf openssl-$sslver.tar.gz
	rm -f ./openssl-$sslver.tar.gz
fi

# zlib get
if [ -d /opt/zlib/zlib-$zlibver ]; then
	:
else
	cd /usr/local/src
	wget https://zlib.net/zlib-$zlibver.tar.gz
	tar -zxf zlib-$zlibver.tar.gz
	rm -f ./zlib-$zlibver.tar.gz
fi

# nginx
cd /usr/local/src
wget https://nginx.org/download/nginx-$nginxver.tar.gz
tar -zxf nginx-$nginxver.tar.gz
rm -f ./nginx-$nginxver.tar.gz

# slowfs
cd /usr/local/src
wget http://labs.frickle.com/files/ngx_slowfs_cache-$slowfs.tar.gz
tar -zxf ngx_slowfs_cache-$slowfs.tar.gz
rm -f ./ngx_slowfs_cache-$slowfs.tar.gz

# ngx_cache_purge
cd /usr/local/src
wget http://labs.frickle.com/files/ngx_cache_purge-$purge.tar.gz
tar -zxf ngx_cache_purge-$purge.tar.gz
rm -f ./ngx_cache_purge-$purge.tar.gz

# ngx_devel_kit
cd /usr/local/src
wget https://github.com/simplresty/ngx_devel_kit/archive/v$develkit.tar.gz
tar -zxf v$develkit.tar.gz
rm -f ./v$develkit.tar.gz

# misc-nginx-module
cd /usr/local/src
wget https://github.com/openresty/set-misc-nginx-module/archive/v$misc.tar.gz
tar -zxf v$misc.tar.gz
rm -f ./v$misc.tar.gz

### ==== compile & build run ====

# zlib build
if [ -d /usr/local/src/zlib-$zlibver ]; then
	cd /usr/local/src
	cd zlib-$zlibver
	./configure --prefix=/opt/zlib/zlib-$zlibver
	make && make install
fi

# nginx build
cd /usr/local/src/nginx-$nginxver

./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib64/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-compat \
--with-file-aio \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_xslt_module \
--with-pcre-jit \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-zlib=/usr/local/src/zlib-$zlibver \
--with-openssl=/usr/local/src/openssl-$sslver \
--add-module=/usr/local/src/ngx_cache_purge-$purge \
--add-module=/usr/local/src/ngx_slowfs_cache-$slowfs \
--add-module=/usr/local/src/ngx_devel_kit-$develkit \
--add-module=/usr/local/src/set-misc-nginx-module-$misc \
--with-cc-opt='-O3 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' \
--with-ld-opt="-Wl,-E,-rpath,/usr/local/lib"

make
make install

#systemctl restart nginx
#systemctl status nginx

cd /usr/local/src
#rm -rf ./nginx-*

我还没有查看TLS 1.3是否有效等相关信息…