平滑升级Nginx到最新版本
Nginx目前爆出在HTTP/2 和 MP4 模块中存在安全漏洞,容易被DOS攻击。
Nginx官方于11月6日发布了新版本,用于修复影响 1.15.6, 1.14.1 之前版本的多个安全问题,被发现的安全问题有一种这样的情况 —— 允许潜在的攻击者触发拒绝服务(DoS)状态并访问敏感的信息,见官方公告:http://nginx.org/en/security_advisories.html
低版本升级到目前最新版nginx-1.14.1方法步骤如下:
1、查看原来安装nginx的版本以及编译的参数:
[root@xshell ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.0.2o 27 Mar 2018
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-openssl=/data/lnmp1.5-full/src/openssl-1.0.2o
2、下载nginx最新稳定版本
wget http://nginx.org/download/nginx-1.14.1.tar.gz
3、解压ningx压缩包并编译make
tar xvf nginx-1.14.1.tar.gz
cd nginx-1.14.1
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-openssl=/data/lnmp1.5-full/src/openssl-1.0.2o
make
4、make编译完后会在安装目录下生成一个objs目录且在该目录下有一个nginx执行文件
[root@xshell nginx-1.14.1]# ll
total 756
-rw-r--r-- 1 www www 287441 Nov 6 21:52 CHANGES
-rw-r--r-- 1 www www 438114 Nov 6 21:52 CHANGES.ru
-rw-r--r-- 1 www www 1397 Nov 6 21:52 LICENSE
-rw-r--r-- 1 root root 376 Nov 9 10:56 Makefile
-rw-r--r-- 1 www www 49 Nov 6 21:52 README
drwxr-xr-x 6 www www 4096 Nov 9 10:55 auto
drwxr-xr-x 2 www www 4096 Nov 9 10:55 conf
-rwxr-xr-x 1 www www 2502 Nov 6 21:52 configure
drwxr-xr-x 4 www www 4096 Nov 9 10:55 contrib
drwxr-xr-x 2 www www 4096 Nov 9 10:55 html
drwxr-xr-x 2 www www 4096 Nov 9 10:55 man
drwxr-xr-x 3 root root 4096 Nov 9 11:00 objs
drwxr-xr-x 9 www www 4096 Nov 9 10:55 src
[root@xshell nginx-1.14.1]# ll objs/
total 10348
-rw-r--r-- 1 root root 52252 Nov 9 10:56 Makefile
-rw-r--r-- 1 root root 17763 Nov 9 10:55 autoconf.err
-rwxr-xr-x 1 root root 10394568 Nov 9 11:00 nginx
-rw-r--r-- 1 root root 5341 Nov 9 11:00 nginx.8
-rw-r--r-- 1 root root 7555 Nov 9 10:56 ngx_auto_config.h
-rw-r--r-- 1 root root 657 Nov 9 10:55 ngx_auto_headers.h
-rw-r--r-- 1 root root 8401 Nov 9 10:55 ngx_modules.c
-rw-r--r-- 1 root root 89712 Nov 9 11:00 ngx_modules.o
drwxr-xr-x 9 root root 4096 Nov 9 10:55 src
5、备份老的nginx文件,复制新文件
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx_bak
cp objs/nginx /usr/local/nginx/sbin/
6、检测配置文件是否正常
/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
7、使用make upgrade替换老的nginx进程
make upgrade
/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`
sleep 1
test -f /usr/local/nginx/logs/nginx.pid.oldbin
kill -QUIT `cat /usr/local/nginx/logs/nginx.pid.oldbin`
8、执行/usr/local/nginx2/sbin/nginx -V查看nginx最新的版本及编译的参数
/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.14.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.0.2o 27 Mar 2018
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-openssl=/data/lnmp1.5-full/src/openssl-1.0.2o
9、重新reload服务
/usr/local/nginx/sbin/nginx -s reload
至此平滑升级完成
Tag标签:「nginx 升级」更新时间:「2021-11-03 22:24:27」阅读次数:「897」