平滑升级旧版nginx，使其支持健康检测模组

nginx是部署在华为欧拉的docker容器中，版本是2203sp1.x86_64

查看旧版nginx的版本与编译配置信息：

nginx -V

nginx version: nginx/1.24.0
built by gcc 10.3.1 (GCC)
built with OpenSSL 1.1.1wa 16 Nov 2023
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_perl_module=dynamic --with-http_auth_request_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt=‘-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/generic-hardened-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fPIC -D_FORTIFY_SOURCE=2 -O2 -Wtrampolines -fsigned-char’ --with-ld-opt=‘-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/generic-hardened-ld -Wl,-E -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack’

根据nginx信息找到第三方模组所在文件夹：--modules-path=/usr/lib64/nginx/modules

进入文件夹：

cd /usr/lib64/nginx/modules

下载健康检测模组压缩包并解压：

wget https://codeload.github.com/yaoweibin/nginx_upstream_check_module/zip/master

unzip master # 解压到当前目录

rm -rf master # 删除压缩包

安装patch工具：

yum install patch -y

在nginx中文网找到最新稳定版本nginx-1.24.0.tar.gz，下载到opt目录，并解压：

tar -xzvf nginx-1.24.0.tar.gz

cd nginx-1.24.0 # 进入已解压的目录

在已解压的目录内打上健康检测模组补丁(补丁版本不能高于nginx的版本，越接近越好)：

patch -p1 < /usr/lib64/nginx/modules/nginx_upstream_check_module-master/check_1.20.1+.patch

打印出下面的信息，说明补丁执行成功：
patching file src/http/modules/ngx_http_upstream_hash_module.c
patching file src/http/modules/ngx_http_upstream_ip_hash_module.c
patching file src/http/modules/ngx_http_upstream_least_conn_module.c
patching file src/http/ngx_http_upstream_round_robin.c
patching file src/http/ngx_http_upstream_round_robin.h

执行./configure命令重新编译nginx（参考旧版本nginx的编译配置信息，可直接复制过来，结尾增加--add-module=/usr/lib64/nginx/modules/nginx_uule-master命令即可）：

./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/vproxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --wimodule --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4tp_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_modtub_status_module --with-http_perl_module=dynamic --with-http_auth_request_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-strh-stream_ssl_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-pgrecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables tection -fcf-protection' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' --add-module=/usr/lib64/nginx/modules/nginx_uule-master

编译异常处理，一般都是缺依赖库，依赖库安装完成后重新编译即可：

1. ERROR ./configure: error: the invalid value in --with-ld-opt="-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E"

yum -y install redhat-rpm-config.noarch

2. ERROR ./configure: error: the HTTP rewrite module requires the PCRE library. You can either disable the module by using --without-http_rewrite_module
   option, or install the PCRE library into the system, or build the PCRE library statically from the source with nginx by using --with-pcre= option.`

yum install pcre pcre-devel

3. ERROR ./configure: error: SSL modules require the OpenSSL library. You can either do not enable the modules, or install the OpenSSL library
   into the system, or build the OpenSSL library statically from the source with nginx by using --with-openssl= option.`

yum -y install openssl openssl-devel

4. ERROR ./configure: error: the HTTP XSLT module requires the libxml2/libxslt libraries. You can either do not enable the module or install the libraries.`

yum install -y libxml2-devel.x86_64

yum install -y libxslt-devel.x86_64

5. ERROR ./configure: error: the HTTP image filter module requires the GD library. You can either do not enable the module or install the libraries.`

yum install -y gd-devel.x86_64

6. ERROR ./configure: error: perl module ExtUtils::Embed is required

yum -y install perl-devel perl-ExtUtils-Embed

出现下面的打印，说明编译成功：

creating objs/Makefile

Configuration summary

• using system PCRE2 library
• using system OpenSSL library
• using system zlib library

nginx path prefix: “/usr/share/nginx”
nginx binary file: “/usr/sbin/nginx”
nginx modules path: “/usr/lib64/nginx/modules”
nginx configuration prefix: “/etc/nginx”
nginx configuration file: “/etc/nginx/nginx.conf”
nginx pid file: “/run/nginx.pid”
nginx error log file: “/var/log/nginx/error.log”
nginx http access log file: “/var/log/nginx/access.log”
nginx http client request body temporary files: “/var/lib/nginx/tmp/client_body”
nginx http proxy temporary files: “/var/lib/nginx/tmp/proxy”
nginx http fastcgi temporary files: “/var/lib/nginx/tmp/fastcgi”
nginx http uwsgi temporary files: “/var/lib/nginx/tmp/uwsgi”
nginx http scgi temporary files: “/var/lib/nginx/tmp/scgi”

编译成功后，执行make命令生成nginx二进制程序：

make

出现下面的打印，说明生成二进制程序成功：

-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E
-shared
sed -e “s|%%PREFIX%%|/usr/share/nginx|”
-e “s|%%PID_PATH%%|/run/nginx.pid|”
-e “s|%%CONF_PATH%%|/etc/nginx/nginx.conf|”
-e “s|%%ERROR_LOG_PATH%%|/var/log/nginx/error.log|”
< man/nginx.8 > objs/nginx.8
make[1]: Leaving directory ‘/opt/nginx-1.24.0’

备份旧的二进制程序(旧程序的路径可通过编译配置信息的--sbin-path获知)：

mv /usr/sbin/nginx /usr/sbin/nginx.bak

将新生成的二进制程序替换旧的(新生成的二进制程序在objs目录中)：

cp /opt/nginx-1.24.0/objs/nginx /usr/sbin/nginx

查看nginx版本信息，执行nginx自检命令，查看是否升级成功：

nginx -V # 查看版本
nginx -t # 自检

打印下面的信息说明升级成功：

nginx version: nginx/1.24.0

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

配置健康检测参数到原来的nginx配置文件中：

upstream backend_server_crmp {
        # interval 检测的间隔时间 毫秒
        # rise 连接成功多少次为可用
        # fall 连接失败多少次为不可用
        # timeout 连接超时时间 毫秒
        # type 检测连接所用的协议类型
	    check interval=5000 rise=2 fall=3 timeout=1000 type=tcp;
	    ......
    }

配置路由，可通过浏览器查看监控检测界面：

location /status {
            check_status;
	}

配置成功后，可访问路由查看监控检测页面如下：

nginx升级支持健康检测模组到这里就完成了