升级nginx版本

近期安扫工具扫描出nginx1.6版本存在漏洞,需要修复.
记录下升级过程.

1. 下载最新版本nginx 1.22
下载地址

2. 解压tar: tar -zxvf nginx-1.22.0.tar.gz

# 解压tar
[root@lstax ~]tar -zxvf nginx-1.22.0.tar.gz 
# 文件列表
[root@lstax ~]# ll nginx-1.22.0
total 832
drwxr-xr-x 6 clamav git   4096 May 28 15:00 auto
-rw-r--r-- 1 clamav git 317070 May 24 07:59 CHANGES
-rw-r--r-- 1 clamav git 484445 May 24 07:59 CHANGES.ru
drwxr-xr-x 2 clamav git   4096 May 28 15:00 conf
-rwxr-xr-x 1 clamav git   2590 May 24 07:59 configure
drwxr-xr-x 4 clamav git   4096 May 28 15:00 contrib
drwxr-xr-x 2 clamav git   4096 May 28 15:00 html
-rw-r--r-- 1 clamav git   1397 May 24 07:59 LICENSE
drwxr-xr-x 2 clamav git   4096 May 28 15:00 man
-rw-r--r-- 1 clamav git     49 May 24 07:59 README
drwxr-xr-x 9 clamav git   4096 May 28 15:00 src

3. 查看老版nginx配置: /lsinfo/nginx/sbin/nginx -V

# 原nginx安装路径在/lsinfo/nginx
# 注意-V是大写,小写仅能查看nginx版本
[root@lstax nginx]# /lsinfo/nginx/sbin/nginx -V
nginx version: nginx/1.6.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
TLS SNI support enabled
configure arguments: --with-http_ssl_module --prefix=/lsinfo/nginx

4. 复制configure arguments:后的参数,新版本编译时需要
5. 编译新版nginx

#进入新版nginx目录
[root@lstax nginx]cd ~/nginx-1.22.0
#设置编译参数
[root@lstax nginx-1.22.0]./configure  --with-http_ssl_module --prefix=/lsinfo/nginx
#编译
[root@lstax nginx-1.22.0]make

6. 备份与更新

# 备份原nginx
[root@lstax nginx-1.22.0] mv /lsinfo/nginx/sbin/nginx /lsinfo/nginx/sbin/nginx.old
# 复制新
[root@lstax nginx-1.22.0] cp ~/nginx-1.22.0/objs/nginx /lsinfo/nginx/sbin/nginx

7. 测试新的nginx

[root@lstax nginx-1.22.0]cd /lsinfo/nginx/sbin
# 测试
[root@lstax sbin]# ./nginx -t
nginx: the configuration file /lsinfo/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /lsinfo/nginx/conf/nginx.conf test is successful

看到 successful 说明测试你成功

8. 启动新的nginx

[root@lstax sbin]# ps -ef|grep nginx
nobody    15765  21783  0 2月16 ?       00:14:24 nginx: worker process
root      21783      1  0  2021 ?        00:00:00 nginx: master process ./sbin/nginx
root     656504 609561  0 14:51 pts/0    00:00:00 grep --color=auto nginx
# 删除老版nginx进程
[root@lstax sbin]# killall nginx
# 启动新版nginx
[root@lstax sbin]# ./nginx -s reload
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /lsinfo/nginx/conf/nginx.conf:48
nginx: [error] open() "/lsinfo/nginx/logs/nginx.pid" failed (2: No such file or directory)
# 启动失败,没有nginx.pid,需要重新制定配置文件
[root@lstax nginx]# sbin/nginx -c /lsinfo/nginx/conf/nginx.conf
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /lsinfo/nginx/conf/nginx.conf:48
[root@lstax nginx]# sbin/nginx -s reload
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /lsinfo/nginx/conf/nginx.conf:48

9. 启动未报错,检查nginx启动情况

[root@lstax nginx]# ps -ef|grep nginx
root     680984      1  0 14:54 ?        00:00:00 nginx: master process sbin/nginx -c /lsinfo/nginx/conf/nginx.conf
nobody   681079 680984  0 14:54 ?        00:00:00 nginx: worker process
root     682822 609561  0 14:55 pts/0    00:00:00 grep --color=auto nginx
[root@lstax nginx]# ./sbin/nginx -V
nginx version: nginx/1.22.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --with-http_ssl_module --prefix=/lsinfo/nginx

nginx version: nginx/1.22.0替换成功.
启动过程中存在 警告,可以不用管.

nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /lsinfo/nginx/conf/nginx.conf:48