标签 升级 下的文章

CentOS7快速升级OpenSSL

openssl-logo.png
CentOS7的OpenSSL软件版本比较低,查看默认版本:

[root@c7 ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
[root@c7 ~]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

升级到OpenSSL 1.1.1g 版本步骤如下:
安装基础组件:

yum install gcc gcc-c++ autoconf automake zlib zlib-devel pcre-devel -y

下载解压编译安装openssl

wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
tar xvf openssl-1.1.1g.tar.gz
./config shared --openssldir=/usr/local/openssl --prefix=/usr/local/openssl
make
make install


---阅读剩余部分---

CentOS7.X升级curl工具

curl是命令行下的网络传输客户端工具,支持包Http、Ftp在内的常见网络协议,支持代理,支持Https、证书,支持各种Http方法,在各发行版的Linux和Windows都支持,而且linux默认自带。其底层的C库libcurl也被很多脚本语言包括PHP(cURL)、Perl(Net::Curl,WWW::Curl)、Python(PyCurl)等打包成模块调用,可直接用于Web客户端编程,编写网络爬虫或者其他Web自动工具;
curl-vi.jpg
CentOS7默认的版本比较低7.29,在某些业务场景下需要升级,步骤如下:
1、创建repo文件

vim /etc/yum.repos.d/city-fan.repo
[CityFan]
name=City Fan Repo
baseurl=http://www.city-fan.org/ftp/contrib/yum-repo/rhel$releasever/$basearch/
enabled=1
gpgcheck=0

或者直接安装libcurl源:

rpm -ivh http://mirror.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-2-1.rhel7.noarch.rpm

需要将/etc/yum.repos.d/city-fan.org.repo文件中的:enabled=0改为enabled=1

2、升级到最新稳定版本:

yum clean all
yum install epel-release -y   #安装epel源
yum upgrade libcurl curl -y

3、查看版本号:

[root@fabrictest /]# curl -V
curl 7.69.1 (x86_64-redhat-linux-gnu) libcurl/7.69.1 NSS/3.44 zlib/1.2.7 libpsl/0.7.0 (+libicu/50.1.2) libssh2/1.9.0 nghttp2/1.31.1
Release-Date: 2020-03-11
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz Metalink NTLM NTLM_WB PSL SPNEGO SSL UnixSockets
[root@fabrictest /]#

已经升级为最新版本了,当然也可以下载源码,编译安装,curl官网下载地址https://curl.haxx.se/download.html
curl更多用法参考:
https://www.ruanyifeng.com/blog/2019/09/curl-reference.html
http://www.ruanyifeng.com/blog/2011/09/curl.html

平滑升级Nginx到最新版本

Nginx目前爆出在HTTP/2 和 MP4 模块中存在安全漏洞,容易被DOS攻击。
8cf51541726528.jpg

Nginx官方于11月6日发布了新版本,用于修复影响 1.15.6, 1.14.1 之前版本的多个安全问题,被发现的安全问题有一种这样的情况 —— 允许潜在的攻击者触发拒绝服务(DoS)状态并访问敏感的信息,见官方公告:http://nginx.org/en/security_advisories.html
低版本升级到目前最新版nginx-1.14.1方法步骤如下:
1、查看原来安装nginx的版本以及编译的参数:

[root@xshell ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) 
built with OpenSSL 1.0.2o  27 Mar 2018
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-openssl=/data/lnmp1.5-full/src/openssl-1.0.2o

2、下载nginx最新稳定版本

wget http://nginx.org/download/nginx-1.14.1.tar.gz

3、解压ningx压缩包并编译make

tar xvf nginx-1.14.1.tar.gz
cd nginx-1.14.1
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-openssl=/data/lnmp1.5-full/src/openssl-1.0.2o
make

4、make编译完后会在安装目录下生成一个objs目录且在该目录下有一个nginx执行文件

[root@xshell nginx-1.14.1]# ll
total 756
-rw-r--r-- 1 www  www  287441 Nov  6 21:52 CHANGES
-rw-r--r-- 1 www  www  438114 Nov  6 21:52 CHANGES.ru
-rw-r--r-- 1 www  www    1397 Nov  6 21:52 LICENSE
-rw-r--r-- 1 root root    376 Nov  9 10:56 Makefile
-rw-r--r-- 1 www  www      49 Nov  6 21:52 README
drwxr-xr-x 6 www  www    4096 Nov  9 10:55 auto
drwxr-xr-x 2 www  www    4096 Nov  9 10:55 conf
-rwxr-xr-x 1 www  www    2502 Nov  6 21:52 configure
drwxr-xr-x 4 www  www    4096 Nov  9 10:55 contrib
drwxr-xr-x 2 www  www    4096 Nov  9 10:55 html
drwxr-xr-x 2 www  www    4096 Nov  9 10:55 man
drwxr-xr-x 3 root root   4096 Nov  9 11:00 objs
drwxr-xr-x 9 www  www    4096 Nov  9 10:55 src
[root@xshell nginx-1.14.1]# ll objs/
total 10348
-rw-r--r-- 1 root root    52252 Nov  9 10:56 Makefile
-rw-r--r-- 1 root root    17763 Nov  9 10:55 autoconf.err
-rwxr-xr-x 1 root root 10394568 Nov  9 11:00 nginx
-rw-r--r-- 1 root root     5341 Nov  9 11:00 nginx.8
-rw-r--r-- 1 root root     7555 Nov  9 10:56 ngx_auto_config.h
-rw-r--r-- 1 root root      657 Nov  9 10:55 ngx_auto_headers.h
-rw-r--r-- 1 root root     8401 Nov  9 10:55 ngx_modules.c
-rw-r--r-- 1 root root    89712 Nov  9 11:00 ngx_modules.o
drwxr-xr-x 9 root root     4096 Nov  9 10:55 src

5、备份老的nginx文件,复制新文件

mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx_bak
cp objs/nginx /usr/local/nginx/sbin/

6、检测配置文件是否正常

/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

7、使用make upgrade替换老的nginx进程

make upgrade
/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`
sleep 1
test -f /usr/local/nginx/logs/nginx.pid.oldbin
kill -QUIT `cat /usr/local/nginx/logs/nginx.pid.oldbin`

8、执行/usr/local/nginx2/sbin/nginx -V查看nginx最新的版本及编译的参数

/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.14.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) 
built with OpenSSL 1.0.2o  27 Mar 2018
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-openssl=/data/lnmp1.5-full/src/openssl-1.0.2o

9、重新reload服务

/usr/local/nginx/sbin/nginx -s reload

至此平滑升级完成

Nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in nginx.conf解决之热更新

Nginx如果未开启SSL模块,配置Https时提示错误

nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf

是因为nginx缺少http_ssl_module模块,编译安装的时候带上--with-http_ssl_module参数
Nginx开启SSL模块步骤:
安装openssl支持

yum install openssl openssl-devel -y

查看nginx原有的模块

/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) 
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx 

增加--with-http_ssl_module参数

/usr/local/nginx/sbin/nginx --prefix=/usr/local/nginx --with-http_ssl_module
make

这里不要进行make install,否则就是覆盖安装
备份原有已安装好的nginx

mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak

复制源码目录下的 objs/nginx 覆盖/usr/local/nginx/sbin/nginx

cp ./objs/nginx /usr/local/nginx/sbin/

对新安装的进行语法测试,显示successfully表示成功

/usr/local/nginx/sbin/nginx -t  
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

重启nginx

/usr/local/nginx/sbin/nginx -s reload  重新加载,实现平滑升级

查看是否已经加入成功新编译的参数:

/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-zlib=/opt/zlib-1.2.11 --with-pcre=/opt/pcre-8.42 --with-http_stub_status_module --with-http_realip_module --with-http_gzip_static_module --with-http_ssl_module

笔记本/PC升级注意的问题

之前都是说内存大了就很快,但现在基本没卵用,PC笔记本内存基本>=8G以后再提升作用就不大了,操作感觉慢的瓶颈主要在IO了,也就是硬盘速度,老的机器硬盘消磨损耗比较,推荐直接换新硬盘,并另加个ssd盘,系统装在上面,速度很看,当然前提是你的主板支持双硬盘、大内存等等,cpu也别太挫···

最新

分类

归档

评论

其它