下载
https://www.openssl.org/source/
tar -zxvf openssl-3.0.13.tar.gz
cd openssl-3.0.13/
./config enable-fips --prefix=/usr/local --openssldir=/usr/local/openssl
make && make install
将原有openssl备份
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
添加新openssl软连接
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl /usr/include/openssl
可以用 which openssl 命令查看路径,如果有神通数据库则路径如下:/usr/local/bin/openssl
ln -s /usr/bin/openssl /usr/local/bin/openssl
库复制过去
cd /usr/local/lib64
cp libssl.so.3 /usr/lib/libssl.so.3
cp libcrypto.so.3 /usr/lib/libcrypto.so.3
将新的库文件地址写入记录 so 库的配置文件
echo "/usr/local/lib64" >> /etc/ld.so.conf
ldconfig -v
修改nginx的openssl的配置,auto/lib/openssl/conf将原数据
修改为:
CORE_INCS="$CORE_INCS $OPENSSL/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"
#CORE_INCS="$CORE_INCS $OPENSSL/openssl/include"
#CORE_DEPS="$CORE_DEPS $OPENSSL/openssl/include/openssl/ssl.h"
#CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/libssl.lib"
#CORE_LIBS="$CORE_LIBS $OPENSSL/openssl/lib/libcrypto.lib"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib64/libssl.lib"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib64/libcrypto.lib"
#CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
#CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/libcrypto.a"
修改src/http/ngx_http_upstream.h
新增一个default_port
ngx_uint_t flags;
ngx_str_t host;
u_char *file_name;
ngx_uint_t line;
in_port_t port;
in_port_t default_port; /* 新增一个default_port */
ngx_uint_t no_port; /* unsigned no_port:1 */
./configure --prefix=/usr/local/nginx --with-stream --with-http_stub_status_module --with-pcre --with-http_stub_status_module --with-http_ssl_module --with-openssl=../openssl-3.0.13
make
/usr/local/nginx/sbin/nginx -s stop
cp objs/nginx /usr/local/nginx/sbin/nginx
/usr/local/nginx/sbin/nginx