nginx installation record of centos ECS

As a web and reverse server, nginx is widely used, especially for those who learn c/c + +. Today, I installed and configured nginx, which I've heard a lot of. It's mainly a personal experiment for the installation and guidance in the rookie tutorial. The main concern is that the installation of nginx depends on the upgrade of openssl.

1, Prepare for installation

Server configuration:

CentOS Linux release 7.9.2009
gcc version 4.8.5

My server accounts for the purchase of student benefits, but it is also available, so it is relatively new, so the next step is to install some dependencies required by nginx:

yum -y install make zlib zlib-devel gcc-c++ libtool  openssl openssl-devel

(important points)
There is a different installation here, that is, the pcre dependency of nginx and the installation of nginx. I use the method of obtaining the installation package and then compiling the installation. Sometimes this is offline installation. When the host you need to install and configure is on the intranet and cannot connect to the Internet, obtain the compressed package from the Internet, transfer it to the intranet host, decompress and compile.

pcre installation package compressed package address

wget 		# Get compressed package
tar -xzvf pcre-8.45.tar.gz		#decompression
cd pcre-8.45
make && make install		#Compile and install
pcre-config --version		#View pcre version

I created a download directory in the current directory where I logged in to the ECS, and then saved all my installation packages and compressed packages required for compilation and installation in it (in linux system, I should force myself to do a good job in document classification management, because it is not as clear as windows).

After the installation, nginx will be installed. The address is as follows. Repeat the above operation:
Installation of nginx , I chose the newer version of nginx.

tar -xzvf nginx-1.21.1.tar.gz
cd nginx-1.21.1
#Generate a suitable makefile using the configure provided by nginx
 ./configure --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=~/download/pcre-8.45
#Compile and install
make && make install

Generally speaking, the process is finished, but it seems that things will not go on normally, so it gives me a moth again.

checking for OpenSSL library ... not found
checking for OpenSSL library in /usr/local/ ... not found
checking for OpenSSL library in /usr/pkg/ ... not found
checking for OpenSSL library in /opt/local/ ... not found

./configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.

Obviously, it says my openssl is wrong. Why? This is what I downloaded using yum. It's an older openssl version. We can check it and know the required openssl version.

[root@Jack download]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

2, Upgrade openssl

The openssl installation here is based on yum, but the data I got from Baidu are basically upgraded without deleting the current version of openssl, but under my operation, um...... There's still a problem. The first is the practice I refer to:
stay here You can find the openssl package you need and choose what you need.

tar -xzvf openssl-1.1.1j.tar.gz
cd openssl-1.1.1j
#Generate appropriate makefile s
./config --prefix=/usr/local/openssl
./config –t
#Compile and install
make && make install

The next step is the key. Now we just compile and install the new version of openssl, but when you check the version, you still use the old version, as shown below:

[root@Jack download]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

So here's some replacement work:

#Backup current openssl
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
#Create soft links for compiled openssl
ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -sf /usr/local/openssl/include/openssl /usr/include/openssl
#Check function library
cd /usr/local
ldd /usr/local/openssl/bin/openssl
#Update function library
echo "/usr/local/openssl/lib" >> /etc/
ldconfig -v
#Last view version
[root@Jack local]# openssl version
OpenSSL 1.1.1j  16 Feb 2021(Library: OpenSSL 1.0.2k-fips  26 Jan 2017)

It's interesting here. It's another inexplicable error. The result shows that although it's a new version of the library, the openssl execution file is an old version! (I wrote a blog after I finished the operation, and then I couldn't reproduce it, so the problem was typed according to my impression. Don't mind if there's something wrong.).

This is because the above only changes the openssl executable file, but the library directory is still the default path of the system, so we need to change it now:

mv /usr/lib64/ /usr/lib64/
ln -sf /usr/local/openssl/lib/ /usr/lib64/

Well, then I think it's ok, so I delete all the backup files of the old version, and then openssl can't be executed......

[root@Jack ~]# openssl version
-bash: openssl: no such file or directory
[root@Jack ~]# /usr/bin/openssl
OpenSSL 1.1.1j  16 Feb 2021

In this way, the problem is obvious, that is, the soft link we created is not added to the environment variable path. Here, I choose to compile the environment variable file to make it effective:

vim ~/.bashrc
#2 add the following command at the end of the file
export PATH=/usr/bin:$PATH
#3 reset effective
source ~/.bashrc

Then openssl can be used normally. Repeat the above steps of nginx installation:

 ./configure --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=~/download/pcre-8.45
#Compile and install
make && make install
#View historical versions of nginx
/usr/local/webserver/nginx/sbin/nginx -v

Trample pit

In order to record the previous pit, I uninstalled openssl and openssl devel previously installed with yum, then deleted and restored the previously installed nginx and the library compiled by the new version of openssl, reinstalled the previous environment, and then the following problems occurred:

objs/ngx_modules.o \
-ldl -lpthread -lcrypt ~/download/pcre-8.45/.libs/libpcre.a -lssl -lcrypto -ldl -lpthread -lz \
/usr/bin/ld: warning:, needed by /usr/lib/gcc/x86_64-redhat-linux/4.8.5/../../../../lib64/, may conflict with
/usr/bin/ld: objs/src/core/nginx.o: undefined reference to symbol 'OpenSSL_version@@OPENSSL_1_1_0'
//usr/local/openssl/lib/ error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make[1]: *** [objs/nginx] Error 1
make[1]: Leaving directory `/root/download/nginx-1.21.5'
make: *** [build] Error 2

The specific problem description is like this. The upgraded openssl version is the new version, but the linked library compiled in nginx is the old version. In order to ensure clean cleaning, I had to delete the previous backup file, write it into the environment variable file, restore it, and then push it over and start again. So I deleted libssl so. 1.0.2k, why? I owe you! Then I couldn't log in. It was always in the state of connection closed. I thought it was an accident in the computer room, so I went to bed. As a result, it was still the same the next day!

Try vnc login. Yes, and then try ssh login with local cmd. It fails:

PS C:\Users\Jack\Desktop> ssh root@
kex_exchange_identification: read: Connection reset
PS C:\Users\Jack\Desktop> ssh -v root@
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to [] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\samu/.ssh/id_rsa type -1
debug1: identity file C:\\Users\\samu/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\samu/.ssh/id_dsa type -1
debug1: identity file C:\\Users\\samu/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\samu/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\samu/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\samu/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\samu/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\samu/.ssh/id_xmss type -1
debug1: identity file C:\\Users\\samu/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
kex_exchange_identification: Connection closed by remote host
PS C:\Users\Jack\Desktop>

But it let me find the source of the problem, compared with kex_exchange_identification: Connection closed by remote host: when I went to Baidu, I found one that said it was a concurrent connection back pot, then changed MaxStartups and MaxSessions, and restarted the ssh service after the change, but my restart failed (operate at vnc login):

#Modify MaxStartups and MaxSessions
vim /etc/ssh/sshd_config
#Restart ssh service
systemctl restart sshd

If it's a concurrent connection problem, that's fine, but the result shows that it can't be restarted. Let me check the ssh status:

#Check the ssh service
status sshd.service
#Report specific error
sshd -t

The error message here is very clear, that is, load libssl so. Error at 10:00. After confirmation, restore the previously changed file variables first, otherwise I don't know what's going on. For ECS login, vnc login is basically a configuration problem, so you can use ssh -v @ to check whether there is a problem with ssh login, and then you can solve it,

#Check ssh service
service sshd status
#Test mode view
sshd -t

sshd is a daemon in openssh software suite, which can be used to view ssh problems. The next step is how to install libssl so. 10.
Let's see what's wrong with the library file. ll check libssl in the / usr/lib64 library The file information starting with so can be seen from the following: libssl so. 10 link to libssl so. 1.0.2k file is missing.

However, many methods do not correspond to the current version. I simply choose to reinstall the system. After all, it is a cloud server and has its own image, but you'd better save the image before doing the operation in the future.

Keywords: CentOS Nginx server

Added by Centrek on Sun, 20 Feb 2022 11:59:26 +0200