CentOS 安装OpenSSL 支持 QUIC for http/3
1、背景
编译安装最新版 nginx-1.26.1.tar.gz (支持QUIC for http/3):
cd /home/data/tool-server/nginx-1.26.1/
./configure --user=www --group=www --prefix=/usr/local/nginx --with-pcre --with-http_stub_status_module --with-http_sub_module --with-http_ssl_module --with-stream_ssl_module --with-http_v2_module --with-http_v3_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-threads --with-stream --with-stream_ssl_module
报错如下,http/3协议需 OpenSSL QUIC支持
./configure: error: certain modules require OpenSSL QUIC support.
You can either do not enable the modules, or install the OpenSSL library with
QUIC support into the system, or build the OpenSSL library with QUIC support
statically from the source with nginx by using --with-openssl=<path> option.
系统默认安装openssl、openssl-devel
## 1. 安装前查询openssl版本 ## openssl, openssl-devel, openssl-libs, openssl-perl, openssl-pkcs11, openssl-static, ... # yum list available --showduplicates "openssl*" # ## 2. 安装部分openssl服务 # yum install openssl openssl-devel openssl-libs Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.cloud.aliyuncs.com * extras: mirrors.cloud.aliyuncs.com * updates: mirrors.cloud.aliyuncs.com Package 1:openssl-1.0.2k-26.el7_9.x86_64 already installed and latest version Package 1:openssl-devel-1.0.2k-26.el7_9.x86_64 already installed and latest version Package 1:openssl-libs-1.0.2k-26.el7_9.x86_64 already installed and latest version Nothing to do # ## 3. 查看已安装版本 # rpm -qa | grep "openssl" openssl-libs-1.0.2k-26.el7_9.x86_64 openssl-1.0.2k-26.el7_9.x86_64 openssl-devel-1.0.2k-26.el7_9.x86_64
2、安装OpenSSL 3 支持 QUIC
1、OpenSSL官网:https://www.openssl.org
下载最新版:openssl-3.3.1.tar.gz (包含QUIC for HTTP/3,2024-06-04)
For an overview of some of the key concepts in OpenSSL 3.3 see the OpenSSL Guide. Much of the information in the guide is also applicable to older releases such as 3.1 and 3.0 except for sections relating to new features only in 3.3 and 3.2 (such as QUIC). Information and notes about migrating existing applications to OpenSSL 3.3 (and 3.2/3.1/3.0) are available in the OpenSSL 3.3 Migration Guide
2、安装步骤:
# ./config --prefix=/usr/local/openssl --openssldir=/usr/local/ssl shared zlib -fPIC # 不推荐
报错如下:
# ./config --prefix=/usr/local/openssl
Can't locate IPC/Cmd.pm in @INC (@INC contains: /home/data/tool-server/openssl-3.3.1/util/perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 . /home/data/tool-server/openssl-3.3.1/external/perl/Text-Template-1.56/lib) at /home/data/tool-server/openssl-3.3.1/util/perl/OpenSSL/config.pm line 19.
BEGIN failed--compilation aborted at /home/data/tool-server/openssl-3.3.1/util/perl/OpenSSL/config.pm line 19.
Compilation failed in require at /home/data/tool-server/openssl-3.3.1/Configure line 23.
BEGIN failed--compilation aborted at /home/data/tool-server/openssl-3.3.1/Configure line 23.
解决方案:
或者yum命令安装perl-IPC/Cmd:
yum -y install zlib* perl pam* gcc* perl-IPC-Cmd
3、继续自定义编译安装OpenSSL
./config --prefix=/usr/local/openssl
# ./config --prefix=/usr/local/openssl Configuring OpenSSL version 3.3.1 for target linux-x86_64 Using os-specific seed configuration Created configdata.pm Running configdata.pm Created Makefile.in Created Makefile Created include/openssl/configuration.h ********************************************************************** *** *** *** OpenSSL has been successfully configured *** *** *** *** If you encounter a problem while building, please open an *** *** issue on GitHub <https://github.com/openssl/openssl/issues> *** *** and include the output from the following command: *** *** *** *** perl configdata.pm --dump *** *** *** *** (If you are new to OpenSSL, you might want to consult the *** *** 'Troubleshooting' section in the INSTALL.md file first) *** *** *** **********************************************************************
继续编译,可能耗时几十分钟: make && make install
4、配置lib链接库
## 新增创建文件 openssl.conf vim /etc/ld.so.conf.d/openssl.conf ## 输入指定openssl的lib路径 /usr/local/openssl/lib64 ## 重启ldconfig,使其生效 sudo ldconfig -v
或者一行命令实现:
echo "/usr/local/openssl/lib64" > /etc/ld.so.conf.d/openssl.conf && sudo ldconfig -v
5、查看openssl版本成功
常见问题:
1、查看openssl版本号报错,提示找不到库文件libssl.so.3
# /usr/local/openssl/bin/openssl --version
/usr/local/openssl/bin/openssl: error while loading shared libraries: libssl.so.3: cannot open shared object file: No such file or directory
原因分析:
libssl.so.3 在安装目录里,链接库没找到
# ls -l /usr/local/openssl/lib64/libssl.so.3
-rwxr-xr-x 1 root root 1195536 Jun 30 07:51 /usr/local/openssl/lib64/libssl.so.3
解决方案:
配置lib链接库路径,步骤如下
## 新增创建文件 openssl.conf
vim /etc/ld.so.conf.d/openssl.conf
## 输入指定openssl的lib路径
/usr/local/openssl/lib64
## 重启ldconfig,使其生效
sudo ldconfig -v
## 查看是否添加成功
# ldconfig -vp | grep libssl.so.3
libssl.so.3 (libc6,x86-64) => /usr/local/openssl/lib64/libssl.so.3
## 查看openssl版本成功
# /usr/local/openssl/bin/openssl version -a
OpenSSL 3.3.1 4 Jun 2024 (Library: OpenSSL 3.3.1 4 Jun 2024)
参考推荐:
Ubuntu / CentOS 配置Apache、apr、apr-util、apr-iconv、sqlite3
LNMP(CentOS+Nginx+Mysql+PHP)服务器环境配置
版权所有: 本文系米扑博客原创、转载、摘录,或修订后发表,最后更新于 2024-07-03 15:21:12
侵权处理: 本个人博客,不盈利,若侵犯了您的作品权,请联系博主删除,莫恶意,索钱财,感谢!
支持