Linux

安裝 nginx 時如何解決 Openssl 包錯誤

  • December 1, 2017

我嘗試在RHEL 7.2 機器上安裝 nginx,但出現錯誤,

Error: Package: 1:nginx-1.10.2-2.el7.x86_64 (epel)
      Requires: libcrypto.so.10(OPENSSL_1.0.2)(64bit)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest

堅果這個 libcrypto.so.10(OPENSSL_1.0.2)(64bit) 在預設的 openssl 包上不可用,所以我刪除了目前的 openssl 包並使用 rpm 安裝,如下所示,

[root@db-brm ~]# rpm -Uvh http://mirror.centos.org/centos/7/os/x86_64/Packages/openssl-libs-1.0.2k-8.el7.x86_64.rpm

我認為它會解決問題,但它沒有,它增加了 openssl 中的衝突並在安裝 nginx 時出錯,

我可以看到這是錯誤,

[root@db-brm ~]# yum install nginx
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You 
can use subscription-manager to register.
epel/x86_64/metalink                                                                                                                                       
|  16 kB  00:00:00     
local-repo                                                                                                                                                 
| 4.1 kB  00:00:00     
nginx                                                                                                                                                      
| 2.9 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 1:1.12.2-1.el7_4.ngx will be installed
--> Processing Dependency: openssl >= 1.0.2 for package: 1:nginx-1.12.2-1.el7_4.ngx.x86_64
--> Running transaction check
---> Package openssl.x86_64 1:1.0.1e-42.el7_1.9 will be installed
--> Processing Dependency: openssl-libs(x86-64) = 1:1.0.1e-42.el7_1.9 for package: 1:openssl-1.0.1e-42.el7_1.9.x86_64
--> Finished Dependency Resolution
Error: Package: 1:openssl-1.0.1e-42.el7_1.9.x86_64 (local-repo)
      Requires: openssl-libs(x86-64) = 1:1.0.1e-42.el7_1.9
      Installed: 1:openssl-libs-1.0.2k-8.el7.x86_64 (installed)
          openssl-libs(x86-64) = 1:1.0.2k-8.el7
      Available: 1:openssl-libs-1.0.1e-42.el7_1.9.x86_64 (local-repo)
          openssl-libs(x86-64) = 1:1.0.1e-42.el7_1.9
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest

誰能幫我解決這個問題?

引自 NGINX 論壇Ref

不幸的是,只有一種解決方案——將系統升級到 7.4;還應該記住,發行版供應商不再支持 7.0-7.3(包括安全修復)

但是,您可以從原始碼安裝 NGINX,參見堆棧交換

sudo yum install unzip gcc pcre-devel zlib-devel make golang wget
mkdir -p /tmp/nginx-dep
cd /tmp/nginx-dep
curl -O https://www.openssl.org/source/openssl-1.0.2g.tar.gz
curl -O http://nginx.org/download/nginx-1.9.14.tar.gz
tar zxf openssl-1.0.2g.tar.gz
tar zxf nginx-1.9.14.tar.gz
cd nginx-1.9.14/
./configure --with-http_ssl_module \
           --with-openssl=`realpath ../openssl-1.0.2g` \
           --prefix=/usr/share/nginx \
           --sbin-path=/usr/sbin/nginx \
           --modules-path=/usr/lib/nginx/modules \
           --conf-path=/etc/nginx/nginx.conf \
           --error-log-path=/var/log/nginx/error.log \
           --http-log-path=/var/log/nginx/access.log \
           --pid-path=/run/nginx.pid \
           --lock-path=/var/lock/nginx.lock \
           --http-client-body-temp-path=/var/lib/nginx/body \
           --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
           --http-proxy-temp-path=/var/lib/nginx/proxy \
           --http-scgi-temp-path=/var/lib/nginx/scgi \
           --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
           --with-openssl-opt=enable-ec_nistp_64_gcc_128 \
           --with-openssl-opt=no-nextprotoneg \
           --with-openssl-opt=no-weak-ssl-ciphers \
           --with-openssl-opt=no-ssl3 \
           --with-pcre-jit \
           --with-threads \
           --with-http_addition_module \
           --with-http_auth_request_module \
           --with-http_dav_module \
           --with-http_flv_module \
           --with-http_gunzip_module \
           --with-http_gzip_static_module \
           --with-http_mp4_module \
           --with-http_random_index_module \
           --with-http_realip_module \
           --with-http_slice_module \
           --with-http_ssl_module \
           --with-http_sub_module \
           --with-http_stub_status_module \
           --with-http_v2_module \
           --with-http_secure_link_module \
           --with-mail \
           --with-mail_ssl_module \
           --with-stream \
           --with-stream_ssl_module
make
sudo make install

sudo mkdir -p /var/lib/nginx && sudo nginx -t

# create service
sudo touch /etc/systemd/system/nginx.service
printf '
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true

[Install]
WantedBy=multi-user.target' | sudo tee  /etc/systemd/system/nginx.service

rm /tmp/nginx-dep -ri

引用自:https://serverfault.com/questions/879950