如何解决安装 nginx 时 Openssl 包错误

tag-icon tag-icon linux nginx yum openssl package-management
如何解决安装 nginx 时 Openssl 包错误

我尝试在RHEL 7.2 计算机,然后我得到了一个错误,

Error: Package: 1:nginx-1.10.2-2.el7.x86_64 (epel)
       Requires: libcrypto.so.10(OPENSSL_1.0.2)(64bit)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest

但是这个 libcrypto.so.10(OPENSSL_1.0.2)(64bit) 在默认的 openssl 包中不可用,所以我删除了当前的 openssl 包并使用 rpm 进行安装,如下所示,

[root@db-brm ~]# rpm -Uvh http://mirror.centos.org/centos/7/os/x86_64/Packages/openssl-libs-1.0.2k-8.el7.x86_64.rpm

我以为这样可以解决问题,但事实并非如此,它增加了 openssl 中的冲突,并在安装 nginx 时出现错误,

我可以看到这是错误,

[root@db-brm ~]# yum install nginx
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You 
can use subscription-manager to register.
epel/x86_64/metalink                                                                                                                                       
|  16 kB  00:00:00     
local-repo                                                                                                                                                 
| 4.1 kB  00:00:00     
nginx                                                                                                                                                      
| 2.9 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 1:1.12.2-1.el7_4.ngx will be installed
--> Processing Dependency: openssl >= 1.0.2 for package: 1:nginx-1.12.2-1.el7_4.ngx.x86_64
--> Running transaction check
---> Package openssl.x86_64 1:1.0.1e-42.el7_1.9 will be installed
--> Processing Dependency: openssl-libs(x86-64) = 1:1.0.1e-42.el7_1.9 for package: 1:openssl-1.0.1e-42.el7_1.9.x86_64
--> Finished Dependency Resolution
Error: Package: 1:openssl-1.0.1e-42.el7_1.9.x86_64 (local-repo)
       Requires: openssl-libs(x86-64) = 1:1.0.1e-42.el7_1.9
       Installed: 1:openssl-libs-1.0.2k-8.el7.x86_64 (installed)
           openssl-libs(x86-64) = 1:1.0.2k-8.el7
       Available: 1:openssl-libs-1.0.1e-42.el7_1.9.x86_64 (local-repo)
           openssl-libs(x86-64) = 1:1.0.1e-42.el7_1.9
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest

有人能帮我解决这个问题吗?

答案1

引自 NGINX 论坛参考

不幸的是,只有一个解决方案 - 将系统升级到 7.4;还应记住,发行版供应商不再支持 7.0-7.3(包括安全修复)

但是,你可以从源代码安装 NGINX,请参见,堆栈交换

sudo yum install unzip gcc pcre-devel zlib-devel make golang wget
mkdir -p /tmp/nginx-dep
cd /tmp/nginx-dep
curl -O https://www.openssl.org/source/openssl-1.0.2g.tar.gz
curl -O http://nginx.org/download/nginx-1.9.14.tar.gz
tar zxf openssl-1.0.2g.tar.gz
tar zxf nginx-1.9.14.tar.gz
cd nginx-1.9.14/
./configure --with-http_ssl_module \
            --with-openssl=`realpath ../openssl-1.0.2g` \
            --prefix=/usr/share/nginx \
            --sbin-path=/usr/sbin/nginx \
            --modules-path=/usr/lib/nginx/modules \
            --conf-path=/etc/nginx/nginx.conf \
            --error-log-path=/var/log/nginx/error.log \
            --http-log-path=/var/log/nginx/access.log \
            --pid-path=/run/nginx.pid \
            --lock-path=/var/lock/nginx.lock \
            --http-client-body-temp-path=/var/lib/nginx/body \
            --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
            --http-proxy-temp-path=/var/lib/nginx/proxy \
            --http-scgi-temp-path=/var/lib/nginx/scgi \
            --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
            --with-openssl-opt=enable-ec_nistp_64_gcc_128 \
            --with-openssl-opt=no-nextprotoneg \
            --with-openssl-opt=no-weak-ssl-ciphers \
            --with-openssl-opt=no-ssl3 \
            --with-pcre-jit \
            --with-threads \
            --with-http_addition_module \
            --with-http_auth_request_module \
            --with-http_dav_module \
            --with-http_flv_module \
            --with-http_gunzip_module \
            --with-http_gzip_static_module \
            --with-http_mp4_module \
            --with-http_random_index_module \
            --with-http_realip_module \
            --with-http_slice_module \
            --with-http_ssl_module \
            --with-http_sub_module \
            --with-http_stub_status_module \
            --with-http_v2_module \
            --with-http_secure_link_module \
            --with-mail \
            --with-mail_ssl_module \
            --with-stream \
            --with-stream_ssl_module
make
sudo make install

sudo mkdir -p /var/lib/nginx && sudo nginx -t

# create service
sudo touch /etc/systemd/system/nginx.service
printf '
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true

[Install]
WantedBy=multi-user.target' | sudo tee  /etc/systemd/system/nginx.service

rm /tmp/nginx-dep -ri

相关内容