http://nginx.org/en/linux_packages.html#RHEL-CentOS
一、背景
当前环境扫描出nginx存在漏洞,在等保和监管过程中是丢分的存在,虽然不是危险漏洞。
当前环境:
CentOS 7
Nginx 1.16.1
[sysadmin@VM_23_12_centos ~]$ cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
[sysadmin@VM_23_12_centos ~]$ nginx -v
nginx version: nginx/1.16.1
[sysadmin@VM_23_12_centos ~]$ rpm -qa |grep nginx
nginx-mod-mail-1.16.1-1.el7.x86_64
nginx-all-modules-1.16.1-1.el7.noarch
nginx-filesystem-1.16.1-1.el7.noarch
nginx-mod-http-perl-1.16.1-1.el7.x86_64
nginx-mod-http-xslt-filter-1.16.1-1.el7.x86_64
nginx-mod-http-image-filter-1.16.1-1.el7.x86_64
nginx-mod-stream-1.16.1-1.el7.x86_64
nginx-1.16.1-1.el7.x86_64
二、准备工作
- 快照
- 备份nginx配置文件
cp -rf /etc/nginx/ ~/
三、配置升级nginx仓库
在/etc/yum.repos.d/创建nginx.repo文件,如下
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
这里是生产环境,安装stable版本。
四、升级nginx到1.20
[sysadmin@VM_23_12_centos ~]$ sudo yum install nginx -y
[sysadmin@VM_23_12_centos ~]$ rpm -qa |grep nginx
nginx-mod-mail-1.16.1-1.el7.x86_64
nginx-all-modules-1.16.1-1.el7.noarch
nginx-filesystem-1.16.1-1.el7.noarch
nginx-mod-http-perl-1.16.1-1.el7.x86_64
nginx-mod-http-xslt-filter-1.16.1-1.el7.x86_64
nginx-mod-http-image-filter-1.16.1-1.el7.x86_64
nginx-mod-stream-1.16.1-1.el7.x86_64
nginx-1.20.1-1.el7.ngx.x86_64
当从EPEL体系切换到nginx.org体系,在安装新NGINX后,需要执行如下:
yum remove $(yum list installed | grep 'nginx.*@epel' | awk '{ print $1 }')
该操作会移除额外的包,比如nginx-mod-stream。如果有需要,也可以安装。
升级后,要注意配置文件是否匹配。比如,增加了
/etc/nginx/conf.d/default.conf的差别。
根据各自需要。
[sysadmin@VM_23_12_centos ~]$ sudo yum remove $(yum list installed | grep 'nginx.*@epel' | awk '{ print $1 }')
[sysadmin@VM_23_12_centos ~]$ rpm -qa |grep nginx
nginx-1.20.1-1.el7.ngx.x86_64
五、重启服务
[sysadmin@VM_23_12_centos ~]$ sudo systemctl restart nginx
附件一、nginx 附属包提供的文件
nginx-all-modules , 没有生成任何文件
[sysadmin@VM_23_13_centos ~]$ rpm -ql nginx-all-modules
(contains no files)
nginx-filesystem , 创建了几个空目录
[sysadmin@VM_23_13_centos ~]$ rpm -ql nginx-filesystem
/etc/nginx
/etc/nginx/conf.d
/etc/nginx/default.d
/etc/systemd/system/nginx.service.d
/usr/lib/systemd/system/nginx.service.d
/usr/share/nginx
/usr/share/nginx/html
nginx-mod-http-xslt-filter , 创建了一个.so文件
[sysadmin@VM_23_13_centos ~]$ rpm -ql nginx-mod-http-xslt-filter
/usr/lib64/nginx/modules/ngx_http_xslt_filter_module.so
/usr/share/nginx/modules/mod-http-xslt-filter.conf
nginx-mod-http-image-filter , 创建了一个.so文件
[sysadmin@VM_23_13_centos ~]$ rpm -ql nginx-mod-http-image-filter
/usr/lib64/nginx/modules/ngx_http_image_filter_module.so
/usr/share/nginx/modules/mod-http-image-filter.conf
nginx-mod-http-perl , 创建了使用perl module的.so文件
[sysadmin@VM_23_13_centos ~]$ rpm -ql nginx-mod-http-perl
/usr/lib64/nginx/modules/ngx_http_perl_module.so
/usr/lib64/perl5/vendor_perl/auto/nginx
/usr/lib64/perl5/vendor_perl/auto/nginx/nginx.so
/usr/lib64/perl5/vendor_perl/nginx.pm
/usr/share/nginx/modules/mod-http-perl.conf
nginx-mod-mail , 提供了mail modules的.so文件
[sysadmin@VM_23_13_centos ~]$ rpm -ql nginx-mod-mail
/usr/lib64/nginx/modules/ngx_mail_module.so
/usr/share/nginx/modules/mod-mail.conf
nginx-mod-stream
[sysadmin@VM_23_13_centos ~]$ rpm -ql nginx-mod-stream
/usr/lib64/nginx/modules/ngx_stream_module.so
/usr/share/nginx/modules/mod-stream.conf
nginx ,主包提供二进制文件、配置文件,创建日志文件。以及 share 帮助文件。
[sysadmin@VM_23_13_centos ~]$ rpm -ql nginx |grep -v share
/etc/logrotate.d/nginx
/etc/nginx/fastcgi.conf
/etc/nginx/fastcgi.conf.default
/etc/nginx/fastcgi_params
/etc/nginx/fastcgi_params.default
/etc/nginx/koi-utf
/etc/nginx/koi-win
/etc/nginx/mime.types
/etc/nginx/mime.types.default
/etc/nginx/nginx.conf
/etc/nginx/nginx.conf.default
/etc/nginx/scgi_params
/etc/nginx/scgi_params.default
/etc/nginx/uwsgi_params
/etc/nginx/uwsgi_params.default
/etc/nginx/win-utf
/usr/bin/nginx-upgrade
/usr/lib/systemd/system/nginx.service
/usr/lib64/nginx/modules
/usr/sbin/nginx
/var/lib/nginx
/var/lib/nginx/tmp
/var/log/nginx
附件二、EPEL体系 vs nginx.org体系
- EPEL
yum install nginx
Dependencies Resolved
=======================================================================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================================================================
Installing:
nginx x86_64 1:1.16.1-3.el7 epel 563 k
Installing for dependencies:
dejavu-fonts-common noarch 2.33-6.el7 os 64 k
dejavu-sans-fonts noarch 2.33-6.el7 os 1.4 M
fontconfig x86_64 2.13.0-4.3.el7 os 254 k
fontpackages-filesystem noarch 1.44-8.el7 os 9.9 k
gd x86_64 2.0.35-27.el7_9 updates 146 k
gperftools-libs x86_64 2.6.1-1.el7 os 272 k
libX11 x86_64 1.6.7-4.el7_9 updates 607 k
libX11-common noarch 1.6.7-4.el7_9 updates 164 k
libXau x86_64 1.0.8-2.1.el7 os 29 k
libXpm x86_64 3.5.12-1.el7 os 55 k
libxcb x86_64 1.13-1.el7 os 214 k
libxslt x86_64 1.1.28-6.el7 os 242 k
nginx-all-modules noarch 1:1.16.1-3.el7 epel 20 k
nginx-filesystem noarch 1:1.16.1-3.el7 epel 21 k
nginx-mod-http-image-filter x86_64 1:1.16.1-3.el7 epel 30 k
nginx-mod-http-perl x86_64 1:1.16.1-3.el7 epel 39 k
nginx-mod-http-xslt-filter x86_64 1:1.16.1-3.el7 epel 29 k
nginx-mod-mail x86_64 1:1.16.1-3.el7 epel 57 k
nginx-mod-stream x86_64 1:1.16.1-3.el7 epel 85 k
openssl11-libs x86_64 1:1.1.1g-1.el7 epel 1.4 M
Transaction Summary
=======================================================================================================================================================================================
Install 1 Package (+20 Dependent packages)
- nginx.org
yum install nginx
Dependencies Resolved
=======================================================================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================================================================
Installing:
nginx x86_64 1:1.20.1-1.el7.ngx nginx-stable 790 k
Transaction Summary
=======================================================================================================================================================================================
Install 1 Package
yum install nginx nginx-filesystem nginx-mod-http-perl nginx-mod-http-xslt-filter nginx-mod-http-image-filter nginx-mod-mail nginx-mod-stream
Dependencies Resolved
=======================================================================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================================================================
Installing:
nginx x86_64 1:1.20.1-1.el7.ngx nginx-stable 790 k
nginx-filesystem noarch 1:1.16.1-3.el7 epel 21 k
nginx-mod-http-image-filter x86_64 1:1.16.1-3.el7 epel 30 k
nginx-mod-http-perl x86_64 1:1.16.1-3.el7 epel 39 k
nginx-mod-http-xslt-filter x86_64 1:1.16.1-3.el7 epel 29 k
nginx-mod-mail x86_64 1:1.16.1-3.el7 epel 57 k
nginx-mod-stream x86_64 1:1.16.1-3.el7 epel 85 k
Installing for dependencies:
dejavu-fonts-common noarch 2.33-6.el7 os 64 k
dejavu-sans-fonts noarch 2.33-6.el7 os 1.4 M
fontconfig x86_64 2.13.0-4.3.el7 os 254 k
fontpackages-filesystem noarch 1.44-8.el7 os 9.9 k
gd x86_64 2.0.35-27.el7_9 updates 146 k
libX11 x86_64 1.6.7-4.el7_9 updates 607 k
libX11-common noarch 1.6.7-4.el7_9 updates 164 k
libXau x86_64 1.0.8-2.1.el7 os 29 k
libXpm x86_64 3.5.12-1.el7 os 55 k
libxcb x86_64 1.13-1.el7 os 214 k
libxslt x86_64 1.1.28-6.el7 os 242 k
Transaction Summary
=======================================================================================================================================================================================
Install 7 Packages (+11 Dependent packages)
网友评论