Skip to content


Nginx 修补bug,平滑升级至0.8.16

A patch to fix VU#180065 vulnerability in 0.1.0-0.8.14. The patch is not required for versions 0.8.16+, 0.7.62+, 0.6.39+, 0.5.38+.

nginx有一安全漏洞影响0.1.0-0.8.14的版本。 除0.8.16+, 0.7.62+, 0.6.39+, 0.5.38+.

wget http://sysoev.ru/nginx/nginx-0.7.62.tar.gz tar zxvf nginx-0.7.62.tar.gz cd nginx-0.7.62

关闭debug模式来减少nginx大小

vi auto/cc/gcc # 最后几行sheft+g #注释这行 #CFLAGS=”$CFLAGS -g”

伪装header

vi src/core/nginx.h #define NGINX_VERSION “1.2” #define NGINX_VER “C1GWS/” NGINX_VERSION

编译

./configure –user=www –group=website –prefix=/opt/nginx –with-http_stub_status_module –with-http_ssl_module make

#不需做make install哈

备份原始文件

mv /opt/nginx/sbin/nginx /opt/nginx/sbin/nginx.old

复制新文件

cp objs/nginx /opt/nginx/sbin/nginx

检查配置文件

/opt/nginx/sbin/nginx -t

如果你的配置文件是0.6X的话会有2个错误

[warn]: the “optimize_server_names” directive is deprecated, use the “server_name_in_redirect” directive instead in /opt/nginx/conf/nginx.conf:36 [emerg]: “server_name_in_redirect” directive is duplicate in /opt/nginx/conf/nginx.conf:37 configuration file /opt/nginx/conf/nginx.conf test failed [warn]: duplicate MIME type “text/html” in /opt/nginx/conf/nginx.conf:63 the configuration file /opt/nginx/conf/nginx.conf syntax is ok configuration file /opt/nginx/conf/nginx.conf test is successful

nginx.conf中去掉server_name_in_redirect及text/html

optimize_server_names off; server_name_in_redirect off; gzip_types text/plain application/x-javascript text/css application/xml;

重命名pid,并启用新的pid #”`“在键盘左上角

kill -USR2 `cat /dev/shm/nginx.pid`

退出旧的nginx

kill -QUIT `cat /dev/shm/nginx.pid.oldbin`

升级完成!

curl -I localhost HTTP/1.1 200 OK Server: C1GWS/1.2

curl -I localhost

Posted in Nginx, 安全, 技术.

Tagged with , .


No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.