nginx was upgraded to the latest version 1.12.0

The nginx version currently used by the company is relatively low (nginx-1.0.12), and the network security company did a "remote security assessment" and found the following vulnerabilities:
nginx URI processing security restriction bypass vulnerability (CVE-2013-4547)
Nginx 'access.log' Insecure File Permission Vulnerability (CVE-2013-0337)
nginx SSL Session Fixation Vulnerability (CVE-2014-3616)
nginx resolver Denial of Service Vulnerability (CVE-2016-0747)
nginx resolver Denial of Service Vulnerability (CVE-2016 ) -0742)
nginx 'ngx_http_mp4_module.c' buffer overflow vulnerability
nginx header parsing memory leak vulnerability
nginx 'ngx_http_close_connection()' remote integer overflow vulnerability
nginx null pointer indirect reference vulnerability (CVE-2016-4450)
nginx resolver re-use after release (CVE-2016-0746)

In order to fix the above vulnerability, decided to update nginx to nginx-1.12.0


1. First download nginx-1.12.0.tar.gz, nginx-upstream-jvm-route-master.zip
ngx_cache_purge- 2.3.tar.gz
has dependencies in the attachment

2. Unzip tar -zxvf ngx_cache_purge-2.3.tar.gz
tar -zxvf nginx-upstream-jvm-route-master.zip
tar -zxvf nginx-1.12.0.tar.gz

3. View the original installation parameters through ./nginx -V

[root@localhost sbin]# ./nginx -V
nginx version: nginx/1.0.12
configure arguments: --prefix=/opt/nginx --with-http_stub_status_module --with-pcre=/opt/soft/pcre-8.21 --add-module=../nginx_upstream_jvm_route / --add-module=../ngx_cache_purge-1.5 --add-module=../nginx_upstream_check_module-master


4. Enter nginx-1.12.0 and execute:
patch -p0 < path where nginx-upstream-jvm-route-master is located The following jvm_route.patch
patch -p0 < /opt/soft/nginx-upstream-jvm-route-master/jvm_route.patch
must be executed, otherwise an error will be reported during make

5. Execute
[root@localhost nginx-1.12.0]# ./configure --prefix=/opt/nginx --with-http_stub_status_module --with-pcre=/opt/soft/pcre-8.21 --add-module=/opt/soft/nginx-upstream-jvm-route-master/ --add-module=/opt/soft/ngx_cache_purge-1.5 --add-module=/opt/soft/nginx_upstream_check_module-master

6. [root@localhost nginx-1.12.0]#make

7.[root@localhost nginx-1.12.0] mv /opt/nginx/sbin/nginx /opt/nginx/sbin/nginx.old
8.[root@localhost nginx-1.12.0] cp objs/nginx /opt/nginx/sbin/
9.[root@localhost nginx-1.12.0]# make upgrade
/opt/nginx/sbin/nginx -t
nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx/conf/nginx.conf test is successful
kill -USR2 `cat /opt/nginx/logs/nginx.pid`
sleep 1
test -f /opt/nginx/logs/nginx.pid.oldbin
kill -QUIT `cat /opt/nginx/logs/nginx.pid.oldbin`

Note: The upgrade does not need to shut down nginx


10.[root@localhost nginx -1.12.0]# /opt/nginx/sbin/nginx -V
nginx version: nginx/1.12.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-11) (GCC)
configure arguments: --prefix= /opt/nginx --with-http_stub_status_module --with-pcre=/opt/soft/pcre-8.21 --add-module=/opt/soft/nginx-upstream-jvm-route-master/ --add-module= /opt/soft/ngx_cache_purge-2.3 --add-module=/opt/soft/nginx_upstream_check_module-master


Upgrade to!


Module description:
nginx_upstream_check_module is used to detect the health status of the rear realserver. If the backend server is unavailable, all requests will not be forwarded to this server.
nginx_upstream_jvm_route: Get session stickiness through session cookie. If there is no session in the cookie and url, this is just a simple round-robin load balancing.

ngx_cache_purge: cache module