更新openresty出现问题
背景
今天日常巡检,看到openresty上了新版本,果断尝试一下
服务器系统是aws linux 2023,更新步骤比较简单,用的官方源安装的,只需要直接更新即可。
yum update
Last metadata expiration check: 1:34:09 ago on Thu Oct 24 12:12:11 2024.
====================================================================================================================================================
WARNING:
A newer release of "Amazon Linux" is available.
Available Versions:
Version 2023.5.20241001:
Run the following command to upgrade to 2023.5.20241001:
dnf upgrade --releasever=2023.5.20241001
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20241001.html
Version 2023.6.20241010:
Run the following command to upgrade to 2023.6.20241010:
dnf upgrade --releasever=2023.6.20241010
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.6.20241010.html
====================================================================================================================================================
Dependencies resolved.
====================================================================================================================================================
Package Architecture Version Repository Size
====================================================================================================================================================
Upgrading:
openresty x86_64 1.27.1.1-1.amzn2023 openresty 1.3 M
Installing dependencies:
openresty-openssl3 x86_64 3.0.15-4.amzn2023 openresty 2.1 M
openresty-pcre2 x86_64 10.44-1.amzn2023 openresty 506 k
Transaction Summary
====================================================================================================================================================
Install 2 Packages
Upgrade 1 Package
Total download size: 3.9 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): openresty-pcre2-10.44-1.amzn2023.x86_64.rpm 350 kB/s | 506 kB 00:01
(2/3): openresty-1.27.1.1-1.amzn2023.x86_64.rpm 631 kB/s | 1.3 MB 00:02
(3/3): openresty-openssl3-3.0.15-4.amzn2023.x86_64.rpm 954 kB/s | 2.1 MB 00:02
----------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.7 MB/s | 3.9 MB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : openresty-pcre2-10.44-1.amzn2023.x86_64 1/4
Installing : openresty-openssl3-3.0.15-4.amzn2023.x86_64 2/4
Upgrading : openresty-1.27.1.1-1.amzn2023.x86_64 3/4
Running scriptlet: openresty-1.27.1.1-1.amzn2023.x86_64 3/4
Running scriptlet: openresty-1.25.3.2-1.amzn2023.x86_64 4/4
Cleanup : openresty-1.25.3.2-1.amzn2023.x86_64 4/4
Running scriptlet: openresty-1.25.3.2-1.amzn2023.x86_64 4/4
Job for openresty.service failed because the control process exited with error code.
See "systemctl status openresty.service" and "journalctl -xeu openresty.service" for details.
Verifying : openresty-openssl3-3.0.15-4.amzn2023.x86_64 1/4
Verifying : openresty-pcre2-10.44-1.amzn2023.x86_64 2/4
Verifying : openresty-1.27.1.1-1.amzn2023.x86_64 3/4
Verifying : openresty-1.25.3.2-1.amzn2023.x86_64 4/4
====================================================================================================================================================
WARNING:
A newer release of "Amazon Linux" is available.
Available Versions:
Version 2023.5.20241001:
Run the following command to upgrade to 2023.5.20241001:
dnf upgrade --releasever=2023.5.20241001
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.5.20241001.html
Version 2023.6.20241010:
Run the following command to upgrade to 2023.6.20241010:
dnf upgrade --releasever=2023.6.20241010
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.6.20241010.html
====================================================================================================================================================
Upgraded:
openresty-1.27.1.1-1.amzn2023.x86_64
Installed:
openresty-openssl3-3.0.15-4.amzn2023.x86_64 openresty-pcre2-10.44-1.amzn2023.x86_64
Complete!
然而,更新完之后傻眼了。重启无法启动!
问题
nginx[15130]: nginx: [emerg] pcre2_compile() failed: unrecognized character follows \ in ".static\media.(svg|gif|jpg|jpeg>
解决
在升级 PCRE 后,Nginx 使用的正则表达式语法可能会有所不同。PCRE2 的一些行为与 PCRE1 不完全相同,尤其是在转义字符的处理上。简单来说就是正则表达式更加严格了。
如果你遇到正则表达式问题,可以尝试以下步骤:
-
检查转义字符:
- 确保正则表达式中的特殊字符正确转义。PCRE2 可能对某些转义字符更加严格。
-
更新正则表达式:
- 使用不需要额外转义的路径分隔符,例如:
location ~* \.static/media\.(svg|gif|jpg|jpeg|png)$ { # 配置内容 }
- 使用不需要额外转义的路径分隔符,例如:
-
测试配置:
- 在修改配置文件后,使用以下命令测试 Nginx 配置:
sudo nginx -t - 确保配置文件没有语法错误。
- 在修改配置文件后,使用以下命令测试 Nginx 配置:
-
重新加载 Nginx:
- 如果配置测试通过,重新加载 Nginx:
sudo nginx -s reload
- 如果配置测试通过,重新加载 Nginx:
附change log
Version highlights
- Nginx core
Based on the very recent mainline nginx core 1.27.1.
Added http_v3_module to official prebuilt packages.
Added http_slice_module to official prebuilt packages. - OpenSSL
upgraded from version 1.1.1 to 3.0.15. - PCRE
upgraded from version 8.45 to 10.42. - LuaJIT updated to 2.1-20240815 with various optimizations and bugfixes:
- Improved error handling and stack overflow management
- Enhanced cross-32/64 bit and deterministic bytecode generation
- Disabled hash computation optimization in the OpenResty branch due to potential severe performance degradation (CVE-2024-39702). This issue only exists in the OpenResty branch (agentzh-v2.1) and not in upstream LuaJIT. We thank Zhongwei Yao from Kong Inc. for reporting this issue.
- Core modules updates:
- Improved keepalive and balancer functionality
- New SSL-related features, including support for trusted
- certificates in client verification
- Added support for deriving keys from TLS master secret
- Implemented ngx_http_lua_ffi_ssl_client_random and related functions
- lua-resty-websocket upgraded to 0.12 with new features:
- Added send_continue method
- Support for custom sec-websocket-key in client
- Added support for connecting to unix sockets
- lua-resty-string updated to 0.16:
- Added AAD support in AES GCM
- Made random.bytes cryptographically strong by default
- lua-resty-redis upgraded to v0.31 with performance optimizations
- lua-cjson updated to 2.1.0.14 with Lua 5.3 and 5.4 integer support
欢迎关注我的公众号“辣个男人Devin”,新鲜技术文章第一时间推送。