Updating to nginx 0.7.63 on Red Hat Enterprise Linux 5.4Edit

Updating PCRE

We won’t update PCRE here because we don’t want to lose the automatic updates of the Red Hat-supplied version.

Updating nginx and using the nginx upload module

The nginx upload module was already in extracted in place (see "Installing nginx 0.7.62 on Red Hat Enterprise Linux 5.3") so we just download the updated nginx source and extract that alongside it:

$ wget http://sysoev.ru/nginx/nginx-0.7.63.tar.gz
$ tar xzvf nginx-0.7.63.tar.gz
$ cd nginx-0.7.63

Note in this case we stop to apply a patch for the well-publicized SSL renegotiation vulnerability before continuing with the build:

$ wget http://sysoev.ru/nginx/patch.cve-2009-3555.txt
$ patch -p 0 <patch.cve-2009-3555.txt
$ ./configure --prefix=/usr/local/nginx --with-http_ssl_module --add-module=../nginx_upload_module-2.0.10
$ make

Now we gracefully update the binary in place without dropping any existing connections (see "Updating to a new nginx binary on the fly" for more details).

The first step is to get the PID of the old nginx master process — in this example it is 2961 — and then perform the update in place by sending the appropriate signals to that process:

$ ps auxww|grep nginx
$ sudo make install
$ sudo kill -s USR2 2961
$ sudo kill -s WINCH 2961
$ sudo kill -s QUIT 2961

See also