Centos7.x 编译安装全功能的Nginx

说明

根据此文档进行编译安装 Nginx,可以将Nginx默认的功能全部安装上,读者也可以自己的根据实际情况删减需要编译的模块。

支持的特色功能如下:

  • 支持 TLSv1.3 - openssl 从 1.1.1 版本起支持最终版的TLSv1.3标准协议,详情参见:TLS1.3
  • 支持 HTTP2 - Nginx 从 1.9.5 版本起支持http2,详情参见:Module ngx_http_v2_module
  • 支持 Lua语法 - 详情参见:lua-nginx-module

安装

Nginx 官方资料:Building nginx from Sources

安装依赖

yum install -y vim gcc gcc-c++ make cmake cmake3 automake autoconf perl-ExtUtils-Embed openssl-devel libxml2-devel libxslt-devel GeoIP-devel luajit-devel gperftools-devel systemd-devel perl-devel libatomic_ops-devel pcre-devel gd-devel

准备源码包

# Create Directory
mkdir -p /opt/down/nginx
cd /opt/down/nginx

# Get nginx source
wget https://nginx.org/download/nginx-1.14.0.tar.gz

# Get zlib/openssl/pcre dependency
wget https://zlib.net/zlib-1.2.11.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1.tar.gz
wget https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz

# Get Lua module and depend if you need
wget -c ‘https://github.com/openresty/lua-nginx-module/archive/v0.10.13.tar.gz‘ -O lua-nginx-module-0.10.13.tar.gz
wget -c ‘https://github.com/simplresty/ngx_devel_kit/archive/v0.3.1rc1.tar.gz‘ -O ngx_devel_kit-0.3.1rc1.tar.gz

# Extract source file
tar xzf nginx-1.14.0.tar.gz

tar xzf zlib-1.2.11.tar.gz
tar xzf openssl-1.1.1.tar.gz
tar xzf pcre-8.42.tar.gz

tar xzf lua-nginx-module-0.10.13.tar.gz
tar xzf ngx_devel_kit-0.3.1rc1.tar.gz

编译与安装

  • 读者可根据实际情况自定义修改编译选项中指定的路径。
  • 用户与组需要执行useradd work提前创建,或读者自定义用户与组名。
  • 这里将nginx-1.14.0所有可编译的模块都加上了,读者可自定义删减。
# Configure option
cd nginx-1.14.0
./configure --prefix=/opt/soft/nginx --error-log-path=/opt/log/nginx/error.log --pid-path=/opt/run/nginx/nginx.pid --lock-path=/opt/run/nginx/nginx.lock --user=work --group=work --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --http-log-path=/opt/log/nginx/access.log --http-client-body-temp-path=/opt/soft/nginx/temp/client_body --http-proxy-temp-path=/opt/soft/nginx/temp/proxy --http-fastcgi-temp-path=/opt/soft/nginx/temp/fastcgi --http-uwsgi-temp-path=/opt/soft/nginx/temp/uwsgi --http-scgi-temp-path=/opt/soft/nginx/temp/scgi --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --with-google_perftools_module --with-cpp_test_module --with-compat --with-pcre=../pcre-8.42 --with-pcre-jit --with-libatomic --with-zlib=../zlib-1.2.11 --with-openssl=../openssl-1.1.1 --with-debug --with-ld-opt=-Wl,-rpath,/usr/lib64 --add-module=../ngx_devel_kit-0.3.1rc1 --add-module=../lua-nginx-module-0.10.13

# Compile & Install
make -j2
make install

配置与启动

创建一些必要的目录,可根据实际情况自定义。

mkdir -p /opt/log/nginx
mkdir -p /opt/run/nginx
mkdir -p /opt/soft/nginx/temp
mkdir -p /opt/soft/nginx/conf/{acl,ssl,vhosts}

主配置文件

路径:/opt/soft/nginx/conf/nginx.conf
基本参数已经满足大部分的应用场景,如需要额外的调整参数请参阅官方文档的 Modules reference

# nginx main config
user    work work;

worker_processes     auto;
worker_cpu_affinity  auto;
worker_rlimit_nofile 655350;

# Loads a dynamic module.
# load_module modules/ngx_stream_module.so;

# Provides the configuration file context in which the directives that affect connection processing are specified.
events {
    # nginx will by default use the most efficient method.
    # use epoll;
    worker_connections  102400;
}

# Log level: debug, info, notice, warn, error, crit, alert, or emerg.
error_log   /opt/log/nginx/error.log error;

# PCRE JIT can speed up processing of regular expressions significantly.
pcre_jit on;

pid /opt/run/nginx/nginx.pid;

http {
    include       mime.types;
    default_type  application/octet-stream;

    # Default log format - main
    #log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘
    #                  ‘$status $body_bytes_sent "$http_referer" ‘
    #                  ‘"$http_user_agent" "$http_x_forwarded_for"‘;

    # Custom log format - main
    log_format main   ‘[$time_local] $remote_addr $http_x_connecting_ip "$http_x_forwarded_for" ‘
                      ‘$scheme $http_host "$request" $body_bytes_sent $request_time $status "$http_referer" ‘
                      ‘"$http_user_agent" $upstream_addr $upstream_response_time $upstream_status ‘;

    access_log  /opt/log/nginx/access.log main;

    # client_body_buffer_size 8k|16k;
    # client_body_timeout 120s;
    # client_header_buffer_size 1k;
    # client_header_timeout 120s;
    # client_max_body_size 10m;

    keepalive_timeout 75s;

    send_timeout    60s;
    sendfile        on;
    server_tokens   off;
    tcp_nodelay     on;
    tcp_nopush      on;

    # Enables or disables the use of underscores in client request header fields.
    # underscores_in_headers off;
    gzip  on;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    # Module ngx_http_fastcgi_module setting.
    # fastcgi_buffer_size 8k;
    # fastcgi_buffering on;
    # fastcgi_buffers 8 256k;
    # fastcgi_connect_timeout 120s;
    # fastcgi_read_timeout 120s;
    # fastcgi_send_timeout 120s;

    include vhosts/*.conf;
}

默认的虚拟主机

配置默认虚拟主机,禁止直接IP请求及针对未绑定域名的请求跳转。
路径:/opt/soft/nginx/conf/vhosts/default.conf

# vhosts - default
server {
    listen  80  default_server;
    server_name _;

    # underscores_in_headers on;

    if ($host ~ "\d+\.\d+\.\d+\.\d+") {
        return 404;
    }

    if ($host ~ "fandenggui.com") {
        return https://www.fandenggui.com;
    }

    location / {
        return https://www.fandenggui.com;
    }
}

正式虚拟主机配置

很多细节,需要读者了解配置的作用自行修改,这里不做过多的解释。

server {
    listen 80;
    listen 443 ssl http2;
    server_name www.fandenggui.com;

    # Access control
    # include acl/your_acl_rule.conf;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate     ssl/fandenggui.com.pem;
    ssl_certificate_key ssl/fandenggui.com.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ‘ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS‘;

    ssl_prefer_server_ciphers on;
    ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
    ssl_session_timeout  10m;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off; # Requires nginx >= 1.5.9

    # OCSP Stapling --- Requires nginx >= 1.3.7
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    # verify chain of trust of OCSP response using Root CA and Intermediate certs
    # ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

    # DHPARAM: openssl dhparam -out /opt/soft/nginx/conf/dhparam.pem 4096
    # ssl_dhparam /opt/soft/nginx/conf/dhparam.pem; 

    # resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
    # resolver_timeout 5s; 

    # add_header X-Frame-Options DENY;
    # add_header X-Content-Type-Options nosniff;
    # add_header X-XSS-Protection "1; mode=block";

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    # add_header Strict-Transport-Security max-age=15768000;
    # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

    # Forced to use HTTPS
    # if ( $scheme = "http") {
    #     return 301 https://$host$request_uri;
    # }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log /opt/log/nginx/www.fandenggui.com_access.log main;
    error_log /opt/log/nginx/www.fandenggui.com_error.log error;

    location / {
        # 根据实际情况配置反向代理
        # ……
    }
}

创建 nginx.service

路径:/usr/lib/systemd/system/nginx.service

[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/opt/run/nginx/nginx.pid
ExecStartPre=/usr/bin/rm -f /opt/run/nginx/nginx.pid
ExecStartPre=/opt/soft/nginx/sbin/nginx -t
ExecStart=/opt/soft/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true

[Install]
WantedBy=multi-user.target

启动服务 & 设置开机启动

# Check Nginx config.
/opt/soft/nginx/sbin/nginx -t

systemctl start nginx
systemctl enable nginx

参考与工具

原文地址:http://blog.51cto.com/opsarno/2299329

时间: 2024-10-11 15:53:14

Centos7.x 编译安装全功能的Nginx的相关文章

CentOS6.5_Nginx1.40_Php5.57_MySQL5.5.35编译安装全记录

环境说明:CentOS 6.5 32位  PHP Version 5.5.7  mysql version _5.6.16 一.准备工作 配置防火墙,允许防火墙通过22(sshd).80(WEB).3306(MYSQL)端口iptables -A INPUT -p tcp --dport 80 -j ACCEPTiptables -A INPUT -p tcp --dport 3306 -j ACCEPTiptables -A INPUT -p tcp --dport 22 -j ACCEPTi

Centos 7.0 编译安装LNMP(Linxu+nginx+mysql+php)之源码安装nginx (一)

nginx简介:       Nginx (engine x) 是一个高性能的HTTP和反向代理服务器,也是一个IMAP/POP3/SMTP服务器.Nginx是由伊戈尔·赛索耶夫为俄罗斯访问量第二的Rambler.ru站点(俄文:Рамблер)开发的,第一个公开版本0.1.0发布于2004年10月4日. 其将源代码以类BSD许可证的形式发布,因它的稳定性.丰富的功能集.示例配置文件和低系统资源的消耗而闻名.2011年6月1日,nginx 1.0.4发布. Nginx是一款轻量级的Web 服务器

centos7手动编译安装Libvirt常见问题

由于功能需要,体验了手动编译安装Libvrt,还是碰到了不少问题,这里总结如下仅限于centos7: 1.configure: error: You must install the pciaccess module to build with udev 解决方案:yum install libpciaccess-devel.x86_64 2.configure: error: You must install device-mapper-devel/libdevmapper >= 1.0.0

centos7.4编译安装lamp

centos7.4编译安装lamp lamp简介 Linux+Apache+Mysql/MariaDB+PHP一组常用来搭建动态网站或者服务器的开源软件,本身都是各自独立的程序,但是因为常被放在一起使用,拥有了越来越高的兼容度,共同组成了一个强大的Web应用程序平台.apache相对nginx来说更加稳定,动态页面的处理更加合适. 源码包 httpd-2.4.33mariadb-10.2.14php-7.2.5 基本编译环境构建 系统版本:CentOS 7.4 x86_64安装开发包:Devel

Linux Centos7.2 编译安装PHP7.0.2

操作环境: 1.系统:Centos7.2 2.服务:Nginx 1.下载PHP7.0.2的安装包解压,编译,安装: $ cd /usr/src/ $ wget http://cn2.php.net/distributions/php-7.0.2.tar.gz $ tar -zxvf php-7.0.2.tar.gz $ cd php-7.0.2 1.1 编译前检查 请检查是否安装了gcc ,没有的话执行yum install gcc 检查是否安装了libxml2 ,没有的话执行yum insta

centos7.3编译安装LAMP环境并搭建WordPress博客

centos7.3编译安装LAMP环境并搭建WordPress博客 日期:2017年8月6日 软件版本: apr-1.5.2.tar.bz2 apr-util-1.5.4.tar.bz2 httpd-2.4.27.tar.bz2 mariadb-10.2.7-linux-x86_64.tar.gz php-7.1.7.tar.bz2 wordpress-4.8-zh_CN.tar.gz xcache-3.2.0.tar.gz 1.编译安装apache2.4 yum groupinstall de

CentOS7.3编译安装python3.6

CentOS7.3编译安装python3.6  一.前言  最近迷上了python,所以准备开始上手python.由于python2维护较少,python3必然是趋势了,所以我准备用python3.6学习python.CentOS7.3默认安装的是python2.7,所以我需要从官网上下载python3.6并编译安装python3.6,但是比较尴尬的是,CentOS的yum环境支持python2而不支持python3,所以需要通过一些小小的修改,才能在正常的使用python3.6的同时也能正常的

CentOS7.3编译安装MariaDB10.2.12

在CentOS7.3编译安装MariaDB10.2.12详细教程 1. 删除CentOS7.3默认数据库配置文件 查看默认数据库配置文件 [[email protected] ~]# find -H /etc/ | grep my.c /etc/pki/tls/certs/make-dummy-cert /etc/pki/tls/certs/renew-dummy-cert /etc/my.cnf.d /etc/my.cnf.d/mysql-clients.cnf /etc/my.cnf 删除默

CentOS7.6编译安装openssl-1.1.1c

卸载旧版本OpenSSL # which openssl/usr/bin/openssl# mv openssl openssl.oldrm -rf /etc/ssl #删除配置文件 CentOS7.6编译安装openssl-1.1.1c 1. 获取安装包.wget https://www.openssl.org/source/openssl-1.1.1c.tar.gz2. 解压.tar -xzvf openssl-1.1.1c.tar.gz3. 配置../Configure --help# 配