先看看仓库们
yum list nginx*
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
- base: mirrors.aliyun.com
- extras: mirrors.aliyun.com
- updates: mirrors.aliyun.com
已安装的软件包
nginx-filesystem.noarch 1:1.20.1-9.el7 @epel
可安装的软件包
nginx.x86_64 1:1.22.0-1.el7.ngx nginx
nginx-all-modules.noarch 1:1.20.1-9.el7 epel >
nginx-debug.x86_64 1:1.8.0-1.el7.ngx nginx
nginx-debuginfo.x86_64 1:1.22.0-1.el7.ngx nginx
nginx-mod-devel.x86_64 1:1.20.1-9.el7 epel
nginx-mod-http-image-filter.x86_64 1:1.20.1-9.el7 epel
nginx-mod-http-perl.x86_64 1:1.20.1-9.el7 epel
nginx-mod-http-xslt-filter.x86_64 1:1.20.1-9.el7 epel
nginx-mod-mail.x86_64 1:1.20.1-9.el7 epel
nginx-mod-stream.x86_64 1:1.20.1-9.el7 epel
nginx-module-geoip.x86_64 1:1.22.0-1.el7.ngx nginx
nginx-module-geoip-debuginfo.x86_64 1:1.22.0-1.el7.ngx nginx
nginx-module-image-filter.x86_64 1:1.22.0-1.el7.ngx nginx
nginx-module-image-filter-debuginfo.x86_64 1:1.22.0-1.el7.ngx nginx
nginx-module-njs.x86_64 1:1.22.0+0.7.6-1.el7.ngx nginx
nginx-module-njs-debuginfo.x86_64 1:1.22.0+0.7.6-1.el7.ngx nginx
nginx-module-perl.x86_64 1:1.22.0-1.el7.ngx nginx
nginx-module-perl-debuginfo.x86_64 1:1.22.0-1.el7.ngx nginx
nginx-module-xslt.x86_64 1:1.22.0-1.el7.ngx nginx
nginx-module-xslt-debuginfo.x86_64 1:1.22.0-1.el7.ngx nginx
nginx-nr-agent.noarch 2.0.0-12.el7.ngx nginx
官方nginx 仓库主程序 到 1.22 , 没有全模块,阿里epel 仓库里 全模块 nginx-all-modules 只到 1.20。(我一开始不懂,装epel的 nginx-all-modules 1.20 时候总报错)。后来了解了一下最重要的会话保持模块sticky ,估计全模块也不可能包含它。只有弃用现成包了。
卸载前了解一下现成包怎么编译和做配置文件的
nginx -V
nginx version: nginx/1.22.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt=‘-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC’ --with-ld-opt=‘-Wl,-z,relro -Wl,-z,now -pie’
confiture 换好行看看
–prefix=/etc/nginx
–sbin-path=/usr/sbin/nginx
–modules-path=/usr/lib64/nginx/modules
–conf-path=/etc/nginx/nginx.conf
–error-log-path=/var/log/nginx/error.log
–http-log-path=/var/log/nginx/access.log
–pid-path=/var/run/nginx.pid
–lock-path=/var/run/nginx.lock
–http-client-body-temp-path=/var/cache/nginx/client_temp
–http-proxy-temp-path=/var/cache/nginx/proxy_temp
–http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
–http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
–http-scgi-temp-path=/var/cache/nginx/scgi_temp
–user=nginx
–group=nginx
–with-compat
–with-file-aio
–with-threads
–with-http_addition_module
–with-http_auth_request_module
–with-http_dav_module
–with-http_flv_module
–with-http_gunzip_module
–with-http_gzip_static_module
–with-http_mp4_module
–with-http_random_index_module
–with-http_realip_module
–with-http_secure_link_module
–with-http_slice_module
–with-http_ssl_module
–with-http_stub_status_module
–with-http_sub_module
–with-http_v2_module
–with-mail
–with-mail_ssl_module
–with-stream
–with-stream_realip_module
–with-stream_ssl_module
–with-stream_ssl_preread_module
–with-cc-opt=‘-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
–param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC’
–with-ld-opt=‘-Wl,-z,relro -Wl,-z,now -pie’
/etc/nginx/nginx.conf
其中最有参考价值的是
include conf.d/*.conf
然后 新建 conf.d 文件夹,里面有default.conf
做个自己。configure, make, make install
http://nginx.org/en/download.html
结合前面的 confugre参数+官方参数说明文档+自己的需求(sticky)
./configure --with-compat \
--with-file-aio \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-stream=dynamic \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-zlib=/usr/local/src/zlib-1.2.12 \
--with-openssl=/usr/local \
--with-debug \
--add-module=/mnt/install/nginx/nginx-goodies-nginx-sticky-module-ng-08a395c66e42
说明:
- 文件都放默认的/usr/local/nginx,主程序做个链接到/usr/local/sbin,文件夹做个链接到熟悉的/etc/nginx。其他什么进程id,临时文件都不理了,要的以后修改nginx.conf
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/nginx
ln -s /usr/local/nginx/ /etc/nginx
- 还有以下几个参数我感觉用不到就没添加了,要添加的话,实测还要装其他包(前面yum list 可以看出端儿)。用户名和组也不理了
–user=nginx
–group=nginx
–with-http_xslt_module=dynamic
–with-http_image_filter_module=dynamic
–with-http_geoip_module=dynamic
–with-http_perl_module=dynamic
–with-perl_modules_path
–with-perl
–with-stream_geoip_module=dynamic
–add-dynamic-module
- 由于等保要求,我的zlib, openssl 都是源码安装最新版的,所以以上配置增加了 --with-zlib, --with-openssl ,但是都会报错,需要做以下修改。(你们没源码最新版要求,可以去除这两个参数)
- openssl
vim auto/lib/openssl/conf
CORE_INCS=“$CORE_INCS $OPENSSL/.openssl/include”
CORE_DEPS=“$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h”
CORE_LIBS=“$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a”
CORE_LIBS=“$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a”
CORE_INCS=“$CORE_INCS $OPENSSL/include”
CORE_DEPS=“$CORE_DEPS $OPENSSL/include/openssl/ssl.h”
CORE_LIBS=“$CORE_LIBS $OPENSSL/lib64/libssl.a”
CORE_LIBS=“$CORE_LIBS $OPENSSL/lib64/libcrypto.a”
- zlib
vim auto/lib/zlib/conf
CORE_LIBS=“$CORE_LIBS $ZLIB/adler32.o”
CORE_LIBS=“$CORE_LIBS $ZLIB/crc32.o”
CORE_LIBS=“$CORE_LIBS $ZLIB/deflate.o”
CORE_LIBS=“$CORE_LIBS $ZLIB/trees.o”
CORE_LIBS=“$CORE_LIBS $ZLIB/zutil.o”
CORE_LIBS=“$CORE_LIBS $ZLIB/compress.o”
他要的是源码目录,不是安装后库的目录
- make 的时候报错
/usr/local/src/nginx-1.23.1/nginx-goodies-nginx-sticky-module-ng-08a395c66e42/ngx_http_sticky_module.c: 在函数‘ngx_http_init_sticky_peer’中:
/usr/local/src/nginx-1.23.1/nginx-goodies-nginx-sticky-module-ng-08a395c66e42/ngx_http_sticky_module.c:207:54: 错误:‘ngx_http_headers_in_t’没有名为‘cookies’的成员
if (ngx_http_parse_multi_header_lines(&r->headers_in.cookies, &iphp->sticky_conf->cookie_name, &route) != NGX_DECLINED) {
^
/usr/local/src/nginx-1.23.1/nginx-goodies-nginx-sticky-module-ng-08a395c66e42/ngx_http_sticky_module.c:207:2: 错误:传递‘ngx_http_parse_multi_header_lines’的第 2 个参数时在不兼容的指针类型间转换 [-Werror]
if (ngx_http_parse_multi_header_lines(&r->headers_in.cookies, &iphp->sticky_conf->cookie_name, &route) != NGX_DECLINED) {
^
In file included from /usr/local/src/nginx-1.23.1/nginx-goodies-nginx-sticky-module-ng-08a395c66e42/ngx_http_sticky_module.c:9:0:
src/http/ngx_http.h:106:18: 附注:需要类型‘struct ngx_table_elt_t *’,但实参的类型为‘struct ngx_str_t *’
ngx_table_elt_t *ngx_http_parse_multi_header_lines(ngx_http_request_t *r,
^
/usr/local/src/nginx-1.23.1/nginx-goodies-nginx-sticky-module-ng-08a395c66e42/ngx_http_sticky_module.c:207:2: 错误:提供给函数‘ngx_http_parse_multi_header_lines’的实参太少
if (ngx_http_parse_multi_header_lines(&r->headers_in.cookies, &iphp->sticky_conf->cookie_name, &route) != NGX_DECLINED) {
^
In file included from /usr/local/src/nginx-1.23.1/nginx-goodies-nginx-sticky-module-ng-08a395c66e42/ngx_http_sticky_module.c:9:0:
src/http/ngx_http.h:106:18: 附注:在此声明
ngx_table_elt_t *ngx_http_parse_multi_header_lines(ngx_http_request_t *r,
^
cc1: all warnings being treated as errors
make[1]: *** [objs/addon/nginx-goodies-nginx-sticky-module-ng-08a395c66e42/ngx_http_sticky_module.o] 错误 1
make[1]: 离开目录“/usr/local/src/nginx-1.23.1”
vim ngx_http_sticky_module.c
if (ngx_http_parse_multi_header_lines(&r->headers_in.cookies, &iphp->sticky_conf->cookie_name, &route) != NGX_DECLINED) {
if (ngx_http_parse_multi_header_lines(r, r->headers_in.cookie, &iphp->sticky_conf->cookie_name, &route) != NULL) {
真正的编译安装
make; make install
vim /usr/local/nginx/conf/nginx.conf
在 [http] 里,注释掉 整个[server] 段,增加
include conf.d/*.conf;
mkdir /usr/local/nginx/conf/conf.d
vim /usr/local/nginx/conf/conf.d/upstreams.conf
upstream aaa {
sticky;
server localhost:8080;
}
upstream bbb{
#server 111.222.111.222;
#server 222.111.222.111;
sticky;
server localhost:8080;
}
vim /usr/local/nginx/conf/conf.d/servers.conf
#server {
# listen 80;
# #server_name localhost;
#
# #access_log /var/log/nginx/host.access.log main;
#
# location /zhbm {
# proxy_pass http://zhbm;
# }
#
#
#}
server {
listen 443 ssl;
# ssl_protocols TLSv1.3;
ssl_certificate conf.d/myca.crt;
ssl_certificate_key conf.d/myca.key;
location /aaa{
proxy_pass http://aaa;
}
location /bbb {
proxy_pass http://bbb;
}
}
上面还开了自签ssl https,我在其他文章里也写到生成自签ssl证书
openssl genrsa -out myca.key;
openssl req -new -x509 -days 3650 -key myca.key -out myca.crt
等保要求我还要开着selinux,要正常运行,还要执行
setsebool -P httpd_can_network_connect 1;
setsebool -P httpd_can_network_relay 1
321
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
