安装Nginx
简单记录下Nginx的相关链接、下载地址、软件包仓库配置及安装命令
一、安装官方提供的二进制包
1.1 RHEL/CentOS
如果下文中涉及到执行命令操作,默认为使用root用户,如需普通用户安装,请自行在命令前添加sudo以特权用户执行
版本 | 平台架构 |
---|---|
7.4+ | x86_64, ppc64le, aarch64/arm64 |
8.x | x86_64, aarch64/arm64 |
- 安装依赖包
# yum install yum-utils
- 设置yum仓库
请注意: 为了创建nginx.repo文件的命令可直接在命令行中执行生成,已经将$符号前加了反斜线进行转义,如果vim或者通过其他编译器手动复制、粘贴编写此文件,请将反斜线去掉,否则配置的地址将会有问题。
# cat <<EOF> /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
gpgcheck
的含义为是否开启gpg密钥验证,1为开启,0为关闭,在自己搭建临时私有yum仓库时可设置为0,关闭gpg密钥校验。
enabled
的含义为是否启用此yum仓库,同样是1开启,0关闭,默认启用stable仓库,关闭mainline仓库,如果想要使用安装mainline版本,可以直接把enabled
字段的值设置为1,也可以按照官方文档中的命令,执行下边的命令来启用。
# yum-config-manager --enable nginx-mainline
- 安装Nginx
# yum install nginx
- 查看所有可用版本的Nginx,安装指定版本的Nginx
# yum list --showduplicates | grep nginx
# yum -y install nginx-<version>
例如:
# yum -y install nginx-1.20.0-1.el7.ngx
1.2 Ubuntu
版本 | 平台架构 |
---|---|
16.04 | “xenial” x86_64, i386, ppc64el, aarch64/arm64 |
18.04 | “bionic” x86_64, aarch64/arm64 |
20.04 | “focal” x86_64, aarch64/arm64 |
20.10 | “groovy” x86_64, aarch64/arm64 |
- 安装依赖包
# apt install curl gnupg2 ca-certificates lsb-release
- 设置nginx稳定版的仓库地址
# echo "deb http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
- 导入nginx官方签名密钥
# curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key
- 验证下载的文件是否包含正确的密钥
# gpg --dry-run --quiet --import --import-options show-only /tmp/nginx_signing.key
Ubuntu 16.04使用此命令:
# gpg --with-fingerprint /tmp/nginx_signing.key
输出应该包含如下指纹信息:
pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
- 将密钥移动到 apt 可信密钥存储
# mv /tmp/nginx_signing.key /etc/apt/trusted.gpg.d/nginx_signing.asc
- 安装Nginx
# apt update
# apt install nginx
1.3 Alpine
Alpine Linux日常用到的比较少,一般是用来作为docker镜像的基础镜像使用,因为相比于其他镜像,它的大小只有5M左右,而且还提供了自己的包管理工具apk
。
版本 | 平台架构 |
---|---|
3.10 | x86_64 |
3.11 | x86_64 |
3.12 | x86_64, aarch64/arm64 |
3.13 | x86_64, aarch64/arm64 |
- 安装依赖
# apk add openssl curl ca-certificates
- 设置Nginx稳定版仓库
# printf "%s%s%s%s\n" \
"@nginx " \
"http://nginx.org/packages/mainline/alpine/v" \
`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \
"/main" \
| sudo tee -a /etc/apk/repositories
- 导入官方 nginx 签名密钥
# curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub
- 验证下载的文件是否包含正确的密钥
# openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout
应该会打印出如下的输出:
Public-Key: (2048 bit)
Modulus:
00:fe:14:f6:0a:1a:b8:86:19:fe:cd:ab:02:9f:58:
2f:37:70:15:74:d6:06:9b:81:55:90:99:96:cc:70:
5c:de:5b:e8:4c:b2:0c:47:5b:a8:a2:98:3d:11:b1:
f6:7d:a0:46:df:24:23:c6:d0:24:52:67:ba:69:ab:
9a:4a:6a:66:2c:db:e1:09:f1:0d:b2:b0:e1:47:1f:
0a:46:ac:0d:82:f3:3c:8d:02:ce:08:43:19:d9:64:
86:c4:4e:07:12:c0:5b:43:ba:7d:17:8a:a3:f0:3d:
98:32:b9:75:66:f4:f0:1b:2d:94:5b:7c:1c:e6:f3:
04:7f:dd:25:b2:82:a6:41:04:b7:50:93:94:c4:7c:
34:7e:12:7c:bf:33:54:55:47:8c:42:94:40:8e:34:
5f:54:04:1d:9e:8c:57:48:d4:b0:f8:e4:03:db:3f:
68:6c:37:fa:62:14:1c:94:d6:de:f2:2b:68:29:17:
24:6d:f7:b5:b3:18:79:fd:31:5e:7f:4c:be:c0:99:
13:cc:e2:97:2b:dc:96:9c:9a:d0:a7:c5:77:82:67:
c9:cb:a9:e7:68:4a:e1:c5:ba:1c:32:0e:79:40:6e:
ef:08:d7:a3:b9:5d:1a:df:ce:1a:c7:44:91:4c:d4:
99:c8:88:69:b3:66:2e:b3:06:f1:f4:22:d7:f2:5f:
ab:6d
Exponent: 65537 (0x10001)
- 将密钥移动到 apk 可信密钥存储
# mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/
- 安装Nginx
# apk add nginx@nginx
二、安装OpenResty
OpenResty® 是一个基于 Nginx 与 Lua 的高性能 Web 平台,其内部集成了大量精良的 Lua 库、第三方模块以及大多数的依赖项。用于方便地搭建能够处理超高并发、扩展性极高的动态 Web 应用、Web 服务和动态网关。
三、编译官方源码及第三方模块
如下信息,可通过在源码包中执行./configure --help
命令查看
The configure command supports the following parameters:
--help
prints a help message.
--prefix=path
defines a directory that will keep server files. This same directory will also be used for all relative paths set by configure (except for paths to libraries sources) and in the nginx.conf configuration file. It is set to the /usr/local/nginx directory by default.
--sbin-path=path
sets the name of an nginx executable file. This name is used only during installation. By default the file is named prefix/sbin/nginx.
--modules-path=path
defines a directory where nginx dynamic modules will be installed. By default the prefix/modules directory is used.
--conf-path=path
sets the name of an nginx.conf configuration file. If needs be, nginx can always be started with a different configuration file, by specifying it in the command-line parameter -c file. By default the file is named prefix/conf/nginx.conf.
--error-log-path=path
sets the name of the primary error, warnings, and diagnostic file. After installation, the file name can always be changed in the nginx.conf configuration file using the error_log directive. By default the file is named prefix/logs/error.log.
--pid-path=path
sets the name of an nginx.pid file that will store the process ID of the main process. After installation, the file name can always be changed in the nginx.conf configuration file using the pid directive. By default the file is named prefix/logs/nginx.pid.
--lock-path=path
sets a prefix for the names of lock files. After installation, the value can always be changed in the nginx.conf configuration file using the lock_file directive. By default the value is prefix/logs/nginx.lock.
--user=name
sets the name of an unprivileged user whose credentials will be used by worker processes. After installation, the name can always be changed in the nginx.conf configuration file using the user directive. The default user name is nobody.
--group=name
sets the name of a group whose credentials will be used by worker processes. After installation, the name can always be changed in the nginx.conf configuration file using the user directive. By default, a group name is set to the name of an unprivileged user.
--build=name
sets an optional nginx build name.
--builddir=path
sets a build directory.
--with-select_module
--without-select_module
enables or disables building a module that allows the server to work with the select() method. This module is built automatically if the platform does not appear to support more appropriate methods such as kqueue, epoll, or /dev/poll.
--with-poll_module
--without-poll_module
enables or disables building a module that allows the server to work with the poll() method. This module is built automatically if the platform does not appear to support more appropriate methods such as kqueue, epoll, or /dev/poll.
--with-threads
enables the use of thread pools.
--with-file-aio
enables the use of asynchronous file I/O (AIO) on FreeBSD and Linux.
--with-http_ssl_module
enables building a module that adds the HTTPS protocol support to an HTTP server. This module is not built by default. The OpenSSL library is required to build and run this module.
--with-http_v2_module
enables building a module that provides support for HTTP/2. This module is not built by default.
--with-http_realip_module
enables building the ngx_http_realip_module module that changes the client address to the address sent in the specified header field. This module is not built by default.
--with-http_addition_module
enables building the ngx_http_addition_module module that adds text before and after a response. This module is not built by default.
--with-http_xslt_module
--with-http_xslt_module=dynamic
enables building the ngx_http_xslt_module module that transforms XML responses using one or more XSLT stylesheets. This module is not built by default. The libxml2 and libxslt libraries are required to build and run this module.
--with-http_image_filter_module
--with-http_image_filter_module=dynamic
enables building the ngx_http_image_filter_module module that transforms images in JPEG, GIF, PNG, and WebP formats. This module is not built by default.
--with-http_geoip_module
--with-http_geoip_module=dynamic
enables building the ngx_http_geoip_module module that creates variables depending on the client IP address and the precompiled MaxMind databases. This module is not built by default.
--with-http_sub_module
enables building the ngx_http_sub_module module that modifies a response by replacing one specified string by another. This module is not built by default.
--with-http_dav_module
enables building the ngx_http_dav_module module that provides file management automation via the WebDAV protocol. This module is not built by default.
--with-http_flv_module
enables building the ngx_http_flv_module module that provides pseudo-streaming server-side support for Flash Video (FLV) files. This module is not built by default.
--with-http_mp4_module
enables building the ngx_http_mp4_module module that provides pseudo-streaming server-side support for MP4 files. This module is not built by default.
--with-http_gunzip_module
enables building the ngx_http_gunzip_module module that decompresses responses with “Content-Encoding: gzip” for clients that do not support “gzip” encoding method. This module is not built by default.
--with-http_gzip_static_module
enables building the ngx_http_gzip_static_module module that enables sending precompressed files with the “.gz” filename extension instead of regular files. This module is not built by default.
--with-http_auth_request_module
enables building the ngx_http_auth_request_module module that implements client authorization based on the result of a subrequest. This module is not built by default.
--with-http_random_index_module
enables building the ngx_http_random_index_module module that processes requests ending with the slash character (‘/’) and picks a random file in a directory to serve as an index file. This module is not built by default.
--with-http_secure_link_module
enables building the ngx_http_secure_link_module module. This module is not built by default.
--with-http_degradation_module
enables building the ngx_http_degradation_module module. This module is not built by default.
--with-http_slice_module
enables building the ngx_http_slice_module module that splits a request into subrequests, each returning a certain range of response. The module provides more effective caching of big responses. This module is not built by default.
--with-http_stub_status_module
enables building the ngx_http_stub_status_module module that provides access to basic status information. This module is not built by default.
--without-http_charset_module
disables building the ngx_http_charset_module module that adds the specified charset to the “Content-Type” response header field and can additionally convert data from one charset to another.
--without-http_gzip_module
disables building a module that compresses responses of an HTTP server. The zlib library is required to build and run this module.
--without-http_ssi_module
disables building the ngx_http_ssi_module module that processes SSI (Server Side Includes) commands in responses passing through it.
--without-http_userid_module
disables building the ngx_http_userid_module module that sets cookies suitable for client identification.
--without-http_access_module
disables building the ngx_http_access_module module that allows limiting access to certain client addresses.
--without-http_auth_basic_module
disables building the ngx_http_auth_basic_module module that allows limiting access to resources by validating the user name and password using the “HTTP Basic Authentication” protocol.
--without-http_mirror_module
disables building the ngx_http_mirror_module module that implements mirroring of an original request by creating background mirror subrequests.
--without-http_autoindex_module
disables building the ngx_http_autoindex_module module that processes requests ending with the slash character (‘/’) and produces a directory listing in case the ngx_http_index_module module cannot find an index file.
--without-http_geo_module
disables building the ngx_http_geo_module module that creates variables with values depending on the client IP address.
--without-http_map_module
disables building the ngx_http_map_module module that creates variables with values depending on values of other variables.
--without-http_split_clients_module
disables building the ngx_http_split_clients_module module that creates variables for A/B testing.
--without-http_referer_module
disables building the ngx_http_referer_module module that can block access to a site for requests with invalid values in the “Referer” header field.
--without-http_rewrite_module
disables building a module that allows an HTTP server to redirect requests and change URI of requests. The PCRE library is required to build and run this module.
--without-http_proxy_module
disables building an HTTP server proxying module.
--without-http_fastcgi_module
disables building the ngx_http_fastcgi_module module that passes requests to a FastCGI server.
--without-http_uwsgi_module
disables building the ngx_http_uwsgi_module module that passes requests to a uwsgi server.
--without-http_scgi_module
disables building the ngx_http_scgi_module module that passes requests to an SCGI server.
--without-http_grpc_module
disables building the ngx_http_grpc_module module that passes requests to a gRPC server.
--without-http_memcached_module
disables building the ngx_http_memcached_module module that obtains responses from a memcached server.
--without-http_limit_conn_module
disables building the ngx_http_limit_conn_module module that limits the number of connections per key, for example, the number of connections from a single IP address.
--without-http_limit_req_module
disables building the ngx_http_limit_req_module module that limits the request processing rate per key, for example, the processing rate of requests coming from a single IP address.
--without-http_empty_gif_module
disables building a module that emits single-pixel transparent GIF.
--without-http_browser_module
disables building the ngx_http_browser_module module that creates variables whose values depend on the value of the “User-Agent” request header field.
--without-http_upstream_hash_module
disables building a module that implements the hash load balancing method.
--without-http_upstream_ip_hash_module
disables building a module that implements the ip_hash load balancing method.
--without-http_upstream_least_conn_module
disables building a module that implements the least_conn load balancing method.
--without-http_upstream_random_module
disables building a module that implements the random load balancing method.
--without-http_upstream_keepalive_module
disables building a module that provides caching of connections to upstream servers.
--without-http_upstream_zone_module
disables building a module that makes it possible to store run-time state of an upstream group in a shared memory zone.
--with-http_perl_module
--with-http_perl_module=dynamic
enables building the embedded Perl module. This module is not built by default.
--with-perl_modules_path=path
defines a directory that will keep Perl modules.
--with-perl=path
sets the name of the Perl binary.
--http-log-path=path
sets the name of the primary request log file of the HTTP server. After installation, the file name can always be changed in the nginx.conf configuration file using the access_log directive. By default the file is named prefix/logs/access.log.
--http-client-body-temp-path=path
defines a directory for storing temporary files that hold client request bodies. After installation, the directory can always be changed in the nginx.conf configuration file using the client_body_temp_path directive. By default the directory is named prefix/client_body_temp.
--http-proxy-temp-path=path
defines a directory for storing temporary files with data received from proxied servers. After installation, the directory can always be changed in the nginx.conf configuration file using the proxy_temp_path directive. By default the directory is named prefix/proxy_temp.
--http-fastcgi-temp-path=path
defines a directory for storing temporary files with data received from FastCGI servers. After installation, the directory can always be changed in the nginx.conf configuration file using the fastcgi_temp_path directive. By default the directory is named prefix/fastcgi_temp.
--http-uwsgi-temp-path=path
defines a directory for storing temporary files with data received from uwsgi servers. After installation, the directory can always be changed in the nginx.conf configuration file using the uwsgi_temp_path directive. By default the directory is named prefix/uwsgi_temp.
--http-scgi-temp-path=path
defines a directory for storing temporary files with data received from SCGI servers. After installation, the directory can always be changed in the nginx.conf configuration file using the scgi_temp_path directive. By default the directory is named prefix/scgi_temp.
--without-http
disables the HTTP server.
--without-http-cache
disables HTTP cache.
--with-mail
--with-mail=dynamic
enables POP3/IMAP4/SMTP mail proxy server.
--with-mail_ssl_module
enables building a module that adds the SSL/TLS protocol support to the mail proxy server. This module is not built by default. The OpenSSL library is required to build and run this module.
--without-mail_pop3_module
disables the POP3 protocol in mail proxy server.
--without-mail_imap_module
disables the IMAP protocol in mail proxy server.
--without-mail_smtp_module
disables the SMTP protocol in mail proxy server.
--with-stream
--with-stream=dynamic
enables building the stream module for generic TCP/UDP proxying and load balancing. This module is not built by default.
--with-stream_ssl_module
enables building a module that adds the SSL/TLS protocol support to the stream module. This module is not built by default. The OpenSSL library is required to build and run this module.
--with-stream_realip_module
enables building the ngx_stream_realip_module module that changes the client address to the address sent in the PROXY protocol header. This module is not built by default.
--with-stream_geoip_module
--with-stream_geoip_module=dynamic
enables building the ngx_stream_geoip_module module that creates variables depending on the client IP address and the precompiled MaxMind databases. This module is not built by default.
--with-stream_ssl_preread_module
enables building the ngx_stream_ssl_preread_module module that allows extracting information from the ClientHello message without terminating SSL/TLS. This module is not built by default.
--without-stream_limit_conn_module
disables building the ngx_stream_limit_conn_module module that limits the number of connections per key, for example, the number of connections from a single IP address.
--without-stream_access_module
disables building the ngx_stream_access_module module that allows limiting access to certain client addresses.
--without-stream_geo_module
disables building the ngx_stream_geo_module module that creates variables with values depending on the client IP address.
--without-stream_map_module
disables building the ngx_stream_map_module module that creates variables with values depending on values of other variables.
--without-stream_split_clients_module
disables building the ngx_stream_split_clients_module module that creates variables for A/B testing.
--without-stream_return_module
disables building the ngx_stream_return_module module that sends some specified value to the client and then closes the connection.
--without-stream_set_module
disables building the ngx_stream_set_module module that sets a value for a variable.
--without-stream_upstream_hash_module
disables building a module that implements the hash load balancing method.
--without-stream_upstream_least_conn_module
disables building a module that implements the least_conn load balancing method.
--without-stream_upstream_random_module
disables building a module that implements the random load balancing method.
--without-stream_upstream_zone_module
disables building a module that makes it possible to store run-time state of an upstream group in a shared memory zone.
--with-google_perftools_module
enables building the ngx_google_perftools_module module that enables profiling of nginx worker processes using Google Performance Tools. The module is intended for nginx developers and is not built by default.
--with-cpp_test_module
enables building the ngx_cpp_test_module module.
--add-module=path
enables an external module.
--add-dynamic-module=path
enables an external dynamic module.
--with-compat
enables dynamic modules compatibility.
--with-cc=path
sets the name of the C compiler.
--with-cpp=path
sets the name of the C preprocessor.
--with-cc-opt=parameters
sets additional parameters that will be added to the CFLAGS variable. When using the system PCRE library under FreeBSD, --with-cc-opt="-I /usr/local/include" should be specified. If the number of files supported by select() needs to be increased it can also be specified here such as this: --with-cc-opt="-D FD_SETSIZE=2048".
--with-ld-opt=parameters
sets additional parameters that will be used during linking. When using the system PCRE library under FreeBSD, --with-ld-opt="-L /usr/local/lib" should be specified.
--with-cpu-opt=cpu
enables building per specified CPU: pentium, pentiumpro, pentium3, pentium4, athlon, opteron, sparc32, sparc64, ppc64.
--without-pcre
disables the usage of the PCRE library.
--with-pcre
forces the usage of the PCRE library.
--with-pcre=path
sets the path to the sources of the PCRE library. The library distribution (version 4.4 — 8.43) needs to be downloaded from the PCRE site and extracted. The rest is done by nginx’s ./configure and make. The library is required for regular expressions support in the location directive and for the ngx_http_rewrite_module module.
--with-pcre-opt=parameters
sets additional build options for PCRE.
--with-pcre-jit
builds the PCRE library with “just-in-time compilation” support (1.1.12, the pcre_jit directive).
--with-zlib=path
sets the path to the sources of the zlib library. The library distribution (version 1.1.3 — 1.2.11) needs to be downloaded from the zlib site and extracted. The rest is done by nginx’s ./configure and make. The library is required for the ngx_http_gzip_module module.
--with-zlib-opt=parameters
sets additional build options for zlib.
--with-zlib-asm=cpu
enables the use of the zlib assembler sources optimized for one of the specified CPUs: pentium, pentiumpro.
--with-libatomic
forces the libatomic_ops library usage.
--with-libatomic=path
sets the path to the libatomic_ops library sources.
--with-openssl=path
sets the path to the OpenSSL library sources.
--with-openssl-opt=parameters
sets additional build options for OpenSSL.
--with-debug
enables the debugging log.
Example of parameters usage (all of this needs to be typed in one line):
./configure
--sbin-path=/usr/local/nginx/nginx
--conf-path=/usr/local/nginx/nginx.conf
--pid-path=/usr/local/nginx/nginx.pid
--with-http_ssl_module
--with-pcre=../pcre-8.44
--with-zlib=../zlib-1.2.11
After configuration, nginx is compiled and installed using make.