Nginx 源码编译安装配置

Nginx 源码安装

作者:闫涛

E-mail:coderyantao@qq.com

备注:实验环境为虚拟机,selinux、firewalld都已经关闭。此次安装面向新手,并没有提前把所有问题解决,会展示出现的问题和解决方法。

一、准备

安装gcc、gcc-c++编译工具

[root@localhost ~]# yum install gcc gcc-c++

下载Nginx、PHP、MySQL源码包

[root@localhost ~]# wget -c https://nginx.org/download/nginx-1.16.1.tar.gz
[root@localhost ~]# wget -c https://www.php.net/distributions/php-7.2.29.tar.gz
[root@localhost ~]# wget -c https://downloads.mysql.com/archives/get/p/23/file/mysql-5.6.46.tar.gz

在每次执行 ./configure、make、make install三个命令后,可使用echo $? 来判断上一步是否出错

二、Nginx

1.创建nginx系统账户

[root@localhost ~]# useradd -r -s /sbin/nologin nginx

2.解压缩

[root@localhost ~]# tar -xf nginx-1.16.1.tar.gz 
[root@localhost ~]# cd nginx-1.16.1/
[root@localhost nginx-1.16.1]# 

3.编译、安装

此次实验并没有指定太多的选项,仅仅指定了用户和用户组。其他功能稍后需要时再安装。

执行预编译

[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx

错误提示1:缺少pcre库。缺xxx库,安装xxx-devel

./configure: error: the HTTP rewrite module requires the PCRE library.

解决方法:

[root@localhost nginx-1.16.1]# yum install pcre-devel

再次执行预编译

[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx

错误提示2:缺少zlib库

./configure: error: the HTTP gzip module requires the zlib library.

解决方法:

[root@localhost nginx-1.16.1]# yum install zlib-devel

再次执行预编译

[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx

预编译成功

Configuration summary
#使用了这些库 
 + using system PCRE library
  + OpenSSL library is not used
  + using system zlib library
#默认安装选项
  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/sbin/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx/conf"#配置文件目录
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"#配置文件
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

make 编译

[root@localhost nginx-1.16.1]# make

make install 安装

[root@localhost nginx-1.16.1]# make install

4.创建nginx软链接

#这样就不用使用绝对路径了
[root@localhost nginx-1.16.1]# ln -s /usr/local/nginx/sbin/* /usr/local/bin/

5.启动nginx

[root@localhost ~]# nginx 

查看一下进程

[root@localhost ~]# netstat -antp|grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      21794/nginx: master 
#nginx的master进程已经开启,可用浏览器访问虚拟机ip

查看nginx的其他命令

[root@localhost ~]# nginx -h
nginx version: nginx/1.16.1
Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives]

Options:
  -?,-h         : this help
  -v            : show version and exit
  -V            : show version and configure options then exit
  -t            : test configuration and exit
  -T            : test configuration, dump it and exit
  -q            : suppress non-error messages during configuration testing
  -s signal     : send signal to a master process: stop, quit, reopen, reload
  -p prefix     : set prefix path (default: /usr/local/nginx/)
  -c filename   : set configuration file (default: conf/nginx.conf)
  -g directives : set global directives out of configuration file

6.配置文件

#备份配置文件
[root@localhost ~]# cd /usr/local/nginx/conf/
[root@localhost conf]# cp nginx.conf nginx.conf.bak
[root@localhost conf]# vim nginx.conf
#user  nobody;

#nginx的进程数,通常和CPU数量相等
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

#事件模型
events {
		#单个进程最大连接数(最大连接数=连接数*个进程最大连接数),根据硬件修改
    worker_connections  1024;
}

#全局,下面的内容都在它里面
http {
		#文件扩展名与文件类型映射表,设定mime类型,类型由mime.type文件定义
    include       mime.types;
    #默认文件类型
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;
		#高效文件传输模式
    sendfile        on;
    #防止网络阻塞
    #tcp_nopush     on;

    #keepalive_timeout  0;
    #长连接超时时间
    keepalive_timeout  65;
		#网页压缩
    #gzip  on;

		#默认的网站位置设置
    server {
     		#监听端口
        listen       80;
        网站名
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;
				
				#对本网站的请求 / 是允许任何请求
        location / {
        		#网站目录
            root   html;
            #默认文件
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }

		##虚拟主机配置格式
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

		##https配置
    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
                                                                                                                                                                                                                                               }

三、实验

1.虚拟主机

为了让配置文件规范化,我们使用一个网站一个配置文件,操作步骤如下

1.1编辑主配置文件

[root@localhost conf]# vim nginx.conf

在全局设置里添加代码

http {
		...
    #gzip  on;

    #加载vhosts目录下的myweb1.conf
    include vhosts/myweb1.conf;

1.2创建子配置文件

[root@localhost conf]# mkdir vhosts
[root@localhost conf]# vim vhosts/myweb1.conf
server {
        listen       80;
        server_name  www.myweb1.com;

        location / {
            root   html/myweb1;
            index  index.html index.htm;
        }
}

1.3重新加载配置文件

#先检查语法
[root@localhost conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
#重新加载
[root@localhost conf]# nginx -s reload

1.4创建网站目录

[root@localhost conf]# mkdir /usr/local/nginx/html/myweb1
[root@localhost conf]# vim /usr/local/nginx/html/myweb1/index.html
#内容标识
this is myweb1

电脑上的hosts文件添加以下即可访问

192.168.1.54    www.myweb1.com

2.Nginx状态统计

要实现这个功能是需要在预编译时开启–with-http_stub_status_module的参数,我们刚才并没有开启,现在就需要重新编译一次。

#可以通过该命令查看当前编译参数
[root@localhost nginx-1.16.1]# nginx -Vnginx version: nginx/1.16.1built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) configure arguments: --user=nginx --group=nginx

2.1重新编译

#进入源码包
[root@localhost ~]# cd nginx-1.16.1/
#清除上次产生的文件
[root@localhost nginx-1.16.1]# make cleanrm -rf Makefile objs
#再次预编译,旧的参数+新的参数
[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx --with-http_stub_status_module
#编译
[root@localhost nginx-1.16.1]# make

2.2覆盖原程序

新编译出来的程序就在 objs目录

[root@localhost nginx-1.16.1]# cd objs/[root@localhost objs]# lsautoconf.err  Makefile  nginx  nginx.8  ngx_auto_config.h  ngx_auto_headers.h  ngx_modules.c  ngx_modules.o  src

新的复制过去,需要停止nginx进程

[root@localhost objs]# cp nginx /usr/local/nginx/sbin/nginx

重新加载配置文件

[root@localhost objs]# nginx -s reload

这样,原来的配置操作都得以保留,新的功能也加进来了

2.3编辑虚拟主机

这里监控myweb1.com的状态

[root@localhost vhosts]# vim myweb1.conf

修改如下,看了很多帖子,都失败了,最后还是得官网http://nginx.org/en/docs/http/ngx_http_stub_status_module.html

server {
        listen       80;
        server_name  www.myweb1.com;

        location / {
            root   html/myweb1;
            index  index.html index.htm;
         }
        location = /basic_status {
            #开启状态统计
            stub_status;
        }
}

浏览器访问 http://www.myweb1.com/basic_status 即可

2.4重新加载

[root@localhost myweb1]# nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@localhost myweb1]# nginx -s reload

3.目录保护

将上一个的统计页面进行保护

3.1编辑虚拟主机配置文件

[root@localhost vhosts]# vim myweb1.conf
server {
        listen       80;
        server_name  www.myweb1.com;

        location / {
            root   html/myweb1;
            index  index.html index.htm;
         }
        location = /basic_status {
            #开启状态统计
            stub_status;

            #目录保护
            auth_basic "Hello Admin!";#提示语
            auth_basic_user_file /usr/local/nginx/html/myweb1/htpasswd.nginx;#账号文件
        }
}

3.2生成账户文件

借助apache的命令生成文件

#安装httppd[root@localhost vhosts]# yum install httpd#新建账户文件,账户为 yantao[root@localhost vhosts]# htpasswd -c /usr/local/nginx/html/myweb1/htpasswd.nginx yantao#添加账户[root@localhost vhosts]# htpasswd -m /usr/local/nginx/html/myweb1/htpasswd.nginx user1

3.3重新加载

[root@localhost myweb1]# nginx -s reload

4.基于IP的身份验证

4.1写入允许IP

[root@localhost vhosts]# vim myweb1.conf 
[root@localhost vhosts]# vim myweb1.conf server {        listen       80;        server_name  www.myweb1.com;        location / {            root   html/myweb1;            index  index.html index.htm;         }        location = /basic_status {            #开启状态统计            stub_status;            #目录保护            auth_basic "Hello Admin!";            auth_basic_user_file /usr/local/nginx/html/myweb1/htpasswd.nginx;            #基于IP验证            allow 192.168.1.42;            deny 192.168.1.0/24;        }}

4.2重新加载

[root@localhost myweb1]# nginx -t[root@localhost myweb1]# nginx -s reload

5.反向代理

5.1搭建一台apache

5.2新增nginx虚拟主机

修改主配置文件

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf#添加如下内容include vhosts/myweb2.conf;

创建子配置文件

[root@localhost ~]# vim /usr/local/nginx/conf/vhosts/myweb2.conf #添加如下内容server {        listen  80;        server_name     www.myweb2.com;        location / {							                proxy_pass http://192.168.1.49:80;#apache的IP        }}

重新加载配置

[root@localhost ~]# nginx -t[root@localhost ~]# nginx -s reload

修改电脑hosts,新增

192.168.1.54    www.myweb2.com

此时访问www.myweb2.com就会访问到apache

6.负载均衡

6.1再准备一台apache

6.2编辑虚拟主机

[root@localhost ~]# vim /usr/local/nginx/conf/vhosts/myweb2.conf 
#资源池upstream abc{        server 192.168.1.49:80;        server 192.168.1.47:80;}server {        listen  80;        server_name     www.myweb2.com;        location / {                proxy_pass http://abc;                proxy_set_header Host $host;#为了二级目录能正常使用,设置的变量        }}

浏览器访问www.myweb2.com就会在两个apache之间切换

6.3rr算法实现轮询

upstream abc{        server 192.168.1.49:80 weight=1;        server 192.168.1.47:80 weight=2;}server {        listen  80;        server_name     www.myweb2.com;        location / {                proxy_pass http://abc;                proxy_set_header Host $host;        }}

这样两台apache出现的比例为1:2

7.nginx实现https

nginx实现https在编译时需要开启 --with-http_ssl_module,我们当初没有开启,所以需要重新编译安装,过程参看实验2。

7.1生成服务器私钥

[root@localhost ~]# cd /usr/local/nginx/conf/[root@localhost conf]# openssl genrsa -out myweb1.key 1024Generating RSA private key, 1024 bit long modulus.......++++++..++++++e is 65537 (0x10001)

7.2生成证书

[root@localhost conf]# openssl req -new -key myweb1.key -out myweb1.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:LN
Locality Name (eg, city) [Default City]:SY
Organization Name (eg, company) [Default Company Ltd]:Company
Organizational Unit Name (eg, section) []:PHP
Common Name (eg, your name or your server's hostname) []:www.myweb1.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

7.3生成签字证书

实验为自签证书,并不会被浏览器信任。生产环境是想CA厂商购买的。

[root@localhost conf]# openssl x509 -req -days 365 -sha256 -in myweb1.csr -signkey myweb1.key -out myweb1.crt
Signature ok
subject=/C=CN/ST=LN/L=SY/O=Company/OU=PHP/CN=www.myweb1.com
Getting Private key
server {
        listen       80;
        server_name  www.myweb1.com;
				#重写功能,80请求转为443请求
        rewrite ^(.*)$ https://${server_name}$1 permanent;
        location / {
            root   html/myweb1;
            index  index.html index.htm;
         }
        location = /basic_status {
            #开启状态统计
            stub_status;

            #目录保护
            auth_basic "Hello Admin!";
            auth_basic_user_file /usr/local/nginx/html/myweb1/htpasswd.nginx;
            #基于IP验证
            allow 192.168.1.42;
            deny 192.168.1.0/24;
        }
}

server {
        listen 443 ssl;#1.5版本开始使用此写法
        server_name     www.myweb1.com;
        root    html/myweb1;
        index   index.html;
        ssl_certificate   /usr/local/nginx/conf/myweb1.crt;
        ssl_certificate_key  /usr/local/nginx/conf/myweb1.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;#这里格式有问题
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

}

重新加载配置文件之后,访问 www.myweb1.com 即可跳转为 https

8.隐藏版本号

如果修改主配置文件就是隐藏全部虚拟主机的版本号。

全部隐藏

[root@localhost conf]# vim nginx.conf#在http标签添加server_tokens off;

单个隐藏

[root@localhost conf]# vim vhosts/myweb2.conf #在server标签添加server_tokens off;

或者在安装之前修改源码

[root@localhost ~]# cd nginx-1.16.1/src/core/
[root@localhost core]# vim nginx.h

#define NGINX_VERSION      "1.16.1"
#define NGINX_VER          "nginx/" NGINX_VERSION
#修改如下,即可混淆
define NGINX_VERSION      "1.0"
define NGINX_VER          "IIS/" NGINX_VERSION
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值