一、准备工作
下载源码包、解压,
所有的编译选项如下:
./configure --help
--help print this message
--prefix=PATH set installation prefix
--sbin-path=PATH set nginx binary pathname
--modules-path=PATH set modules path
--conf-path=PATH set nginx.conf pathname
--error-log-path=PATH set error log pathname
--pid-path=PATH set nginx.pid pathname
--lock-path=PATH set nginx.lock pathname
--user=USER set non-privileged user for
worker processes
--group=GROUP set non-privileged group for
worker processes
--build=NAME set build name
--builddir=DIR set build directory
--with-select_module enable select module
--without-select_module disable select module
--with-poll_module enable poll module
--without-poll_module disable poll module
--with-threads enable thread pool support
--with-file-aio enable file AIO support
--with-http_ssl_module enable ngx_http_ssl_module
--with-http_v2_module enable ngx_http_v2_module
--with-http_realip_module enable ngx_http_realip_module
--with-http_addition_module enable ngx_http_addition_module
--with-http_xslt_module enable ngx_http_xslt_module
--with-http_xslt_module=dynamic enable dynamic ngx_http_xslt_module
--with-http_image_filter_module enable ngx_http_image_filter_module
--with-http_image_filter_module=dynamic
enable dynamic ngx_http_image_filter_module
--with-http_geoip_module enable ngx_http_geoip_module
--with-http_geoip_module=dynamic enable dynamic ngx_http_geoip_module
--with-http_sub_module enable ngx_http_sub_module
--with-http_dav_module enable ngx_http_dav_module
--with-http_flv_module enable ngx_http_flv_module
--with-http_mp4_module enable ngx_http_mp4_module
--with-http_gunzip_module enable ngx_http_gunzip_module
--with-http_gzip_static_module enable ngx_http_gzip_static_module
--with-http_auth_request_module enable ngx_http_auth_request_module
--with-http_random_index_module enable ngx_http_random_index_module
--with-http_secure_link_module enable ngx_http_secure_link_module
--with-http_degradation_module enable ngx_http_degradation_module
--with-http_slice_module enable ngx_http_slice_module
--with-http_stub_status_module enable ngx_http_stub_status_module
--without-http_charset_module disable ngx_http_charset_module
--without-http_gzip_module disable ngx_http_gzip_module
--without-http_ssi_module disable ngx_http_ssi_module
--without-http_userid_module disable ngx_http_userid_module
--without-http_access_module disable ngx_http_access_module
--without-http_auth_basic_module disable ngx_http_auth_basic_module
--without-http_mirror_module disable ngx_http_mirror_module
--without-http_autoindex_module disable ngx_http_autoindex_module
--without-http_geo_module disable ngx_http_geo_module
--without-http_map_module disable ngx_http_map_module
--without-http_split_clients_module disable ngx_http_split_clients_module
--without-http_referer_module disable ngx_http_referer_module
--without-http_rewrite_module disable ngx_http_rewrite_module
--without-http_proxy_module disable ngx_http_proxy_module
--without-http_fastcgi_module disable ngx_http_fastcgi_module
--without-http_uwsgi_module disable ngx_http_uwsgi_module
--without-http_scgi_module disable ngx_http_scgi_module
--without-http_grpc_module disable ngx_http_grpc_module
--without-http_memcached_module disable ngx_http_memcached_module
--without-http_limit_conn_module disable ngx_http_limit_conn_module
--without-http_limit_req_module disable ngx_http_limit_req_module
--without-http_empty_gif_module disable ngx_http_empty_gif_module
--without-http_browser_module disable ngx_http_browser_module
--without-http_upstream_hash_module
disable ngx_http_upstream_hash_module
--without-http_upstream_ip_hash_module
disable ngx_http_upstream_ip_hash_module
--without-http_upstream_least_conn_module
disable ngx_http_upstream_least_conn_module
--without-http_upstream_random_module
disable ngx_http_upstream_random_module
--without-http_upstream_keepalive_module
disable ngx_http_upstream_keepalive_module
--without-http_upstream_zone_module
disable ngx_http_upstream_zone_module
--with-http_perl_module enable ngx_http_perl_module
--with-http_perl_module=dynamic enable dynamic ngx_http_perl_module
--with-perl_modules_path=PATH set Perl modules path
--with-perl=PATH set perl binary pathname
--http-log-path=PATH set http access log pathname
--http-client-body-temp-path=PATH set path to store
http client request body temporary files
--http-proxy-temp-path=PATH set path to store
http proxy temporary files
--http-fastcgi-temp-path=PATH set path to store
http fastcgi temporary files
--http-uwsgi-temp-path=PATH set path to store
http uwsgi temporary files
--http-scgi-temp-path=PATH set path to store
http scgi temporary files
--without-http disable HTTP server
--without-http-cache disable HTTP cache
--with-mail enable POP3/IMAP4/SMTP proxy module
--with-mail=dynamic enable dynamic POP3/IMAP4/SMTP proxy module
--with-mail_ssl_module enable ngx_mail_ssl_module
--without-mail_pop3_module disable ngx_mail_pop3_module
--without-mail_imap_module disable ngx_mail_imap_module
--without-mail_smtp_module disable ngx_mail_smtp_module
--with-stream enable TCP/UDP proxy module
--with-stream=dynamic enable dynamic TCP/UDP proxy module
--with-stream_ssl_module enable ngx_stream_ssl_module
--with-stream_realip_module enable ngx_stream_realip_module
--with-stream_geoip_module enable ngx_stream_geoip_module
--with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module
--with-stream_ssl_preread_module enable ngx_stream_ssl_preread_module
--without-stream_limit_conn_module disable ngx_stream_limit_conn_module
--without-stream_access_module disable ngx_stream_access_module
--without-stream_geo_module disable ngx_stream_geo_module
--without-stream_map_module disable ngx_stream_map_module
--without-stream_split_clients_module
disable ngx_stream_split_clients_module
--without-stream_return_module disable ngx_stream_return_module
--without-stream_upstream_hash_module
disable ngx_stream_upstream_hash_module
--without-stream_upstream_least_conn_module
disable ngx_stream_upstream_least_conn_module
--without-stream_upstream_random_module
disable ngx_stream_upstream_random_module
--without-stream_upstream_zone_module
disable ngx_stream_upstream_zone_module
--with-google_perftools_module enable ngx_google_perftools_module
--with-cpp_test_module enable ngx_cpp_test_module
--add-module=PATH enable external module
--add-dynamic-module=PATH enable dynamic external module
--with-compat dynamic modules compatibility
--with-cc=PATH set C compiler pathname
--with-cpp=PATH set C preprocessor pathname
--with-cc-opt=OPTIONS set additional C compiler options
--with-ld-opt=OPTIONS set additional linker options
--with-cpu-opt=CPU build for the specified CPU, valid values:
pentium, pentiumpro, pentium3, pentium4,
athlon, opteron, sparc32, sparc64, ppc64
--without-pcre disable PCRE library usage
--with-pcre force PCRE library usage
--with-pcre=DIR set path to PCRE library sources
--with-pcre-opt=OPTIONS set additional build options for PCRE
--with-pcre-jit build PCRE with JIT compilation support
--with-zlib=DIR set path to zlib library sources
--with-zlib-opt=OPTIONS set additional build options for zlib
--with-zlib-asm=CPU use zlib assembler sources optimized
for the specified CPU, valid values:
pentium, pentiumpro
--with-libatomic force libatomic_ops library usage
--with-libatomic=DIR set path to libatomic_ops library sources
--with-openssl=DIR set path to OpenSSL library sources
--with-openssl-opt=OPTIONS set additional build options for OpenSSL
--with-debug enable debug logging
编译选项
./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log
--http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx
--user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_auth_request_module --with-http_ssl_module
--with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic
--with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module
--with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module
--with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module
--with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre
--with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug
--with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic'
--with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' --add-module=/root/nginx-1.16.1/src/nginx-auth-ldap
编译安装
# make && make install
二、安装编译库文件
# yum -y install libxml2 libxml2-dev libxslt-devel perl-devel perl-ExtUtils-Embed GeoIP GeoIP-devel GeoIP-data
缺少GD库换成163的yum源
# yum install gd-devel pcre-devel libcurl-devel gperftoo
安装ldap模块
编译nginx-auth-ldap模块需要ldap.h头文件,所以需要先安装ldap库
#yum -y install openldap-devel
到nginx的src目录下下载ldap模块
#cd src/
#git clone https:
//github.com/kvspb/nginx-auth-ldap.git
执行完,当前路径下会多一个目录 nginx-auth-ldap
# /usr/sbin/nginx
nginx: [emerg] getpwnam("nginx") failed
# useradd -s /sbin/nologin -M nginx
# id nginx
uid=1000(nginx) gid=1000(nginx) 组=1000(nginx)
# /usr/sbin/nginx -s reload
nginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory)
# mkdir -p /var/lib/nginx/tmp/client_body
# /usr/sbin/nginx
三、把nginx加入systemd管理
# chmod +x /usr/lib/systemd/system/nginx.service
# vim /usr/lib/systemd/system/nginx.service (注意具体的编译时路径!!!)
[Unit] //对服务的说明
Description=nginx high performance web server //描述服务
After=network.target remote-fs.target nss-lookup.target //描述服务类别
[Service] //服务的一些具体运行参数的设置
Type=forking //后台运行的形式
PIDFile=/srv/nginx/logs/nginx.pid //PID文件的路径
ExecStartPre=/srv/nginx/sbin/nginx -t -c /srv/nginx/conf/nginx.conf //启动准备
ExecStart=/srv/nginx/sbin/nginx -c /srv/nginx/conf/nginx.conf //启动命令
ExecReload=/srv/nginx/sbin/nginx -s reload //重启命令
ExecStop=/srv/nginx/sbin/nginx -s stop //停止命令
ExecQuit=/srv/nginx/sbin/nginx -s quit //快速停止
PrivateTmp=true //给服务分配临时空间
[Install]
WantedBy=multi-user.target //服务用户的模式
重载systemd配置文件
systemctl daemon-reload
systemctl start nginx.service
systemctl enable nginx.service
/etc/init.d/nginx stop
/etc/init.d/nginx start
/usr/local/nginx/sbin/nginx -s reload #已经重启成功
四、安装完成还有一堆麻烦事
1、启动测试报错
# /srv/nginx/sbin/nginx
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
端口被占用
2、systemctl 查看状态
# systemctl status nginx
Unit nginx.service could not be found.
3、启动服务
在启动服务之前,需要先重载systemctl命令
# systemctl daemon-reload
# systemctl start nginx.service
4、报错
# systemctl status nginx.service -l
![](https://img-blog.csdnimg.cn/img_convert/8a061001d033538d9b9c54042f2c30b8.png)
5、# ps aux|grep nginx
root 11675 0.0 0.1 46088 1156 ? Ss 02:20 0:00 nginx: master process /srv/ngin/sbin/nginx
nobody 11676 0.0 0.2 46548 2180 ? S 02:20 0:00 nginx: worker process
root 28181 0.0 0.0 112660 968 pts/0 R+ 02:35 0:00 grep --color=auto nginx
# kill -9 11675
# kill -9 11676
# ps aux|grep nginx
root 28183 0.0 0.0 112660 964 pts/0 R+ 02:35 0:00 grep --color=auto nginx
# systemctl restart nginx
# systemctl status nginx
![](https://img-blog.csdnimg.cn/img_convert/4272137524202a736bf4d8dd24e0abad.png)
五、nginx常用模块
1、ngx_http_core_module #包括一些核心的http参数配置,对应Nginx的配置为HTTP区块部分
2、ngx_http_access_module #访问控制模块,用来控制网站用户对Nginx的访问
3、ngx_http_gzip_module #压缩模块,对Nginx返回的数据压缩,属于性能优化模块
4、ngx_http_fastcgi_module #FastCGI模块,和 动态应用相关的模块,例如PHP
5、ngx_http_proxy_module #Proxy代理模块
6、ngx_http_upstream_module #负载均衡模块,可以实现网站的负载均衡功能及节点的健康检查
7、ngx_http_rewrite_module #URL地址重写模块
8、ngx_http_limit_conn_module #限制用户并发连接数及请求数模块
9、ngx_http_limit_req_module #根据定义的key限制Nginx请求过程的速率
10、ngx_http_log_module #访问日志模块,以指定的格式记录Nginx客户访问日志等信息
11、ngx_http_auth_basic_module #Web认证模块,设置Web用户通过账号、密码访问Nginx
12、ngx_http_ssl_module #ssl模块,用于加密的http连接,如https
13、ngx_http_stub_status_module #记录Nginx基本访问状态信息等模块
14、nginx-auth-ldap #ldap模块
六、nginx限流
1、ab压测访问
# ab -c 1 -n 10 http://192.168.40.132/
2、iptables禁止ip
# iptables -I INPUT -s 192.168.40.132 -ptcp --dport 80 -j DROP
# curl 192.168.40.132
curl: (7) Failed connect to 192.168.40.132:80; 连接超时
3、nginx配置文件里面限制
![](https://img-blog.csdnimg.cn/img_convert/d3fa741903bfb12f72ca8e16a06ade50.png)