Nginx 源码安装

作者：闫涛

E-mail：coderyantao@qq.com

备注：实验环境为虚拟机，selinux、firewalld都已经关闭。此次安装面向新手，并没有提前把所有问题解决，会展示出现的问题和解决方法。

一、准备

安装gcc、gcc-c++编译工具

[root@localhost ~]# yum install gcc gcc-c++

下载Nginx、PHP、MySQL源码包

[root@localhost ~]# wget -c https://nginx.org/download/nginx-1.16.1.tar.gz
[root@localhost ~]# wget -c https://www.php.net/distributions/php-7.2.29.tar.gz
[root@localhost ~]# wget -c https://downloads.mysql.com/archives/get/p/23/file/mysql-5.6.46.tar.gz

在每次执行 ./configure、make、make install三个命令后，可使用echo $? 来判断上一步是否出错

二、Nginx

1.创建nginx系统账户

[root@localhost ~]# useradd -r -s /sbin/nologin nginx

2.解压缩

[root@localhost ~]# tar -xf nginx-1.16.1.tar.gz
[root@localhost ~]# cd nginx-1.16.1/
[root@localhost nginx-1.16.1]#

3.编译、安装

此次实验并没有指定太多的选项，仅仅指定了用户和用户组。其他功能稍后需要时再安装。

执行预编译

[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx

错误提示1：缺少pcre库。缺xxx库，安装xxx-devel

./configure: error: the HTTP rewrite module requires the PCRE library.

解决方法：

[root@localhost nginx-1.16.1]# yum install pcre-devel

再次执行预编译

[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx

错误提示2：缺少zlib库

./configure: error: the HTTP gzip module requires the zlib library.

解决方法：

[root@localhost nginx-1.16.1]# yum install zlib-devel

再次执行预编译

[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx

预编译成功

Configuration summary
#使用了这些库 + using system PCRE library+ OpenSSL library is not used+ using system zlib library
#默认安装选项nginx path prefix: "/usr/local/nginx"nginx binary file: "/usr/local/nginx/sbin/nginx"nginx modules path: "/usr/local/nginx/modules"nginx configuration prefix: "/usr/local/nginx/conf"#配置文件目录nginx configuration file: "/usr/local/nginx/conf/nginx.conf"#配置文件nginx pid file: "/usr/local/nginx/logs/nginx.pid"nginx error log file: "/usr/local/nginx/logs/error.log"nginx http access log file: "/usr/local/nginx/logs/access.log"nginx http client request body temporary files: "client_body_temp"nginx http proxy temporary files: "proxy_temp"nginx http fastcgi temporary files: "fastcgi_temp"nginx http uwsgi temporary files: "uwsgi_temp"nginx http scgi temporary files: "scgi_temp"

make 编译

[root@localhost nginx-1.16.1]# make

make install 安装

[root@localhost nginx-1.16.1]# make install

4.创建nginx软链接

#这样就不用使用绝对路径了
[root@localhost nginx-1.16.1]# ln -s /usr/local/nginx/sbin/* /usr/local/bin/

5.启动nginx

[root@localhost ~]# nginx

查看一下进程

[root@localhost ~]# netstat -antp|grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      21794/nginx: master
#nginx的master进程已经开启，可用浏览器访问虚拟机ip

查看nginx的其他命令

[root@localhost ~]# nginx -h
nginx version: nginx/1.16.1
Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives]Options:-?,-h         : this help-v            : show version and exit-V            : show version and configure options then exit-t            : test configuration and exit-T            : test configuration, dump it and exit-q            : suppress non-error messages during configuration testing-s signal     : send signal to a master process: stop, quit, reopen, reload-p prefix     : set prefix path (default: /usr/local/nginx/)-c filename   : set configuration file (default: conf/nginx.conf)-g directives : set global directives out of configuration file

6.配置文件

#备份配置文件
[root@localhost ~]# cd /usr/local/nginx/conf/
[root@localhost conf]# cp nginx.conf nginx.conf.bak
[root@localhost conf]# vim nginx.conf

#user  nobody;#nginx的进程数，通常和CPU数量相等
worker_processes  1;#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;#pid        logs/nginx.pid;#事件模型
events {#单个进程最大连接数（最大连接数=连接数*个进程最大连接数），根据硬件修改worker_connections  1024;
}#全局，下面的内容都在它里面
http {#文件扩展名与文件类型映射表,设定mime类型,类型由mime.type文件定义include       mime.types;#默认文件类型default_type  application/octet-stream;#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '#                  '$status $body_bytes_sent "$http_referer" '#                  '"$http_user_agent" "$http_x_forwarded_for"';#access_log  logs/access.log  main;#高效文件传输模式sendfile        on;#防止网络阻塞#tcp_nopush     on;#keepalive_timeout  0;#长连接超时时间keepalive_timeout  65;#网页压缩#gzip  on;#默认的网站位置设置server {#监听端口listen       80;网站名server_name  localhost;#charset koi8-r;#access_log  logs/host.access.log  main;#对本网站的请求 / 是允许任何请求location / {#网站目录root   html;#默认文件index  index.html index.htm;}#error_page  404              /404.html;# redirect server error pages to the static page /50x.html#error_page   500 502 503 504  /50x.html;location = /50x.html {root   html;}# proxy the PHP scripts to Apache listening on 127.0.0.1:80##location ~ \.php$ {#    proxy_pass   http://127.0.0.1;#}# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000##location ~ \.php$ {#    root           html;#    fastcgi_pass   127.0.0.1:9000;#    fastcgi_index  index.php;#    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;#    include        fastcgi_params;#}# deny access to .htaccess files, if Apache's document root# concurs with nginx's one##location ~ /\.ht {#    deny  all;#}}##虚拟主机配置格式# another virtual host using mix of IP-, name-, and port-based configuration##server {#    listen       8000;#    listen       somename:8080;#    server_name  somename  alias  another.alias;#    location / {#        root   html;#        index  index.html index.htm;#    }#}##https配置# HTTPS server##server {#    listen       443 ssl;#    server_name  localhost;#    ssl_certificate      cert.pem;#    ssl_certificate_key  cert.key;#    ssl_session_cache    shared:SSL:1m;#    ssl_session_timeout  5m;#    ssl_ciphers  HIGH:!aNULL:!MD5;#    ssl_prefer_server_ciphers  on;#    location / {#        root   html;#        index  index.html index.htm;#    }#}}

三、实验

1.虚拟主机

为了让配置文件规范化，我们使用一个网站一个配置文件，操作步骤如下

1.1编辑主配置文件

[root@localhost conf]# vim nginx.conf

在全局设置里添加代码

http {...#gzip  on;#加载vhosts目录下的myweb1.confinclude vhosts/myweb1.conf;

1.2创建子配置文件

[root@localhost conf]# mkdir vhosts
[root@localhost conf]# vim vhosts/myweb1.conf

server {listen       80;server_name  www.myweb1.com;location / {root   html/myweb1;index  index.html index.htm;}
}

1.3重新加载配置文件

#先检查语法
[root@localhost conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
#重新加载
[root@localhost conf]# nginx -s reload

1.4创建网站目录

[root@localhost conf]# mkdir /usr/local/nginx/html/myweb1
[root@localhost conf]# vim /usr/local/nginx/html/myweb1/index.html
#内容标识
this is myweb1

电脑上的hosts文件添加以下即可访问

192.168.1.54    www.myweb1.com

2.Nginx状态统计

要实现这个功能是需要在预编译时开启–with-http_stub_status_module的参数，我们刚才并没有开启，现在就需要重新编译一次。

#可以通过该命令查看当前编译参数
[root@localhost nginx-1.16.1]# nginx -Vnginx version: nginx/1.16.1built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) configure arguments: --user=nginx --group=nginx

2.1重新编译

#进入源码包
[root@localhost ~]# cd nginx-1.16.1/
#清除上次产生的文件
[root@localhost nginx-1.16.1]# make cleanrm -rf Makefile objs
#再次预编译，旧的参数+新的参数
[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx --with-http_stub_status_module
#编译
[root@localhost nginx-1.16.1]# make

2.2覆盖原程序

新编译出来的程序就在 objs目录

[root@localhost nginx-1.16.1]# cd objs/[root@localhost objs]# lsautoconf.err  Makefile  nginx  nginx.8  ngx_auto_config.h  ngx_auto_headers.h  ngx_modules.c  ngx_modules.o  src

新的复制过去，需要停止nginx进程

[root@localhost objs]# cp nginx /usr/local/nginx/sbin/nginx

重新加载配置文件

[root@localhost objs]# nginx -s reload

这样，原来的配置操作都得以保留，新的功能也加进来了

2.3编辑虚拟主机

这里监控myweb1.com的状态

[root@localhost vhosts]# vim myweb1.conf

修改如下，看了很多帖子，都失败了，最后还是得官网http://nginx.org/en/docs/http/ngx_http_stub_status_module.html

server {listen       80;server_name  www.myweb1.com;location / {root   html/myweb1;index  index.html index.htm;}location = /basic_status {#开启状态统计stub_status;}
}

浏览器访问 http://www.myweb1.com/basic_status 即可

2.4重新加载

[root@localhost myweb1]# nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@localhost myweb1]# nginx -s reload

3.目录保护

将上一个的统计页面进行保护

3.1编辑虚拟主机配置文件

[root@localhost vhosts]# vim myweb1.conf

server {listen       80;server_name  www.myweb1.com;location / {root   html/myweb1;index  index.html index.htm;}location = /basic_status {#开启状态统计stub_status;#目录保护auth_basic "Hello Admin!";#提示语auth_basic_user_file /usr/local/nginx/html/myweb1/htpasswd.nginx;#账号文件}
}

3.2生成账户文件

借助apache的命令生成文件

#安装httppd[root@localhost vhosts]# yum install httpd#新建账户文件，账户为 yantao[root@localhost vhosts]# htpasswd -c /usr/local/nginx/html/myweb1/htpasswd.nginx yantao#添加账户[root@localhost vhosts]# htpasswd -m /usr/local/nginx/html/myweb1/htpasswd.nginx user1

3.3重新加载

[root@localhost myweb1]# nginx -s reload

4.基于IP的身份验证

4.1写入允许IP

[root@localhost vhosts]# vim myweb1.conf

[root@localhost vhosts]# vim myweb1.conf server {        listen       80;        server_name  www.myweb1.com;        location / {            root   html/myweb1;            index  index.html index.htm;         }        location = /basic_status {            #开启状态统计            stub_status;            #目录保护            auth_basic "Hello Admin!";            auth_basic_user_file /usr/local/nginx/html/myweb1/htpasswd.nginx;            #基于IP验证            allow 192.168.1.42;            deny 192.168.1.0/24;        }}

4.2重新加载

[root@localhost myweb1]# nginx -t[root@localhost myweb1]# nginx -s reload

5.反向代理

5.1搭建一台apache

5.2新增nginx虚拟主机

修改主配置文件

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf#添加如下内容include vhosts/myweb2.conf;

创建子配置文件

[root@localhost ~]# vim /usr/local/nginx/conf/vhosts/myweb2.conf #添加如下内容server {        listen  80;        server_name     www.myweb2.com;        location / {                                          proxy_pass http://192.168.1.49:80;#apache的IP        }}

重新加载配置

[root@localhost ~]# nginx -t[root@localhost ~]# nginx -s reload

修改电脑hosts，新增

192.168.1.54    www.myweb2.com

此时访问www.myweb2.com就会访问到apache

6.负载均衡

6.1再准备一台apache

6.2编辑虚拟主机

[root@localhost ~]# vim /usr/local/nginx/conf/vhosts/myweb2.conf

#资源池upstream abc{        server 192.168.1.49:80;        server 192.168.1.47:80;}server {        listen  80;        server_name     www.myweb2.com;        location / {                proxy_pass http://abc;                proxy_set_header Host $host;#为了二级目录能正常使用，设置的变量        }}

浏览器访问www.myweb2.com就会在两个apache之间切换

6.3rr算法实现轮询

upstream abc{        server 192.168.1.49:80 weight=1;        server 192.168.1.47:80 weight=2;}server {        listen  80;        server_name     www.myweb2.com;        location / {                proxy_pass http://abc;                proxy_set_header Host $host;        }}

这样两台apache出现的比例为1:2

7.nginx实现https

nginx实现https在编译时需要开启 --with-http_ssl_module，我们当初没有开启，所以需要重新编译安装，过程参看实验2。

7.1生成服务器私钥

[root@localhost ~]# cd /usr/local/nginx/conf/[root@localhost conf]# openssl genrsa -out myweb1.key 1024Generating RSA private key, 1024 bit long modulus.......++++++..++++++e is 65537 (0x10001)

7.2生成证书

[root@localhost conf]# openssl req -new -key myweb1.key -out myweb1.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:LN
Locality Name (eg, city) [Default City]:SY
Organization Name (eg, company) [Default Company Ltd]:Company
Organizational Unit Name (eg, section) []:PHP
Common Name (eg, your name or your server's hostname) []:www.myweb1.com
Email Address []:Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

7.3生成签字证书

实验为自签证书，并不会被浏览器信任。生产环境是想CA厂商购买的。

[root@localhost conf]# openssl x509 -req -days 365 -sha256 -in myweb1.csr -signkey myweb1.key -out myweb1.crt
Signature ok
subject=/C=CN/ST=LN/L=SY/O=Company/OU=PHP/CN=www.myweb1.com
Getting Private key

server {listen       80;server_name  www.myweb1.com;#重写功能，80请求转为443请求rewrite ^(.*)$ https://${server_name}$1 permanent;location / {root   html/myweb1;index  index.html index.htm;}location = /basic_status {#开启状态统计stub_status;#目录保护auth_basic "Hello Admin!";auth_basic_user_file /usr/local/nginx/html/myweb1/htpasswd.nginx;#基于IP验证allow 192.168.1.42;deny 192.168.1.0/24;}
}server {listen 443 ssl;#1.5版本开始使用此写法server_name     www.myweb1.com;root    html/myweb1;index   index.html;ssl_certificate   /usr/local/nginx/conf/myweb1.crt;ssl_certificate_key  /usr/local/nginx/conf/myweb1.key;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;#这里格式有问题ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;}

重新加载配置文件之后，访问 www.myweb1.com 即可跳转为 https

8.隐藏版本号

如果修改主配置文件就是隐藏全部虚拟主机的版本号。

全部隐藏

[root@localhost conf]# vim nginx.conf#在http标签添加server_tokens off;

单个隐藏

[root@localhost conf]# vim vhosts/myweb2.conf #在server标签添加server_tokens off;

或者在安装之前修改源码

[root@localhost ~]# cd nginx-1.16.1/src/core/
[root@localhost core]# vim nginx.h#define NGINX_VERSION      "1.16.1"
#define NGINX_VER          "nginx/" NGINX_VERSION
#修改如下，即可混淆
define NGINX_VERSION      "1.0"
define NGINX_VER          "IIS/" NGINX_VERSION

Nginx 源码编译安装配置相关推荐

Nginx基础篇-Nginx 源码编译安装与平滑升级
Nginx基础篇-Nginx 源码编译安装与平滑升级 Nginx官网下载地址 http://nginx.org/ 1.安装依赖包 yum -y install pcre-devel zlib-deve ...
LNMP架构环境搭建之PHP、Nginx源码编译安装及其简单配置应用
LNMP架构中的Mysql见上一篇博文"LNMP架构环境搭建之mysql源码编译安装" 一.PHP简介 PHP(外文名:PHP: Hypertext Preprocessor,中文 ...
Nginx 源码编译安装
Nginx 源码编译安装环境 Centos7 Nginx1.8.1 下载地址:http://nginx.org/download/ 选择自己想要的版本我这边使用1.8.1,下载地址:http: ...
mysql5.7.13编译安装_MySQL 5.7.13 源码编译安装配置方法图文教程
安装环境:centos7 64位 mini版官网源码编译安装文档: 一.系统安装条件官方文档说明: 1> cmake mysql使用cmake跨平台工具预编译源码,用于设置mysql的编译参 ...
（转）linux上nginx源码编译安装
亲测有效: 转: https://segmentfault.com/a/1190000007116797https://segmentfault.com/a/1190000007116797 ngi ...
Linux 利用nginx源码编译安装nginx
环境 1, CentOS 7 2, nginx 1.13.6 步骤 1,编译前准备 yum install pcre* openssl openssl-devel zlib zlib-devel 2, ...
LAMP源码编译安装配置+wordpress
什么是LAMP呢?LAMP就是Linux+apache+mysql+php,一组常用来搭建动态网站或者静态网站的开源软件,本身都是各自独立的程序,但是因为常被放在一起使用,拥有了越来越高的兼容度,共同 ...
nginx 源码编译、安装
nginx 源码编译安装下载Nginx安装包,Nginx 官网下载,并解压 cd /usr/local/src wget http://nginx.org/download/nginx-1.21.5 ...
Nginx 源码编译
1.首先在官网下载Nginx 发布版的源码, Nginx 官网下载的地址是 :http://www.nginx.org/en/download.html 因为Nginx官网支持SVN,可以简单方便的使 ...

Nginx 源码编译安装配置