Nginx 源码编译安装配置
Nginx 源码安装
作者:闫涛
E-mail:coderyantao@qq.com
备注:实验环境为虚拟机,selinux、firewalld都已经关闭。此次安装面向新手,并没有提前把所有问题解决,会展示出现的问题和解决方法。
一、准备
安装gcc、gcc-c++编译工具
[root@localhost ~]# yum install gcc gcc-c++
下载Nginx、PHP、MySQL源码包
[root@localhost ~]# wget -c https://nginx.org/download/nginx-1.16.1.tar.gz
[root@localhost ~]# wget -c https://www.php.net/distributions/php-7.2.29.tar.gz
[root@localhost ~]# wget -c https://downloads.mysql.com/archives/get/p/23/file/mysql-5.6.46.tar.gz
在每次执行 ./configure、make、make install三个命令后,可使用echo $? 来判断上一步是否出错
二、Nginx
1.创建nginx系统账户
[root@localhost ~]# useradd -r -s /sbin/nologin nginx
2.解压缩
[root@localhost ~]# tar -xf nginx-1.16.1.tar.gz
[root@localhost ~]# cd nginx-1.16.1/
[root@localhost nginx-1.16.1]#
3.编译、安装
此次实验并没有指定太多的选项,仅仅指定了用户和用户组。其他功能稍后需要时再安装。
执行预编译
[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx
错误提示1:缺少pcre库。缺xxx库,安装xxx-devel
./configure: error: the HTTP rewrite module requires the PCRE library.
解决方法:
[root@localhost nginx-1.16.1]# yum install pcre-devel
再次执行预编译
[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx
错误提示2:缺少zlib库
./configure: error: the HTTP gzip module requires the zlib library.
解决方法:
[root@localhost nginx-1.16.1]# yum install zlib-devel
再次执行预编译
[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx
预编译成功
Configuration summary
#使用了这些库 + using system PCRE library+ OpenSSL library is not used+ using system zlib library
#默认安装选项nginx path prefix: "/usr/local/nginx"nginx binary file: "/usr/local/nginx/sbin/nginx"nginx modules path: "/usr/local/nginx/modules"nginx configuration prefix: "/usr/local/nginx/conf"#配置文件目录nginx configuration file: "/usr/local/nginx/conf/nginx.conf"#配置文件nginx pid file: "/usr/local/nginx/logs/nginx.pid"nginx error log file: "/usr/local/nginx/logs/error.log"nginx http access log file: "/usr/local/nginx/logs/access.log"nginx http client request body temporary files: "client_body_temp"nginx http proxy temporary files: "proxy_temp"nginx http fastcgi temporary files: "fastcgi_temp"nginx http uwsgi temporary files: "uwsgi_temp"nginx http scgi temporary files: "scgi_temp"
make 编译
[root@localhost nginx-1.16.1]# make
make install 安装
[root@localhost nginx-1.16.1]# make install
4.创建nginx软链接
#这样就不用使用绝对路径了
[root@localhost nginx-1.16.1]# ln -s /usr/local/nginx/sbin/* /usr/local/bin/
5.启动nginx
[root@localhost ~]# nginx
查看一下进程
[root@localhost ~]# netstat -antp|grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21794/nginx: master
#nginx的master进程已经开启,可用浏览器访问虚拟机ip
查看nginx的其他命令
[root@localhost ~]# nginx -h
nginx version: nginx/1.16.1
Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives]Options:-?,-h : this help-v : show version and exit-V : show version and configure options then exit-t : test configuration and exit-T : test configuration, dump it and exit-q : suppress non-error messages during configuration testing-s signal : send signal to a master process: stop, quit, reopen, reload-p prefix : set prefix path (default: /usr/local/nginx/)-c filename : set configuration file (default: conf/nginx.conf)-g directives : set global directives out of configuration file
6.配置文件
#备份配置文件
[root@localhost ~]# cd /usr/local/nginx/conf/
[root@localhost conf]# cp nginx.conf nginx.conf.bak
[root@localhost conf]# vim nginx.conf
#user nobody;#nginx的进程数,通常和CPU数量相等
worker_processes 1;#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;#pid logs/nginx.pid;#事件模型
events {#单个进程最大连接数(最大连接数=连接数*个进程最大连接数),根据硬件修改worker_connections 1024;
}#全局,下面的内容都在它里面
http {#文件扩展名与文件类型映射表,设定mime类型,类型由mime.type文件定义include mime.types;#默认文件类型default_type application/octet-stream;#log_format main '$remote_addr - $remote_user [$time_local] "$request" '# '$status $body_bytes_sent "$http_referer" '# '"$http_user_agent" "$http_x_forwarded_for"';#access_log logs/access.log main;#高效文件传输模式sendfile on;#防止网络阻塞#tcp_nopush on;#keepalive_timeout 0;#长连接超时时间keepalive_timeout 65;#网页压缩#gzip on;#默认的网站位置设置server {#监听端口listen 80;网站名server_name localhost;#charset koi8-r;#access_log logs/host.access.log main;#对本网站的请求 / 是允许任何请求location / {#网站目录root html;#默认文件index index.html index.htm;}#error_page 404 /404.html;# redirect server error pages to the static page /50x.html#error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}# proxy the PHP scripts to Apache listening on 127.0.0.1:80##location ~ \.php$ {# proxy_pass http://127.0.0.1;#}# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000##location ~ \.php$ {# root html;# fastcgi_pass 127.0.0.1:9000;# fastcgi_index index.php;# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;# include fastcgi_params;#}# deny access to .htaccess files, if Apache's document root# concurs with nginx's one##location ~ /\.ht {# deny all;#}}##虚拟主机配置格式# another virtual host using mix of IP-, name-, and port-based configuration##server {# listen 8000;# listen somename:8080;# server_name somename alias another.alias;# location / {# root html;# index index.html index.htm;# }#}##https配置# HTTPS server##server {# listen 443 ssl;# server_name localhost;# ssl_certificate cert.pem;# ssl_certificate_key cert.key;# ssl_session_cache shared:SSL:1m;# ssl_session_timeout 5m;# ssl_ciphers HIGH:!aNULL:!MD5;# ssl_prefer_server_ciphers on;# location / {# root html;# index index.html index.htm;# }#}}
三、实验
1.虚拟主机
为了让配置文件规范化,我们使用一个网站一个配置文件,操作步骤如下
1.1编辑主配置文件
[root@localhost conf]# vim nginx.conf
在全局设置里添加代码
http {...#gzip on;#加载vhosts目录下的myweb1.confinclude vhosts/myweb1.conf;
1.2创建子配置文件
[root@localhost conf]# mkdir vhosts
[root@localhost conf]# vim vhosts/myweb1.conf
server {listen 80;server_name www.myweb1.com;location / {root html/myweb1;index index.html index.htm;}
}
1.3重新加载配置文件
#先检查语法
[root@localhost conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
#重新加载
[root@localhost conf]# nginx -s reload
1.4创建网站目录
[root@localhost conf]# mkdir /usr/local/nginx/html/myweb1
[root@localhost conf]# vim /usr/local/nginx/html/myweb1/index.html
#内容标识
this is myweb1
电脑上的hosts文件添加以下即可访问
192.168.1.54 www.myweb1.com
2.Nginx状态统计
要实现这个功能是需要在预编译时开启–with-http_stub_status_module的参数,我们刚才并没有开启,现在就需要重新编译一次。
#可以通过该命令查看当前编译参数
[root@localhost nginx-1.16.1]# nginx -Vnginx version: nginx/1.16.1built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) configure arguments: --user=nginx --group=nginx
2.1重新编译
#进入源码包
[root@localhost ~]# cd nginx-1.16.1/
#清除上次产生的文件
[root@localhost nginx-1.16.1]# make cleanrm -rf Makefile objs
#再次预编译,旧的参数+新的参数
[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx --with-http_stub_status_module
#编译
[root@localhost nginx-1.16.1]# make
2.2覆盖原程序
新编译出来的程序就在 objs目录
[root@localhost nginx-1.16.1]# cd objs/[root@localhost objs]# lsautoconf.err Makefile nginx nginx.8 ngx_auto_config.h ngx_auto_headers.h ngx_modules.c ngx_modules.o src
新的复制过去,需要停止nginx进程
[root@localhost objs]# cp nginx /usr/local/nginx/sbin/nginx
重新加载配置文件
[root@localhost objs]# nginx -s reload
这样,原来的配置操作都得以保留,新的功能也加进来了
2.3编辑虚拟主机
这里监控myweb1.com的状态
[root@localhost vhosts]# vim myweb1.conf
修改如下,看了很多帖子,都失败了,最后还是得官网http://nginx.org/en/docs/http/ngx_http_stub_status_module.html
server {listen 80;server_name www.myweb1.com;location / {root html/myweb1;index index.html index.htm;}location = /basic_status {#开启状态统计stub_status;}
}
浏览器访问 http://www.myweb1.com/basic_status 即可
2.4重新加载
[root@localhost myweb1]# nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@localhost myweb1]# nginx -s reload
3.目录保护
将上一个的统计页面进行保护
3.1编辑虚拟主机配置文件
[root@localhost vhosts]# vim myweb1.conf
server {listen 80;server_name www.myweb1.com;location / {root html/myweb1;index index.html index.htm;}location = /basic_status {#开启状态统计stub_status;#目录保护auth_basic "Hello Admin!";#提示语auth_basic_user_file /usr/local/nginx/html/myweb1/htpasswd.nginx;#账号文件}
}
3.2生成账户文件
借助apache的命令生成文件
#安装httppd[root@localhost vhosts]# yum install httpd#新建账户文件,账户为 yantao[root@localhost vhosts]# htpasswd -c /usr/local/nginx/html/myweb1/htpasswd.nginx yantao#添加账户[root@localhost vhosts]# htpasswd -m /usr/local/nginx/html/myweb1/htpasswd.nginx user1
3.3重新加载
[root@localhost myweb1]# nginx -s reload
4.基于IP的身份验证
4.1写入允许IP
[root@localhost vhosts]# vim myweb1.conf
[root@localhost vhosts]# vim myweb1.conf server { listen 80; server_name www.myweb1.com; location / { root html/myweb1; index index.html index.htm; } location = /basic_status { #开启状态统计 stub_status; #目录保护 auth_basic "Hello Admin!"; auth_basic_user_file /usr/local/nginx/html/myweb1/htpasswd.nginx; #基于IP验证 allow 192.168.1.42; deny 192.168.1.0/24; }}
4.2重新加载
[root@localhost myweb1]# nginx -t[root@localhost myweb1]# nginx -s reload
5.反向代理
5.1搭建一台apache
5.2新增nginx虚拟主机
修改主配置文件
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf#添加如下内容include vhosts/myweb2.conf;
创建子配置文件
[root@localhost ~]# vim /usr/local/nginx/conf/vhosts/myweb2.conf #添加如下内容server { listen 80; server_name www.myweb2.com; location / { proxy_pass http://192.168.1.49:80;#apache的IP }}
重新加载配置
[root@localhost ~]# nginx -t[root@localhost ~]# nginx -s reload
修改电脑hosts,新增
192.168.1.54 www.myweb2.com
此时访问www.myweb2.com就会访问到apache
6.负载均衡
6.1再准备一台apache
6.2编辑虚拟主机
[root@localhost ~]# vim /usr/local/nginx/conf/vhosts/myweb2.conf
#资源池upstream abc{ server 192.168.1.49:80; server 192.168.1.47:80;}server { listen 80; server_name www.myweb2.com; location / { proxy_pass http://abc; proxy_set_header Host $host;#为了二级目录能正常使用,设置的变量 }}
浏览器访问www.myweb2.com就会在两个apache之间切换
6.3rr算法实现轮询
upstream abc{ server 192.168.1.49:80 weight=1; server 192.168.1.47:80 weight=2;}server { listen 80; server_name www.myweb2.com; location / { proxy_pass http://abc; proxy_set_header Host $host; }}
这样两台apache出现的比例为1:2
7.nginx实现https
nginx实现https在编译时需要开启 --with-http_ssl_module,我们当初没有开启,所以需要重新编译安装,过程参看实验2。
7.1生成服务器私钥
[root@localhost ~]# cd /usr/local/nginx/conf/[root@localhost conf]# openssl genrsa -out myweb1.key 1024Generating RSA private key, 1024 bit long modulus.......++++++..++++++e is 65537 (0x10001)
7.2生成证书
[root@localhost conf]# openssl req -new -key myweb1.key -out myweb1.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:LN
Locality Name (eg, city) [Default City]:SY
Organization Name (eg, company) [Default Company Ltd]:Company
Organizational Unit Name (eg, section) []:PHP
Common Name (eg, your name or your server's hostname) []:www.myweb1.com
Email Address []:Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
7.3生成签字证书
实验为自签证书,并不会被浏览器信任。生产环境是想CA厂商购买的。
[root@localhost conf]# openssl x509 -req -days 365 -sha256 -in myweb1.csr -signkey myweb1.key -out myweb1.crt
Signature ok
subject=/C=CN/ST=LN/L=SY/O=Company/OU=PHP/CN=www.myweb1.com
Getting Private key
server {listen 80;server_name www.myweb1.com;#重写功能,80请求转为443请求rewrite ^(.*)$ https://${server_name}$1 permanent;location / {root html/myweb1;index index.html index.htm;}location = /basic_status {#开启状态统计stub_status;#目录保护auth_basic "Hello Admin!";auth_basic_user_file /usr/local/nginx/html/myweb1/htpasswd.nginx;#基于IP验证allow 192.168.1.42;deny 192.168.1.0/24;}
}server {listen 443 ssl;#1.5版本开始使用此写法server_name www.myweb1.com;root html/myweb1;index index.html;ssl_certificate /usr/local/nginx/conf/myweb1.crt;ssl_certificate_key /usr/local/nginx/conf/myweb1.key;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;#这里格式有问题ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;}
重新加载配置文件之后,访问 www.myweb1.com 即可跳转为 https
8.隐藏版本号
如果修改主配置文件就是隐藏全部虚拟主机的版本号。
全部隐藏
[root@localhost conf]# vim nginx.conf#在http标签添加server_tokens off;
单个隐藏
[root@localhost conf]# vim vhosts/myweb2.conf #在server标签添加server_tokens off;
或者在安装之前修改源码
[root@localhost ~]# cd nginx-1.16.1/src/core/
[root@localhost core]# vim nginx.h#define NGINX_VERSION "1.16.1"
#define NGINX_VER "nginx/" NGINX_VERSION
#修改如下,即可混淆
define NGINX_VERSION "1.0"
define NGINX_VER "IIS/" NGINX_VERSION
Nginx 源码编译安装配置相关推荐
- Nginx基础篇-Nginx 源码编译安装与平滑升级
Nginx基础篇-Nginx 源码编译安装与平滑升级 Nginx官网下载地址 http://nginx.org/ 1.安装依赖包 yum -y install pcre-devel zlib-deve ...
- LNMP架构环境搭建之PHP、Nginx源码编译安装及其简单配置应用
LNMP架构中的Mysql见上一篇博文"LNMP架构环境搭建之mysql源码编译安装" 一.PHP简介 PHP(外文名:PHP: Hypertext Preprocessor,中文 ...
- Nginx 源码编译安装
Nginx 源码编译安装环境 Centos7 Nginx1.8.1 下载地址:http://nginx.org/download/ 选择自己想要的版本 我这边使用1.8.1,下载地址:http: ...
- mysql5.7.13编译安装_MySQL 5.7.13 源码编译安装配置方法图文教程
安装环境:centos7 64位 mini版 官网源码编译安装文档: 一.系统安装条件 官方文档说明: 1> cmake mysql使用cmake跨平台工具预编译源码,用于设置mysql的编译参 ...
- (转)linux上nginx源码编译安装
亲测有效: 转: https://segmentfault.com/a/1190000007116797https://segmentfault.com/a/1190000007116797 ngi ...
- Linux 利用nginx源码编译安装nginx
环境 1, CentOS 7 2, nginx 1.13.6 步骤 1,编译前准备 yum install pcre* openssl openssl-devel zlib zlib-devel 2, ...
- LAMP源码编译安装配置+wordpress
什么是LAMP呢?LAMP就是Linux+apache+mysql+php,一组常用来搭建动态网站或者静态网站的开源软件,本身都是各自独立的程序,但是因为常被放在一起使用,拥有了越来越高的兼容度,共同 ...
- nginx 源码编译、安装
nginx 源码编译安装 下载Nginx安装包,Nginx 官网下载,并解压 cd /usr/local/src wget http://nginx.org/download/nginx-1.21.5 ...
- Nginx 源码编译
1.首先在官网下载Nginx 发布版的源码, Nginx 官网下载的地址是 :http://www.nginx.org/en/download.html 因为Nginx官网支持SVN,可以简单方便的使 ...
最新文章
- 干货|简单理解梯度下降及线性回归
- python twisted教程_python-twisted模块代码实例
- 一个程序看fputc和fgetc
- jmeter 测试websocket接口(一)
- Oracle Exadata迈入十年将助企业迈向数位转型之路
- 下周见!Redmi K50标准版配置细节曝光:骁龙870+67W快充
- 【数据结构的魅力】008.图
- 读SRE Google运维解密有感(一)
- 员工主动辞职公司也要支付经济补偿金的17种情况
- Yii2中如何访问controller的二级目录下的控制器
- Centos 7忘记密码,如何重置
- QT分析之网络编程(七)
- matlab 输入Angstrom (埃,埃米,Angstrom 或ANG或Å)
- mysql 乐观锁 超卖_秒杀系统之一:防止超卖(乐观锁)
- DolphinDB Database丨交易回测系列一:技术信号回测
- ABAP select options 和 parameters在同一行
- 洛谷P1603 斯诺登的密码 题解
- sql语句 execute、executeQuery和executeUpdate之间的区别
- aspnetdb.mdb数据库介绍
- bootstrap 样式下 Se7en 模板使用(1)操作提示信息框