依赖的软件

nginx-1.13.5.tar.gz

spawn-fcgi-1.6.4.tar.gz

fcgi-2.4.0.tar.gz

编译安装

[root@OpenVPN-C ~]# tar  xzvf nginx-1.13.5.tar.gz

[root@OpenVPN-C ~]# cd  nginx-1.13.5

[root@OpenVPN-C nginx-1.13.5]# ./configure --prefix=/usr/local/nginx

./configure: error: the HTTP rewrite module requires the PCRE library.

You can either disable the module by using --without-http_rewrite_module

option, or install the PCRE library into the system, or build the PCRE library

statically from the source with nginx by using --with-pcre=<path> option.

[root@OpenVPN-C nginx-1.13.5]# yum  -y install prce-devel

[root@OpenVPN-C nginx-1.13.5]# /usr/sbin/groupadd -f www

[root@OpenVPN-C nginx-1.13.5]# /usr/sbin/useradd -g www www

[root@OpenVPN-C nginx-1.13.5]# ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module

[root@OpenVPN-C nginx-1.13.5]# make

[root@OpenVPN-C nginx-1.13.5]# ls

auto  CHANGES  CHANGES.ru  conf  configure  contrib  html  LICENSE  Makefile  man  objs  README  src

[root@OpenVPN-C ]# tar   xzvf spawn-fcgi-1.6.4.tar.gz

[root@OpenVPN-C spawn-fcgi-1.6.4]# ls

aclocal.m4  autom4te.cache  config.h.in    configure     depcomp     Makefile     missing      README        stamp-h1

AUTHORS     CMakeLists.txt  config.log     configure.ac  doc         Makefile.am  NEWS         spawn-fcgi.1

autogen.sh  config.h        config.status  COPYING       install-sh  Makefile.in  packdist.sh  src

[root@OpenVPN-C spawn-fcgi-1.6.4]# ./autogen.sh

./autogen.sh: line 11: autoreconf: command not found

[root@OpenVPN-C spawn-fcgi-1.6.4]# yum install autoconf automake libtool

[root@OpenVPN-C spawn-fcgi-1.6.4]# ./autogen.sh

configure.ac:9: installing `./install-sh'

configure.ac:9: installing `./missing'

src/Makefile.am: installing `./depcomp'

Now type './configure ...' and 'make' to compile.

[root@OpenVPN-C spawn-fcgi-1.6.4]# ./configure

[root@OpenVPN-C spawn-fcgi-1.6.4]# make

[root@OpenVPN-C spawn-fcgi-1.6.4]# ls

aclocal.m4  autom4te.cache  config.h.in    configure     depcomp     Makefile     missing      README        stamp-h1

AUTHORS     CMakeLists.txt  config.log     configure.ac  doc         Makefile.am  NEWS         spawn-fcgi.1

autogen.sh  config.h        config.status  COPYING       install-sh  Makefile.in  packdist.sh  src

[root@OpenVPN-C spawn-fcgi-1.6.4]# cp src/spawn-fcgi

spawn-fcgi    spawn-fcgi.c  spawn-fcgi.o

[root@OpenVPN-C spawn-fcgi-1.6.4]# cp src/spawn-fcgi /usr/local/nginx/sbin/

[root@OpenVPN-C ~]# tar  xzvf fcgi-2.4.0.tar.gz

[root@OpenVPN-C ~]# cd fcgi-2.4.0

[root@OpenVPN-C fcgi-2.4.0~]# ./configure

[root@OpenVPN-C fcgi-2.4.0~]# make && make install

颁发证书

[root@OpenVPN-C ~]# cd /etc/pki/tls/certs

[root@OpenVPN-C certs]# make server.key

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > server.key

Generating RSA private key, 2048 bit long modulus

......................................................++++++

.............++++++

e is 61251 (0x10001)

Enter pass phrase: 654321 #设置密码

Verifying - Enter pass phrase: 654321

# remove passphrase from private key

[root@localhost certs]# openssl rsa -in server.key -out server.key

Enter pass phrase for server.key: 654321 #输入密码

writing RSA key

[root@OpenVPN-C certs]# make server.csr

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN #国家名称

State or Province Name (full name) [e]:Beijing   #州或省的名称

Locality Name (eg, city) [Default City]:Beijing  #地点名称（如城市）

Organization Name (eg, company) [Default Company Ltd]:Test   机构名称（如公司）

Organizational Unit Name (eg, section) []:Test Haha   组织单位名称（如部分）

Common Name (eg, your server's hostname) []:www.test.com   #常见的名字（例如，您的服务器的主机名）

Email Address []:admin@test.com # 电子邮件地址

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:# 挑战密码

An optional company name []:#一个可选的公司名称

[root@OpenVPN-C certs]#

[root@OpenVPN-C certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok

subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=Test Haha/CN=www.test.com,/emailAddress=admin@test.com

Getting Private key

[root@OpenVPN-C certs]# chmod 400 server.*

Nginx配置文件

worker_processes  2;

worker_cpu_affinity 01 10;

events {

worker_connections  1024;

}

http {

include       mime.types;

default_type  application/octet-stream;

sendfile        on;

tcp_nopush     on;

keepalive_timeout  65;

fastcgi_cache_path  /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=cache_fcgi:10m inactive=5m;

server_names_hash_bucket_size 128;

client_header_buffer_size 2k;

large_client_header_buffers 4 4k;

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 64k;

fastcgi_buffers 4 64k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 128k;

fastcgi_cache cache_fcgi;

fastcgi_cache_key $host$request_uri;

fastcgi_cache_valid 200 302 1h;

fastcgi_cache_valid 301 1d;

fastcgi_cache_valid any 1m;

fastcgi_cache_use_stale error  timeout invalid_header http_500;

server {

listen       8088;

server_name  localhost;

ssl on;

ssl_certificate /etc/pki/tls/certs/server.crt;

ssl_certificate_key /etc/pki/tls/certs/server.key;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

ssl_prefer_server_ciphers on;

location / {

root   html;

index  index.html index.htm;

}

error_page   500 502 503 504  /50x.html;

location = /50x.html {

root   html;

}

location ~ \.cgi$ {

fastcgi_pass   127.0.0.1:9000;

fastcgi_index  index.cgi;

fastcgi_param  SCRIPT_FILENAME  $fastcgi_script_name;

include        fastcgi_params;

}

}

}

fastcgi_cache_path  /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=cache_fcgi:10m inactive=5m; #缓存路径文件，目录结构等级，关键字区域实际和非活动时间

fastcgi_connect_timeout=300; #连接到后端fastcgi超时时间

fastcgi_send_timeout=300;    #向fastcgi请求超时时间(这个指定值已经完成两次握手后向fastcgi传送请求的超时时间)

fastcgi_rend_timeout=300; #接收fastcgi应答超时时间，同理也是2次握手后

fastcgi_buffer_size=64k;   #读取fastcgi应答第一部分需要多大缓冲区，该值表示使用1个64kb的缓冲区读取应答第一部分(应答头),可以设置为fastcgi_buffers选项缓冲区大小

fastcgi_buffers 4 64k;#指定本地需要多少和多大的缓冲区来缓冲fastcgi应答请求，假设一个php或java脚本所产生页面大小为256kb,那么会为其分配4个64kb的缓冲来缓存；若页面大于256kb,那么大于的256kb的部分会缓存到fastcgi_temp指定路径中，这并非是个好办法，内存数据处理快于硬盘，一般该值应该为站点中php/java脚本所产生页面大小中间值，如果站点大部分脚本所产生的页面大小为256kb，那么可把值设置为16 16k,4 64k等

fastcgi_busy_buffers_size 128k; #默认值是fastcgi_buffer的2倍

fastcgi_temp_file_write_size 128k;#写入缓存文件使用多大的数据块，默认值是fastcgi_buffer的2倍

fastcgi_cache cache_fcgi;#开启fastcgi缓存并为其指定为TEST名称，降低cpu负载,防止502错误发生.

#应答代码缓存时间，200和302应答缓存为1个小时，301一天,其他1分钟

fastcgi_cache_valid 200 302 1h;

fastcgi_cache_valid 301 1d;

fastcgi_cache_valid any 1m;

fastcgi_cache_key $host$request_uri;定义fastcgi_cache的key，示例中就以请求的URI作为缓存的key，Nginx会取这个key的md5作为缓存文件，如果设置了缓存哈希目录，Nginx会从后往前取相应的位数做为目录

[root@OpenVPN-C nginx-1.13.5]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@OpenVPN-C nginx-1.13.5]# /usr/local/nginx/sbin/nginx

2)可用“kill -HUP 主进程id ”命令(如：kill -HUP 1)重新加载配置文件。

3)可用“kill -QUIT 主进程id” 命令(如：kill -QUIT 1)关闭Nginx。

测试Nginx

浏览器输入：https://IP:8088/

测试FastCGI

编写了如下的测试程序test.c，代码如下：

#include <stdio.h>

#include <fcgi_stdio.h>

#include <stdlib.h>

int main()

{

int count = 0;

while (FCGI_Accept() >= 0)

{

printf("Content-type: text/html\r\n"

"\r\n"

""

"FastCGI Hello!"

"Rrunning on host [%s] Get str is [%s] "

"Process ID: [%d]\n", getenv("SERVER_NAME"),getenv("QUERY_STRING"), getpid());

}

return 0;

}

[root@OpenVPN-C ~]#gcc -g -o test test.c -lfcgi

[root@OpenVPN-C ~]#mv  test /usr/local/nginx/sbin/

[root@OpenVPN-C ~]#/usr/local/nginx/sbin/spawn-fcgi -a 127.0.0.1 -p 9000 -f /usr/local/nginx/sbin/test -n

浏览器输入：https://IP:8088/test.cgi?hellofcgi

FastCGI Hello!Rrunning on host [localhost] Get str is [hellofcgi] Process ID: [2645]

本文转自 Linux_woniu 51CTO博客，原文链接:http://blog.51cto.com/linuxcgi/1969112