nginx源码安装和常用模块
一、准备工作
下载源码包
wget https://nginx.org/download/nginx-1.20.1.tar.gz
解压
➜ soft-packages ls nginx-1.22.1 auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src
-
auto目录:用于编译时的文件,以及相关lib库,编译时对操作系统的判断等,都是为了辅助./configure命令执行的辅助文件。
-
CHANGES文件:就是当前版本的说明信息,比如新增的功能,修复的bug,变更的功能等
-
CHANGES.ru文件:作者是俄罗斯人,生成了一份俄罗斯语言的CHANGE文件
-
conf目录:是nginx编译安装后的默认配置文件或者示列文件,安装时会拷贝到安装的文件夹里面。
-
configure文件:编译安装前的预备执行文件。
-
contrib目录:该目录是为了方便vim编码nginx的配置文件时候,颜色突出显示,可以将该目录拷贝到自己的~/.vim目录下面
cp -rf contrib/vim/* ~/.vim/这样vim打开nginx配置文件就有突出的颜色显示。 -
html目录:编译安装的默认的2个标准web页面,安装后会自动拷贝到nginx的安装目录下的html下。
-
man目录:nginx命令的帮助文档,linux上可以使用man命令查看帮助,
-
src:nginx的源码文件
所有的编译选项如下:
./configure --help
--help print this message
--prefix=PATH set installation prefix
--sbin-path=PATH set nginx binary pathname
--modules-path=PATH set modules path
--conf-path=PATH set nginx.conf pathname
--error-log-path=PATH set error log pathname
--pid-path=PATH set nginx.pid pathname
--lock-path=PATH set nginx.lock pathname
--user=USER set non-privileged user for
worker processes
--group=GROUP set non-privileged group for
worker processes
--build=NAME set build name
--builddir=DIR set build directory
--with-select_module enable select module
--without-select_module disable select module
--with-poll_module enable poll module
--without-poll_module disable poll module
--with-threads enable thread pool support
--with-file-aio enable file AIO support
--with-http_ssl_module enable ngx_http_ssl_module
--with-http_v2_module enable ngx_http_v2_module
--with-http_realip_module enable ngx_http_realip_module
--with-http_addition_module enable ngx_http_addition_module
--with-http_xslt_module enable ngx_http_xslt_module
--with-http_xslt_module=dynamic enable dynamic ngx_http_xslt_module
--with-http_image_filter_module enable ngx_http_image_filter_module
--with-http_image_filter_module=dynamic
enable dynamic ngx_http_image_filter_module
--with-http_geoip_module enable ngx_http_geoip_module
--with-http_geoip_module=dynamic enable dynamic ngx_http_geoip_module
--with-http_sub_module enable ngx_http_sub_module
--with-http_dav_module enable ngx_http_dav_module
--with-http_flv_module enable ngx_http_flv_module
--with-http_mp4_module enable ngx_http_mp4_module
--with-http_gunzip_module enable ngx_http_gunzip_module
--with-http_gzip_static_module enable ngx_http_gzip_static_module
--with-http_auth_request_module enable ngx_http_auth_request_module
--with-http_random_index_module enable ngx_http_random_index_module
--with-http_secure_link_module enable ngx_http_secure_link_module
--with-http_degradation_module enable ngx_http_degradation_module
--with-http_slice_module enable ngx_http_slice_module
--with-http_stub_status_module enable ngx_http_stub_status_module
--without-http_charset_module disable ngx_http_charset_module
--without-http_gzip_module disable ngx_http_gzip_module
--without-http_ssi_module disable ngx_http_ssi_module
--without-http_userid_module disable ngx_http_userid_module
--without-http_access_module disable ngx_http_access_module
--without-http_auth_basic_module disable ngx_http_auth_basic_module
--without-http_mirror_module disable ngx_http_mirror_module
--without-http_autoindex_module disable ngx_http_autoindex_module
--without-http_geo_module disable ngx_http_geo_module
--without-http_map_module disable ngx_http_map_module
--without-http_split_clients_module disable ngx_http_split_clients_module
--without-http_referer_module disable ngx_http_referer_module
--without-http_rewrite_module disable ngx_http_rewrite_module
--without-http_proxy_module disable ngx_http_proxy_module
--without-http_fastcgi_module disable ngx_http_fastcgi_module
--without-http_uwsgi_module disable ngx_http_uwsgi_module
--without-http_scgi_module disable ngx_http_scgi_module
--without-http_grpc_module disable ngx_http_grpc_module
--without-http_memcached_module disable ngx_http_memcached_module
--without-http_limit_conn_module disable ngx_http_limit_conn_module
--without-http_limit_req_module disable ngx_http_limit_req_module
--without-http_empty_gif_module disable ngx_http_empty_gif_module
--without-http_browser_module disable ngx_http_browser_module
--without-http_upstream_hash_module
disable ngx_http_upstream_hash_module
--without-http_upstream_ip_hash_module
disable ngx_http_upstream_ip_hash_module
--without-http_upstream_least_conn_module
disable ngx_http_upstream_least_conn_module
--without-http_upstream_random_module
disable ngx_http_upstream_random_module
--without-http_upstream_keepalive_module
disable ngx_http_upstream_keepalive_module
--without-http_upstream_zone_module
disable ngx_http_upstream_zone_module
--with-http_perl_module enable ngx_http_perl_module
--with-http_perl_module=dynamic enable dynamic ngx_http_perl_module
--with-perl_modules_path=PATH set Perl modules path
--with-perl=PATH set perl binary pathname
--http-log-path=PATH set http access log pathname
--http-client-body-temp-path=PATH set path to store
http client request body temporary files
--http-proxy-temp-path=PATH set path to store
http proxy temporary files
--http-fastcgi-temp-path=PATH set path to store
http fastcgi temporary files
--http-uwsgi-temp-path=PATH set path to store
http uwsgi temporary files
--http-scgi-temp-path=PATH set path to store
http scgi temporary files
--without-http disable HTTP server
--without-http-cache disable HTTP cache
--with-mail enable POP3/IMAP4/SMTP proxy module
--with-mail=dynamic enable dynamic POP3/IMAP4/SMTP proxy module
--with-mail_ssl_module enable ngx_mail_ssl_module
--without-mail_pop3_module disable ngx_mail_pop3_module
--without-mail_imap_module disable ngx_mail_imap_module
--without-mail_smtp_module disable ngx_mail_smtp_module
--with-stream enable TCP/UDP proxy module
--with-stream=dynamic enable dynamic TCP/UDP proxy module
--with-stream_ssl_module enable ngx_stream_ssl_module
--with-stream_realip_module enable ngx_stream_realip_module
--with-stream_geoip_module enable ngx_stream_geoip_module
--with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module
--with-stream_ssl_preread_module enable ngx_stream_ssl_preread_module
--without-stream_limit_conn_module disable ngx_stream_limit_conn_module
--without-stream_access_module disable ngx_stream_access_module
--without-stream_geo_module disable ngx_stream_geo_module
--without-stream_map_module disable ngx_stream_map_module
--without-stream_split_clients_module
disable ngx_stream_split_clients_module
--without-stream_return_module disable ngx_stream_return_module
--without-stream_upstream_hash_module
disable ngx_stream_upstream_hash_module
--without-stream_upstream_least_conn_module
disable ngx_stream_upstream_least_conn_module
--without-stream_upstream_random_module
disable ngx_stream_upstream_random_module
--without-stream_upstream_zone_module
disable ngx_stream_upstream_zone_module
--with-google_perftools_module enable ngx_google_perftools_module
--with-cpp_test_module enable ngx_cpp_test_module
--add-module=PATH enable external module
--add-dynamic-module=PATH enable dynamic external module
--with-compat dynamic modules compatibility
--with-cc=PATH set C compiler pathname
--with-cpp=PATH set C preprocessor pathname
--with-cc-opt=OPTIONS set additional C compiler options
--with-ld-opt=OPTIONS set additional linker options
--with-cpu-opt=CPU build for the specified CPU, valid values:
pentium, pentiumpro, pentium3, pentium4,
athlon, opteron, sparc32, sparc64, ppc64
--without-pcre disable PCRE library usage
--with-pcre force PCRE library usage
--with-pcre=DIR set path to PCRE library sources
--with-pcre-opt=OPTIONS set additional build options for PCRE
--with-pcre-jit build PCRE with JIT compilation support
--with-zlib=DIR set path to zlib library sources
--with-zlib-opt=OPTIONS set additional build options for zlib
--with-zlib-asm=CPU use zlib assembler sources optimized
for the specified CPU, valid values:
pentium, pentiumpro
--with-libatomic force libatomic_ops library usage
--with-libatomic=DIR set path to libatomic_ops library sources
--with-openssl=DIR set path to OpenSSL library sources
--with-openssl-opt=OPTIONS set additional build options for OpenSSL
--with-debug enable debug logging
编译选项
./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log
--http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx
--user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_auth_request_module --with-http_ssl_module
--with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic
--with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module
--with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module
--with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module
--with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre
--with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug
--with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic'
--with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' --add-module=/root/nginx-1.16.1/src/nginx-auth-ldap
编译安装
# make && make install
二、安装编译库文件
# yum -y install libxml2 libxml2-dev libxslt-devel perl-devel perl-ExtUtils-Embed GeoIP GeoIP-devel GeoIP-data 缺少GD库换成163的yum源 # yum install gd-devel pcre-devel libcurl-devel gperftoo
安装ldap模块
编译nginx-auth-ldap模块需要ldap.h头文件,所以需要先安装ldap库
#yum -y install openldap-devel
到nginx的src目录下下载ldap模块
#cd src/#git clone https://github.com/kvspb/nginx-auth-ldap.git执行完,当前路径下会多一个目录 nginx-auth-ldap
# /usr/sbin/nginx
nginx: [emerg] getpwnam("nginx") failed
# useradd -s /sbin/nologin -M nginx
# id nginx
uid=1000(nginx) gid=1000(nginx) 组=1000(nginx)
# /usr/sbin/nginx -s reload
nginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory)
# mkdir -p /var/lib/nginx/tmp/client_body
# /usr/sbin/nginx
三、把nginx加入systemd管理
# chmod +x /usr/lib/systemd/system/nginx.service # vim /usr/lib/systemd/system/nginx.service (注意具体的编译时路径!!!) [Unit] //对服务的说明 Description=nginx high performance web server //描述服务 After=network.target remote-fs.target nss-lookup.target //描述服务类别 [Service] //服务的一些具体运行参数的设置 Type=forking //后台运行的形式 PIDFile=/srv/nginx/logs/nginx.pid //PID文件的路径 ExecStartPre=/srv/nginx/sbin/nginx -t -c /srv/nginx/conf/nginx.conf //启动准备 ExecStart=/srv/nginx/sbin/nginx -c /srv/nginx/conf/nginx.conf //启动命令 ExecReload=/srv/nginx/sbin/nginx -s reload //重启命令 ExecStop=/srv/nginx/sbin/nginx -s stop //停止命令 ExecQuit=/srv/nginx/sbin/nginx -s quit //快速停止 PrivateTmp=true //给服务分配临时空间 [Install] WantedBy=multi-user.target //服务用户的模式
重载systemd配置文件
systemctl daemon-reload systemctl start nginx.service systemctl enable nginx.service /etc/init.d/nginx stop /etc/init.d/nginx start /usr/local/nginx/sbin/nginx -s reload #已经重启成功
四、安装完成还有一堆麻烦事
1、启动测试报错
# /srv/nginx/sbin/nginx nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] still could not bind()
端口被占用
2、systemctl 查看状态
# systemctl status nginx Unit nginx.service could not be found.
3、启动服务
在启动服务之前,需要先重载systemctl命令
# systemctl daemon-reload # systemctl start nginx.service
4、报错
# systemctl status nginx.service -l
5、# ps aux|grep nginx
root 11675 0.0 0.1 46088 1156 ? Ss 02:20 0:00 nginx: master process /srv/ngin/sbin/nginx nobody 11676 0.0 0.2 46548 2180 ? S 02:20 0:00 nginx: worker process root 28181 0.0 0.0 112660 968 pts/0 R+ 02:35 0:00 grep --color=auto nginx # kill -9 11675 # kill -9 11676 # ps aux|grep nginx root 28183 0.0 0.0 112660 964 pts/0 R+ 02:35 0:00 grep --color=auto nginx # systemctl restart nginx # systemctl status nginx
五、nginx常用模块
1、ngx_http_core_module #包括一些核心的http参数配置,对应Nginx的配置为HTTP区块部分 2、ngx_http_access_module #访问控制模块,用来控制网站用户对Nginx的访问 3、ngx_http_gzip_module #压缩模块,对Nginx返回的数据压缩,属于性能优化模块 4、ngx_http_fastcgi_module #FastCGI模块,和 动态应用相关的模块,例如PHP 5、ngx_http_proxy_module #Proxy代理模块 6、ngx_http_upstream_module #负载均衡模块,可以实现网站的负载均衡功能及节点的健康检查 7、ngx_http_rewrite_module #URL地址重写模块 8、ngx_http_limit_conn_module #限制用户并发连接数及请求数模块 9、ngx_http_limit_req_module #根据定义的key限制Nginx请求过程的速率 10、ngx_http_log_module #访问日志模块,以指定的格式记录Nginx客户访问日志等信息 11、ngx_http_auth_basic_module #Web认证模块,设置Web用户通过账号、密码访问Nginx 12、ngx_http_ssl_module #ssl模块,用于加密的http连接,如https 13、ngx_http_stub_status_module #记录Nginx基本访问状态信息等模块 14、nginx-auth-ldap #ldap模块 15、--with-http_stub_status_module #替换掉返回给客户端数据的指定内容
六、nginx限流
1、ab压测访问
# ab -c 1 -n 10 http://192.168.40.132/
2、iptables禁止ip
# iptables -I INPUT -s 192.168.40.132 -ptcp --dport 80 -j DROP # curl 192.168.40.132 curl: (7) Failed connect to 192.168.40.132:80; 连接超时
3、nginx配置文件里面限制
