nginx源码安装和常用模块
一、准备工作
下载源码包
1 | wget https://nginx.org/download/nginx-1.20.1.tar.gz |
解压
1 2 | ➜ soft-packages ls nginx-1.22.1auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src |
-
auto目录:用于编译时的文件,以及相关lib库,编译时对操作系统的判断等,都是为了辅助./configure命令执行的辅助文件。
-
CHANGES文件:就是当前版本的说明信息,比如新增的功能,修复的bug,变更的功能等
-
CHANGES.ru文件:作者是俄罗斯人,生成了一份俄罗斯语言的CHANGE文件
-
conf目录:是nginx编译安装后的默认配置文件或者示列文件,安装时会拷贝到安装的文件夹里面。
-
configure文件:编译安装前的预备执行文件。
-
contrib目录:该目录是为了方便vim编码nginx的配置文件时候,颜色突出显示,可以将该目录拷贝到自己的~/.vim目录下面
cp -rf contrib/vim/* ~/.vim/这样vim打开nginx配置文件就有突出的颜色显示。 -
html目录:编译安装的默认的2个标准web页面,安装后会自动拷贝到nginx的安装目录下的html下。
-
man目录:nginx命令的帮助文档,linux上可以使用man命令查看帮助,
-
src:nginx的源码文件
所有的编译选项如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 | ./configure --help --help print this message --prefix=PATH set installation prefix --sbin-path=PATH set nginx binary pathname --modules-path=PATH set modules path --conf-path=PATH set nginx.conf pathname --error-log-path=PATH set error log pathname --pid-path=PATH set nginx.pid pathname --lock-path=PATH set nginx.lock pathname --user=USER set non-privileged user for worker processes --group=GROUP set non-privileged group for worker processes --build=NAME set build name --builddir=DIR set build directory --with-select_module enable select module --without-select_module disable select module --with-poll_module enable poll module --without-poll_module disable poll module --with-threads enable thread pool support --with-file-aio enable file AIO support --with-http_ssl_module enable ngx_http_ssl_module --with-http_v2_module enable ngx_http_v2_module --with-http_realip_module enable ngx_http_realip_module --with-http_addition_module enable ngx_http_addition_module --with-http_xslt_module enable ngx_http_xslt_module --with-http_xslt_module=dynamic enable dynamic ngx_http_xslt_module --with-http_image_filter_module enable ngx_http_image_filter_module --with-http_image_filter_module=dynamic enable dynamic ngx_http_image_filter_module --with-http_geoip_module enable ngx_http_geoip_module --with-http_geoip_module=dynamic enable dynamic ngx_http_geoip_module --with-http_sub_module enable ngx_http_sub_module --with-http_dav_module enable ngx_http_dav_module --with-http_flv_module enable ngx_http_flv_module --with-http_mp4_module enable ngx_http_mp4_module --with-http_gunzip_module enable ngx_http_gunzip_module --with-http_gzip_static_module enable ngx_http_gzip_static_module --with-http_auth_request_module enable ngx_http_auth_request_module --with-http_random_index_module enable ngx_http_random_index_module --with-http_secure_link_module enable ngx_http_secure_link_module --with-http_degradation_module enable ngx_http_degradation_module --with-http_slice_module enable ngx_http_slice_module --with-http_stub_status_module enable ngx_http_stub_status_module --without-http_charset_module disable ngx_http_charset_module --without-http_gzip_module disable ngx_http_gzip_module --without-http_ssi_module disable ngx_http_ssi_module --without-http_userid_module disable ngx_http_userid_module --without-http_access_module disable ngx_http_access_module --without-http_auth_basic_module disable ngx_http_auth_basic_module --without-http_mirror_module disable ngx_http_mirror_module --without-http_autoindex_module disable ngx_http_autoindex_module --without-http_geo_module disable ngx_http_geo_module --without-http_map_module disable ngx_http_map_module --without-http_split_clients_module disable ngx_http_split_clients_module --without-http_referer_module disable ngx_http_referer_module --without-http_rewrite_module disable ngx_http_rewrite_module --without-http_proxy_module disable ngx_http_proxy_module --without-http_fastcgi_module disable ngx_http_fastcgi_module --without-http_uwsgi_module disable ngx_http_uwsgi_module --without-http_scgi_module disable ngx_http_scgi_module --without-http_grpc_module disable ngx_http_grpc_module --without-http_memcached_module disable ngx_http_memcached_module --without-http_limit_conn_module disable ngx_http_limit_conn_module --without-http_limit_req_module disable ngx_http_limit_req_module --without-http_empty_gif_module disable ngx_http_empty_gif_module --without-http_browser_module disable ngx_http_browser_module --without-http_upstream_hash_module disable ngx_http_upstream_hash_module --without-http_upstream_ip_hash_module disable ngx_http_upstream_ip_hash_module --without-http_upstream_least_conn_module disable ngx_http_upstream_least_conn_module --without-http_upstream_random_module disable ngx_http_upstream_random_module --without-http_upstream_keepalive_module disable ngx_http_upstream_keepalive_module --without-http_upstream_zone_module disable ngx_http_upstream_zone_module --with-http_perl_module enable ngx_http_perl_module --with-http_perl_module=dynamic enable dynamic ngx_http_perl_module --with-perl_modules_path=PATH set Perl modules path --with-perl=PATH set perl binary pathname --http-log-path=PATH set http access log pathname --http-client-body-temp-path=PATH set path to store http client request body temporary files --http-proxy-temp-path=PATH set path to store http proxy temporary files --http-fastcgi-temp-path=PATH set path to store http fastcgi temporary files --http-uwsgi-temp-path=PATH set path to store http uwsgi temporary files --http-scgi-temp-path=PATH set path to store http scgi temporary files --without-http disable HTTP server --without-http-cache disable HTTP cache --with-mail enable POP3/IMAP4/SMTP proxy module --with-mail=dynamic enable dynamic POP3/IMAP4/SMTP proxy module --with-mail_ssl_module enable ngx_mail_ssl_module --without-mail_pop3_module disable ngx_mail_pop3_module --without-mail_imap_module disable ngx_mail_imap_module --without-mail_smtp_module disable ngx_mail_smtp_module --with-stream enable TCP/UDP proxy module --with-stream=dynamic enable dynamic TCP/UDP proxy module --with-stream_ssl_module enable ngx_stream_ssl_module --with-stream_realip_module enable ngx_stream_realip_module --with-stream_geoip_module enable ngx_stream_geoip_module --with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module --with-stream_ssl_preread_module enable ngx_stream_ssl_preread_module --without-stream_limit_conn_module disable ngx_stream_limit_conn_module --without-stream_access_module disable ngx_stream_access_module --without-stream_geo_module disable ngx_stream_geo_module --without-stream_map_module disable ngx_stream_map_module --without-stream_split_clients_module disable ngx_stream_split_clients_module --without-stream_return_module disable ngx_stream_return_module --without-stream_upstream_hash_module disable ngx_stream_upstream_hash_module --without-stream_upstream_least_conn_module disable ngx_stream_upstream_least_conn_module --without-stream_upstream_random_module disable ngx_stream_upstream_random_module --without-stream_upstream_zone_module disable ngx_stream_upstream_zone_module --with-google_perftools_module enable ngx_google_perftools_module --with-cpp_test_module enable ngx_cpp_test_module --add-module=PATH enable external module --add-dynamic-module=PATH enable dynamic external module --with-compat dynamic modules compatibility --with-cc=PATH set C compiler pathname --with-cpp=PATH set C preprocessor pathname --with-cc-opt=OPTIONS set additional C compiler options --with-ld-opt=OPTIONS set additional linker options --with-cpu-opt=CPU build for the specified CPU, valid values: pentium, pentiumpro, pentium3, pentium4, athlon, opteron, sparc32, sparc64, ppc64 --without-pcre disable PCRE library usage --with-pcre force PCRE library usage --with-pcre=DIR set path to PCRE library sources --with-pcre-opt=OPTIONS set additional build options for PCRE --with-pcre-jit build PCRE with JIT compilation support --with-zlib=DIR set path to zlib library sources --with-zlib-opt=OPTIONS set additional build options for zlib --with-zlib-asm=CPU use zlib assembler sources optimized for the specified CPU, valid values: pentium, pentiumpro --with-libatomic force libatomic_ops library usage --with-libatomic=DIR set path to libatomic_ops library sources --with-openssl=DIR set path to OpenSSL library sources --with-openssl-opt=OPTIONS set additional build options for OpenSSL --with-debug enable debug logging |
编译选项
1 | ./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules <br>--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log <br>--http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy <br>--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi <br>--http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx <br>--user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_auth_request_module --with-http_ssl_module <br>--with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic <br>--with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module <br>--with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module <br>--with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module <br>--with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre <br>--with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug <br>--with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' <br>--with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' --add-module=/root/nginx-1.16.1/src/nginx-auth-ldap |
编译安装
1 | # make && make install |
二、安装编译库文件
1 2 3 4 | # yum -y install libxml2 libxml2-dev libxslt-devel perl-devel perl-ExtUtils-Embed GeoIP GeoIP-devel GeoIP-data缺少GD库换成163的yum源# yum install gd-devel pcre-devel libcurl-devel gperftoo |
安装ldap模块
编译nginx-auth-ldap模块需要ldap.h头文件,所以需要先安装ldap库
#yum -y install openldap-devel
到nginx的src目录下下载ldap模块
#cd src/#git clone https://github.com/kvspb/nginx-auth-ldap.git执行完,当前路径下会多一个目录 nginx-auth-ldap
1 2 3 4 5 6 7 8 9 10 11 | # /usr/sbin/nginxnginx: [emerg] getpwnam("nginx") failed# useradd -s /sbin/nologin -M nginx# id nginxuid=1000(nginx) gid=1000(nginx) 组=1000(nginx)# /usr/sbin/nginx -s reloadnginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory)# mkdir -p /var/lib/nginx/tmp/client_body# /usr/sbin/nginx |
三、把nginx加入systemd管理
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | # chmod +x /usr/lib/systemd/system/nginx.service# vim /usr/lib/systemd/system/nginx.service (注意具体的编译时路径!!!)[Unit] //对服务的说明Description=nginx high performance web server //描述服务After=network.target remote-fs.target nss-lookup.target //描述服务类别[Service] //服务的一些具体运行参数的设置Type=forking //后台运行的形式PIDFile=/srv/nginx/logs/nginx.pid //PID文件的路径ExecStartPre=/srv/nginx/sbin/nginx -t -c /srv/nginx/conf/nginx.conf //启动准备ExecStart=/srv/nginx/sbin/nginx -c /srv/nginx/conf/nginx.conf //启动命令ExecReload=/srv/nginx/sbin/nginx -s reload //重启命令ExecStop=/srv/nginx/sbin/nginx -s stop //停止命令ExecQuit=/srv/nginx/sbin/nginx -s quit //快速停止PrivateTmp=true //给服务分配临时空间[Install]WantedBy=multi-user.target //服务用户的模式 |
重载systemd配置文件
1 2 3 4 5 6 7 8 | systemctl daemon-reloadsystemctl start nginx.servicesystemctl enable nginx.service/etc/init.d/nginx stop/etc/init.d/nginx start/usr/local/nginx/sbin/nginx -s reload #已经重启成功 |
四、安装完成还有一堆麻烦事
1、启动测试报错
1 2 3 | # /srv/nginx/sbin/nginx nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)nginx: [emerg] still could not bind() |
端口被占用
2、systemctl 查看状态
1 2 | # systemctl status nginx Unit nginx.service could not be found. |
3、启动服务
在启动服务之前,需要先重载systemctl命令
1 2 | # systemctl daemon-reload# systemctl start nginx.service |
4、报错
# systemctl status nginx.service -l
5、# ps aux|grep nginx
1 2 3 4 5 6 7 8 9 | root 11675 0.0 0.1 46088 1156 ? Ss 02:20 0:00 nginx: master process /srv/ngin/sbin/nginxnobody 11676 0.0 0.2 46548 2180 ? S 02:20 0:00 nginx: worker processroot 28181 0.0 0.0 112660 968 pts/0 R+ 02:35 0:00 grep --color=auto nginx# kill -9 11675# kill -9 11676# ps aux|grep nginxroot 28183 0.0 0.0 112660 964 pts/0 R+ 02:35 0:00 grep --color=auto nginx# systemctl restart nginx# systemctl status nginx |
五、nginx常用模块
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | 1、ngx_http_core_module #包括一些核心的http参数配置,对应Nginx的配置为HTTP区块部分2、ngx_http_access_module #访问控制模块,用来控制网站用户对Nginx的访问3、ngx_http_gzip_module #压缩模块,对Nginx返回的数据压缩,属于性能优化模块4、ngx_http_fastcgi_module #FastCGI模块,和 动态应用相关的模块,例如PHP5、ngx_http_proxy_module #Proxy代理模块6、ngx_http_upstream_module #负载均衡模块,可以实现网站的负载均衡功能及节点的健康检查7、ngx_http_rewrite_module #URL地址重写模块8、ngx_http_limit_conn_module #限制用户并发连接数及请求数模块9、ngx_http_limit_req_module #根据定义的key限制Nginx请求过程的速率10、ngx_http_log_module #访问日志模块,以指定的格式记录Nginx客户访问日志等信息11、ngx_http_auth_basic_module #Web认证模块,设置Web用户通过账号、密码访问Nginx12、ngx_http_ssl_module #ssl模块,用于加密的http连接,如https13、ngx_http_stub_status_module #记录Nginx基本访问状态信息等模块14、nginx-auth-ldap #ldap模块15、--with-http_stub_status_module #替换掉返回给客户端数据的指定内容 |
六、nginx限流
1、ab压测访问
1 | # ab -c 1 -n 10 http://192.168.40.132/ |
2、iptables禁止ip
1 2 3 | # iptables -I INPUT -s 192.168.40.132 -ptcp --dport 80 -j DROP# curl 192.168.40.132curl: (7) Failed connect to 192.168.40.132:80; 连接超时 |
3、nginx配置文件里面限制
