nginx源码安装和常用模块

一、准备工作

下载源码包

wget https://nginx.org/download/nginx-1.20.1.tar.gz

解压

➜  soft-packages ls  nginx-1.22.1
auto  CHANGES  CHANGES.ru  conf  configure  contrib  html  LICENSE  man  README  src
  • auto目录:用于编译时的文件,以及相关lib库,编译时对操作系统的判断等,都是为了辅助./configure命令执行的辅助文件。

  • CHANGES文件:就是当前版本的说明信息,比如新增的功能,修复的bug,变更的功能等

  • CHANGES.ru文件:作者是俄罗斯人,生成了一份俄罗斯语言的CHANGE文件

  • conf目录:是nginx编译安装后的默认配置文件或者示列文件,安装时会拷贝到安装的文件夹里面。

  • configure文件:编译安装前的预备执行文件。

  • contrib目录:该目录是为了方便vim编码nginx的配置文件时候,颜色突出显示,可以将该目录拷贝到自己的~/.vim目录下面

    cp -rf contrib/vim/* ~/.vim/ 这样vim打开nginx配置文件就有突出的颜色显示。

  • html目录:编译安装的默认的2个标准web页面,安装后会自动拷贝到nginx的安装目录下的html下。

  • man目录:nginx命令的帮助文档,linux上可以使用man命令查看帮助,

  • src:nginx的源码文件

所有的编译选项如下:

./configure  --help

  --help                             print this message

  --prefix=PATH                      set installation prefix
  --sbin-path=PATH                   set nginx binary pathname
  --modules-path=PATH                set modules path
  --conf-path=PATH                   set nginx.conf pathname
  --error-log-path=PATH              set error log pathname
  --pid-path=PATH                    set nginx.pid pathname
  --lock-path=PATH                   set nginx.lock pathname

  --user=USER                        set non-privileged user for
                                     worker processes
  --group=GROUP                      set non-privileged group for
                                     worker processes

  --build=NAME                       set build name
  --builddir=DIR                     set build directory

  --with-select_module               enable select module
  --without-select_module            disable select module
  --with-poll_module                 enable poll module
  --without-poll_module              disable poll module

  --with-threads                     enable thread pool support

  --with-file-aio                    enable file AIO support

  --with-http_ssl_module             enable ngx_http_ssl_module
  --with-http_v2_module              enable ngx_http_v2_module
  --with-http_realip_module          enable ngx_http_realip_module
  --with-http_addition_module        enable ngx_http_addition_module
  --with-http_xslt_module            enable ngx_http_xslt_module
  --with-http_xslt_module=dynamic    enable dynamic ngx_http_xslt_module
  --with-http_image_filter_module    enable ngx_http_image_filter_module
  --with-http_image_filter_module=dynamic
                                     enable dynamic ngx_http_image_filter_module
  --with-http_geoip_module           enable ngx_http_geoip_module
  --with-http_geoip_module=dynamic   enable dynamic ngx_http_geoip_module
  --with-http_sub_module             enable ngx_http_sub_module
  --with-http_dav_module             enable ngx_http_dav_module
  --with-http_flv_module             enable ngx_http_flv_module
  --with-http_mp4_module             enable ngx_http_mp4_module
  --with-http_gunzip_module          enable ngx_http_gunzip_module
  --with-http_gzip_static_module     enable ngx_http_gzip_static_module
  --with-http_auth_request_module    enable ngx_http_auth_request_module
  --with-http_random_index_module    enable ngx_http_random_index_module
  --with-http_secure_link_module     enable ngx_http_secure_link_module
  --with-http_degradation_module     enable ngx_http_degradation_module
  --with-http_slice_module           enable ngx_http_slice_module
  --with-http_stub_status_module     enable ngx_http_stub_status_module

  --without-http_charset_module      disable ngx_http_charset_module
  --without-http_gzip_module         disable ngx_http_gzip_module
  --without-http_ssi_module          disable ngx_http_ssi_module
  --without-http_userid_module       disable ngx_http_userid_module
  --without-http_access_module       disable ngx_http_access_module
  --without-http_auth_basic_module   disable ngx_http_auth_basic_module
  --without-http_mirror_module       disable ngx_http_mirror_module
  --without-http_autoindex_module    disable ngx_http_autoindex_module
  --without-http_geo_module          disable ngx_http_geo_module
  --without-http_map_module          disable ngx_http_map_module
  --without-http_split_clients_module disable ngx_http_split_clients_module
  --without-http_referer_module      disable ngx_http_referer_module
  --without-http_rewrite_module      disable ngx_http_rewrite_module
  --without-http_proxy_module        disable ngx_http_proxy_module
  --without-http_fastcgi_module      disable ngx_http_fastcgi_module
  --without-http_uwsgi_module        disable ngx_http_uwsgi_module
  --without-http_scgi_module         disable ngx_http_scgi_module
  --without-http_grpc_module         disable ngx_http_grpc_module
  --without-http_memcached_module    disable ngx_http_memcached_module
  --without-http_limit_conn_module   disable ngx_http_limit_conn_module
  --without-http_limit_req_module    disable ngx_http_limit_req_module
  --without-http_empty_gif_module    disable ngx_http_empty_gif_module
  --without-http_browser_module      disable ngx_http_browser_module
  --without-http_upstream_hash_module
                                     disable ngx_http_upstream_hash_module
  --without-http_upstream_ip_hash_module
                                     disable ngx_http_upstream_ip_hash_module
  --without-http_upstream_least_conn_module
                                     disable ngx_http_upstream_least_conn_module
  --without-http_upstream_random_module
                                     disable ngx_http_upstream_random_module
  --without-http_upstream_keepalive_module
                                     disable ngx_http_upstream_keepalive_module
  --without-http_upstream_zone_module
                                     disable ngx_http_upstream_zone_module

  --with-http_perl_module            enable ngx_http_perl_module
  --with-http_perl_module=dynamic    enable dynamic ngx_http_perl_module
  --with-perl_modules_path=PATH      set Perl modules path
  --with-perl=PATH                   set perl binary pathname

  --http-log-path=PATH               set http access log pathname
  --http-client-body-temp-path=PATH  set path to store
                                     http client request body temporary files
  --http-proxy-temp-path=PATH        set path to store
                                     http proxy temporary files
  --http-fastcgi-temp-path=PATH      set path to store
                                     http fastcgi temporary files
  --http-uwsgi-temp-path=PATH        set path to store
                                     http uwsgi temporary files
  --http-scgi-temp-path=PATH         set path to store
                                     http scgi temporary files

  --without-http                     disable HTTP server
  --without-http-cache               disable HTTP cache

  --with-mail                        enable POP3/IMAP4/SMTP proxy module
  --with-mail=dynamic                enable dynamic POP3/IMAP4/SMTP proxy module
  --with-mail_ssl_module             enable ngx_mail_ssl_module
  --without-mail_pop3_module         disable ngx_mail_pop3_module
  --without-mail_imap_module         disable ngx_mail_imap_module
  --without-mail_smtp_module         disable ngx_mail_smtp_module

  --with-stream                      enable TCP/UDP proxy module
  --with-stream=dynamic              enable dynamic TCP/UDP proxy module
  --with-stream_ssl_module           enable ngx_stream_ssl_module
  --with-stream_realip_module        enable ngx_stream_realip_module
  --with-stream_geoip_module         enable ngx_stream_geoip_module
  --with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module
  --with-stream_ssl_preread_module   enable ngx_stream_ssl_preread_module
  --without-stream_limit_conn_module disable ngx_stream_limit_conn_module
  --without-stream_access_module     disable ngx_stream_access_module
  --without-stream_geo_module        disable ngx_stream_geo_module
  --without-stream_map_module        disable ngx_stream_map_module
  --without-stream_split_clients_module
                                     disable ngx_stream_split_clients_module
  --without-stream_return_module     disable ngx_stream_return_module
  --without-stream_upstream_hash_module
                                     disable ngx_stream_upstream_hash_module
  --without-stream_upstream_least_conn_module
                                     disable ngx_stream_upstream_least_conn_module
  --without-stream_upstream_random_module
                                     disable ngx_stream_upstream_random_module
  --without-stream_upstream_zone_module
                                     disable ngx_stream_upstream_zone_module

  --with-google_perftools_module     enable ngx_google_perftools_module
  --with-cpp_test_module             enable ngx_cpp_test_module

  --add-module=PATH                  enable external module
  --add-dynamic-module=PATH          enable dynamic external module

  --with-compat                      dynamic modules compatibility

  --with-cc=PATH                     set C compiler pathname
  --with-cpp=PATH                    set C preprocessor pathname
  --with-cc-opt=OPTIONS              set additional C compiler options
  --with-ld-opt=OPTIONS              set additional linker options
  --with-cpu-opt=CPU                 build for the specified CPU, valid values:
                                     pentium, pentiumpro, pentium3, pentium4,
                                     athlon, opteron, sparc32, sparc64, ppc64

  --without-pcre                     disable PCRE library usage
  --with-pcre                        force PCRE library usage
  --with-pcre=DIR                    set path to PCRE library sources
  --with-pcre-opt=OPTIONS            set additional build options for PCRE
  --with-pcre-jit                    build PCRE with JIT compilation support

  --with-zlib=DIR                    set path to zlib library sources
  --with-zlib-opt=OPTIONS            set additional build options for zlib
  --with-zlib-asm=CPU                use zlib assembler sources optimized
                                     for the specified CPU, valid values:
                                     pentium, pentiumpro

  --with-libatomic                   force libatomic_ops library usage
  --with-libatomic=DIR               set path to libatomic_ops library sources

  --with-openssl=DIR                 set path to OpenSSL library sources
  --with-openssl-opt=OPTIONS         set additional build options for OpenSSL

  --with-debug                       enable debug logging

编译选项

./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules 
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log
--http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx
--user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_auth_request_module --with-http_ssl_module
--with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic
--with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module
--with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module
--with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module
--with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre
--with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug
--with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic'
--with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' --add-module=/root/nginx-1.16.1/src/nginx-auth-ldap

编译安装

# make && make install

二、安装编译库文件

# yum -y install  libxml2  libxml2-dev  libxslt-devel  perl-devel perl-ExtUtils-Embed GeoIP GeoIP-devel GeoIP-data

缺少GD库换成163的yum源
# yum install gd-devel pcre-devel libcurl-devel gperftoo

安装ldap模块

编译nginx-auth-ldap模块需要ldap.h头文件,所以需要先安装ldap库

#yum -y install openldap-devel

到nginx的src目录下下载ldap模块

#cd src/
#git clone https://github.com/kvspb/nginx-auth-ldap.git
执行完,当前路径下会多一个目录 nginx-auth-ldap
# /usr/sbin/nginx
nginx: [emerg] getpwnam("nginx") failed

# useradd -s /sbin/nologin -M nginx
# id nginx
uid=1000(nginx) gid=1000(nginx) 组=1000(nginx)

# /usr/sbin/nginx  -s reload
nginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory)
# mkdir -p /var/lib/nginx/tmp/client_body
# /usr/sbin/nginx

三、把nginx加入systemd管理

# chmod +x /usr/lib/systemd/system/nginx.service
# vim /usr/lib/systemd/system/nginx.service  (注意具体的编译时路径!!!)

[Unit]  //对服务的说明
Description=nginx  high performance web server    //描述服务
After=network.target remote-fs.target nss-lookup.target   //描述服务类别

[Service]        //服务的一些具体运行参数的设置
Type=forking     //后台运行的形式
PIDFile=/srv/nginx/logs/nginx.pid     //PID文件的路径
ExecStartPre=/srv/nginx/sbin/nginx -t -c /srv/nginx/conf/nginx.conf  //启动准备
ExecStart=/srv/nginx/sbin/nginx -c /srv/nginx/conf/nginx.conf   //启动命令
ExecReload=/srv/nginx/sbin/nginx -s reload  //重启命令
ExecStop=/srv/nginx/sbin/nginx -s stop  //停止命令
ExecQuit=/srv/nginx/sbin/nginx -s quit   //快速停止
PrivateTmp=true          //给服务分配临时空间

[Install]
WantedBy=multi-user.target   //服务用户的模式

重载systemd配置文件

systemctl daemon-reload
systemctl start nginx.service
systemctl enable nginx.service

/etc/init.d/nginx stop
/etc/init.d/nginx start

/usr/local/nginx/sbin/nginx -s reload #已经重启成功

四、安装完成还有一堆麻烦事

1、启动测试报错

# /srv/nginx/sbin/nginx 
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()

端口被占用

2、systemctl 查看状态

# systemctl status nginx 
Unit nginx.service could not be found.

3、启动服务

在启动服务之前,需要先重载systemctl命令
# systemctl daemon-reload
# systemctl start nginx.service

4、报错

# systemctl status nginx.service -l

 5# ps aux|grep nginx

root      11675  0.0  0.1  46088  1156 ?        Ss   02:20   0:00 nginx: master process /srv/ngin/sbin/nginx
nobody    11676  0.0  0.2  46548  2180 ?        S    02:20   0:00 nginx: worker process
root      28181  0.0  0.0 112660   968 pts/0    R+   02:35   0:00 grep --color=auto nginx
# kill -9 11675
# kill -9 11676
# ps aux|grep nginx
root      28183  0.0  0.0 112660   964 pts/0    R+   02:35   0:00 grep --color=auto nginx
# systemctl restart nginx
# systemctl status nginx

五、nginx常用模块

1、ngx_http_core_module                #包括一些核心的http参数配置,对应Nginx的配置为HTTP区块部分

2、ngx_http_access_module               #访问控制模块,用来控制网站用户对Nginx的访问

3、ngx_http_gzip_module                 #压缩模块,对Nginx返回的数据压缩,属于性能优化模块

4、ngx_http_fastcgi_module              #FastCGI模块,和 动态应用相关的模块,例如PHP

5、ngx_http_proxy_module                #Proxy代理模块

6、ngx_http_upstream_module             #负载均衡模块,可以实现网站的负载均衡功能及节点的健康检查

7、ngx_http_rewrite_module              #URL地址重写模块

8、ngx_http_limit_conn_module           #限制用户并发连接数及请求数模块

9、ngx_http_limit_req_module            #根据定义的key限制Nginx请求过程的速率

10、ngx_http_log_module                 #访问日志模块,以指定的格式记录Nginx客户访问日志等信息

11、ngx_http_auth_basic_module          #Web认证模块,设置Web用户通过账号、密码访问Nginx

12、ngx_http_ssl_module                 #ssl模块,用于加密的http连接,如https

13、ngx_http_stub_status_module         #记录Nginx基本访问状态信息等模块

14、nginx-auth-ldap                     #ldap模块

15、--with-http_stub_status_module     #替换掉返回给客户端数据的指定内容

六、nginx限流

1、ab压测访问

# ab -c 1 -n 10 http://192.168.40.132/

2、iptables禁止ip

# iptables -I INPUT -s 192.168.40.132 -ptcp --dport 80 -j DROP
# curl 192.168.40.132
curl: (7) Failed connect to 192.168.40.132:80; 连接超时

3、nginx配置文件里面限制

 

posted @ 2019-07-29 12:27  凡人半睁眼  阅读(1856)  评论(0编辑  收藏  举报