centos6.5生产环境编译安装nginx-1.11.3并增加第三方模块ngx_cache_purge、nginx_upstream_check、ngx_devel_kit、lua-nginx

1.安装依赖包
yum install -y gcc gcc-c++ pcre-devel openssl-devel geoip-devel


2.下载需要的安装包
LuaJIT-2.0.4.zip
lua-nginx-module-master.zip
nginx_upstream_check_module-master.zip
nginx-1.11.3.tar.gz
ngx_cache_purge-2.3.tar.gz
ngx_devel_kit-master.zip

3.编译安装LuaJIT-2.0.4.zip(lua-nginx-module-master依赖uaJIT)
unzip LuaJIT-2.0.4.zip
cd LuaJIT-2.0.4
make && make install
ln -s /usr/local/lib/libluajit-5.1.so.2 /usr/lib64/libluajit-5.1.so.2
解压其他第三方模块压缩包
tar -zxvf nginx-1.11.3.tar.gz 
tar -zxvf ngx_cache_purge-2.3.tar.gz 
unzip nginx_upstream_check_module-master.zip 
unzip ngx_devel_kit-master.zip 
unzip lua-nginx-module-master.zip

cd nginx-1.11.3

隐藏版本信息
方法1(需要安装成功后修改配置文件缺点是仍然显示nginx):
vim /etc/nginx/nginx.conf
加入:
server_tokens off;
http {
    include       mime.types;
    server_tokens off;


fastcgi.conf
sed -i 's#fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;#fastcgi_param  SERVER_SOFTWARE    yaya;#g' /etc/nginx/fastcgi.conf
找到:
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
改为:
fastcgi_param SERVER_SOFTWARE yaya;

方法2推荐(修改源码头文件信息编译):
vim src/core/nginx.h
#define NGINX_VER          "yaya"
#define NGINX_VAR          "yaya"


测试环境编译参数(增加--with-debug):

./configure --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --with-debug --pid-path=/var/run/nginx/nginx.pid --with-pcre --with-http_gzip_static_module --with-http_ssl_module --with-http_realip_module --with-http_geoip_module --add-module=../nginx_upstream_check_module-master --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-master/ --add-module=../lua-nginx-module-master/ --with-http_stub_status_module

生产环境编译参数:
./configure --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx/nginx.pid --with-pcre --with-http_gzip_static_module --with-http_ssl_module --with-http_realip_module --with-http_geoip_module --add-module=../nginx_upstream_check_module-master --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-master/ --add-module=../lua-nginx-module-master/ --with-http_stub_status_module


make && make install

4.服务脚本添加/etc/init.d/nginx、隐藏版本信息
/etc/init.d/nginx

#! /bin/bash
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig:   - 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#  proxy and IMAP/POP3 proxy server
#
# processname: nginx
# config: /etc/nginx/nginx.conf
# pidfile:/var/run/nginx/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/nginx.lock  
start() {
  [ -x $nginx ] || exit 5
  [ -f $NGINX_CONF_FILE ] || exit 6
  echo -n $"Starting $prog: "
  daemon $nginx -c $NGINX_CONF_FILE
  retval=$?
  echo
  [ $retval -eq 0 ] && touch $lockfile
  return $retval
}
stop() {
  echo -n $"Stopping $prog: "
  killproc $prog -QUIT
  retval=$?
  echo
  [ $retval -eq 0 ] && rm -f $lockfile
  return $retval
}
restart() {
  configtest || return $?
  stop
  sleep 1
  start
}
reload() {
  configtest || return $?
  echo -n $"Reloading $prog: "
  killproc $nginx -HUP
  RETVAL=$?
  echo
}
force_reload() {
  restart
}
configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
  status $prog
}
rh_status_q() {
  rh_status >/dev/null 2>&1
}
case "$1" in
  start)
    rh_status_q && exit 0
    $1
    ;;
  stop)
    rh_status_q || exit 0
    $1
    ;;
  restart|configtest)
    $1
    ;;
  reload)
    rh_status_q || exit 7
    $1
    ;;
  force-reload)
    force_reload
    ;;
  status)
    rh_status
    ;;
  condrestart|try-restart)
    rh_status_q || exit 0
      ;;
  *)
    echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
    exit 2
esac


chmod +x /etc/init.d/nginx
groupadd -r nginx
useradd -r -g nginx nginx

5.开启debug测试功能(前提是需要加入--with-debug编译选项)
vim /etc/nginx/nginx.conf

测试环境打开debug:
error_log  /data/logs/error.log  debug;
生产环境:
error_log  /data/logs/error.log  info;
access_log  /data/logs/access.log;

6.启动服务
/usr/sbin/nginx -c /etc/nginx/nginx.conf

/usr/sbin/nginx -V 
显示详细编译信息
configure arguments: --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx/nginx.pid --with-pcre --with-http_gzip_static_module --with-http_ssl_module --with-http_realip_module --with-http_geoip_module --add-module=../nginx_upstream_check_module-master --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-master/ --add-module=../lua-nginx-module-master/ --with-http_stub_status_module

重新编译需要删除的文件:
rm -rf /usr/local/nginx/
rm -rf /etc/nginx/
rm -rf /var/run/nginx/

关于debug日志的说明:
一般来讲,Nginx 的错误日志级别是 error,作为 Nginx 用户来讲,你设置成 info 就足够用了。
        但有时有些难以挖掘的 bug,需要看到更详细的 debug 级别的日志,这时候,单单把 error_log 级别设置成 debug 是不行的,Nginx 记录下来的还是 info 级别以上的信息。你需要激活 Nginx 的 debug 日志才可以得到 debug 级别的日志信息。本文简要介绍了 Nginx debug 日志的激活和配置使用。官方正文如下:
        要激活 debug 日志,Nginx 在构建时需要配置为支持 debug:
./configure --with-debug ...
        然后可以通过 error_log 指令设置 debug 级别:
error_log /path/to/log debug;
        Windows 下的 Nginx 的二进制版本一般都支持 debug 日志,因此只需设置 debug 级别即可。
        注意如果你重新指定日志时没有配置 debug 级别的话,将会禁用 debug 日志。在下面的例子中,在 server 层面上重新指定的日志将会禁用这台服务器的 debug 日志:
error_log /path/to/log debug;

http {
    server {
        error_log /path/to/log;
        ...
        为了避免这种现象的发生,要么你就注释掉重新定义的那行日志,要么你就在那行也加上 debug 级别:
error_log /path/to/log debug;


http {
    server {
        error_log /path/to/log debug;
        ...
        也可以只为特定的客户端地址发来的请求开启 debug 日志:
error_log /path/to/log;

events {
    debug_connection 192.168.1.1;
    debug_connection 192.168.10.0/24;
}

附带一份nginx的参数:

 

user  nginx;
worker_processes  2;
worker_rlimit_nofile 100000;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
error_log  /data/logs/error.log  info;

#pid        logs/nginx.pid;

pid	   /var/run/nginx/nginx.pid;

events {
    worker_connections  2024;
    multi_accept on; 
    use epoll;
}


http {
    
    server_tokens off; 
    sendfile on; 
    tcp_nopush on; 
    tcp_nodelay on;
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /data/logs/access.log;


    #keepalive_timeout  0;
    keepalive_timeout  10;
    client_header_timeout 10; 
    client_body_timeout 10;

    reset_timedout_connection on; 
    send_timeout 10; 
    limit_conn_zone $binary_remote_addr zone=addr:5m; 
    limit_conn addr 100; 
    charset UTF-8; 
    gzip on; 
    gzip_disable "msie6"; 
    gzip_proxied any; 
    gzip_min_length 1000; 
    gzip_comp_level 6; 
    open_file_cache max=100000 inactive=20s; 
    open_file_cache_valid 30s; 
    open_file_cache_min_uses 2; 
    open_file_cache_errors on; 

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

	location /nginx_status {
            stub_status on;
            access_log off;
            allow 127.0.0.1;
            allow 10.19.50.236; #允许监控访问nginx状态
            deny all;
        } 
        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

 

日志的记录格式:

log_format access '$http_x_forwarded_for $remote_addr - $remote_user [$time_local] "$request_time" "$request" '
		  '$status $body_bytes_sent "$http_referer" '
		  '"$host" "$upstream_http_a" "$upstream_status" "$upstream_response_time" "$upstream_cache_status" "$http_user_agent"';

access_log  /data/logs/access.log access;


测试Lua是否安装成功

可以在server部分添加如下内容:

location /hell {
default_type 'text/plain';
content_by_lua 'ngx.say("hello,lua,heihei")';
}

通过访问http://ip/hello即可测试

 

posted @ 2016-08-09 13:38  reblue520  阅读(311)  评论(0编辑  收藏  举报