centos6.5生产环境编译安装nginx-1.11.3并增加第三方模块ngx_cache_purge、nginx_upstream_check、ngx_devel_kit、lua-nginx
1.安装依赖包
yum install -y gcc gcc-c++ pcre-devel openssl-devel geoip-devel
2.下载需要的安装包
LuaJIT-2.0.4.zip
lua-nginx-module-master.zip
nginx_upstream_check_module-master.zip
nginx-1.11.3.tar.gz
ngx_cache_purge-2.3.tar.gz
ngx_devel_kit-master.zip
3.编译安装LuaJIT-2.0.4.zip(lua-nginx-module-master依赖uaJIT)
unzip LuaJIT-2.0.4.zip
cd LuaJIT-2.0.4
make && make install
ln -s /usr/local/lib/libluajit-5.1.so.2 /usr/lib64/libluajit-5.1.so.2
解压其他第三方模块压缩包
tar -zxvf nginx-1.11.3.tar.gz
tar -zxvf ngx_cache_purge-2.3.tar.gz
unzip nginx_upstream_check_module-master.zip
unzip ngx_devel_kit-master.zip
unzip lua-nginx-module-master.zip
cd nginx-1.11.3
隐藏版本信息
方法1(需要安装成功后修改配置文件缺点是仍然显示nginx):
vim /etc/nginx/nginx.conf
加入:
server_tokens off;
http {
include mime.types;
server_tokens off;
fastcgi.conf
sed -i 's#fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;#fastcgi_param SERVER_SOFTWARE yaya;#g' /etc/nginx/fastcgi.conf
找到:
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
改为:
fastcgi_param SERVER_SOFTWARE yaya;
方法2推荐(修改源码头文件信息编译):
vim src/core/nginx.h
#define NGINX_VER "yaya"
#define NGINX_VAR "yaya"
测试环境编译参数(增加--with-debug):
./configure --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --with-debug --pid-path=/var/run/nginx/nginx.pid --with-pcre --with-http_gzip_static_module --with-http_ssl_module --with-http_realip_module --with-http_geoip_module --add-module=../nginx_upstream_check_module-master
--add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-master/ --add-module=../lua-nginx-module-master/ --with-http_stub_status_module
生产环境编译参数:
./configure --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx/nginx.pid --with-pcre --with-http_gzip_static_module --with-http_ssl_module --with-http_realip_module --with-http_geoip_module --add-module=../nginx_upstream_check_module-master
--add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-master/ --add-module=../lua-nginx-module-master/ --with-http_stub_status_module
make && make install
4.服务脚本添加/etc/init.d/nginx、隐藏版本信息
/etc/init.d/nginx
#! /bin/bash
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
#
# processname: nginx
# config: /etc/nginx/nginx.conf
# pidfile:/var/run/nginx/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/nginx.lock
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
chmod +x /etc/init.d/nginx
groupadd -r nginx
useradd -r -g nginx nginx
5.开启debug测试功能(前提是需要加入--with-debug编译选项)
vim /etc/nginx/nginx.conf
测试环境打开debug:
error_log /data/logs/error.log debug;
生产环境:
error_log /data/logs/error.log info;
access_log /data/logs/access.log;
6.启动服务
/usr/sbin/nginx -c /etc/nginx/nginx.conf
/usr/sbin/nginx -V
显示详细编译信息
configure arguments: --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx/nginx.pid --with-pcre --with-http_gzip_static_module --with-http_ssl_module --with-http_realip_module --with-http_geoip_module --add-module=../nginx_upstream_check_module-master
--add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-master/ --add-module=../lua-nginx-module-master/ --with-http_stub_status_module
重新编译需要删除的文件:
rm -rf /usr/local/nginx/
rm -rf /etc/nginx/
rm -rf /var/run/nginx/
关于debug日志的说明:
一般来讲,Nginx 的错误日志级别是 error,作为 Nginx 用户来讲,你设置成 info 就足够用了。
但有时有些难以挖掘的 bug,需要看到更详细的 debug 级别的日志,这时候,单单把 error_log 级别设置成 debug 是不行的,Nginx 记录下来的还是 info 级别以上的信息。你需要激活 Nginx 的 debug 日志才可以得到 debug 级别的日志信息。本文简要介绍了 Nginx debug 日志的激活和配置使用。官方正文如下:
要激活 debug 日志,Nginx 在构建时需要配置为支持 debug:
./configure --with-debug ...
然后可以通过 error_log 指令设置 debug 级别:
error_log /path/to/log debug;
Windows 下的 Nginx 的二进制版本一般都支持 debug 日志,因此只需设置 debug 级别即可。
注意如果你重新指定日志时没有配置 debug 级别的话,将会禁用 debug 日志。在下面的例子中,在 server 层面上重新指定的日志将会禁用这台服务器的 debug 日志:
error_log /path/to/log debug;
http {
server {
error_log /path/to/log;
...
为了避免这种现象的发生,要么你就注释掉重新定义的那行日志,要么你就在那行也加上 debug 级别:
error_log /path/to/log debug;
http {
server {
error_log /path/to/log debug;
...
也可以只为特定的客户端地址发来的请求开启 debug 日志:
error_log /path/to/log;
events {
debug_connection 192.168.1.1;
debug_connection 192.168.10.0/24;
}
附带一份nginx的参数:
user nginx; worker_processes 2; worker_rlimit_nofile 100000; #error_log logs/error.log; #error_log logs/error.log notice; error_log /data/logs/error.log info; #pid logs/nginx.pid; pid /var/run/nginx/nginx.pid; events { worker_connections 2024; multi_accept on; use epoll; } http { server_tokens off; sendfile on; tcp_nopush on; tcp_nodelay on; include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; access_log /data/logs/access.log; #keepalive_timeout 0; keepalive_timeout 10; client_header_timeout 10; client_body_timeout 10; reset_timedout_connection on; send_timeout 10; limit_conn_zone $binary_remote_addr zone=addr:5m; limit_conn addr 100; charset UTF-8; gzip on; gzip_disable "msie6"; gzip_proxied any; gzip_min_length 1000; gzip_comp_level 6; open_file_cache max=100000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; allow 10.19.50.236; #允许监控访问nginx状态 deny all; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
日志的记录格式:
log_format access '$http_x_forwarded_for $remote_addr - $remote_user [$time_local] "$request_time" "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$host" "$upstream_http_a" "$upstream_status" "$upstream_response_time" "$upstream_cache_status" "$http_user_agent"'; access_log /data/logs/access.log access;
测试Lua是否安装成功
可以在server部分添加如下内容:
location /hell {
default_type 'text/plain';
content_by_lua 'ngx.say("hello,lua,heihei")';
}
通过访问http://ip/hello即可测试