nginx--添加stream模块
使用的是openEuler 22.03 (LTS-SP2)系统,yum源选择清华大学的源
清楚yum缓存后重新加载,nginx版本变成1.23.2
[root@localhost yum.repos.d]# yum info nginx
Last metadata expiration check: 0:21:11 ago on Fri 01 Sep 2023 10:29:45 AM CST.
Installed Packages
Name : nginx
Epoch : 1
Version : 1.23.2
Release : 2.oe2303
Architecture : x86_64
Size : 1.4 M
Source : nginx-1.23.2-2.oe2303.src.rpm
Repository : @System
From repo : everything
Summary : A HTTP server, reverse proxy and mail proxy server
URL : http://nginx.org/
License : BSD
Description : NGINX is a free, open-source, high-performance HTTP server and reverse proxy,
: as well as an IMAP/POP3 proxy server.
下载nginx
[root@localhost yum.repos.d]# yum -y install nginx
优化主配置文件,添加stream模块
[root@localhost nginx]# cat nginx.conf
user root;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
use epoll;
multi_accept on;
worker_connections 65535;
}
stream {
include /etc/nginx/conf.d/stream/*.conf;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
log_not_found off;
server_tokens off;
types_hash_max_size 2048;
client_max_body_size 1000M;
client_body_buffer_size 1024k;
large_client_header_buffers 4 128k;
send_timeout 15;
proxy_hide_header Server;
proxy_hide_header X-Powered-By;
server_names_hash_bucket_size 512;
# MIME
include mime.types;
default_type application/octet-stream;
# Logging
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'"$upstream_addr" "$upstream_status" "$upstream_response_time" "$request_time"';
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
#sub_filter '</head>' '<style type="text/css">html{ -webkit-filter: grayscale(100%);filter:progid:DXImageTransform.Microsoft.BasicImage(grayscale=1);}</style>';sub_filter_once on;
# SSL
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites
ssl_dhparam /etc/nginx/dhparam.pem;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# RSA
ssl_certificate cert/hcece.com/hcece.com.pem;
ssl_certificate_key cert/hcece.com/hcece.com.key;
geo $remote_addr $ip_whitelist_h {
default 0;
include ip_white_h.conf;
}
geo $remote_addr $ip_whitelist_c {
default 0;
include ip_white_c.conf;
}
# security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
#add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' hcece.net *.baidu.com *.amap.com 'unsafe-inline' 'unsafe-eval' *.bdimg.com data: base64 http: https: ws: wss: blob:; style-src 'self' http://* 'unsafe-inline'; font-src 'self' data:;";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# gzip
gzip_static on;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# brotli
brotli on;
brotli_comp_level 6;
brotli_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# Load configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/site-enabled/*.conf;
}
配置检查,发现无法加载stream模块
[root@localhost nginx]# nginx -t
nginx: [emerg] unknown directive "stream" in /etc/nginx/nginx.conf:13
nginx: configuration file /etc/nginx/nginx.conf test failed
查看nginx编译时安装的模块,并没有stream模块
# nginx -V
nginx version: hcws/22.4.28.2.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.1.1n 15 Mar 2022
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx/nginx --with-debug --with-cc-opt='-DNGX_LUA_USE_ASSERT -DNGX_LUA_ABORT_AT_PANIC -O2' --add-module=../ngx_devel_kit-0.3.1 --add-module=../echo-nginx-module-0.62 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.32 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.08 --add-module=../srcache-nginx-module-0.32 --add-module=../ngx_lua-0.10.19 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.33 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.7 --add-module=../rds-json-nginx-module-0.15 --add-module=../rds-csv-nginx-module-0.09 --add-module=../ngx_stream_lua-0.0.9 --with-ld-opt=-Wl,-rpath,/usr/share/nginx/luajit/lib --user=nginx --group=nginx --add-module=/root/openresty-1.19.3.2/../nginx-auth-ldap --add-module=/root/openresty-1.19.3.2/../ngx_brotli --add-module=/root/openresty-1.19.3.2/../ngx_http_geoip2_module --modules-path=/usr/lib64/nginx/modules --sbin-path=/usr/sbin/ --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --http-scgi-temp-path=/var/temp/nginx/scgi --conf-path=/etc/nginx/nginx.conf --with-http_gzip_static_module --with-threads --with-file-aio --with-http_auth_request_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-http_geoip_module=dynamic --with-pcre --with-pcre-jit --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-google_perftools_module --with-mail=dynamic --with-mail_ssl_module --with-openssl-opt='-g enable-tls1_3' --with-openssl=/root/openssl-1.1.1n --add-module=/root/openresty-1.19.3.2/../ngx_http_proxy_connect_module --with-stream
查看对应目录下是否有相关模块,发现ngx_stream_module.so存在(若不存在,在网上找一下对应版本的放进去)
[root@localhost nginx]# rpm -qal|grep nginx|grep modules
/usr/lib64/nginx/modules/ngx_http_image_filter_module.so
/usr/share/nginx/modules/mod-http-image-filter.conf
/usr/lib64/nginx/modules/ngx_http_perl_module.so
/usr/share/nginx/modules/mod-http-perl.conf
/usr/lib64/nginx/modules/ngx_http_xslt_filter_module.so
/usr/share/nginx/modules/mod-http-xslt-filter.conf
/usr/lib64/nginx/modules/ngx_mail_module.so
/usr/share/nginx/modules/mod-mail.conf
/usr/lib64/nginx/modules
/usr/share/nginx/modules
/usr/lib64/nginx/modules/ngx_stream_module.so
/usr/share/nginx/modules/mod-stream.conf
在主配置文件首行添加模块
[root@localhost nginx]# cat nginx.conf|grep modules
load_module /usr/lib64/nginx/modules/ngx_stream_module.so;
[root@localhost nginx]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful