加载中...

nginx--添加stream模块

使用的是openEuler 22.03 (LTS-SP2)系统,yum源选择清华大学的源
清楚yum缓存后重新加载,nginx版本变成1.23.2

[root@localhost yum.repos.d]# yum info nginx
Last metadata expiration check: 0:21:11 ago on Fri 01 Sep 2023 10:29:45 AM CST.
Installed Packages
Name         : nginx
Epoch        : 1
Version      : 1.23.2
Release      : 2.oe2303
Architecture : x86_64
Size         : 1.4 M
Source       : nginx-1.23.2-2.oe2303.src.rpm
Repository   : @System
From repo    : everything
Summary      : A HTTP server, reverse proxy and mail proxy server
URL          : http://nginx.org/
License      : BSD
Description  : NGINX is a free, open-source, high-performance HTTP server and reverse proxy,
             : as well as an IMAP/POP3 proxy server.

下载nginx

[root@localhost yum.repos.d]# yum -y install nginx

优化主配置文件,添加stream模块

[root@localhost nginx]# cat nginx.conf
user                 root;
pid                  /var/run/nginx.pid;
worker_processes     auto;
worker_rlimit_nofile 65535;

events {
    use                epoll;
    multi_accept       on;
    worker_connections 65535;
}

stream {
    include    /etc/nginx/conf.d/stream/*.conf;
}

http {
    charset              utf-8;
    sendfile             on;
    tcp_nopush           on;
    tcp_nodelay          on;
    log_not_found        off;
    server_tokens        off;
    types_hash_max_size  2048;
    client_max_body_size 1000M;
    client_body_buffer_size 1024k;
    large_client_header_buffers 4 128k;
    send_timeout         15;
    proxy_hide_header    Server;
    proxy_hide_header    X-Powered-By;
    server_names_hash_bucket_size 512;

    # MIME
    include              mime.types;
    default_type         application/octet-stream;

    # Logging
    log_format main  '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for"'
                     '"$upstream_addr" "$upstream_status" "$upstream_response_time" "$request_time"';
    access_log           /var/log/nginx/access.log;
    error_log            /var/log/nginx/error.log warn;

    #sub_filter '</head>' '<style type="text/css">html{ -webkit-filter: grayscale(100%);filter:progid:DXImageTransform.Microsoft.BasicImage(grayscale=1);}</style>';sub_filter_once on;

    # SSL
    ssl_session_timeout  1d;
    ssl_session_cache    shared:SSL:10m;
    ssl_session_tickets  off;

    # Diffie-Hellman parameter for DHE ciphersuites
    ssl_dhparam         /etc/nginx/dhparam.pem;

    # intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers   ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    # RSA
    ssl_certificate     cert/hcece.com/hcece.com.pem;
    ssl_certificate_key cert/hcece.com/hcece.com.key;

    geo $remote_addr $ip_whitelist_h {
        default 0;
        include ip_white_h.conf;
    }

    geo $remote_addr $ip_whitelist_c {
        default 0;
        include ip_white_c.conf;
    }

    # security headers
    add_header X-Frame-Options           "SAMEORIGIN" always;
    add_header X-XSS-Protection          "1; mode=block" always;
    add_header X-Content-Type-Options    "nosniff" always;
    add_header Referrer-Policy           "no-referrer-when-downgrade" always;
    #add_header Content-Security-Policy   "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
    #add_header Content-Security-Policy   "default-src 'self' 'unsafe-inline' hcece.net *.baidu.com *.amap.com 'unsafe-inline' 'unsafe-eval' *.bdimg.com data: base64 http: https: ws: wss: blob:; style-src 'self' http://* 'unsafe-inline'; font-src 'self' data:;";
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    # gzip
    gzip_static on;
    gzip              on;
    gzip_vary         on;   
    gzip_proxied      any; 
    gzip_comp_level   6;
    gzip_http_version 1.1;
    gzip_types        text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

    # brotli
    brotli            on;
    brotli_comp_level 6;
    brotli_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

    # Load configs
    include           /etc/nginx/conf.d/*.conf;
    include 	      /etc/nginx/site-enabled/*.conf;
}

配置检查,发现无法加载stream模块

[root@localhost nginx]# nginx -t
nginx: [emerg] unknown directive "stream" in /etc/nginx/nginx.conf:13
nginx: configuration file /etc/nginx/nginx.conf test failed

查看nginx编译时安装的模块,并没有stream模块

# nginx -V
nginx version: hcws/22.4.28.2.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
built with OpenSSL 1.1.1n  15 Mar 2022
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx/nginx --with-debug --with-cc-opt='-DNGX_LUA_USE_ASSERT -DNGX_LUA_ABORT_AT_PANIC -O2' --add-module=../ngx_devel_kit-0.3.1 --add-module=../echo-nginx-module-0.62 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.32 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.08 --add-module=../srcache-nginx-module-0.32 --add-module=../ngx_lua-0.10.19 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.33 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.7 --add-module=../rds-json-nginx-module-0.15 --add-module=../rds-csv-nginx-module-0.09 --add-module=../ngx_stream_lua-0.0.9 --with-ld-opt=-Wl,-rpath,/usr/share/nginx/luajit/lib --user=nginx --group=nginx --add-module=/root/openresty-1.19.3.2/../nginx-auth-ldap --add-module=/root/openresty-1.19.3.2/../ngx_brotli --add-module=/root/openresty-1.19.3.2/../ngx_http_geoip2_module --modules-path=/usr/lib64/nginx/modules --sbin-path=/usr/sbin/ --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --http-scgi-temp-path=/var/temp/nginx/scgi --conf-path=/etc/nginx/nginx.conf --with-http_gzip_static_module --with-threads --with-file-aio --with-http_auth_request_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-http_geoip_module=dynamic --with-pcre --with-pcre-jit --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-google_perftools_module --with-mail=dynamic --with-mail_ssl_module --with-openssl-opt='-g enable-tls1_3' --with-openssl=/root/openssl-1.1.1n --add-module=/root/openresty-1.19.3.2/../ngx_http_proxy_connect_module --with-stream

查看对应目录下是否有相关模块,发现ngx_stream_module.so存在(若不存在,在网上找一下对应版本的放进去)

[root@localhost nginx]# rpm -qal|grep nginx|grep modules
/usr/lib64/nginx/modules/ngx_http_image_filter_module.so
/usr/share/nginx/modules/mod-http-image-filter.conf
/usr/lib64/nginx/modules/ngx_http_perl_module.so
/usr/share/nginx/modules/mod-http-perl.conf
/usr/lib64/nginx/modules/ngx_http_xslt_filter_module.so
/usr/share/nginx/modules/mod-http-xslt-filter.conf
/usr/lib64/nginx/modules/ngx_mail_module.so
/usr/share/nginx/modules/mod-mail.conf
/usr/lib64/nginx/modules
/usr/share/nginx/modules
/usr/lib64/nginx/modules/ngx_stream_module.so
/usr/share/nginx/modules/mod-stream.conf

在主配置文件首行添加模块

[root@localhost nginx]# cat nginx.conf|grep modules
load_module /usr/lib64/nginx/modules/ngx_stream_module.so;

[root@localhost nginx]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
posted @ 2023-09-01 11:08  沾沾自喜的混子  阅读(501)  评论(0编辑  收藏  举报