blog/article
2
1
Fork 0
Code Pull Requests Activity
article/debian 11 安装 编译nginx.md
xking 86542c0689
update
2025-03-21 15:35:41 +08:00

547 lines
12 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### debian 11 安装 编译nginx
##### 安装编译环境
```bash
#GCC
apt install -y build-essential
#安装正则库
apt install -y libpcre3 libpcre3-dev
#安装zlib库
apt install -y zlib1g-dev
#openssl
apt install -y openssl libssl-dev
```
##### 下载源码
官网 https://nginx.org/en/download.html
这里以 `nginx-1.20.2` 版本为例
https://nginx.org/download/nginx-1.22.0.tar.gz
![image-20220812225816199](http://pic.61dz.com/pic/image-20220812225816199.png)
##### 解压源码
```
cd /opt/
wget https://nginx.org/download/nginx-1.22.0.tar.gz
tar -zxvf nginx-1.22.2.tar.gz
cd nginx-1.22.2/
```
##### 配置编译参数模块
指定安装路径 --prefix=/usr/local/nginx
执行用户、组 可以不加,如果系统中没有 该用户会报错
--user=www \
--group=www \
```bash
./configure \
--prefix=/usr/local/nginx \
--user=www \
--group=www \
--sbin-path=/usr/local/nginx/sbin/nginx \
--conf-path=/usr/local/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--with-file-aio \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module
```
##### 编译 and 安装 nginx
```
make
make install
```
##### 静态编译
在运行 `make`之前
修改`objs/Makefile`文件, 搜索`link`关键字, 在 link `objs/nginx` 的时候补充上 `-static`参数静态编译
```sh
objs/ngx_modules.o -static \
```
##### 创建进程守护
```
vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
```
##### 验证安装
```
curl 127.0.0.1
```
配置nginx.conf
加到 http 节点中
```nginx
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server_tokens off;
access_log off;
```
##### 分离配置文件
将每个网站单独一个配置 在nginx中全局加载
在/etc/ 目录中创建 nginx 文件夹用来储存 配置
```
mkdir /etc/nginx/site-enable -p
mkdir /etc/nginx/tcp-enable
cd /etc/nginx/site-enable
vim site.conf
```
#### 具体使用
如果你是按我的方法编译,那么,需要注意。
- `/usr/local/nginx`为Nginx编译安装的地址。
- `/usr/local/nginx/nginx.conf`Nginx默认配置文件。
同时,我们使用`systemctl`对Nginx进行管理
- `systemctl start nginx`启动Nginx服务。
- `systemctl reload nginx`Nginx配置重载。
- `systemctl stop nginx`停止Nginx服务。
#### 常见问题
没有用户
![image-20220812233620354](http://pic.61dz.com/pic/image-20220812233620354.png)
目录创建失败(多级目录)
![image-20220812233649678](http://pic.61dz.com/pic/image-20220812233649678.png)
#### 附1 `systemctl 操作`
```bash
#重载配置文件 添加新的 或者修改都要重载。
systemctl daemon-reload
#启动Nginx服务
systemctl start nginx
#Nginx配置重载。
systemctl reload nginx
#停止Nginx服务。
systemctl stop nginx
#重启nginx
systemctl restart nginx
# 停止nginx服务开机自启动
systemctl disable nginx.service
```
#### 附2 `journalctl操作`
```
#追踪日志
journalctl -f -u nginx.service
#读日志
journalctl -r -u nginx.service
```
#### 附3 `linux 创建用户`
```
#创建用户组
groupadd www
#创建用户
useradd www -g www
adduser 用户名
```
##### useradd与adduser 差异
###### 命令使用方法
```
useradd 用户名
adduser 用户名
```
###### 命令差异总结
在Ubuntu下`useradd``adduser`命令不同
- useradd在使用该命令创建用户是不会在/home下自动创建与用户名同名的用户目录而且不会自动选择shell版本也没有设置密码那么这个用户是不能登录的需要使用passwd命令修改密码。
- adduser在使用该命令创建用户是会在/home下自动创建与用户名同名的用户目录选择系统shell版本会在创建时会提示输入密码更加友好。
在CentOS下`useradd``adduser`命令相同
- useradd 和 adduser都会在/home下自动创建与用户名同名的用户目录但是没有提示输入密码需要使用passwd手动设置一下!
`passwd 用户名; #为用户设置密码`
#### 附4 完整的nginx 配置文件
apt 卸载nginx
```bash
查询 nginx 相关软件
dpkg --get-selections|grep nginx
卸载nginx(删除配置)
apt-get --purge remove nginx
```
#### 附5 完整的nginx 配置文件
###### nginx.conf
```nginx
worker_processes auto;
worker_rlimit_nofile 51200;
stream {
log_format tcp_format '$time_local|$remote_addr|$protocol|$status|$bytes_sent|$bytes_received|$session_time|$upstream_addr|$upstream_bytes_sent|$upstream_bytes_received|$upstream_connect_time';
access_log /var/log/nginx/tcp-access.log tcp_format;
error_log /var/log/nginx/tcp-error.log;
include /etc/nginx/tcp-enable/*.conf;
}
events {
use epoll;
worker_connections 51200;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server_tokens off;
access_log off;
include /etc/nginx/site-enable/*.conf;
}
```
###### web-site.conf
```nginx
server {
listen 80;
server_name frp.plugin.dr1997.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/frp.plugin.dr1997.com;
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
access_log /www/wwwlogs/frp.plugin.dr1997.com.log;
error_log /www/wwwlogs/frp.plugin.dr1997.com.error.log;
}
```
###### ssl
```nginx
server {
listen 80;
listen 443 ssl http2;
server_name frp.dr1997.com *.frp.dr1997.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/frp.dr1997.com;
#SSL-START SSL相关配置请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/frp.dr1997.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/frp.dr1997.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
access_log /www/wwwlogs/frp.dr1997.com.log;
error_log /www/wwwlogs/frp.dr1997.com.error.log;
}
```
###### 反向代理http
```nginx
server {
listen 80;
listen 443 ssl http2;
server_name frp.dr1997.com *.frp.dr1997.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/frp.dr1997.com;
#PROXY-START/
location ~* \.(gif|png|jpg|css|js|woff|woff2)$ {
proxy_pass http://127.0.0.1:8880;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
expires 12h;
}
location / {
proxy_pass http://127.0.0.1:8880;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
add_header Cache-Control no-cache;
}
#PROXY-END/
access_log /www/wwwlogs/frp.dr1997.com.log;
error_log /www/wwwlogs/frp.dr1997.com.error.log;
}
```
###### 反向代理 tcn
```nginx
upstream tcp {
server 127.0.0.1:3306;
}
server {
listen 3307;
proxy_connect_timeout 8s;
proxy_timeout 24h;
proxy_pass tcp;
}
```
View Git Blame Copy Permalink