Ubuntu 16.04 源码编译安装 Nginx 全流程教程

一、Nginx 的依赖：gcc、g++、PCRE、zlib、OpenSSL

两种安装方式（二选一）：
① 源码安装（按下文步骤）；② APT 安装开发包（更稳妥）：apt-get update && apt-get install -y build-essential libpcre3-dev zlib1g-dev libssl-dev

1. build-essential 安装

apt-get update
apt-get install -y build-essential libtool

2. zlib（开启 gzip 需要，用于数据压缩；可先检查：dpkg -l | grep zlib）

# 历史版本示例，按需替换为更新版本（需与 Nginx 版本兼容）
wget http://zlib.net/zlib-1.2.11.tar.gz
tar -zxf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make
sudo make install
cd ..

3. PCRE（Nginx 重写/正则所需，nginx 仍使用 PCRE1；也可用 libpcre3-dev）

# 历史版本示例
wget https://sourceforge.net/projects/pcre/files/pcre/8.41/pcre-8.41.tar.gz
tar -zxf pcre-8.41.tar.gz
cd pcre-8.41
./configure
make
sudo make install
cd ..

4. OpenSSL（用于 HTTPS/HTTP/2）

# 历史版本示例；若仅使用系统库，亦可 apt 安装 libssl-dev
wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz
tar -zxf openssl-1.1.0f.tar.gz
# 不进入目录，Nginx 编译时用 --with-openssl 指向源码目录
# 查看 openssl 安装路径（如采用系统版本）：
whereis openssl

二、安装 Nginx（源码）

# 历史版本示例
wget http://nginx.org/download/nginx-1.13.3.tar.gz
tar xvf nginx-1.13.3.tar.gz
cd nginx-1.13.3

# 注意：以下相对路径假设 pcre-8.41、zlib-1.2.11、openssl-1.1.0f 与 nginx-1.13.3 在同一父目录
sudo ./configure \
  --prefix=/usr/local/nginx \
  --conf-path=/usr/local/nginx/conf/nginx.conf \
  --pid-path=/usr/local/nginx/logs/nginx.pid \
  --user=www --group=www \
  --with-http_stub_status_module \
  --with-openssl=../openssl-1.1.0f \
  --with-http_v2_module \
  --with-http_ssl_module \
  --with-http_gzip_static_module \
  --with-pcre=../pcre-8.41 \
  --with-zlib=../zlib-1.2.11

sudo make
sudo make install

# 可查询可用编译选项（示例：proxy 相关）
./configure --help | grep proxy

三、systemd service 文件（保存至：/lib/systemd/system/nginx.service）

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -q
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target

• 启用与重启

systemctl daemon-reload
systemctl enable nginx
systemctl restart nginx

# 如需 PHP-FPM（可选）
# systemctl enable php-fpm
# systemctl restart php-fpm

四、启动与常见问题

/usr/local/nginx/sbin/nginx -s reload（重载配置）
/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf（测试配置）
/usr/local/nginx/sbin/nginx -v（版本）

错误：nginx: [emerg] getpwnam("xxx") failed
处理：在 nginx.conf 中确认 user www www; 与系统用户组一致；如无该用户/组，执行：
/usr/sbin/groupadd -f www
/usr/sbin/useradd -g www www

错误：Nginx [emerg]: bind() to 0.0.0.0:80 failed (98: Address already in use)
检查占用：ss -lntp | grep :80 或 netstat -ntlp | grep 80
谨慎结束占用进程：sudo fuser -k 80/tcp（可能会终止正在使用 80 端口的服务，执行前请确认）

查看服务状态：sudo systemctl status nginx.service

五、可选：Google proxy 模块

提示：第三方模块需与 Nginx 版本匹配，编译前建议固定模块仓库到兼容的 commit/tag；生产环境请评估合规与可用性，避免硬编码 IP。

sudo apt install -y git
git clone https://github.com/cuber/ngx_http_google_filter_module.git
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git

重新配置编译（路径为示例，需与本机实际位置一致）：

sudo ./configure \
  --prefix=/usr/local/nginx \
  --conf-path=/usr/local/nginx/conf/nginx.conf \
  --pid-path=/usr/local/nginx/logs/nginx.pid \
  --user=www --group=www \
  --with-http_stub_status_module \
  --with-openssl=../openssl-1.1.0f \
  --with-http_v2_module \
  --with-http_ssl_module \
  --with-http_gzip_static_module \
  --with-pcre=../pcre-8.41 \
  --with-zlib=../zlib-1.2.11 \
  --add-module=../ngx_http_substitutions_filter_module \
  --add-module=../ngx_http_google_filter_module

sudo make
sudo make install

缓存目录：

sudo mkdir -p /var/cache/nginx/temp
sudo mkdir -p /var/cache/nginx/cache

（演示用）上游 IP 示例：实际不建议硬编码

upstream www.google.com {
    server 216.58.197.132:443;
    server 216.58.221.4:443;
    server 172.217.24.132:443;
    server 172.217.26.4:443;
}

Nginx 配置示例（仅演示用）：

user  www www;
worker_processes  auto;

pid  /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;

events {
    use epoll;
    worker_connections 51200;
    multi_accept on;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 60;

    # FastCGI（如用 PHP-FPM）
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 256k;

    # gzip（按需精简 types）
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types text/plain application/javascript text/javascript text/css application/xml application/rss+xml;
    gzip_vary on;
    gzip_proxied expired no-cache no-store private auth;
    gzip_disable "MSIE [1-6]\\.";

    proxy_temp_file_write_size 128k;
    proxy_temp_path /var/cache/nginx/temp;
    proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=cache_one:100m inactive=7d max_size=10g;

    upstream www.google.com {
        server 216.58.197.132:443;
        server 216.58.221.4:443;
        server 172.217.24.132:443;
        server 172.217.26.4:443;
    }

    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;

        return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name _;

        ssl_certificate     /usr/local/ssl/ssl.pem;
        ssl_certificate_key /usr/local/ssl/ssl.key;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_protocols TLSv1.2;
        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
        ssl_prefer_server_ciphers on;

        add_header Strict-Transport-Security "max-age=15768000" always;

        resolver 8.8.8.8 1.1.1.1 valid=300s;

        location / {
            google on;
            google_scholar on;
            google_language "zh-CN";
        }

        location ~ /.well-known/acme-challenge {
            allow all;
        }
    }
}

六、编译参数参考（扩展项示例）

以下为“扩展较多”的 ./configure 示例。按需删减，避免启用不需要的模块导致体积与维护成本上升：

sudo ./configure \
  --prefix=/usr/local/nginx \
  --conf-path=/usr/local/nginx/conf/nginx.conf \
  --pid-path=/usr/local/nginx/logs/nginx.pid \
  --user=www --group=www \
  --with-http_stub_status_module \
  --with-openssl=../openssl-1.1.0f \
  --with-http_sub_module \
  --with-http_v2_module \
  --with-http_ssl_module \
  --with-http_gzip_static_module \
  --with-pcre=../pcre-8.41 \
  --with-zlib=../zlib-1.2.11 \
  --add-module=../ngx_http_substitutions_filter_module \
  --add-module=../ngx_http_google_filter_module \
  --http-client-body-temp-path=/var/cache/nginx/client_temp \
  --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
  --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
  --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
  --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
  --with-compat --with-file-aio --with-threads \
  --with-http_addition_module --with-http_auth_request_module \
  --with-http_dav_module --with-http_flv_module --with-http_gunzip_module \
  --with-http_mp4_module --with-http_random_index_module \
  --with-http_realip_module --with-http_secure_link_module --with-http_slice_module \
  --with-mail --with-mail_ssl_module \
  --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module