一、 nginx的依赖:gcc、g++、PCRE、zlib、openSSL。

1、 build-essential 安装

apt-get install build-essential libtool
2、zlib(开启gzip需要,一个提供数据压缩用的函式库,查看zlib是否安装dpkg -l | grep zlib)

wget http://zlib.net/zlib-1.2.11.tar.gz
tar -zxf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make
sudo make install
3、PCRE,Perl正则表达式(nginx伪静态)

wget https://ftp.pcre.org/pub/pcre/pcre-8.41.tar.gz
tar -zxf pcre-8.41.tar.gz
cd pcre-8.41
./configure
make
sudo make install
4、安装openssl

wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz
tar -zxf openssl-1.1.0f.tar.gz
cd openssl-1.1.0f
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib shared zlib-dynamic
make
sudo make install
查看安装路径 whereis openssl

二、安装nginx

wget http://nginx.org/download/nginx-1.13.3.tar.gz
tar xvf nginx-1.13.3.tar.gz
cd /nginx-1.13.3
sudo ./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --user=www --group=www --with-http_stub_status_module --with-openssl=/openssl-1.1.0f --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre=../pcre-8.41 --with-zlib=../zlib-1.2.11
sudo make
sudo make install
编译参数增加帮助查询,如增加proxy
./configure --help | grep proxy

二、systemd service 文件,文件保存在: /lib/systemd/system/nginx.service

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart= /usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target

  • 运行
systemctl enable nginx
systemctl restart nginx
systemctl enable php-fpm
systemctl restart php-fpm

已保存好的文件,下载传入
nginx.service

四、启动nginx

/usr/local/nginx/sbin/nginx -s reload 重启
/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/nginx.conf

/usr/local/nginx/sbin/nginx -v
nginx: [emerg] getpwnam(“xxx”) failed 错误处理方法 方法一 在nginx.conf中 把user nobody 的注释去掉既可 方法二 在nginx.conf中添加 user xxx xxx; 错误的原因是没有创建xxx这个用户,应该在服务器系统中添加xxx用户组和用户xxx,如下命令: /usr/sbin/groupadd -f xxx /usr/sbin/useradd -g xxx xxx /usr/sbin/groupadd -f www /usr/sbin/useradd -g www www 以上方法测试通过,启动后,在浏览器里输入IP,即可查看到: Welcome to nginx!的欢迎界面

Nginx [emerg]: bind() to 0.0.0.0:80 failed (98: Address already in use)错误

使用命令关闭占用80端口的程序
sudo fuser -k 80/tcp

确认Nginx是否启动,并在端口80上绑定

netstat -ntlp |grep 80
检查Nginx服务状态

sudo systemctl status nginx.service

五、其他

  • Google proxy模块

sudo apt install git
git clone https://github.com/cuber/ngx_http_google_filter_module.git
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
指定位置

--add-module=/ngx_http_substitutions_filter_module --add-module=/ngx_http_google_filter_module
新编译参数为:

`
sudo ./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --user=www --group=www --with-http_stub_status_module --with-openssl=/openssl-1.1.0f --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre=../pcre-8.41 --with-zlib=../zlib-1.2.11 --add-module=/ngx_http_substitutions_filter_module --add-module=/ngx_http_google_filter_module

  • ngx_http_google_filter_module模块
    创建两个目录来存储Nginx临时文件和Google搜索缓存
sudo mkdir -p /var/cache/nginx/temp
sudo mkdir -p /var/cache/nginx/cache

Upstreaming google ip配置:dig www.google.com @8.8.8.8 +short
获取到的 ip 配置

upstream www.google.com {
server 173.194.38.209:443;
server 173.194.38.211:443;
server 173.194.38.212:443;
server 173.194.38.210:443;
server 173.194.38.208:443;
}

我的Nginx配置文件

ser  www www;
worker_processes auto;

pid        /usr/local/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
    {
        use epoll;
        worker_connections 51200;
        multi_accept on;
    }

http
    {
        include       mime.types;
        default_type  application/octet-stream;

        server_names_hash_bucket_size 128;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 50m;

        sendfile   on;
        tcp_nopush on;

        keepalive_timeout 60;

        tcp_nodelay on;

        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;

        gzip on;
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 2;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";

        #limit_conn_zone $binary_remote_addr zone=perip:10m;
        ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.

        server_tokens off;
        access_log off;

proxy_temp_file_write_size 128k;
proxy_temp_path /var/cache/nginx/temp;
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=cache_one:100m inactive=7d max_size=10g;


upstream www.google.com {
  server 216.58.197.132:443;
  server 216.58.221.4:443;
  server 172.217.26.4:443;
  server 172.217.24.132:443;
  server 172.217.26.4:443;
}

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name <你的网址>;

  # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
  ssl_certificate /usr/local/ssl/ssl.pem;
  ssl_certificate_key /usr/local/ssl/ssl.key;
  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:50m;
  ssl_session_tickets off;

  # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  #ssl_dhparam /path/to/dhparam.pem;

  # modern configuration. tweak to your needs.
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;

  # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  add_header Strict-Transport-Security max-age=15768000;

  # OCSP Stapling ---
  # fetch OCSP records from URL in ssl_certificate and cache them
  ssl_stapling on;
  ssl_stapling_verify on;

  ## verify chain of trust of OCSP response using Root CA and Intermediate certs
  #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

  resolver 8.8.8.8;

  location / {
     google on;
     google_scholar on;
      google_language "zh-CN";
  }

  location ~ /.well-known/acme-challenge {
     allow all;
  }
}

https://www.linuxbabe.com/nginx/set-nginx-reverse-proxy-google-com

六、编译参考

sudo ./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --user=www --group=www --with-http_stub_status_module --with-openssl=/openssl-1.1.0f --with-http_sub_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre=../pcre-8.41 --with-zlib=../zlib-1.2.11 --add-module=/ngx_http_substitutions_filter_module --add-module=/ngx_http_google_filter_module --http-client-body-temp-path=/var/cache/nginxclient_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginxfastcgi_temp --http-uwsgi-temp-path=/var/cache/nginxuwsgi_temp --http-scgi-temp-path=/var/cache/nginxscgi_temp --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module

如果觉得我的文章对你有用,请随意赞赏