一、 nginx的依赖:gcc、g++、PCRE、zlib、openSSL。
1、 build-essential 安装
apt-get install build-essential libtool
2、zlib(开启gzip需要,一个提供数据压缩用的函式库,查看zlib是否安装dpkg -l | grep zlib)
wget http://zlib.net/zlib-1.2.11.tar.gz
tar -zxf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make
sudo make install
3、PCRE,Perl正则表达式(nginx伪静态)
wget https://ftp.pcre.org/pub/pcre/pcre-8.41.tar.gz
tar -zxf pcre-8.41.tar.gz
cd pcre-8.41
./configure
make
sudo make install
4、安装openssl
wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz
tar -zxf openssl-1.1.0f.tar.gz
cd openssl-1.1.0f
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib shared zlib-dynamic
make
sudo make install查看安装路径 whereis openssl
二、安装nginx
wget http://nginx.org/download/nginx-1.13.3.tar.gz
tar xvf nginx-1.13.3.tar.gz
cd /nginx-1.13.3
sudo ./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --user=www --group=www --with-http_stub_status_module --with-openssl=/openssl-1.1.0f --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre=../pcre-8.41 --with-zlib=../zlib-1.2.11
sudo make
sudo make install
编译参数增加帮助查询,如增加proxy./configure --help | grep proxy
二、systemd service 文件,文件保存在: /lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart= /usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
- 运行
systemctl enable nginx
systemctl restart nginx
systemctl enable php-fpm
systemctl restart php-fpm
已保存好的文件,下载传入
nginx.service
四、启动nginx
/usr/local/nginx/sbin/nginx -s reload 重启
/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/nginx.conf
或
/usr/local/nginx/sbin/nginx -vnginx: [emerg] getpwnam(“xxx”) failed 错误处理方法 方法一 在nginx.conf中 把user nobody 的注释去掉既可 方法二 在nginx.conf中添加 user xxx xxx; 错误的原因是没有创建xxx这个用户,应该在服务器系统中添加xxx用户组和用户xxx,如下命令: /usr/sbin/groupadd -f xxx /usr/sbin/useradd -g xxx xxx /usr/sbin/groupadd -f www /usr/sbin/useradd -g www www 以上方法测试通过,启动后,在浏览器里输入IP,即可查看到: Welcome to nginx!的欢迎界面
Nginx [emerg]: bind() to 0.0.0.0:80 failed (98: Address already in use)错误
使用命令关闭占用80端口的程序
sudo fuser -k 80/tcp
确认Nginx是否启动,并在端口80上绑定
netstat -ntlp |grep 80
检查Nginx服务状态
sudo systemctl status nginx.service
五、其他
- Google proxy模块
sudo apt install git
git clone https://github.com/cuber/ngx_http_google_filter_module.git
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
指定位置
--add-module=/ngx_http_substitutions_filter_module --add-module=/ngx_http_google_filter_module
新编译参数为:
`
sudo ./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --user=www --group=www --with-http_stub_status_module --with-openssl=/openssl-1.1.0f --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre=../pcre-8.41 --with-zlib=../zlib-1.2.11 --add-module=/ngx_http_substitutions_filter_module --add-module=/ngx_http_google_filter_module
- ngx_http_google_filter_module模块
创建两个目录来存储Nginx临时文件和Google搜索缓存
sudo mkdir -p /var/cache/nginx/temp
sudo mkdir -p /var/cache/nginx/cache
Upstreaming google ip配置:dig www.google.com @8.8.8.8 +short
获取到的 ip 配置
upstream www.google.com {
server 173.194.38.209:443;
server 173.194.38.211:443;
server 173.194.38.212:443;
server 173.194.38.210:443;
server 173.194.38.208:443;
}
我的Nginx配置文件
ser www www;
worker_processes auto;
pid /usr/local/nginx/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
#limit_conn_zone $binary_remote_addr zone=perip:10m;
##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.
server_tokens off;
access_log off;
proxy_temp_file_write_size 128k;
proxy_temp_path /var/cache/nginx/temp;
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=cache_one:100m inactive=7d max_size=10g;
upstream www.google.com {
server 216.58.197.132:443;
server 216.58.221.4:443;
server 172.217.26.4:443;
server 172.217.24.132:443;
server 172.217.26.4:443;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name <你的网址>;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /usr/local/ssl/ssl.pem;
ssl_certificate_key /usr/local/ssl/ssl.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
#ssl_dhparam /path/to/dhparam.pem;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver 8.8.8.8;
location / {
google on;
google_scholar on;
google_language "zh-CN";
}
location ~ /.well-known/acme-challenge {
allow all;
}
}
https://www.linuxbabe.com/nginx/set-nginx-reverse-proxy-google-com
六、编译参考
sudo ./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --user=www --group=www --with-http_stub_status_module --with-openssl=/openssl-1.1.0f --with-http_sub_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre=../pcre-8.41 --with-zlib=../zlib-1.2.11 --add-module=/ngx_http_substitutions_filter_module --add-module=/ngx_http_google_filter_module --http-client-body-temp-path=/var/cache/nginxclient_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginxfastcgi_temp --http-uwsgi-temp-path=/var/cache/nginxuwsgi_temp --http-scgi-temp-path=/var/cache/nginxscgi_temp --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module