Nginx 从源码安装与配置

一、准备

1.1. 下载软件包

打包下载（国内）

mkdir nginx && cd nginx
git init
git config core.sparsecheckout true
git remote add origin <https://code.wangyan.cloud/wangyan/nginx.git>
echo "resources/" >> .git/info/sparse-checkout
git pull origin main

单项下载（国外）

# 只需下载对应系统版本的软件包
mkdir ~/packages && cd ~/packages
openssl version

wget -c <https://www.openssl.org/source/openssl-1.1.1w.tar.gz> && \
sudo tar -zxf openssl-1.1.1*.tar.gz -C /usr/local/src

wget -c <https://www.openssl.org/source/openssl-3.0.14.tar.gz> && \
sudo tar -zxf openssl-3.0.*.tar.gz -C /usr/local/src

wget -c <https://www.openssl.org/source/openssl-3.1.6.tar.gz> && \
sudo tar -zxf openssl-3.1.*.tar.gz -C /usr/local/src

wget -c <https://www.openssl.org/source/openssl-3.2.2.tar.gz> && \
sudo tar -zxf openssl-3.2.*.tar.gz -C /usr/local/src

#<https://github.com/PhilipHazel/pcre2/releases>
wget -c <https://github.com/PhilipHazel/pcre2/releases/download/pcre2-10.44/pcre2-10.44.tar.gz> && \
sudo tar -zxf pcre2-*.tar.gz -C /usr/local/src

# <https://github.com/aperezdc/ngx-fancyindex/releases>
wget -c <https://github.com/aperezdc/ngx-fancyindex/releases/download/v0.5.2/ngx-fancyindex-0.5.2.tar.xz> && \
xz -d ngx-fancyindex-0.5.2.tar.xz && \
sudo tar -xf ngx-fancyindex-0.5.2.tar -C /usr/local/src

# <https://github.com/leev/ngx_http_geoip2_module/releases>
wget -c <https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/3.4.tar.gz> -O ngx_http_geoip2_module-3.4.tar.gz && \
sudo tar -zxf ngx_http_geoip2_module-3.4.tar.gz -C /usr/local/src

wget -c <http://nginx.org/download/nginx-1.26.1.tar.gz> && \
sudo tar -zxf nginx-*.tar.gz -C /usr/local/src

1.2. 安装编译工具

# On Ubuntu/Debian:
sudo apt -y install build-essential libzip-dev libxml2-dev libxslt-dev

# On Fedora/RHEL/CentOS:
# sudo yum -y groupinstall 'Development Tools'
sudo yum install -y gcc gcc-c++ zlib-devel

1.3. 安装 Perl (可选)

# On Fedora/RHEL/CentOS:
wget -c <https://www.cpan.org/src/5.0/perl-5.40.0.tar.gz> && \
tar -xzf perl-5.34.0.tar.gz -C /usr/local/src && \
cd /usr/local/src/perl-5.34.0 && \
./Configure -des -Dprefix=/usr/local/perl && \
make && make install && \
perl -v

1.4. 安装 geoip2 (可选)

安装 libmaxminddb

sudo apt install libmaxminddb-dev -y
sudo yum install libmaxminddb libmaxminddb-devel -y

./configure
make && make install
echo /usr/local/lib >> /etc/ld.so.conf.d/local.conf
ldconfig

使用 mmdblookup Tools

mmdblookup --file /usr/share/GeoIP/GeoLite2-Country.mmdb --ip 113.115.72.136 country names en
mmdblookup --file /usr/share/GeoIP/GeoLite2-City.mmdb --ip 113.115.72.136 city names en

编译 ngx_http_geoip2_module

git clone <https://github.com/leev/ngx_http_geoip2_module.git>
# build as a dynamic module
./configure --with-compat --add-dynamic-module=/path/to/ngx_http_geoip2_module
# build as a static module:
./configure --add-module=/path/to/ngx_http_geoip2_module
make modules

1.5. 新增用户和组 (可选)

# On Ubuntu/Debian:
sudo adduser \
 --system \
 --shell /bin/bash \
 --gecos 'Nginx web server' \
 --group \
 --disabled-password \
 --home /var/www \
 nginx

# On Fedora/RHEL/CentOS:
sudo groupadd --system nginx
sudo adduser \
 --system \
 --shell /bin/bash \
 --comment 'Nginx web server' \
 --gid nginx \
 --home-dir /home/nginx \
 --create-home \
 nginx

二、安装

2.1. 编译安装

cd /usr/local/src/nginx-*

sudo ./configure \
 --prefix=/usr/local/nginx \
 --user=www-data \
 --group=www-data  \
 --with-stream \
 --with-http_ssl_module \
 --with-http_v2_module \
 --with-http_realip_module \
 --with-http_sub_module \
 --with-http_gzip_static_module \
 --with-http_stub_status_module \
 --with-openssl=/usr/local/src/openssl-3.0.14 \
 --with-pcre=/usr/local/src/pcre2-10.44 \
 --http-client-body-temp-path=/usr/local/nginx/temp/client_body \
 --http-proxy-temp-path=/usr/local/nginx/temp/proxy \
 --http-fastcgi-temp-path=/usr/local/nginx/temp/fastcgi \
 --http-uwsgi-temp-path=/usr/local/nginx/temp/uwsgi \
 --http-scgi-temp-path=/usr/local/nginx/temp/scgi \
 --add-dynamic-module=/usr/local/src/ngx-fancyindex-0.5.2 \
 --add-dynamic-module=/usr/local/src/ngx_http_geoip2_module-3.4

sudo make && sudo make install
sudo ln -s /usr/local/nginx/conf/ /etc/nginx
sudo mv -f /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak

2.2. 环境变量

#sudo vim /etc/profile
sudo sh -c "cat >/etc/profile" <<EOF

PATH=$PATH:/usr/local/mysql/bin:/usr/local/php/bin:/usr/local/nginx/sbin
export PATH
EOF

source /etc/profile

三、配置

3.1. 配置文件目录

缓存目录

sudo mkdir -p /usr/local/nginx/temp/{client_body,proxy,fastcgi,uwsgi,scgi} && \
sudo chown -R www-data:www-data /usr/local/nginx/temp/

日志目录

sudo mkdir -p /var/log/nginx && \
sudo chmod 711 /var/log/nginx && \
sudo chown -R www-data:www-data /var/log/nginx

配置文件目录

# 复制配置文件
sudo cp -r resources/config/* /usr/local/nginx/conf/ && \
sudo cp -r resources/html/* /usr/local/nginx/html/ && \
sudo cp -r resources/geolite2 /usr/share/GeoLite2

# 设置目录权限
sudo chown 0:0 /usr/local/nginx/conf -R && \
find /usr/local/nginx/conf -type f -exec sudo chmod 644 {}; && \
find /usr/local/nginx/conf -type d -exec sudo chmod 755 {};

# 证书特殊权限
sudo chmod 777 /usr/local/nginx/conf/ssl-certs && \
sudo chmod o+t /usr/local/nginx/conf/ssl-certs

3.2. 开机自启动

#sudo vim /usr/lib/systemd/system/nginx.service
sudo sh -c "cat >/usr/lib/systemd/system/nginx.service" <<EOF
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF

sudo chmod +x /usr/lib/systemd/system/nginx.service && \
sudo systemctl enable --now nginx.service

3.3. 防火墙设置

# On Fedora/RHEL/CentOS:
systemctl enable --now firewalld.service
sudo firewall-cmd --permanent --zone=public --add-service=http && \
sudo firewall-cmd --permanent --zone=public --add-service=https && \
sudo firewall-cmd --reload