Nginx 从源码安装与配置

slug
nginx-setup-from-source
tags
nginx
source
date
Aug 4, 2024
summary
通过源代码编译安装与配置 Nginx。
status
Published
type
Post

一、准备

1.1. 下载软件包

打包下载(国内)

mkdir nginx && cd nginx git init git config core.sparsecheckout true git remote add origin <https://code.wangyan.cloud/wangyan/nginx.git> echo "resources/" >> .git/info/sparse-checkout git pull origin main

单项下载(国外)

openssl
# 只需下载对应系统版本的软件包 mkdir ~/packages && cd ~/packages openssl version wget -c <https://www.openssl.org/source/openssl-1.1.1w.tar.gz> && \ sudo tar -zxf openssl-1.1.1*.tar.gz -C /usr/local/src wget -c <https://www.openssl.org/source/openssl-3.0.14.tar.gz> && \ sudo tar -zxf openssl-3.0.*.tar.gz -C /usr/local/src wget -c <https://www.openssl.org/source/openssl-3.1.6.tar.gz> && \ sudo tar -zxf openssl-3.1.*.tar.gz -C /usr/local/src wget -c <https://www.openssl.org/source/openssl-3.2.2.tar.gz> && \ sudo tar -zxf openssl-3.2.*.tar.gz -C /usr/local/src
pcre
#<https://github.com/PhilipHazel/pcre2/releases> wget -c <https://github.com/PhilipHazel/pcre2/releases/download/pcre2-10.44/pcre2-10.44.tar.gz> && \ sudo tar -zxf pcre2-*.tar.gz -C /usr/local/src
fancyindex (可选)
# <https://github.com/aperezdc/ngx-fancyindex/releases> wget -c <https://github.com/aperezdc/ngx-fancyindex/releases/download/v0.5.2/ngx-fancyindex-0.5.2.tar.xz> && \ xz -d ngx-fancyindex-0.5.2.tar.xz && \ sudo tar -xf ngx-fancyindex-0.5.2.tar -C /usr/local/src
fancyindex ngx_http_geoip2_module (可选)
# <https://github.com/leev/ngx_http_geoip2_module/releases> wget -c <https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/3.4.tar.gz> -O ngx_http_geoip2_module-3.4.tar.gz && \ sudo tar -zxf ngx_http_geoip2_module-3.4.tar.gz -C /usr/local/src
nginx
wget -c <http://nginx.org/download/nginx-1.26.1.tar.gz> && \ sudo tar -zxf nginx-*.tar.gz -C /usr/local/src

1.2. 安装编译工具

# On Ubuntu/Debian: sudo apt -y install build-essential libzip-dev libxml2-dev libxslt-dev # On Fedora/RHEL/CentOS: # sudo yum -y groupinstall 'Development Tools' sudo yum install -y gcc gcc-c++ zlib-devel

1.3. 安装 Perl (可选)

# On Fedora/RHEL/CentOS: wget -c <https://www.cpan.org/src/5.0/perl-5.40.0.tar.gz> && \ tar -xzf perl-5.34.0.tar.gz -C /usr/local/src && \ cd /usr/local/src/perl-5.34.0 && \ ./Configure -des -Dprefix=/usr/local/perl && \ make && make install && \ perl -v

1.4. 安装 geoip2 (可选)

安装 libmaxminddb

从 yum/apt 源安装 (推荐)
sudo apt install libmaxminddb-dev -y sudo yum install libmaxminddb libmaxminddb-devel -y
从源码安装
./configure make && make install echo /usr/local/lib >> /etc/ld.so.conf.d/local.conf ldconfig

使用 mmdblookup Tools

mmdblookup --file /usr/share/GeoIP/GeoLite2-Country.mmdb --ip 113.115.72.136 country names en mmdblookup --file /usr/share/GeoIP/GeoLite2-City.mmdb --ip 113.115.72.136 city names en

编译 ngx_http_geoip2_module

git clone <https://github.com/leev/ngx_http_geoip2_module.git> # build as a dynamic module ./configure --with-compat --add-dynamic-module=/path/to/ngx_http_geoip2_module # build as a static module: ./configure --add-module=/path/to/ngx_http_geoip2_module make modules

1.5. 新增用户和组 (可选)

本文使用自带的 www-data 用户和组
# On Ubuntu/Debian: sudo adduser \ --system \ --shell /bin/bash \ --gecos 'Nginx web server' \ --group \ --disabled-password \ --home /var/www \ nginx # On Fedora/RHEL/CentOS: sudo groupadd --system nginx sudo adduser \ --system \ --shell /bin/bash \ --comment 'Nginx web server' \ --gid nginx \ --home-dir /home/nginx \ --create-home \ nginx

二、安装

2.1. 编译安装

注意修改 opensslpcrengx-fancyindexngx_http_geoip2_module 版本号。
部分组件不需要,可以删减。
cd /usr/local/src/nginx-* sudo ./configure \ --prefix=/usr/local/nginx \ --user=www-data \ --group=www-data \ --with-stream \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_sub_module \ --with-http_gzip_static_module \ --with-http_stub_status_module \ --with-openssl=/usr/local/src/openssl-3.0.14 \ --with-pcre=/usr/local/src/pcre2-10.44 \ --http-client-body-temp-path=/usr/local/nginx/temp/client_body \ --http-proxy-temp-path=/usr/local/nginx/temp/proxy \ --http-fastcgi-temp-path=/usr/local/nginx/temp/fastcgi \ --http-uwsgi-temp-path=/usr/local/nginx/temp/uwsgi \ --http-scgi-temp-path=/usr/local/nginx/temp/scgi \ --add-dynamic-module=/usr/local/src/ngx-fancyindex-0.5.2 \ --add-dynamic-module=/usr/local/src/ngx_http_geoip2_module-3.4 sudo make && sudo make install sudo ln -s /usr/local/nginx/conf/ /etc/nginx sudo mv -f /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak

2.2. 环境变量

#sudo vim /etc/profile sudo sh -c "cat >/etc/profile" <<EOF PATH=$PATH:/usr/local/mysql/bin:/usr/local/php/bin:/usr/local/nginx/sbin export PATH EOF source /etc/profile

三、配置

3.1. 配置文件目录

缓存目录

sudo mkdir -p /usr/local/nginx/temp/{client_body,proxy,fastcgi,uwsgi,scgi} && \ sudo chown -R www-data:www-data /usr/local/nginx/temp/

日志目录

sudo mkdir -p /var/log/nginx && \ sudo chmod 711 /var/log/nginx && \ sudo chown -R www-data:www-data /var/log/nginx

配置文件目录

# 复制配置文件 sudo cp -r resources/config/* /usr/local/nginx/conf/ && \ sudo cp -r resources/html/* /usr/local/nginx/html/ && \ sudo cp -r resources/geolite2 /usr/share/GeoLite2 # 设置目录权限 sudo chown 0:0 /usr/local/nginx/conf -R && \ find /usr/local/nginx/conf -type f -exec sudo chmod 644 {}; && \ find /usr/local/nginx/conf -type d -exec sudo chmod 755 {}; # 证书特殊权限 sudo chmod 777 /usr/local/nginx/conf/ssl-certs && \ sudo chmod o+t /usr/local/nginx/conf/ssl-certs

3.2. 开机自启动

#sudo vim /usr/lib/systemd/system/nginx.service sudo sh -c "cat >/usr/lib/systemd/system/nginx.service" <<EOF [Unit] Description=nginx - high performance web server Documentation=http://nginx.org/en/docs/ After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/run/nginx.pid ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target EOF
sudo chmod +x /usr/lib/systemd/system/nginx.service && \ sudo systemctl enable --now nginx.service

3.3. 防火墙设置

# On Fedora/RHEL/CentOS: systemctl enable --now firewalld.service sudo firewall-cmd --permanent --zone=public --add-service=http && \ sudo firewall-cmd --permanent --zone=public --add-service=https && \ sudo firewall-cmd --reload
If you have any questions, please contact me.