怎样编译安装Nginx(Ubuntu 22.04)

2022年11月18日 | 分类: 【技术】

【环境】

在 Ubuntu 22.04 编译安装nginx-1.27.2 。

【安装】

下载 Nginx 源码包:

下载:http://nginx.org/download/

cd /root && wget http://nginx.org/download/nginx-1.27.2.tar.gz && tar zxf nginx-1.27.2.tar.gz

配置 Nginx 支持 HTTP/2 :

参考:https://amon.org/nginx-http2

1. 在编译 Nginx时加入 –with-http_v2_module
2. nginx.conf 中设置:listen 443 ssl http2;

下载 OpenSSL 源码包:

查看当前 OpenSSL 版本:

openssl version

输出:

OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

下载此版本 OpenSSL 并解压到 Nginx 目录中:

cd /root/nginx-1.27.2 && wget https://www.openssl.org/source/openssl-3.0.2.tar.gz && tar zxvf openssl-3.0.2.tar.gz

添加 nginx 用户组 和 用户 nginx :

/usr/sbin/groupadd -f nginx && /usr/sbin/useradd -g nginx nginx

下载 modsecurity 源码包 :

先编译 libmodsecurity 。

参考:https://amon.org/modsecurity

下载源码到 nginx 源代码目录:

cd /root/nginx-1.27.2 && git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git

安装 headers-more 模块 :

参考:https://amon.org/ngx_http_headers_more_filter_module

下载源码到 nginx 源代码目录:

cd /root/nginx-1.27.2 && git clone --depth 1 https://github.com/openresty/headers-more-nginx-module.git

编译安装 Nginx :

Ubuntu 22.04 环境(OpenSSL 3.0.2):

cd /root/nginx-1.27.2 && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_v2_module  --with-openssl=./openssl-3.0.2 --add-dynamic-module=./headers-more-nginx-module --add-dynamic-module=./ModSecurity-nginx
make && make install

添加 nginx 到系统命令:

echo -e '\n\nexport PATH=/usr/local/nginx/sbin:$PATH\n' >> /etc/profile && source /etc/profile

检查 Nginx 版本:

输入:

nginx -v

输出:

nginx version: nginx/1.27.2

输入:

nginx -V
/usr/local/nginx/sbin/nginx -V

输出:

nginx version: nginx/1.27.2
built by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04)
built with OpenSSL 3.0.2 15 Mar 2022
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_v2_module --with-openssl=./openssl-3.0.2 --add-dynamic-module=./headers-more-nginx-module --add-dynamic-module=./ModSecurity-nginx --without-pcre2

可以看到 TLS SNI support 已经启用。

配置 Nginx 应用服务器:

配置路径:/usr/local/nginx/conf/nginx.conf

参考:https://amon.org/nginx-conf

源码路径:/usr/local/nginx/html

添加 nginx 对程序目录有执行权限:

chown -R nginx:nginx /usr/local/nginx/html

启动 Nginx :

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

如果有修改配置文件,先检查正确性:

/usr/local/nginx/sbin/nginx -t

重启 Nginx :

/usr/local/nginx/sbin/nginx -s reload

在浏览器中打开IP,显示:

Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.
Thank you for using nginx.

设置nginx开机自启动:

参考:https://blog.csdn.net/ty0903csdn/article/details/85946824

创建文件:/etc/init.d/nginx

#! /bin/bash
### BEGIN INIT INFO
# Provides:          thingcom.com
# Required-Start:    $local_fs $network
# Required-Stop:     $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: nginx service
# Description:       nginx service daemon
### END INIT INFO
# Author: thingcom
# Modified: Geoffrey Grosenbach http://www.linuxidc.com
# Modified: Clement NEDELCU
# Reproduced with express authorization from its contributors
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="nginx daemon"
NAME=nginx
DAEMON=/usr/local/nginx/sbin/$NAME
SCRIPTNAME=/etc/init.d/$NAME
 
 
# If the daemon file is not found, terminate the script.
test -x $DAEMON || exit 0
 
d_start() {
  $DAEMON || echo -n " already running"
}
 
d_stop() {
  $DAEMON –s quit || echo -n " not running"
}
 
d_reload() {
  $DAEMON –s reload || echo -n " could not reload"
}
 
case "$1" in
  start)
    echo -n "Starting $DESC: $NAME"
    d_start
    echo "."
  ;;
  stop)
    echo -n "Stopping $DESC: $NAME"
    d_stop
    echo "."
  ;;
  reload)
    echo -n "Reloading $DESC configuration..."
    d_reload
    echo "reloaded."
  ;;
  restart)
  echo -n "Restarting $DESC: $NAME"
  d_stop
# Sleep for two seconds before starting again, this should give the
# Nginx daemon some time to perform a graceful stop.
  sleep 2
  d_start
  echo "."
  ;;
  *)
  echo "Usage: $SCRIPTNAME {start|stop|restart|reload}" >&2
  exit 3
  ;;
esac
exit 0

修改 nginx 为可执行的权限:

chmod +x /etc/init.d/nginx

执行命令:

update-rc.d nginx defaults

常用命令:

service nginx start
service nginx stop
service nginx restart

查看状态:

service nginx status

输出:

● nginx.service
     Loaded: loaded (/etc/init.d/nginx; generated)
     Active: active (running) since Fri 2022-11-18 07:06:47 UTC; 2s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 79674 ExecStart=/etc/init.d/nginx start (code=exited, status=0/SUCCESS)
      Tasks: 2 (limit: 2261)
     Memory: 1.6M
        CPU: 14ms
     CGroup: /system.slice/nginx.service
             ├─79676 "nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf"
             └─79677 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""

查看端口:

netstat -tulpn | grep nginx

输出:

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      11351/nginx: master