【环境】
在 Ubuntu 22.04 编译安装nginx-1.23.0 。
【安装】
下载 Nginx 源码包:
cd /root && wget http://nginx.org/download/nginx-1.23.0.tar.gz && tar zxf nginx-1.23.0.tar.gz
配置 Nginx 支持 HTTP/2 :
参考:https://amon.org/nginx-http2
1. 在编译 Nginx时加入 –with-http_v2_module
2. nginx.conf 中设置:listen 443 ssl http2;
下载 OpenSSL 源码包:
查看当前 OpenSSL 版本:
openssl version
输出:
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
下载此版本 OpenSSL 并解压到 Nginx 目录中:
cd /root/nginx-1.23.0 && wget https://www.openssl.org/source/openssl-3.0.2.tar.gz && tar zxvf openssl-3.0.2.tar.gz
添加 nginx 用户组 和 用户 nginx :
/usr/sbin/groupadd -f nginx && /usr/sbin/useradd -g nginx nginx
下载 modsecurity 源码包 :
先编译 libmodsecurity 。
参考:https://amon.org/modsecurity
下载源码到 nginx 源代码目录:
cd /root/nginx-1.23.0 && git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
安装 headers-more 模块 :
参考:https://amon.org/ngx_http_headers_more_filter_module
下载源码到 nginx 源代码目录:
cd /root/nginx-1.23.0 && git clone --depth 1 https://github.com/openresty/headers-more-nginx-module.git
编译安装 Nginx :
Ubuntu 22.04 环境(OpenSSL 3.0.2):
cd /root/nginx-1.23.0 && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_v2_module --with-openssl=./openssl-3.0.2 --add-dynamic-module=./headers-more-nginx-module --add-dynamic-module=./ModSecurity-nginx --without-pcre2 make && make install
添加 nginx 到系统命令:
echo -e '\n\nexport PATH=/usr/local/nginx/sbin:$PATH\n' >> /etc/profile && source /etc/profile
检查 Nginx 版本:
输入:
nginx -v
输出:
nginx version: nginx/1.23.0
输入:
nginx -V /usr/local/nginx/sbin/nginx -V
输出:
nginx version: nginx/1.23.0 built by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04) built with OpenSSL 3.0.2 15 Mar 2022 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_v2_module --with-openssl=./openssl-3.0.2 --add-dynamic-module=./headers-more-nginx-module --add-dynamic-module=./ModSecurity-nginx --without-pcre2
可以看到 TLS SNI support 已经启用。
配置 Nginx 应用服务器:
配置路径:/usr/local/nginx/conf/nginx.conf
参考:https://amon.org/nginx-conf
源码路径:/usr/local/nginx/html
添加 nginx 对程序目录有执行权限:
chown -R nginx:nginx /usr/local/nginx/html
启动 Nginx :
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
如果有修改配置文件,先检查正确性:
/usr/local/nginx/sbin/nginx -t
重启 Nginx :
/usr/local/nginx/sbin/nginx -s reload
在浏览器中打开IP,显示:
Welcome to nginx! If you see this page, the nginx web server is successfully installed and working. Further configuration is required. For online documentation and support please refer to nginx.org. Commercial support is available at nginx.com. Thank you for using nginx.
设置nginx开机自启动:
参考:https://amon.org/nginx-init
方案1的nginx代码,方案2的添加service命令。
service nginx start service nginx stop service nginx restart service nginx status service nginx reload
查看状态:
service nginx status
输出:
● nginx.service
Loaded: loaded (/etc/init.d/nginx; generated)
Active: active (running) since Fri 2022-11-18 07:06:47 UTC; 2s ago
Docs: man:systemd-sysv-generator(8)
Process: 79674 ExecStart=/etc/init.d/nginx start (code=exited, status=0/SUCCESS)
Tasks: 2 (limit: 2261)
Memory: 1.6M
CPU: 14ms
CGroup: /system.slice/nginx.service
├─79676 "nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf"
└─79677 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
查看端口:
netstat -tulpn | grep nginx
输出:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11351/nginx: master