怎样编译安装Nginx(Ubuntu 22.04)

2022年11月18日 | 分类: 【技术】

【环境】

在 Ubuntu 22.04 编译安装nginx-1.23.0 。

【安装】

下载 Nginx 源码包:

下载:http://nginx.org/download/

cd /root && wget http://nginx.org/download/nginx-1.23.0.tar.gz && tar zxf nginx-1.23.0.tar.gz

配置 Nginx 支持 HTTP/2 :

参考:https://amon.org/nginx-http2

1. 在编译 Nginx时加入 –with-http_v2_module
2. nginx.conf 中设置:listen 443 ssl http2;

下载 OpenSSL 源码包:

查看当前 OpenSSL 版本:

openssl version

输出:

OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

下载此版本 OpenSSL 并解压到 Nginx 目录中:

cd /root/nginx-1.23.0 && wget https://www.openssl.org/source/openssl-3.0.2.tar.gz && tar zxvf openssl-3.0.2.tar.gz

添加 nginx 用户组 和 用户 nginx :

/usr/sbin/groupadd -f nginx && /usr/sbin/useradd -g nginx nginx

下载 modsecurity 源码包 :

先编译 libmodsecurity 。

参考:https://amon.org/modsecurity

下载源码到 nginx 源代码目录:

cd /root/nginx-1.23.0 && git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git

安装 headers-more 模块 :

参考:https://amon.org/ngx_http_headers_more_filter_module

下载源码到 nginx 源代码目录:

cd /root/nginx-1.23.0 && git clone --depth 1 https://github.com/openresty/headers-more-nginx-module.git

编译安装 Nginx :

Ubuntu 22.04 环境(OpenSSL 3.0.2):

cd /root/nginx-1.23.0 && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_v2_module  --with-openssl=./openssl-3.0.2 --add-dynamic-module=./headers-more-nginx-module --add-dynamic-module=./ModSecurity-nginx --without-pcre2
make && make install

添加 nginx 到系统命令:

echo -e '\n\nexport PATH=/usr/local/nginx/sbin:$PATH\n' >> /etc/profile && source /etc/profile

检查 Nginx 版本:

输入:

nginx -v

输出:

nginx version: nginx/1.23.0

输入:

nginx -V
/usr/local/nginx/sbin/nginx -V

输出:

nginx version: nginx/1.23.0
built by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04)
built with OpenSSL 3.0.2 15 Mar 2022
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_v2_module --with-openssl=./openssl-3.0.2 --add-dynamic-module=./headers-more-nginx-module --add-dynamic-module=./ModSecurity-nginx --without-pcre2

可以看到 TLS SNI support 已经启用。

配置 Nginx 应用服务器:

配置路径:/usr/local/nginx/conf/nginx.conf

参考:https://amon.org/nginx-conf

源码路径:/usr/local/nginx/html

添加 nginx 对程序目录有执行权限:

chown -R nginx:nginx /usr/local/nginx/html

启动 Nginx :

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

如果有修改配置文件,先检查正确性:

/usr/local/nginx/sbin/nginx -t

重启 Nginx :

/usr/local/nginx/sbin/nginx -s reload

在浏览器中打开IP,显示:

Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.
Thank you for using nginx.

设置nginx开机自启动:

参考:https://amon.org/nginx-init

方案1的nginx代码,方案2的添加service命令。

service nginx start
service nginx stop
service nginx restart
service nginx status
service nginx reload

查看状态:

service nginx status

输出:

● nginx.service
     Loaded: loaded (/etc/init.d/nginx; generated)
     Active: active (running) since Fri 2022-11-18 07:06:47 UTC; 2s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 79674 ExecStart=/etc/init.d/nginx start (code=exited, status=0/SUCCESS)
      Tasks: 2 (limit: 2261)
     Memory: 1.6M
        CPU: 14ms
     CGroup: /system.slice/nginx.service
             ├─79676 "nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf"
             └─79677 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""

查看端口:

netstat -tulpn | grep nginx

输出:

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      11351/nginx: master