nginx-1.12.2源码安装配置

1 参考文档

http://nginx.org/en/download.html

http://nginx.org/en/docs/configure.html

https://github.com/openresty/lua-nginx-module

http://nginx.org/en/docs/http/configuring_https_servers.html

https://www.openssl.org/docs/man1.1.0/apps/genrsa.html

2 安装

2.1 打开防火墙端口

$ sudo /sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
$ sudo /sbin/iptables -I INPUT -p tcp --dport 8443 -j ACCEPT
$ sudo service iptables save

2.2 获取安装包以及相关依赖

# 支持https
$ wget https://www.openssl.org/source/openssl-1.0.2m.tar.gz
$ wget https://ftp.pcre.org/pub/pcre/pcre-8.41.tar.bz2
$ wget http://zlib.net/zlib-1.2.11.tar.gz
$ wget http://nginx.org/download/nginx-1.12.2.tar.gz
# 支持lua
$ wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
$ wget https://github.com/openresty/lua-nginx-module/archive/v0.10.11.tar.gz

2.3 解压安装包

$ tar zxvf openssl-1.0.2m.tar.gz
$ tar jxvf pcre-8.41.tar.bz2
$ tar zxvf zlib-1.2.11.tar.gz
$ tar zxvf v0.3.0.tar.gz
$ tar zxvf v0.10.11.tar.gz
$ tar zxvf nginx-1.12.2.tar.gz && cd nginx-1.12.2

2.4 安装nginx

注意：添加LUA支持，需要安装lua环境，参见LUA-环境搭建

$ ./configure --prefix=/opt/jediz90/nginx --with-pcre=../pcre-8.41 --with-zlib=../zlib-1.2.11 \
    --with-openssl=../openssl-1.0.2m --with-http_gzip_static_module \
    --with-http_stub_status_module --with-http_ssl_module

# 添加TCP反向代理支持
    --with-stream

# 添加HTTP2支持
    --with-http_v2_module

# 添加LUA支持，需要安装lua环境--with-ld-opt="-Wl,-rpath,/opt/sloth/lj2/lib" \
    --add-module=/opt/sloth/ngx_devel_kit-0.3.0 \
    --add-module=/opt/sloth/lua-nginx-module-0.10.11

$ make && make install

2.5 添加开机启动

$ sudo vim /lib/systemd/system/nginx.service

在文件中添加以下内容

[Unit] 
Description=nginx 
After=network.target 
 
[Service] 
User=sloth
Group=sloth

Type=forking 
ExecStart=/opt/jediz90/nginx/sbin/nginx 
ExecReload=/opt/jediz90/nginx/sbin/nginx -s reload 
ExecStop=/opt/jediz90/sbin/nginx -s quit
PrivateTmp=true 
 
[Install] 
WantedBy=multi-user.target

添加到开机启动

$ sudo systemctl enable nginx.service 

3 LUA配置

编辑nginx.conf文件

location /lua {
  default_type 'text/plain';
  content_by_lua_block {
    ngx.say("dog")
  }
} 

4 HTTS配置

$ mkdir /opt/jediz90/nginx/conf/key && cd /opt/jediz90/nginx/conf/key

4.1 Openssl 生成https证书

注：需要先安装openssl

# 安装openssl,如之前已经解压则无需在解压一遍
$ tar zxvf openssl-1.0.2m.tar.gz
$ cd openssl-1.0.2m
$ ./config --prefix=/opt/jediz90/openssl
$ make && make install
$ cd .. && rm -rf openssl-1.0.2m

创建私钥

$ /opt/jediz90/openssl/bin/openssl genrsa -out jediz90.key 1024

生成自签证书

$ openssl req -new -x509 -days 3650 -key jediz90.key -out jediz90.crt

编辑nginx.conf文件

$ vi /opt/jediz90/nginx/conf/nginx.conf

添加以下内容

    server {
        listen       8443 ssl;
        server_name  localhost;

        ssl_certificate      key/jediz90.crt;
        ssl_certificate_key  key/jediz90.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }

5 HTTP2配置

参考上面HTTPS配置，然后进行以下调整

listen       8443 ssl http2;

6 解决 Mac OS X 下 Nginx 编译报错 symbol(s) not found for architecture x86_64

./configure 命令后, 不要继续 make, 要先修改下 Makefile 文件, 做法:

在当前 nginx 源码目录

$ cd objs
$ vi Makefile

# 找到类似这行

&& ./config --prefix=/opt/jediz90/nginx-1.12.2/../openssl-1.0.2g/.openssl no-shared  \

# 将 config 修改为 Configure darwin64-x86_64-cc, --prefix 之后的不用修改, 修改后的如:

&& ./Configure darwin64-x86_64-cc --prefix=/opt/jediz90/nginx-1.12.2/../openssl-1.0.2g/.openssl no-shared  \

# 修改保存, 反回到上级 nginx 源码目录继续执行 make 即可。