Nginx source code installation configuration
Author: Yan Tao
E-mail: coderyantao@qq.com
Note: the experimental environment is a virtual machine, and selinux and firewalld have been closed. This installation is for novices and does not solve all problems in advance. It will show the problems and solutions.
1, Prepare
Install GCC and gcc-c + + compiler tools
[root@localhost ~]# yum install gcc gcc-c++
Download the source code packages of Nginx, PHP and MySQL
[root@localhost ~]# wget -c https://nginx.org/download/nginx-1.16.1.tar.gz [root@localhost ~]# wget -c https://www.php.net/distributions/php-7.2.29.tar.gz [root@localhost ~]# wget -c https://downloads.mysql.com/archives/get/p/23/file/mysql-5.6.46.tar.gz
At each execution/ After the configure, make, and make install commands, you can use echo $? To determine whether there was an error in the previous step
2, Nginx
1. Create nginx system account
[root@localhost ~]# useradd -r -s /sbin/nologin nginx
2. Decompression
[root@localhost ~]# tar -xf nginx-1.16.1.tar.gz [root@localhost ~]# cd nginx-1.16.1/ [root@localhost nginx-1.16.1]#
3. Compilation and installation
This experiment did not specify too many options, only users and user groups. Other features will be installed later when needed.
Perform precompiling
[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx
Error tip 1: pcre library is missing. xxx library is missing. Install xxx devel
./configure: error: the HTTP rewrite module requires the PCRE library.
resolvent:
[root@localhost nginx-1.16.1]# yum install pcre-devel
Perform precompiling again
[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx
Error tip 2: zlib library is missing
./configure: error: the HTTP gzip module requires the zlib library.
resolvent:
[root@localhost nginx-1.16.1]# yum install zlib-devel
Perform precompiling again
[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx
Precompiled successfully
Configuration summary#These libraries are used + using system PCRE library + OpenSSL library is not used + using system zlib library#Default installation options nginx path prefix: "/usr/local/nginx" nginx binary file: "/usr/local/nginx/sbin/nginx" nginx modules path: "/usr/local/nginx/modules" nginx configuration prefix: "/usr/local/nginx/conf"#Profile directory nginx configuration file: "/usr/local/nginx/conf/nginx.conf"#Configuration file nginx PID file: "/ usr / local / nginx / logs / nginx. PID" nginx error log file: "/ usr / local / nginx / logs / error. Log" nginx HTTP access log file: "/ usr / local / nginx / logs / access. Log" nginx HTTP client request body temporary files: "client_body_temp" nginx HTTP proxy temporary files: "proxy_temp" nginx HTTP fastcgi temporary files: "fastcgi_temp" nginx http uwsgi temporary files: "uwsgi_temp" nginx http scgi temporary files: "scgi_temp"
make compilation
[root@localhost nginx-1.16.1]# make
make install install
[root@localhost nginx-1.16.1]# make install
4. Create nginx soft link
#This eliminates the need for absolute paths[root@localhost nginx-1.16.1]# ln -s /usr/local/nginx/sbin/* /usr/local/bin/
5. Start nginx
[root@localhost ~]# nginx
Check the process
[root@localhost ~]# netstat -antp|grep nginxtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21794/nginx: master #The master process of nginx has been started. You can use the browser to access the virtual machine ip
View additional commands for nginx
[root@localhost ~]# nginx -hnginx version: nginx/1.16.1Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives]Options: -?,-h : this help -v : show version and exit -V : show version and configure options then exit -t : test configuration and exit -T : test configuration, dump it and exit -q : suppress non-error messages during configuration testing -s signal : send signal to a master process: stop, quit, reopen, reload -p prefix : set prefix path (default: /usr/local/nginx/) -c filename : set configuration file (default: conf/nginx.conf) -g directives : set global directives out of configuration file
6. Configuration file
#Backup profile[root@localhost ~]# cd /usr/local/nginx/conf/[root@localhost conf]# cp nginx.conf nginx.conf.bak[root@localhost conf]# vim nginx.conf
#user nobody;#nginx Number of processes, usually and CPU Equal quantity worker_processes 1;#error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;#event model events { #Maximum connections per process (maximum connections)=Number of connections*Maximum number of connections of processes), modified according to hardware worker_connections 1024;}#Overall, the following contents are in it http { #File extension and file type mapping table,set up mime type,Type by mime.type File definition include mime.types; #Default file type default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; #Efficient file transfer mode sendfile on; #Prevent network congestion #tcp_nopush on; #keepalive_timeout 0; #Long connection timeout keepalive_timeout 65; #Web page compression #gzip on; #Default site location settings server { #Listening port listen 80; Website name server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; #Requests for this website / Yes, any request is allowed location / { #Website directory root html; #Default file index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } ## Virtual host configuration format # other virtual host using mix of IP -, name -, and port based configuration ## server {# listen 8000; # listen somename: 8080; # server _namesomename alias other.alias; # location / {# root HTML; # index.html index.htm; #} ##} ## https configuration # https server ##server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
3, Experiment
1. Virtual host
In order to standardize the configuration file, we use a website and a configuration file. The operation steps are as follows
1.1 Edit Master profile
[root@localhost conf]# vim nginx.conf
Add code to global settings
http { ... #gzip on; #Load myweb1.0 in the vhosts directory conf include vhosts/myweb1. conf;
1.2 create sub profile
[root@localhost conf]# mkdir vhosts[root@localhost conf]# vim vhosts/myweb1.conf
server { listen 80; server_name www.myweb1.com; location / { root html/myweb1; index index.html index.htm; }}
1.3 reload configuration file
#Check the syntax first[root@localhost conf]# nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful#Reload[root@localhost conf]# nginx -s reload
1.4 create website directory
[root@localhost conf]# mkdir /usr/local/nginx/html/myweb1[root@localhost conf]# vim /usr/local/nginx/html/myweb1/index.html#Content ID this is myweb1
The hosts file on your computer can be accessed by adding the following
192.168.1.54 www.myweb1.com
2.Nginx status statistics
To achieve this function, you need to turn on – with HTTP during precompiling_ stub_ status_ We didn't open the parameter of module just now, so we need to recompile it now.
#You can view the current compilation parameters through this command[root@localhost nginx-1.16.1]# nginx -Vnginx version: nginx/1.16.1built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) configure arguments: --user=nginx --group=nginx
2.1 recompile
#Enter the source package[root@localhost ~]# cd nginx-1.16.1/#Clear last generated file[root@localhost nginx-1.16.1]# make cleanrm -rf Makefile objs#Precompile again, old parameters+New parameters[root@localhost nginx-1.16.1]# ./configure --user=nginx --group=nginx --with-http_stub_status_module#compile[root@localhost nginx-1.16.1]# make
2.2 overwrite the original procedure
The newly compiled program is in the objs directory
[root@localhost nginx-1.16.1]# cd objs/[root@localhost objs]# lsautoconf.err Makefile nginx nginx.8 ngx_auto_config.h ngx_auto_headers.h ngx_modules.c ngx_modules.o src
The nginx process needs to be stopped for the new replication
[root@localhost objs]# cp nginx /usr/local/nginx/sbin/nginx
Reload profile
[root@localhost objs]# nginx -s reload
In this way, the original configuration operations are retained and new functions are added
2.3 editing virtual hosts
Monitor myweb1 here Com status
[root@localhost vhosts]# vim myweb1.conf
The modification is as follows. I read many posts and failed. Finally, I got the official website http://nginx.org/en/docs/http/ngx_http_stub_status_module.html
server { listen 80; server_name www.myweb1.com; location / { root html/myweb1; index index.html index.htm; } location = /basic_status { #Enable status statistics stub_status; }}
Browser access http://www.myweb1.com/basic_status Just
2.4 reload
[root@localhost myweb1]# nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@localhost myweb1]# nginx -s reload
3. Directory protection
Protect the previous statistics page
3.1 editing virtual host configuration file
[root@localhost vhosts]# vim myweb1.conf
server { listen 80; server_name www.myweb1.com; location / { root html/myweb1; index index.html index.htm; } location = /basic_status { #Open status statistics stub_status; #Directory protection auth_basic "Hello Admin!";#Prompt language auth_basic_user_file /usr/local/nginx/html/myweb1/htpasswd.nginx;#Account file}
3.2 generate account file
Generate files with apache commands
#install httppd[root@localhost vhosts]# yum install httpd#Create a new account file. The account is yantao[root@localhost vhosts]# htpasswd -c /usr/local/nginx/html/myweb1/htpasswd.nginx yantao#Add account[root@localhost vhosts]# htpasswd -m /usr/local/nginx/html/myweb1/htpasswd.nginx user1
3.3 reload
[root@localhost myweb1]# nginx -s reload
4. IP based authentication
4.1 write allowed IP
[root@localhost vhosts]# vim myweb1.conf
[root@localhost vhosts]# vim myweb1.conf server { listen 80; server_name www.myweb1.com; location / { root html/myweb1; index index.html index.htm; } location = /basic_status { #Open status statistics stub_status; #Directory protection auth_basic "Hello Admin!"; auth_basic_user_file /usr/local/nginx/html/myweb1/htpasswd.nginx; #IP based authentication allow 192.168 1.42; deny 192.168. 1.0/24; }}
4.2 reload
[root@localhost myweb1]# nginx -t[root@localhost myweb1]# nginx -s reload
5. Reverse proxy
5.1 build an apache
5.2 add nginx virtual host
Modify master profile
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf#Add the following: include vhosts / myweb2 conf;
Create sub profile
[root@localhost ~]# vim /usr/local/nginx/conf/vhosts/myweb2.conf #Add the following server { listen 80; server_name www.myweb2.com; location / { proxy_pass http://192.168.1.49:80;#apache IP}
Reload configuration
[root@localhost ~]# nginx -t[root@localhost ~]# nginx -s reload
Modify computer hosts and add
192.168.1.54 www.myweb2.com
Visit www.myweb2.com at this time Com will visit apache
6. Load balancing
6.1 prepare another apache
6.2 editing virtual hosts
[root@localhost ~]# vim /usr/local/nginx/conf/vhosts/myweb2.conf
#Resource pool upstream abc{ server 192.168.1.49:80; server 192.168.1.47:80;}server { listen 80; server_name www.myweb2.com; location / { proxy_pass http://abc; proxy_set_header Host $host;# In order to use the secondary directory normally, set the variable}}
Visit www.myweb2.com Com will switch between two apache
6.3rr algorithm for polling
upstream abc{ server 192.168.1.49:80 weight=1; server 192.168.1.47:80 weight=2;}server { listen 80; server_name www.myweb2.com; location / { proxy_pass http://abc; proxy_set_header Host $host; }}
In this way, the ratio of two apache is 1:2
7.nginx implements https
nginx implements https, and -- with HTTP needs to be enabled during compilation_ ssl_ Module, we didn't open it at the beginning, so we need to recompile and install it. See Experiment 2 for the process.
7.1 generate server private key
[root@localhost ~]# cd /usr/local/nginx/conf/[root@localhost conf]# openssl genrsa -out myweb1.key 1024Generating RSA private key, 1024 bit long modulus.......++++++..++++++e is 65537 (0x10001)
7.2 generating certificates
[root@localhost conf]# openssl req -new -key myweb1.key -out myweb1.csrYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:LNLocality Name (eg, city) [Default City]:SYOrganization Name (eg, company) [Default Company Ltd]:CompanyOrganizational Unit Name (eg, section) []:PHPCommon Name (eg, your name or your server's hostname) []:www.myweb1.comEmail Address []:Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:
7.3 generate signing certificate
The experiment is a self signed certificate and will not be trusted by the browser. The production environment is purchased from CA manufacturers.
[root@localhost conf]# openssl x509 -req -days 365 -sha256 -in myweb1.csr -signkey myweb1.key -out myweb1.crtSignature oksubject=/C=CN/ST=LN/L=SY/O=Company/OU=PHP/CN=www.myweb1.comGetting Private key
server { listen 80; server_name www.myweb1.com; #Rewrite function, 80 request to 443 request rewrite ^(.*)$ https://${server_name}{ permanent; location / { root html/myweb1; index index.html index.htm; } location = /basic_status {# enable status statistics stub_status; # directory protection auth_basic "Hello admin!"; auth_ basic_ user_ file /usr/local/nginx/html/myweb1/htpasswd. nginx; # IP based authentication allow 192.168 1.42; deny 192.168. 1.0/24; }} server {listen 443 SSL; #1.5 version starts using this writing method server_name www.myweb1.com; root HTML / myweb1; index.html; ssl_certificate / usr / local / nginx / conf / myweb1.crt; ssl_certificate_key / usr / local / nginx / conf / myweb1.key; ssl_session_timeout 5m; ssl_ciphers ecdhe-rsa-aes128-gcm-sha22 56: ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4;# There is a problem with the format, ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on;}
After reloading the configuration file, visit www.myweb1.com Com to jump to https
8. Hide version number
If you modify the master configuration file, you hide the version numbers of all virtual hosts.
hide all
[root@localhost conf]# vim nginx.conf#Add server to http tag_ tokens off;
Single hidden
[root@localhost conf]# vim vhosts/myweb2.conf #Add server to the server tab_ tokens off;
Or modify the source code before installation
[root@localhost ~]# cd nginx-1.16.1/src/core/[root@localhost core]# vim nginx.h#define NGINX_VERSION "1.16.1"#define NGINX_VER "nginx/" NGINX_VERSION#Modify as follows to confuse define NGINX_VERSION "1.0"define NGINX_VER "IIS/" NGINX_VERSION