如何完成Ubuntu16.04編譯安裝Nginx

<!-- /\* Font Definitions \*/ @font-face {font-family:Helvetica; panose-1:2 11 6 4 2 2 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-536859905 -1073711037 9 0 511 0;} @font-face {font-family:宋體; panose-1:2 1 6 0 3 1 1 1 1 1; mso-font-alt:SimSun; mso-font-charset:134; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:3 680460288 22 0 262145 0;} @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:1; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-536870145 1073786111 1 0 415 0;} @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:-520092929 1073806591 9 0 415 0;} @font-face {font-family:"\\@宋體"; panose-1:2 1 6 0 3 1 1 1 1 1; mso-font-charset:134; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:3 680460288 22 0 262145 0;} /\* Style Definitions \*/ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; text-align:justify; text-justify:inter-ideograph; mso-pagination:none; font-size:10.5pt; mso-bidi-font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:宋體; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-font-kerning:1.0pt;} code {mso-style-noshow:yes; mso-style-priority:99; mso-ansi-font-size:12.0pt; mso-bidi-font-size:12.0pt; font-family:宋體; mso-ascii-font-family:宋體; mso-fareast-font-family:宋體; mso-hansi-font-family:宋體; mso-bidi-font-family:宋體;} pre {mso-style-priority:99; mso-style-link:"HTML 預設格式 Char"; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:宋體; mso-bidi-font-family:宋體;} span.HTMLChar {mso-style-name:"HTML 預設格式 Char"; mso-style-priority:99; mso-style-unhide:no; mso-style-locked:yes; mso-style-link:"HTML 預設格式"; mso-ansi-font-size:12.0pt; mso-bidi-font-size:12.0pt; font-family:宋體; mso-ascii-font-family:宋體; mso-fareast-font-family:宋體; mso-hansi-font-family:宋體; mso-bidi-font-family:宋體; mso-font-kerning:0pt;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} /\* Page Definitions \*/ @page {mso-page-border-surround-header:no; mso-page-border-surround-footer:no;} @page WordSection1 {size:595.3pt 841.9pt; margin:72.0pt 90.0pt 72.0pt 90.0pt; mso-header-margin:42.55pt; mso-footer-margin:49.6pt; mso-paper-source:0; layout-grid:15.6pt;} div.WordSection1 {page:WordSection1;} -->

NGINX能夠用做http/https服務器、反向代理服務器、郵件代理服務器、負載平衡器、TLS終結者或緩存服務器。它的設計很是模塊化。它有本地模塊和由社區建立的第三方模塊。它是用C語言編寫的，它是一種很是快速和輕量級的軟件。

注意:NGINX有兩個版本流並行運行——穩定和主線。兩個版本均可以在生產服務器上使用。建議在生產中使用主線版本。

從源代碼中安裝NGINX是相對「容易」的——下載最新版本的NGINX源代碼，配置、構建和安裝它。

在本教程中，我將使用主線版本，在撰寫本文時是1.13.1。當更新版本可用時，更新版本號。

從源代碼構建NGINX的需求

強制要求:

OpenSSL庫版本1.0.2-1.1.0

Zlib庫版本1.1.3-1.2.11。

PCRE庫版本在4.4-8.40之間

GCC編譯器

可選的要求:

PERL

LIBATOMIC_OPS

LibGD

MaxMind GeoIP

libxml2

libxslt

在你開始以前

一、使用sudo訪問建立常規用戶。

二、切換到新用戶:

su - <username>

三、系統更新:

sudo apt update && sudo apt upgrade -y

從源代碼構建NGINX

一、NGINX是一個用C編寫的程序，因此咱們須要安裝C編譯器(GCC)。

sudo apt install build-essential -y

二、下載最新版本的NGINX源代碼並提取它:

wget https://nginx.org/download/nginx-1.13.1.tar.gz && tar zxvf nginx-1.13.1.tar.gz

三、下載NGINX依賴項的源代碼並提取它們:

NGINX依賴於3個庫:PCRE、zlib和OpenSSL:

# PCRE version 4.4 - 8.40

wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz && tar xzvf pcre-8.40.tar.gz

# zlib version 1.1.3 - 1.2.11

wget http://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz

# OpenSSL version 1.0.2 - 1.1.0

wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz && tar xzvf openssl-1.1.0f.tar.gz

四、刪除全部. tar.gz文件。咱們再也不須要他們了:

rm -rf *.tar.gz

五、轉到NGINX源目錄:

cd ~/nginx-1.13.1

六、爲了幫助，您能夠經過運行來列出可用的配置開關:

./configure --help

七、配置、編譯和安裝NGINX:

./configure --prefix=/usr/share/nginx \

            --sbin-path=/usr/sbin/nginx \

            --modules-path=/usr/lib/nginx/modules \

            --conf-path=/etc/nginx/nginx.conf \

            --error-log-path=/var/log/nginx/error.log \

            --http-log-path=/var/log/nginx/access.log \

            --pid-path=/run/nginx.pid \

            --lock-path=/var/lock/nginx.lock \

            --user=www-data \

            --group=www-data \

            --build=Ubuntu \

            --http-client-body-temp-path=/var/lib/nginx/body \

            --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \

            --http-proxy-temp-path=/var/lib/nginx/proxy \

            --http-scgi-temp-path=/var/lib/nginx/scgi \

            --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \

            --with-openssl=../openssl-1.1.0f \

            --with-openssl-opt=enable-ec_nistp_64_gcc_128 \

            --with-openssl-opt=no-nextprotoneg \

            --with-openssl-opt=no-weak-ssl-ciphers \

            --with-openssl-opt=no-ssl3 \

            --with-pcre=../pcre-8.40 \

            --with-pcre-jit \

            --with-zlib=../zlib-1.2.11 \

            --with-compat \

            --with-file-aio \

            --with-threads \

            --with-http_addition_module \

            --with-http_auth_request_module \

            --with-http_dav_module \

            --with-http_flv_module \

            --with-http_gunzip_module \

            --with-http_gzip_static_module \

            --with-http_mp4_module \

            --with-http_random_index_module \

            --with-http_realip_module \

            --with-http_slice_module \

            --with-http_ssl_module \

            --with-http_sub_module \

            --with-http_stub_status_module \

            --with-http_v2_module \

            --with-http_secure_link_module \

            --with-mail \

            --with-mail_ssl_module \

            --with-stream \

            --with-stream_realip_module \

            --with-stream_ssl_module \

            --with-stream_ssl_preread_module \

            --with-debug \

            --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' \

            --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now'

make

sudo make install

八、從主目錄中刪除全部下載的文件，在這個例子中/home/username:

cd ~

rm -r nginx-1.13.1/ openssl-1.1.0f/ pcre-8.40/ zlib-1.2.11/

九、檢查NGINX版本和編譯時選項:

sudo nginx -v && sudo nginx -V

# nginx version: nginx/1.13.0 (Ubuntu)

# built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4)

# built with OpenSSL 1.1.0f  25 May 2017

# TLS SNI support enabled

# configure arguments: --prefix=/etc/nginx . . .

# . . .

# . . .

十、檢查語法和潛在錯誤:

sudo nginx -t

# Will throw this error nginx: [emerg] mkdir() "/var/lib/nginx/body" failed (2: No such file or directory)

# Just create directory

mkdir -p /var/lib/nginx && sudo nginx -t

十一、爲NGINX建立systemd單元文件:

sudo vim /etc/systemd/system/nginx.service

十二、複製/粘貼如下內容:

注意:根據NGINX的編譯方式，PID文件和NGINX二進制文件的位置可能會有所不一樣。

[Unit]

Description=A high performance web server and a reverse proxy server

After=network.target

[Service]

Type=forking

PIDFile=/run/nginx.pid

ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'

ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'

ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload

ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid

TimeoutStopSec=5

KillMode=mixed

[Install]

WantedBy=multi-user.target

1三、啓動並啓用NGINX服務:

sudo systemctl start nginx.service && sudo systemctl enable nginx.service

1四、檢查NGINX是否會在從新啓動後啓動:

sudo systemctl is-enabled nginx.service

# enabled

1五、檢查NGINX是否在運行:

sudo systemctl status nginx.service

ps aux | grep nginx

curl -I 127.0.0.1

1六、從新啓動你的Ubuntu VPS，以驗證NGINX自動啓動:

sudo shutdown -r now

1七、建立UFW NGINX應用程序概要文件:

sudo vim /etc/ufw/applications.d/nginx

1八、複製/粘貼如下內容:

[Nginx HTTP]

title=Web Server (Nginx, HTTP)

description=Small, but very powerful and efficient web server

ports=80/tcp

[Nginx HTTPS]

title=Web Server (Nginx, HTTPS)

description=Small, but very powerful and efficient web server

ports=443/tcp

[Nginx Full]

title=Web Server (Nginx, HTTP + HTTPS)

description=Small, but very powerful and efficient web server

ports=80,443/tcp

1九、如今，驗證UFW應用概要文件的建立和識別:

sudo ufw app list

# Available applications:

  # Nginx Full

  # Nginx HTTP

  # Nginx HTTPS

  # OpenSSH

結論

就是這樣。您如今已經安裝了NGINX的最新版本。它是靜態編譯的，針對一些重要的庫，好比OpenSSL。一般，系統的OpenSSL版本已通過時了。經過使用新的OpenSSL版本的安裝方法，您能夠利用chacha20poly1305這樣的新密碼，以及像TLS 1.3這樣的協議，這些協議將在OpenSSL 1.1.1中可用(還沒有發佈)。