According to this document to compile and install Nginx, can be the default functionality of the Nginx all installed, the reader can also be their own according to the actual situation to delete the module needs to be compiled.
The following features are supported:
Nginx Official information: Building Nginx from Sources
Installation dependenciesPrepare the source packageyum install -y vim gcc gcc-c++ make cmake cmake3 automake autoconf perl-ExtUtils-Embed openssl-devel libxml2-devel libxslt-devel GeoIP-devel luajit-devel gperftools-devel systemd-devel perl-devel libatomic_ops-devel pcre-devel gd-devel
Compiling and installing# Create Directorymkdir -p /opt/down/nginxcd /opt/down/nginx# Get nginx sourcewget https://nginx.org/download/nginx-1.14.0.tar.gz# Get zlib/openssl/pcre dependencywget https://zlib.net/zlib-1.2.11.tar.gzwget https://www.openssl.org/source/openssl-1.1.1.tar.gzwget https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz# Get Lua module and depend if you needwget -c ‘https://github.com/openresty/lua-nginx-module/archive/v0.10.13.tar.gz‘ -O lua-nginx-module-0.10.13.tar.gzwget -c ‘https://github.com/simplresty/ngx_devel_kit/archive/v0.3.1rc1.tar.gz‘ -O ngx_devel_kit-0.3.1rc1.tar.gz# Extract source filetar xzf nginx-1.14.0.tar.gztar xzf zlib-1.2.11.tar.gztar xzf openssl-1.1.1.tar.gztar xzf pcre-8.42.tar.gztar xzf lua-nginx-module-0.10.13.tar.gztar xzf ngx_devel_kit-0.3.1rc1.tar.gz
useradd work in advance, or readers to customize user and group names. nginx-1.14.0 to all the compiled modules, and the reader can customize the deletions. # Configure OPTIONCD nginx-1.14.0./configure--prefix=/opt/soft/nginx--error-log-path=/opt/log/nginx/error.log-- Pid-path=/opt/run/nginx/nginx.pid--lock-path=/opt/run/nginx/nginx.lock--user=work--group=work--with-threads-- With-file-aio--with-http_ssl_module--with-http_v2_module--with-http_realip_module--with-http_addition_module-- With-http_xslt_module=dynamic--with-http_image_filter_module=dynamic--with-http_geoip_module=dynamic-- With-http_sub_module--with-http_dav_module--with-http_flv_module--with-http_mp4_module--with-http_gunzip_ Module--with-http_gzip_static_module--with-http_auth_request_module--with-http_random_index_module--with-http_ Secure_link_module--with-http_degradation_module--with-http_slice_module--with-http_stub_status_module-- With-http_perl_module=dynamic--http-log-path=/opt/log/nginx/access.log--http-client-body-temp-path=/opt/soft/ Nginx/temp/client_body--http-proxy-temp-path=/opt/soft/nginx/temp/proxy--http-fastcgi-temp-path=/opt/soft/nginx/temp/fastcgi--http-uwsgi-temp-path=/opt/soft/nginx/temp/uwsgi--http-scgi-temp-path=/opt/soft/nginx/temp/ scgi--with-mail=dynamic--with-mail_ssl_module--with-stream=dynamic--with-stream_ssl_module--with-stream_realip _module--with-stream_geoip_module=dynamic--with-stream_ssl_preread_module--with-google_perftools_module-- With-cpp_test_module--with-compat--with-pcre=. /pcre-8.42--with-pcre-jit--with-libatomic--with-zlib=. /zlib-1.2.11--with-openssl=. /openssl-1.1.1--with-debug--with-ld-opt=-wl,-rpath,/usr/lib64--add-module=. /ngx_devel_kit-0.3.1rc1--add-module=. /lua-nginx-module-0.10.13# Compile & Installmake-j2make InstallCreate some necessary catalogs that can be customized according to the actual situation.
Master configuration filemkdir -p /opt/log/nginxmkdir -p /opt/run/nginxmkdir -p /opt/soft/nginx/tempmkdir -p /opt/soft/nginx/conf/{acl,ssl,vhosts}
Path: /opt/soft/nginx/conf/nginx.conf
The basic parameters have already met most of the application scenarios, such as the need for additional tuning parameters see the official documentation for Modules reference
# Nginx main configuser work work;worker_processes auto;worker_cpu_affinity auto;worker_rlimit_nofile 655350;# Loa DS a dynamic module.# load_module modules/ngx_stream_module.so;# provides the configuration file context in which the dire Ctives that affect connection processing is specified.events {# Nginx'll by default with the most efficient method. # use Epoll; Worker_connections 102400;} # Log Level:debug, info, notice, warn, error, crit, alert, or Emerg.error_log/opt/log/nginx/error.log error;# PCRE JIT Can speed up processing of regular expressions Significantly.pcre_jit On;pid/opt/run/nginx/nginx.pid;http {include Mime.types; Default_type Application/octet-stream; # Default Log format-main #log_format main ' $remote _addr-$remote _user [$time _local] "$request" ' # ' $status $body _bytes_sent "$http _referer" ' # ' "$http _user_agent" $http _x_forwarded_for "; # Custom Log Format-main log_forMat main ' [$time _local] $remote _addr $http _x_connecting_ip "$http _x_forwarded_for" ' $scheme $http _host "$request" $body _bytes_sent $request _time $status "$http _referer" "" "$http _user_agent" $upstre Am_addr $upstream _response_time $upstream _status '; Access_log/opt/log/nginx/access.log main; # client_body_buffer_size 8k|16k; # client_body_timeout 120s; # Client_header_buffer_size 1k; # client_header_timeout 120s; # client_max_body_size 10m; Keepalive_timeout 75s; Send_timeout 60s; Sendfile on; Server_tokens off; Tcp_nodelay on; Tcp_nopush on; # Enables or disables the use of underscores in client request header fields. # underscores_in_headers off; gzip on; Gzip_comp_level 6; Gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml Application/xml+rss Text/javascript; # Module Ngx_http_fastcgi_module setting. # Fastcgi_buFfer_size 8k; # fastcgi_buffering on; # fastcgi_buffers 8 256k; # fastcgi_connect_timeout 120s; # fastcgi_read_timeout 120s; # fastcgi_send_timeout 120s; Include vhosts/*.conf;}Configure the default virtual host to disallow direct IP requests and requests for unbound domain names to jump.
Path:/opt/soft/nginx/conf/vhosts/default.conf
Official Virtual Host Configuration# vhosts - defaultserver { listen 80 default_server; server_name _; # underscores_in_headers on; if ($host ~ "\d+\.\d+\.\d+\.\d+") { return 404; } if ($host ~ "fandenggui.com") { return https://www.fandenggui.com; } location / { return https://www.fandenggui.com; }}
Many details require the reader to understand the role of the configuration to modify itself, there is no excessive explanation.
server {Listen 80; Listen 443 SSL HTTP2; server_name www.fandenggui.com; # Access control # include acl/your_acl_rule.conf; # Certs sent to the client in SERVER HELLO is concatenated in Ssl_certificate ssl_certificate SSL/FANDENGGUI.COM.P Em Ssl_certificate_key Ssl/fandenggui.com.key; Ssl_session_timeout 1d; Ssl_session_cache shared:ssl:50m; Ssl_session_tickets off; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; Ssl_ciphers ' Ecdhe-rsa-aes256-gcm-sha512:dhe-rsa-aes256-gcm-sha512:ecdhe-rsa-aes256-gcm-sha384:d he-rsa-aes256-gcm-sha384:ecdhe-rsa-aes256-sha384:ecdhe-ecdsa-chacha20-poly1305:ecdhe-rsa-chacha20-poly1305: ecdhe-ecdsa-aes128-gcm-sha256:ecdhe-rsa-aes128-gcm-sha256:ecdhe-ecdsa-aes256-gcm-sha384: ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256: Ecdhe-rsa-aes128-sha256:ecdhe-ecdsa-aes128-sha:ecdhe-rsa-aes256-sha384:ecdhe-rsa-aes128-sha: Ecdhe-ecdsa-aes256-sha384:ecdhe-ecdsa-aes256-sha:eCdhe-rsa-aes256-sha:dhe-rsa-aes128-sha256:dhe-rsa-aes128-sha:dhe-rsa-aes256-sha256:dhe-rsa-aes256-sha: ecdhe-ecdsa-des-cbc3-sha:ecdhe-rsa-des-cbc3-sha:edh-rsa-des-cbc3-sha:aes128-gcm-sha256:aes256-gcm-sha384: aes128-sha256:aes256-sha256:aes128-sha:aes256-sha:des-cbc3-sha:! DSS '; Ssl_prefer_server_ciphers on; Ssl_ecdh_curve secp384r1; # Requires Nginx >= 1.1.0 ssl_session_timeout 10m; Ssl_session_cache shared:ssl:10m; Ssl_session_tickets off; # Requires Nginx >= 1.5.9 # OCSP stapling---Requires nginx >= 1.3.7 # Fetch OCSP records from URL in Ssl_cer Tificate and cache them ssl_stapling on; Ssl_stapling_verify on; # Verify chain of trust of OCSP response using Root CA and intermediate certs # Ssl_trusted_certificate/path/to/root_c A_cert_plus_intermediates; # Dhparam:openssl DHPARAM-OUT/OPT/SOFT/NGINX/CONF/DHPARAM.PEM 4096 # SSL_DHPARAM/OPT/SOFT/NGINX/CONF/DHPARAM.PEM; # resolver $DNS-ip-1 $DNS-ip-2 valid=300s; # Resolver_timeout5s; # Add_header X-frame-options DENY; # Add_header X-content-type-options Nosniff; # Add_header x-xss-protection "1; Mode=block "; # HSTS (Ngx_http_headers_module is required) (15768000 seconds = 6 months) # Add_header Strict-transport-security max-a ge=15768000; # Add_header strict-transport-security "max-age=63072000; Includesubdomains; Preload "; # Forced to use HTTPS # if ($scheme = "http") {# return 301 https://$host $request_uri; #} location =/favicon.ico {access_log off; log_not_found off;} Location =/robots.txt {access_log off; log_not_found off;} Access_log/opt/log/nginx/www.fandenggui.com_access.log main; Error_log/opt/log/nginx/www.fandenggui.com_error.log error; Location/{# Configure the reverse proxy according to the actual situation # ...}}Path:/usr/lib/systemd/system/nginx.service
[Unit]Description=The nginx HTTP and reverse proxy serverAfter=network.target remote-fs.target nss-lookup.target[Service]Type=forkingPIDFile=/opt/run/nginx/nginx.pidExecStartPre=/usr/bin/rm -f /opt/run/nginx/nginx.pidExecStartPre=/opt/soft/nginx/sbin/nginx -tExecStart=/opt/soft/nginx/sbin/nginxExecReload=/bin/kill -s HUP $MAINPIDKillSignal=SIGQUITTimeoutStopSec=5KillMode=processPrivateTmp=true[Install]WantedBy=multi-user.target
Start Service & Set boot up
References and tools# Check Nginx config./opt/soft/nginx/sbin/nginx -tsystemctl start nginxsystemctl enable nginx
centos7.x Compile and install full-featured Nginx
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
