centos 7 源码安装openresty

Openresty 官网

http://openresty.org

Openresty源码下载页面

http://openresty.org/en/download.html

Openresty 简易安装说明页面

http://openresty.org/en/installation.html

安装步骤如下

yum install gcc gcc-c++ make automake autoconf libtool wget unzip git -y
if [ ! -d "/usr/local/software" ]; then mkdir /usr/local/software;fi
cd /usr/local/software
if [ ! -f "/usr/local/software/openresty-1.19.3.2.tar.gz" ];then wget https://openresty.org/download/openresty-1.19.3.2.tar.gz;fi
if [ ! -f "/usr/local/software/nginx-upstream-dynamic-servers-master.zip" ];then wget http://download.zhufunin.com/nginx-upstream-dynamic-servers-master.zip;fi
if [ ! -f "/usr/local/software/libmaxminddb-1.3.2.tar.gz" ]; then wget http://download.zhufunin.com/libmaxminddb-1.3.2.tar.gz;fi
if [ ! -f "/usr/local/software/maxmind-city.mmdb.tar.gz" ]; then wget http://download.zhufunin.com/maxmind-city.mmdb.tar.gz;fi
if [ ! -f "/usr/local/software/openssl-1.1.1j.tar.gz" ];then wget https://www.openssl.org/source/openssl-1.1.1j.tar.gz;fi
if [ ! -f "/usr/local/software/pcre-8.42.tar.gz" ];then wget http://download.zhufunin.com/pcre-8.42.tar.gz;fi
if [ ! -f "/usr/local/software/zlib-1.2.11.tar.gz" ];then wget http://download.zhufunin.com/zlib-1.2.11.tar.gz;fi
if [ ! -f "/usr/local/software/ngx_http_geoip2_module.zip" ];then wget http://download.zhufunin.com/ngx_http_geoip2_module.zip;fi
if [ ! -f "/usr/local/software/ngx_brotli.tar.gz" ];then wget http://download.zhufunin.com/ngx_brotli.tar.gz;fi

tar zxf openresty-1.19.3.2.tar.gz
unzip -o nginx-upstream-dynamic-servers-master.zip
tar zxf libmaxminddb-1.3.2.tar.gz
tar zxf maxmind-city.mmdb.tar.gz
tar zxf openssl-1.1.1j.tar.gz
tar zxf pcre-8.42.tar.gz
tar zxf zlib-1.2.11.tar.gz
unzip -o ngx_http_geoip2_module.zip

cd ./libmaxminddb-1.3.2
./configure
make && make install
[[ -z `cat /etc/ld.so.conf |grep "\/usr\/local\/lib"` ]] && echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig

#brotli git clone source code
cd /usr/local/software/
tar zxf ngx_brotli.tar.gz
#git clone https://github.com/google/ngx_brotli.git
#cd ./ngx_brotli
#git submodule update --init


groupadd www
useradd -g www -s /sbin/nologin www

cd ./openresty-1.19.3.2
./configure \
--user=www \
--group=www \
--prefix=/usr/local/openresty \
--with-http_ssl_module \
--with-http_sub_module \
--with-http_gzip_static_module \
--with-http_gunzip_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-pcre-jit \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-ipv6 \
--with-http_v2_module \
--with-http_iconv_module \
--with-threads \
--with-http_slice_module \
--with-openssl=/usr/local/software/openssl-1.1.1j \
--with-zlib=/usr/local/software/zlib-1.2.11 \
--with-pcre=/usr/local/software/pcre-8.42 \
--with-ld-opt="-Wl,-rpath,/usr/local/lib" \
--with-luajit \
--add-module=/usr/local/software/ngx_http_geoip2_module-master \
--add-module=/usr/local/software/nginx-upstream-dynamic-servers-master \
--add-module=/usr/local/software/ngx_brotli
make -j2
make install




mkdir -p /usr/local/openresty/nginx/conf/ssl
mkdir -p /usr/local/openresty/nginx/conf/conf.d

openssl req -x509 -nodes -days 10000 -newkey rsa:2048 -keyout /usr/local/openresty/nginx/conf/ssl/nginx.key -out /usr/local/openresty/nginx/conf/ssl/nginx.crt -subj "/C=US/ST=US/L=US/O=ssl/OU=ssl/CN=ssl.com/emailAddress=admin@ssl.com"
echo "ulimit -n 65535" >> /etc/profile
echo "root soft nofile 65535" >> /etc/security/limits.conf
echo "root hard nofile 65535" >> /etc/security/limits.conf
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
ulimit -n 65535


cat << "EOF" >  /usr/local/openresty/nginx/conf/nginx.conf
user                 www;
pid                  /var/run/nginx.pid;
worker_processes     auto;
worker_rlimit_nofile 65535;

events {
    multi_accept       on;
    worker_connections 65535;
}

http {
    charset              utf-8;
    sendfile             on;
    tcp_nopush           on;
    tcp_nodelay          on;
    server_tokens        off;
    log_not_found        off;
    types_hash_max_size  2048;
    client_max_body_size 100M;
    log_format main '$time_local{G;}$remote_addr{G;}$http_host{G;}$request_uri{G;}$status{G;}$upstream_addr{G;}$upstream_status{G;}$upstream_cache_status{G;}$upstream_response_time{G;}$request_time{G;}$http_x_forwarded_for{G;}$http_user_agent{G;}$server_port{G;}$server_protocol{G;}$request_method';

    # MIME
    include              mime.types;
    default_type         "text/html";

    # Logging
    access_log           /usr/local/openresty/nginx/logs/access.log;
    error_log            /usr/local/openresty/nginx/logs/error.log;

    # SSL
    ssl_session_timeout  1d;
    ssl_session_cache    shared:SSL:10m;
    ssl_session_tickets  off;

    # Mozilla Intermediate configuration
    ssl_protocols        TLSv1.2 TLSv1.3;
    ssl_ciphers          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

    # OCSP Stapling
    ssl_stapling         on;
    ssl_stapling_verify  on;
    resolver             223.5.5.5 8.8.8.8 119.29.29.29 valid=60s;
    resolver_timeout     10s;

    # Load configs
    include              /usr/local/openresty/nginx/conf/conf.d/*.conf;

server {
    listen                  443 ssl ;
    server_name             _ default;
    ssl_stapling           off;

    # SSL
    ssl_certificate         /usr/local/openresty/nginx/conf/ssl/nginx.crt;
    ssl_certificate_key     /usr/local/openresty/nginx/conf/ssl/nginx.key;
    return                  403;
}

server {
    listen      80;
    server_name _ default;
    return 403;
}

}
EOF
#添加系统service
cat << EOF > /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/local/openresty/nginx/sbin/nginx -t
ExecStart=/usr/local/openresty/nginx/sbin/nginx
ExecReload= /usr/local/openresty/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=on-failure
PrivateTmp=ture
[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable nginx
systemctl start nginx

# 添加定时日志清理脚本
cat << "EOF" >  /usr/local/openresty/nginx/conf/nginx_log_rotation.sh
#!/bin/bash
cd /usr/local/openresty/nginx/logs/
date_flag=`date +%Y%m%d%H%M`
#找出大于500M的日志
bigsize_rawlog=`ls -l *.log|awk '$5 > 500000000' |awk '{print $9}'`
if [ -z ${bigsize_rawlog} ];then
    exit 0;
fi
#日志文件重命名
for log in `echo ${bigsize_rawlog}`;do
    mv $log ${date_flag}-$log
done

#进程kill -USR1,会重新生成日志文件
kill -USR1 `cat /var/run/nginx.pid`

#把旧日志压缩
for log in `echo ${bigsize_rawlog}`;do
    gzip ${date_flag}-$log
done


sleep 2

#删除两天前的日志
find ./ -name  "*.log.gz" -mtime +1 |egrep "[0-9]{12}" |xargs rm -f
EOF


chmod 755 /usr/local/openresty/nginx/conf/nginx_log_rotation.sh

if [ -z `cat /etc/crontab |grep "nginx_log_rotation.sh"` ];then
    echo '0 */1 * * * root /usr/local/openresty/nginx/conf/nginx_log_rotation.sh' >> /etc/crontab
    service crond restart
fi

j2代表双核处理,如果CPU是4核,可以写出j4

请在这个网站生成配置文件https://www.digitalocean.com/community/tools/nginx

本人的自用配置反向代理,https://www.cnblogs.com/faberbeta/p/nginx-install004.html

相关文章:

猜你喜欢
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode