编译Nginx

by

使用模块准备

  • openssl-3.0.1
    cd /www/mod
    wget https://www.openssl.org/source/openssl-3.0.5.tar.gz
    tar xf openssl-3.0.5.tar.gz
  • pcre-8.45
    cd /www/mod
    wget https://iweb.dl.sourceforge.net/project/pcre/pcre/8.45/pcre-8.45.tar.gz
    tar xf pcre-8.45.tar.gz
  • zlib-cf
    cd /www/mod
    git clone https://github.com/cloudflare/zlib.git zlib-cf ; cd zlib-cf
    make -f Makefile.in distclean
  • ngx_brotli
    cd /www/mod
    git clone --recurse-submodules https://github.com/google/ngx_brotli.git
  • ngx_http_redis
    wget https://people.freebsd.org/~osa/ngx_http_redis-0.3.9.tar.gz
    tar xf ngx_http_redis-0.3.9.tar.gz
  • lua-nginx-module
  • redis2-nginx-module
    cd /www/mod
    git clone https://github.com/openresty/redis2-nginx-module.git
  • srcache-nginx-module
    cd /www/mod
    git clone https://github.com/openresty/srcache-nginx-module.git
  • set-misc-nginx-module
  • cd /www/mod
  • git clone https://github.com/openresty/set-misc-nginx-module.git
  • headers-more-nginx-module
  • echo-nginx-module
  • ngx_devel_kit
    cd /www/mod
    git clone https://github.com/vision5/ngx_devel_kit.git

Nginx Source Code

wget http://nginx.org/download/nginx-1.23.1.tar.gz
tar xf nginx-1.23.1.tar.gz
apt-get install -y build-essential libatomic-ops-dev libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev libgd-dev libxml2 libxml2-dev uuid-dev

Configure & make install

export LUAJIT_LIB=/usr/local/lib
export LUAJIT_INC=/usr/local/include/luajit-2.1
./configure --user=www --group=www --prefix=/www/server/nginx --with-openssl=/www/mod/openssl-3.0.5 --add-module=/www/mod/ngx_brotli --add-module=/www/mod/lua-nginx-module --add-module=/www/mod/redis2-nginx-module --add-module=/www/mod/ngx_http_redis-0.3.9 --add-module=/www/mod/srcache-nginx-module --add-module=/www/mod/ngx_devel_kit  --add-module=/www/mod/set-misc-nginx-module --add-module=/www/mod/headers-more-nginx-module --add-module=/www/mod/echo-nginx-module --add-module=/www/server/nginx/src/ngx_cache_purge --add-module=/www/server/nginx/src/nginx-sticky-module --add-module=/www/server/nginx/src/nginx-dav-ext-module --with-pcre=/www/mod/pcre-8.45 --with-zlib=/www/mod/zlib-cf --with-http_v2_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_stub_status_module --with-http_ssl_module --with-http_image_filter_module --with-http_gzip_static_module --with-http_gunzip_module --with-http_sub_module --with-http_flv_module --with-http_addition_module --with-http_realip_module --with-http_mp4_module --with-http_dav_module --with-libatomic --with-pcre-jit --with-threads --with-file-aio --with-stream_realip_module --with-openssl-opt='zlib enable-tls1_3 enable-ec_nistp_64_gcc_128 -march=native -pipe -ljemalloc -Wl,-flto' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC -ljemalloc -lrt -Wl,-rpath,/usr/local/lib' --with-cc-opt='-O3 -DTCP_FASTOPEN=23 -ffast-math -march=native -pipe -flto -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fPIC -Wdate-time -Wp,-D_FORTIFY_SOURCE=2'
CPU_P=$(cat /proc/cpuinfo | grep "processor" | wc -l )
make j=${CPU_P} V=s ; make install

Nginx配置文件

http
    {
        include       mime.types;
		#include luawaf.conf;

		include proxy.conf;

        default_type  application/octet-stream;

        server_names_hash_bucket_size 512;
        client_header_buffer_size 32k;
        large_client_header_buffers 8 32k;
        client_max_body_size 512m;

        lua_package_path "/www/server/nginx/lib/lua/?.lua;;";
        
        ssl_early_data on;
        proxy_set_header Early-Data $ssl_early_data;

        ssl_verify_client on;
        ssl_ocsp          on;
        resolver          8.8.8.8;

        aio        threads;
        directio       512;
        output_buffers 16 32k;
        aio_write on;

        sendfile   on;
        tcp_nopush on;

        keepalive_timeout 60;

        tcp_nodelay on;

        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 128k;
        fastcgi_buffers 32 32k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;
		fastcgi_intercept_errors on;

		brotli on;
        brotli_buffers 64 8K;
		brotli_comp_level 6;
		brotli_static on;
		brotli_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

        gzip on;
        gzip_min_length  1k;
        gzip_buffers     64 8k;
        gzip_http_version 1.1;
        gzip_comp_level 4;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";

        limit_conn_zone $binary_remote_addr zone=perip:10m;
		limit_conn_zone $server_name zone=perserver:10m;

        server_tokens off;
        access_log off;

        open_file_cache max=2048 inactive=120s; 
        open_file_cache_valid 60s; 
        open_file_cache_min_uses 1; 
        open_file_cache_errors off;

        upstream php-80-handler {
            server unix:/tmp/php-cgi-80.sock;
            keepalive 1024;
            keepalive_requests 120;
        }

        upstream redis {
            server unix:/tmp/redis.sock;
            keepalive 1024;
        }
}