lamess / Nginx编译安装

Created Thu, 27 Jun 2024 11:52:30 +0800 Modified Mon, 29 Dec 2025 15:46:43 +0800
937 Words
Nginx Linux

Nginx编译安装

软件下载

从官网下载最新的Nginx源码包。

wget https://nginx.org/download/nginx-1.26.1.tar.gz

编译期间还需要使用OpenSSL和PCRE2以及Zlib,下载各自的最新版本文件。

wget https://www.openssl.org/source/openssl-3.3.1.tar.gz
wget https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.44/pcre2-10.44.tar.gz
wget https://www.zlib.net/zlib-1.3.1.tar.gz

安装相关依赖

使用编译相关的依赖软件。

dnf install gcc make pcre-devel openssl-devel zlib-devel libxslt-devel gd-devel perl-devel gperftools-devel -y

全功能编译

从YUM源内安装的Nginx,使用nginx -V命令查询其安装参数。参考这个安装参数进行编译。
这里使用了--with-openssl-opt--with-zlib-opt-with-pcre-opt参数直接指定相关软件的路径而不需要另外编译安装。

./configure \
--prefix=/usr/local/nginx \
--with-openssl-opt=/opt/openssl-3.3.1 \
--with-zlib-opt=/opt/zlib-1.3.1 \
--with-pcre-opt=/opt/pcre2-10.44 \
--with-http_flv_module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-file-aio \
--with-http_v2_module \
--with-http_addition_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_sub_module \
--with-http_dav_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_perl_module=dynamic \
--with-http_auth_request_module \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-pcre-jit \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-google_perftools_module \
--with-debug \
--with-cc-opt='-O2 -g -grecord-gcc-switches -pipe -fstack-protector-strong -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection' \
--with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,-E'
make
make install
安装nginx-http-flv-module 
git clone https://github.com/winshining/nginx-http-flv-module.git
./configure \
--prefix=/usr/local/nginx \
--with-openssl-opt=/opt/openssl-3.3.1 \
--with-zlib-opt=/opt/zlib-1.3.1 \
--with-pcre-opt=/opt/pcre2-10.44 \
--add-module=/opt/nginx-http-flv-module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-file-aio \
--with-http_v2_module \
--with-http_addition_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_sub_module \
--with-http_dav_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_perl_module=dynamic \
--with-http_auth_request_module \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-pcre-jit \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-google_perftools_module \
--with-debug \
--with-cc-opt='-O2 -g -grecord-gcc-switches -pipe -fstack-protector-strong -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection' \
--with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,-E'
make
make install
基础功能编译 
./configure \
--prefix=/usr/local/nginx \
--add-module=/opt/nginx-http-flv-module-1.2.11 \
--with-openssl-opt=/opt/openssl-1.1.1w \
--with-zlib-opt=/opt/zlib-1.3.1 \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-pcre-opt=/opt/pcre2-10.44
make
make install

创建用户并授权。

groupadd nginx
useradd -g nginx -s /bin/false nginx
chown -R nginx:nginx /usr/local/nginx/

增加软链接。

ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx

安装完成后,部署systemd监控,按需修改执行文件路径为实际的路径即可。

cat > /usr/lib/systemd/system/nginx.service << EOF
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
User=nginx
Group=nginx
LimitNOFILE=65535
LimitNPROC=65535
Type=forking
PIDFile=/usr/local/nginx/nginx.pid
# Nginx will fail to start if /usr/local/nginx/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running \`nginx -t\` from the cmdline.
ExecStartPre=/usr/bin/rm -f /usr/local/nginx/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP \$MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=mixed
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload

这里使用/usr/local/nginx/nginx.pid存放pid文件,需要对应地将nginx.conf中的pid配置为相同的路径。

pid        /usr/local/nginx/nginx.pid;

使用Docker镜像构建编译环境

ARG BASE_IMAGE=openeuler/openeuler:25.09
FROM ${BASE_IMAGE}

ARG NGINX_VERSION=1.28.0
ARG ZLIB_VERSION=1.3.1
ARG PCRE2_VERSION=10.47
ARG OPENSSL_VERSION=3.0.12

RUN dnf install -y gcc make pcre-devel zlib-devel openssl-devel wget tar git libxslt-devel gd-devel perl-devel gperftools-devel 

WORKDIR /tmp
RUN wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \
    git clone https://github.com/winshining/nginx-http-flv-module.git && \
    wget https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE2_VERSION}/pcre2-${PCRE2_VERSION}.tar.gz && \
    wget https://www.zlib.net/zlib-${ZLIB_VERSION}.tar.gz && \
    wget https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \
    tar -zxf nginx-${NGINX_VERSION}.tar.gz && \
    tar -zxf pcre2-${PCRE2_VERSION}.tar.gz && \
    tar -zxf zlib-${ZLIB_VERSION}.tar.gz && \
    tar -zxf openssl-${OPENSSL_VERSION}.tar.gz

WORKDIR /tmp/nginx-${NGINX_VERSION}
RUN export RPM_ARCH=$(uname -m) && \
    export RPM_OS=linux && \
    export RPM_PACKAGE_NAME=nginx && \
    export RPM_PACKAGE_VERSION=${NGINX_VERSION} && \
    export RPM_PACKAGE_RELEASE=1 && \
    ./configure \
    --prefix=/usr/local/nginx \
    --add-module=/tmp/nginx-http-flv-module \
    --with-openssl-opt=/tmp/openssl-${OPENSSL_VERSION} \
    --with-pcre-opt=/tmp/pcre2-${PCRE2_VERSION} \
    --with-zlib-opt=/tmp/zlib-${ZLIB_VERSION} \
    --with-http_flv_module \
    --with-http_stub_status_module \
    --with-http_ssl_module \
    --with-http_realip_module \
    --with-file-aio \
    --with-http_v2_module \
    --with-http_addition_module \
    --with-http_xslt_module=dynamic \
    --with-http_image_filter_module=dynamic \
    --with-http_sub_module \
    --with-http_dav_module \
    --with-http_mp4_module \
    --with-http_gunzip_module \
    --with-http_gzip_static_module \
    --with-http_random_index_module \
    --with-http_secure_link_module \
    --with-http_degradation_module \
    --with-http_slice_module \
    --with-http_perl_module=dynamic \
    --with-http_auth_request_module \
    --with-mail=dynamic \
    --with-mail_ssl_module \
    --with-pcre-jit \
    --with-stream=dynamic \
    --with-stream_ssl_module \
    --with-google_perftools_module \
    --with-debug \
    --with-cc-opt='-O2 -g -grecord-gcc-switches -pipe -fstack-protector-strong -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection' \
    --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,-E' && \
    make && \
    make install

WORKDIR /usr/local
RUN tar -czf /nginx-compiled.tar.gz nginx

CMD ["cp", "/nginx-compiled.tar.gz", "/output/"]

编译操作:

# openEuler
BUILDER_NAME="nginx-builder-openeuler2509"
Docker_File_Name="Dockerfile-Centralink"
docker build -f ${Docker_File_Name} --build-arg BASE_IMAGE=openeuler/openeuler:25.09 --build-arg NGINX_VERSION=1.28.0 --build-arg OPENSSL_VERSION=3.0.12 -t ${BUILDER_NAME} .
mkdir output
docker run --rm -v $(pwd)/output:/output ${BUILDER_NAME}
mv $(pwd)/output/nginx-compiled.tar.gz $(pwd)/output/nginx-openeuler2509.tar.gz

# Kylin
BUILDER_NAME="nginx-builder-kylin-v10sp3-2403"
Docker_File_Name="Dockerfile-Centralink"
docker build -f ${Docker_File_Name} --build-arg BASE_IMAGE=macrosan/kylin:v10-sp3-2403 --build-arg NGINX_VERSION=1.28.0 --build-arg OPENSSL_VERSION=1.1.1w -t ${BUILDER_NAME} .
mkdir output
docker run --rm -v $(pwd)/output:/output ${BUILDER_NAME}
mv $(pwd)/output/nginx-compiled.tar.gz $(pwd)/output/nginx-kylin-v10sp3-2403.tar.gz