CentOS 7.x / RHEL 7.x 下编译安装最新版 Nginx

之前介绍过《CentOS / RHEL 7.x 使用 EPEL 安装最新版本 LEMP / LNMP》,其中有两种使用源安装的方法,但是无论是 EPEL 方式或 Nginx 官方源方式,自带的 OpenSSL 版本实在过低,所以本文介绍如何在 CentOS 7.x / RHEL 7.x 下编译安装最新版本的 Nginx

本教程同样适合 Debian / Ubuntu 但是 Debian 和 Ubuntu 下除非要装第三方的模块,否则不是很推荐编译安装

我们先做一个简单的对比

通过官方源安装的 Nginx

root@centos-7-dev:~ # nginx -V
nginx version: nginx/1.12.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

通过 EPEL 安装的 Nginx

root@centos-7-dev:~ # nginx -V
nginx version: nginx/1.10.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'

不但某些参数不一样,让用户混淆,而且 OpenSSL 的版本过低,再对比下我一直推荐在 Debian 9.xOndřej Surý 大神打包的 Nginx 吧

root@debian-9-dev ~ # nginx -V
nginx version: nginx/1.13.3
built with OpenSSL 1.1.0f  25 May 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-1.13.3=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --add-dynamic-module=/build/nginx-1.13.3/debian/modules/headers-more-nginx-module --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-cache-purge --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-development-kit --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-1.13.3/debian/modules/ngx-fancyindex --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nchan --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-lua --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-rtmp --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-upload-progress --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-1.13.3/debian/modules/ngx_http_substitutions_filter_module

1、更新系统并安装依赖软件

首先,我们需要更新系统,然后安装必要的依赖

CentOS / RHEL 下

yum install http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum update
yum upgrade
yum install patch libtool gcc gcc-c++ autoconf automake zlib zlib-devel pcre-devel make unzip git wget

Debian / Ubuntu 下

apt-get update
apt-get upgrade
apt-get install patch build-essential libpcre3 libpcre3-dev zlib1g-dev autoconf libtool automake gcc g++ make unzip git wget

2、下载 OpenSSL 1.1.0

我们新建一个 nginx-build 的文件夹并进入

mkdir nginx-build && cd nginx-build

然后下载最新版本 OpenSSL 1.1.0 当前最新版为 1.1.0f

wget -c https://www.openssl.org/source/openssl-1.1.0f.tar.gz
tar -zxf openssl-1.1.0f.tar.gz

为了今后编译方便,可以重命名目录

mv openssl-1.1.0f openssl

3、下载并编译安装 Nginx 1.13.4

从官网下载最新的 Nginx 源代码并解压,这里我们安装 Mainline 版,目前最新的版本是 1.13.4

wget -c http://nginx.org/download/nginx-1.13.4.tar.gz
tar -zxf nginx-1.13.4.tar.gz

然后进入目录

cd nginx-1.13.4

为了保持和 Nginx 官方仓库的大概一致性,我们生成个 /var/cache/nginx 目录,用于防止 Nginx 反向代理的缓存文件

mkdir -p /var/cache/nginx

新建一个 nginx 的用户

useradd nginx

然后根据自己的事情情况来编译模块,这里我们想编译如下模块,可以根据自己的需求删改

http_v2_module
http_ssl_module
http_gzip_static_module
with-http_realip_module

然后配置编译

./configure --with-openssl=../openssl --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx

滚完屏幕后会提示

Configuration summary
  + using system PCRE library
  + using OpenSSL library: ../openssl
  + using system zlib library

  nginx path prefix: "/etc/nginx"
  nginx binary file: "/usr/sbin/nginx"
  nginx modules path: "/usr/lib64/nginx/modules"
  nginx configuration prefix: "/etc/nginx"
  nginx configuration file: "/etc/nginx/nginx.conf"
  nginx pid file: "/var/run/nginx.pid"
  nginx error log file: "/var/log/nginx/error.log"
  nginx http access log file: "/var/log/nginx/access.log"
  nginx http client request body temporary files: "/var/cache/nginx/client_temp"
  nginx http proxy temporary files: "/var/cache/nginx/proxy_temp"
  nginx http fastcgi temporary files: "/var/cache/nginx/fastcgi_temp"
  nginx http uwsgi temporary files: "/var/cache/nginx/uwsgi_temp"
  nginx http scgi temporary files: "/var/cache/nginx/scgi_temp"

检查一下是否和你想要的配置参数一致,没问题的话直接编译安装

make && make install

等终端的屏幕滚完之后就安装完毕了,此时应该会有 /sbin/nginx/usr/sbin/nginx 这两个一模一样的文件,默认情况下优先级后者高

[root@centos-7-dev ~]# ll /sbin/nginx
-rwxr-xr-x. 1 root root 7342960 Aug  6 17:01 /sbin/nginx
[root@centos-7-dev ~]# ll /usr/sbin/nginx
-rwxr-xr-x. 1 root root 7342960 Aug  6 17:01 /usr/sbin/nginx

[root@centos-7-dev ~]# sha256sum /sbin/nginx
0d51039d118fdca6ca4d6b0dec132641f3ee3e0f57492fe5edf72713eb5b7488  /sbin/nginx
[root@centos-7-dev ~]# sha256sum /usr/sbin/nginx
0d51039d118fdca6ca4d6b0dec132641f3ee3e0f57492fe5edf72713eb5b7488  /usr/sbin/nginx

[root@centos-7-dev ~]# which nginx
/usr/sbin/nginx

前者是 Nginx 源码自带,后者是我们指定的目录,这时候看看自己编译的 Nginx 版本,应该已经是最新版了

[root@centos-7-dev ~]# nginx -V
nginx version: nginx/1.13.4
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) 
built with OpenSSL 1.1.0f  25 May 2017
TLS SNI support enabled
configure arguments: --with-openssl=../openssl --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx

我们也可以把 Nginx 加入系统服务

cat >> /usr/lib/systemd/system/nginx.service  << EOF
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
 
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
 
[Install]
WantedBy=multi-user.target
EOF

然后就可以使用 systemctl start nginx 命令启动 Nginx 了,如果出现问题请使用 systemctl status nginx 命令查看或者 nginx -t 命令检查配置文件

加入系统启动的话就可以用 systemctl enable nginx 命令

启动后看一下默认的网站是否可以打开了

[root@centos-7-dev ~]# curl http://localhost/
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

由于我们编译时指定了运行的用户和 pid 文件,所以也可以修改一下 /etc/nginx/nginx.conf 头部加入

user nginx;
pid /var/run/nginx.pid;

当然留空或者自己修改成其他用户和文件也是没问题的

其他 Nginx 配置的用法我们会在以后的文章中慢慢介绍

如需要帮助或建议,请前往 Telegram 群 @sbfans