子受
文章
28
分类
4
评论
3

Nginx 1.28.0 编译安装教程 - Debian 12

| 技术
字数总计 8236 | 阅读时长 20分钟 | 阅读量 14

Nginx 1.28.0 编译安装教程 - Debian 12

第一步:更新系统并安装依赖包

# 更新系统包列表
sudo apt update && sudo apt upgrade -y

# 安装编译工具和基础依赖
sudo apt install -y \
    build-essential \
    wget \
    git \
    cmake \
    gcc \
    g++ \
    make \
    libtool \
    autoconf \
    pkg-config \
    curl \
    gnupg2 \
    lsb-release

# 安装Nginx编译所需的核心依赖库
sudo apt install -y \
    libpcre3-dev \
    libssl-dev \
    zlib1g-dev \
    libgd-dev \
    libxml2-dev \
    libxslt1-dev \
    libgeoip-dev \
    libgoogle-perftools-dev \
    libperl-dev \
    libbrotli-dev \
    libmaxminddb-dev \
    libmaxminddb0

第二步:创建工作目录和nginx用户

# 创建工作目录
mkdir -p /usr/local/src/nginx-build
cd /usr/local/src/nginx-build

# 创建nginx用户和组
sudo groupadd --system nginx
sudo useradd --system --gid nginx --shell /sbin/nologin --comment "Nginx web server" nginx

# 创建nginx目录结构
sudo mkdir -p /etc/nginx/{conf.d,sites-available,sites-enabled}
sudo mkdir -p /var/log/nginx
sudo mkdir -p /var/cache/nginx
sudo mkdir -p /var/run/nginx
sudo mkdir -p /usr/share/nginx/html

第三步:下载源代码和第三方模块

# 下载Nginx 1.28.0源码
wget https://nginx.org/download/nginx-1.28.0.tar.gz
tar -zxf nginx-1.28.0.tar.gz

# 下载OpenSSL (用于HTTP/2和HTTP/3支持)
wget https://github.com/quictls/openssl/archive/openssl-3.1.4+quic.tar.gz
tar -zxf openssl-3.1.4+quic.tar.gz
mv openssl-openssl-3.1.4-quic openssl-quic

# 下载Brotli压缩模块
git clone --recursive https://github.com/google/ngx_brotli.git
cd ngx_brotli/deps/brotli
mkdir out && cd out
cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_C_FLAGS="-Ofast -m64 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_CXX_FLAGS="-Ofast -m64 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_INSTALL_PREFIX=./installed ..
cmake --build . --config Release --target brotlienc
cd /usr/local/src/nginx-build

# 下载GeoIP2模块
git clone https://github.com/leev/ngx_http_geoip2_module.git

# 下载Headers More模块(用于更好的头部控制)
git clone https://github.com/openresty/headers-more-nginx-module.git

第四步:编译配置

cd nginx-1.28.0

# 配置编译选项
./configure \
  --prefix=/etc/nginx \
  --sbin-path=/usr/sbin/nginx \
  --modules-path=/etc/nginx/modules \
  --conf-path=/etc/nginx/nginx.conf \
  --error-log-path=/var/log/nginx/error.log \
  --http-log-path=/var/log/nginx/access.log \
  --pid-path=/var/run/nginx.pid \
  --lock-path=/var/run/nginx.lock \
  --http-client-body-temp-path=/var/cache/nginx/client_temp \
  --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
  --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
  --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
  --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
  --user=nginx \
  --group=nginx \
  --with-compat \
  --with-file-aio \
  --with-threads \
  --with-http_addition_module \
  --with-http_auth_request_module \
  --with-http_dav_module \
  --with-http_flv_module \
  --with-http_gunzip_module \
  --with-http_gzip_static_module \
  --with-http_mp4_module \
  --with-http_random_index_module \
  --with-http_realip_module \
  --with-http_secure_link_module \
  --with-http_slice_module \
  --with-http_ssl_module \
  --with-http_stub_status_module \
  --with-http_sub_module \
  --with-http_v2_module \
  --with-http_v3_module \
  --with-mail \
  --with-mail_ssl_module \
  --with-stream \
  --with-stream_realip_module \
  --with-stream_ssl_module \
  --with-stream_ssl_preread_module \
  --with-stream_geoip_module \
  --with-http_geoip_module \
  --with-openssl=/usr/local/src/nginx-build/openssl-quic \
  --with-openssl-opt='enable-ktls' \
  --add-module=/usr/local/src/nginx-build/ngx_brotli \
  --add-module=/usr/local/src/nginx-build/ngx_http_geoip2_module \
  --add-module=/usr/local/src/nginx-build/headers-more-nginx-module

第五步:编译和安装

# 开始编译
make -j$(nproc)

# 安装
sudo make install

第六步:创建systemd服务文件

sudo tee /etc/systemd/system/nginx.service > /dev/null <<EOF
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP \$MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF

第七步:创建基本配置文件

# 备份原配置(如果存在)
sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup 2>/dev/null || true

# 创建主配置文件
sudo tee /etc/nginx/nginx.conf > /dev/null <<EOF
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
    use epoll;
    multi_accept on;
}

http {
    more_set_headers 'Server: NO';

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 4096;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    http2 on;

    # Gzip压缩配置
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types
        text/plain
        text/css
        text/xml
        text/javascript
        application/json
        application/javascript
        application/xml+rss
        application/atom+xml
        image/svg+xml;

    # Brotli压缩配置
    brotli on;
    brotli_comp_level 6;
    brotli_types
        text/plain
        text/css
        text/xml
        text/javascript
        application/json
        application/javascript
        application/xml+rss
        application/atom+xml
        image/svg+xml;

    # FastCGI配置(PHP-FPM)
    fastcgi_cache_path /var/cache/nginx/fastcgi levels=1:2 keys_zone=WORDPRESS:100m inactive=60m;
    fastcgi_cache_key "$scheme$request_method$host$request_uri";

    include /etc/nginx/conf.d/*.conf;
}
EOF

第八步:设置权限并启动服务

# 设置目录权限
sudo chown -R nginx:nginx /var/cache/nginx
sudo chown -R nginx:nginx /var/log/nginx
sudo chown nginx:nginx /var/run/nginx.pid 2>/dev/null || true
sudo chmod -R 755 /etc/nginx
sudo chmod -R 644 /etc/nginx/*.conf

# 测试配置文件
sudo nginx -t

# 重新加载systemd配置
sudo systemctl daemon-reload

# 启动并设置开机自启
sudo systemctl enable nginx
sudo systemctl start nginx

# 检查服务状态
sudo systemctl status nginx

第九步:验证安装

# 检查nginx版本和编译模块
nginx -V

# 检查端口监听
sudo netstat -tlnp | grep nginx

# 检查进程
ps aux | grep nginx

配置文件说明

主要特性验证:

  1. SSL/TLS支持: 已启用SSL模块,支持TLSv1.2和TLSv1.3
  2. HTTP/2: 已启用 --with-http_v2_module
  3. HTTP/3: 已启用 --with-http_v3_module 和QUIC支持
  4. GZip压缩: 内置gzip模块,已配置
  5. Brotli压缩: 通过ngx_brotli模块添加
  6. 图片过滤器: 已启用 --with-http_image_filter_module
  7. PHP支持: 通过FastCGI配置PHP-FPM连接
  8. GeoIP支持: 已启用HTTP和Stream的GeoIP模块
  9. TCP/UDP代理: 通过Stream模块支持

目录结构:

  • 配置文件: /etc/nginx/
  • 网站配置文件: /etc/nginx/conf.d
  • 可执行文件: /usr/sbin/nginx
  • 日志文件: /var/log/nginx/
  • 缓存目录: /var/cache/nginx/
  • 网站根目录: /usr/share/nginx/html
文章作者: 子受
本文链接:
版权声明: 本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 薪萤-博客
技术
喜欢就支持一下吧
打赏
微信 微信
支付宝 支付宝