Debian 10.9.x编译安装Nginx1.20.x
准备篇:
一、配置防火墙,开启80端口、3306端口
Debian默认没有安装任何防火墙的,我们这里推荐使用iptables防火墙。
1.1安装iptables防火墙
whereis iptables #查看系统是否安装防火墙
apt-get install iptables #运行此命令安装防火墙
mkdir /etc/sysconfig #创建防火墙配置文件存放目录
touch /etc/sysconfig/iptables #创建防火墙配置文件
nano /etc/sysconfig/iptables #编辑添加防火墙规则
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
ctrl+o #保存
ctrl+x #退出
/sbin/iptables-restore /etc/sysconfig/iptables #使防火墙规则生效
特别注意:
1、修改完防火墙规则文件/etc/sysconfig/iptables后,需要再次执行
/sbin/iptables-restore /etc/sysconfig/iptables命令,防火墙规则才能生效。
2、系统重启后,防火墙默认不会开机启动,需要再次执行/sbin/iptables-restore /etc/sysconfig/iptables命令,防火墙规则才能生效。
3、如果要临时关闭防火墙,需要清空/etc/sysconfig/iptables配置文件,再次执行/sbin/iptables-restore /etc/sysconfig/iptables命令。
4、如果要再次开启防火墙,需要恢复/etc/sysconfig/iptables配置文件,再次执行/sbin/iptables-restore /etc/sysconfig/iptables命令。
1.2添加防火墙管理脚本
nano /etc/init.d/iptables #编辑添加脚本
#脚本中的IPTABLES_CONFIG=/etc/sysconfig/iptables是防火墙配置规则文件的路径。
#!/bin/sh -e
### BEGIN INIT INFO
# Provides: iptables
# Required-Start: mountvirtfs ifupdown $local_fs
# Default-Start: S
# Default-Stop: 0 6
### END INIT INFO
# July 9, 2007
# James B. Crocker ubuntu@james.crocker.name
# Creative Commons Attribution - Share Alike 3.0 License (BY,SA)
# Script to load/unload/save iptables firewall settings.
PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
IPTABLES=/sbin/iptables
IPTABLES_SAVE=/sbin/iptables-save
IPTABLES_RESTORE=/sbin/iptables-restore
IPTABLES_CONFIG=/etc/sysconfig/iptables
[ -x $IPTABLES ] || exit 0
. /lib/lsb/init-functions
case "$1" in
start)
log_action_begin_msg "Starting firewall"
type usplash_write /dev/null 2/dev/null usplash_write "TIMEOUT 120" || true
if $IPTABLES_RESTORE $IPTABLES_CONFIG ; then
log_action_end_msg $?
else
log_action_end_msg $?
fi
type usplash_write /dev/null 2/dev/null usplash_write "TIMEOUT 15" || true
;;
stop)
log_action_begin_msg "Saving current firewall configuration"
if $IPTABLES_SAVE $IPTABLES_CONFIG ; then
log_action_end_msg $?
else
log_action_end_msg $?
fi
log_action_begin_msg "Flushing ALL firewall rules from chains!"
if $IPTABLES -F ; then
log_action_end_msg $?
else
log_action_end_msg $?
fi
log_action_begin_msg "Deleting ALL firewall chains [Warning: ACCEPTING ALL PORT SERVICES!]"
if $IPTABLES -X ; then
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
log_action_end_msg $?
else
log_action_end_msg $?
fi
;;
save)
log_action_begin_msg "Saving current firewall configuration"
if $IPTABLES_SAVE $IPTABLES_CONFIG ; then
log_action_end_msg $?
else
log_action_end_msg $?
fi
;;
force-reload|restart)
log_action_begin_msg "Reloading firewall configuration [Warning: POTENTIAL NETWORK INSECURITY DURING RELOAD]"
$IPTABLES -F
$IPTABLES -X
if $IPTABLES_RESTORE $IPTABLES_CONFIG ; then
log_action_end_msg $?
else
log_action_end_msg $?
fi
;;
*)
echo "Usage: /etc/init.d/iptables {start|stop|save|restart|force-reload}"
exit 1
;;
esac
exit 0
ctrl+o #保存
ctrl+x #退出
chmod +x /etc/init.d/iptables #添加执行权限
update-rc.d iptables defaults 99 #添加服务
systemctl start iptables.service #启动
service iptables stop #停止
#现在就可以使用上面的命令管理防火墙了,启动、停止
#如果修改了防火墙配置规则,还是需要执行/sbin/iptables-restore /etc/sysconfig/iptables命令使其生效,然后再使用防火墙管理脚本进行管理
1.3设置防火墙开机启动
1.3.1使用系统启动脚本进行设置
cp /lib/systemd/system/rc-local.service /lib/systemd/system/rc-local.service-bak #备份
ln -s /lib/systemd/system/rc-local.service /etc/systemd/system/ #创建软连接文件
nano /lib/systemd/system/rc-local.service #添加[Install]段到最后
# SPDX-License-Identifier: LGPL-2.1+
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# This unit gets pulled automatically into multi-user.target by
# systemd-rc-local-generator if /etc/rc.local is executable.
[Unit]
Description=/etc/rc.local Compatibility
Documentation=man:systemd-rc-local-generator(8)
ConditionFileIsExecutable=/etc/rc.local
After=network.target
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
RemainAfterExit=yes
GuessMainPID=no
[Install]
WantedBy=multi-user.target
Alias=rc-local.service
ctrl+o #保存
ctrl+x #退出
nano /etc/rc.local #创建文件,添加防火墙启动命令
#!/bin/bash
/sbin/iptables-restore /etc/sysconfig/iptables
ctrl+o #保存
ctrl+x #退出
chmod +x /etc/rc.local #添加执行权限
#重新启动系统进行测试,现在防火墙已经开机自启动了
1.3.2使用sysv-rc-conf服务设置开机启动
apt-get install sysv-rc-conf #安装
cp /usr/sbin/sysv-rc-conf /usr/sbin/chkconfig #拷贝
sysv-rc-conf iptables on #设置开机启动
chkconfig iptables on
sysv-rc-conf #查看启动服务
#如果使用apt-get无法直接安装sysv-rc-conf,则修改apt-get源
cp /etc/apt/sources.list /etc/apt/sources.list-bak #备份
nano /etc/apt/sources.list #编辑添加下面一行代码
deb http://ftp.de.debian.org/debian sid main
ctrl+o #保存
ctrl+x #退出
apt-get update #更新软件源索引
#重新启动系统进行测试,现在防火墙已经开机自启动了
Debian 10.9.x系统中默认是没有开启SELINUX的,无需关闭。
二、系统约定
软件源代码包存放位置:/usr/local/src
源码包编译安装位置:/usr/local/软件名字
三、下载软件包
1、下载nginx
http://nginx.org/download/nginx-1.20.1.tar.gz
2、下载MySQL
https://cdn.mysql.com//Downloads/MySQL-8.0/mysql-boost-8.0.25.tar.gz #下载带boost的安装包
http://mirrors.sohu.com/mysql/MySQL-5.7/mysql-5.7.30-linux-glibc2.12-x86_64.tar.gz
#下载解压版的mysql,编译php5.2.x需要用到此版本的mysql驱动
#由于mysql-8.0系列已经去掉了对php5.2.x的支持,所以在安装php5.2的时候我们要用到mysql-5.7的驱动文件
3、下载php
http://mirrors.sohu.com/php/php-8.0.7.tar.gz
http://mirrors.sohu.com/php/php-7.4.20.tar.gz
http://mirrors.sohu.com/php/php-7.3.28.tar.gz
http://mirrors.sohu.com/php/php-7.2.34.tar.gz
http://mirrors.sohu.com/php/php-7.1.33.tar.gz
http://mirrors.sohu.com/php/php-7.0.33.tar.gz
http://mirrors.sohu.com/php/php-5.6.40.tar.gz
http://mirrors.sohu.com/php/php-5.5.38.tar.gz
http://mirrors.sohu.com/php/php-5.4.45.tar.gz
http://mirrors.sohu.com/php/php-5.3.29.tar.gz
http://museum.php.net/php5/php-5.2.17.tar.gz
https://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz
4、下载cmake(MySQL编译工具)
https://cmake.org/files/v3.20/cmake-3.20.2.tar.gz
5、rpcsvc-proto(编译MySQL需要)
https://github.com/thkukuk/rpcsvc-proto/releases/download/v1.4.2/rpcsvc-proto-1.4.2.tar.xz
6、下载pcre (支持nginx伪静态)
http://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz
7、下载openssl(nginx扩展)
7.1下载最新稳定版本,适用于nginx扩展https
https://www.openssl.org/source/openssl-1.1.1k.tar.gz
7.2下载旧版本,适用于php5.6.x及其以下版本编译安装openssl扩展
https://www.openssl.org/source/old/1.0.2/openssl-1.0.2u.tar.gz
8、下载zlib(nginx扩展)
http://www.zlib.net/zlib-1.2.11.tar.gz
9、下载libmcrypt(php扩展)
https://nchc.dl.sourceforge.net/project/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz
10、下载yasm(php扩展)
http://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz
11、t1lib(php扩展)
http://download.freenas.org/distfiles/t1lib-5.1.2.tar.gz
12、下载gd库安装包
12.1适用于php 5.5.x及其以上版本
https://github.com/libgd/libgd/releases/download/gd-2.3.1/libgd-2.3.1.tar.gz
12.2适用于 php 5.4.x 5.3.x 5.2.x版本
https://jaist.dl.sourceforge.net/project/gd2/gd-2.0.35.tar.gz
13、libvpx(gd库需要)
https://github.com/webmproject/libvpx/archive/v1.10.0/libvpx-1.10.0.tar.gz
14、tiff(gd库需要)
http://download.osgeo.org/libtiff/tiff-4.0.7.tar.gz
15、libpng(gd库需要)
ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng16/libpng-1.6.37.tar.gz
16、freetype(gd库需要)
https://download.savannah.gnu.org/releases/freetype/freetype-2.10.4.tar.gz
17、jpegsrc(gd库需要)
http://distfiles.macports.org/jpeg/jpegsrc.v9d.tar.gz
18、Boost(编译mysql需要,要与mysql版本相匹配)
https://dl.bintray.com/boostorg/release/1.73.0/source/boost_1_73_0.tar.gz
19、libzip(编译php需要)
https://libzip.org/download/libzip-1.7.3.tar.gz
20、oniguruma(编译安装php7.4.x及其以上版本需要)
https://github.com/kkos/oniguruma/archive/refs/tags/v6.9.7.1.tar.gz -O oniguruma-6.9.7.1.tar.gz
21、curl库(编译php需要)
https://curl.se/download/curl-7.77.0.tar.gz
四、安装编译工具及库文件(使用apt-get命令安装)
apt-get install debian-keyring debian-archive-keyring build-essential gcc g++ make libtool automake autoconf libmcrypt-dev libxml2-dev re2c wget cron bzip2 libzip-dev libc6-dev bison file flex m4 gawk less cpp binutils diffutils unzip tar libbz2-dev libncurses5 libncurses5-dev libevent-dev openssl libssl-dev zlibc libsasl2-dev libltdl3-dev libltdl-dev zlib1g zlib1g-dev libbz2-1.0 libglib2.0-0 libglib2.0-dev libjpeg-dev libpng-dev libkrb5-dev curl libcurl3-gnutls libpcre3-dev libpq-dev libpq5 gettext libcap-dev ca-certificates libc-client2007e-dev psmisc patch git libc-ares-dev libicu-dev e2fsprogs libxslt1.1 libxslt1-dev libc-client-dev xz-utils libexpat1-dev libaio-dev libtirpc-dev python-dev libsqlite3-dev libonig-dev lsof libxpm-dev libfreetype6-dev checkinstall zip libfcgi-dev libfcgi0ldbl libmhash-dev freetds-dev libmariadbclient-dev-compat unixodbc-dev pkg-config libcurl4-openssl-dev
开始安装Nginx
1、安装pcre
cd /usr/local/src
mkdir /usr/local/pcre
tar zxvf pcre-8.44.tar.gz
cd pcre-8.44
./configure --prefix=/usr/local/pcre
make
make install
2、安装openssl
cd /usr/local/src
mkdir /usr/local/openssl
tar zxvf openssl-1.1.1k.tar.gz
cd openssl-1.1.1k
./config -fPIC shared zlib --prefix=/usr/local/openssl/ enable-ec_nistp_64_gcc_128
./config -t
make
make install
ln -s /usr/local/openssl/lib /usr/local/openssl/lib/x86_64-linux-gnu #添加软连接
3、安装zlib
cd /usr/local/src
mkdir /usr/local/zlib
tar zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib
make
make install
4、安装Nginx
groupadd www
useradd -g www www -s /bin/false
cd /usr/local/src
tar zxvf nginx-1.20.1.tar.gz
cd nginx-1.20.1
./configure --prefix=/usr/local/nginx --without-http_memcached_module --user=www --group=www --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-openssl=/usr/local/src/openssl-1.1.1k --with-zlib=/usr/local/src/zlib-1.2.11 --with-pcre=/usr/local/src/pcre-8.44
注意:--with-openssl=/usr/local/src/openssl-1.1.1k --with-zlib=/usr/local/src/zlib-1.2.11 --with-pcre=/usr/local/src/pcre-8.44指向的是源码包解压的路径,而不是安装的路径,否则会报错
make #编译
make install #安装
/usr/local/nginx/sbin/nginx #启动Nginx
设置nginx开机启动
nano /lib/systemd/system/nginx.service #添加以下代码
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
ExecStartPost=/bin/sleep 0.1
PrivateTmp=true
[Install]
WantedBy=multi-user.target
ctrl+o #保存配置
ctrl+x #退出
/usr/local/nginx/sbin/nginx -s stop #停止
systemctl enable nginx.service #设置开机自启动
systemctl start nginx.service #启动
systemctl stop nginx.service #关闭
systemctl restart nginx.service #重启
systemctl reload nginx.service #重新加载配置文件
打开浏览器,输入服务器ip地址,看到如下界面,表示Nginx安装成功