Nginx-1.9.5 开发版已发布,此版本更新内容如下:

Nginx (“engine x”) 是一个高性能的 HTTP 和 反向代理 服务器,也是一个
IMAP/POP3/SMTP 代理服务器。 Nginx 是由 Igor Sysoev 为俄罗斯访问量第二的
Rambler.ru
站点开发的,第一个公开版本0.1.0发布于2004年10月4日。其将源代码以类BSD许可证的形式发布,因它的稳定性、丰富的功能集、示例配置文件和
低系统资源的消耗而闻名。 下载地址:
nginx-1.0.9 
nginx/Windows-1.0.9

1.1 准备源码包

  1. pcre

http://www.pcre.org/
  • zlib

    http://www.zlib.net/
    
  • openssl

    http://www.openssl.org/
    
  • echo-nginx-module

    https://github.com/openresty/echo-nginx-module/tags
    

该模块主要用于方便开发人员调试,建议安装该模块,可便于调试

* ngx_devel_kit

https://github.com/simpl/ngx_devel_kit

* set-misc-nginx-module

https://github.com/openresty/set-misc-nginx-module
该模块主要用于decode uri, 依赖ngx_devel_kit模块

* luajit

http://luajit.org/

* lua-nginx-module

https://github.com/chaoslawful/lua-nginx-module
该模块用于支持lua语言,有高并发自定义需求建议安装。

* nginx

http://nginx.org/

### 1.2 源码安装
1. 安装libunwind库

下载:http://download.savannah.gnu.org/releases/libunwind
解压:
tar -zxvf libunwind-1.1.tar.gz
安装:
./configure
make CFLAGS=-fPIC
sudo make CFLAGS=-fPIC install

* 安装google-perftools

下载:http://google-perftools.googlecode.com
解压:
tar -zxvf gperftools-2.1.tar.gz
安装:
./configure
make
sudo make install
配置环境:
sudo echo “/usr/local/lib” > /etc/ld.so.conf.d/usr_local_lib.conf
sudo ldconfig

* 安装luajit(Nginx暂时只支持到Lua5.1,不需要支持Lua开发可跳过此步骤)

wget
http://luajit.org/download/LuaJIT-2.0.4.tar.gz
tar zxf LuaJIT-2.0.4.tar.gz
cd LuaJIT-2.0.4
make
make install PREFIX=/data/software/luajit

源代码包

更新说明:
Changes with nginx 1.0.9                                         01 Nov
2011

添加环境变量

export LUAJIT_LIB=/data/software/luajit/lib
export LUAJIT_INC=/data/software/luajit/include/luajit-2.0

* 解压&&进入安装目录

tar -zxvf nginx-1.8.0.tar.gz
cd nginx-1.8.0

* 取消debug模式
**vim auto/cc/gcc**

http://nginx.org/download/nginx-1.9.5.tar.gz

    *) Change: now the 0x7F-0x1F characters are escaped as xXX in an
       access_log.

debug

:178
CFLAGS=”$CFLAGS -g”
==>

Windows二进制包

    *) Change: now SIGWINCH signal works only in daemon mode.

debug

http://nginx.org/download/nginx-1.9.5.zip

    *) Feature: “proxy/fastcgi/scgi/uwsgi_ignore_headers” directives
support
       the following additional values: X-Accel-Limit-Rate,
       X-Accel-Buffering, X-Accel-Charset.

CFLAGS=”$CFLAGS -g”

* 将nginx默认日志格式改为datatime格式
**vim src/http/modules/ngx_http_log_module.c**

:222
{ ngx_string(“time_local”), sizeof(“28/Sep/1970:12:00:00 +0600”) –
1,
ngx_http_log_time }
==>
{ ngx_string(“time_local”), sizeof(“1970-09-28 12:00:00 +0600”) – 1,
ngx_http_log_time },
:810
return ngx_cpymem(buf, ngx_cached_http_log_time.data,
ngx_cached_http_log_time.len);
==>
return ngx_cpymem(buf, ngx_cached_err_log_time.data,
ngx_cached_err_log_time.len);

**vim src/core/ngx_times.c**

:149
(void) ngx_sprintf(p1, “%4d/%02d/%02d %02d:%02d:%02d”,
tm.ngx_tm_year, tm.ngx_tm_mon,
tm.ngx_tm_mday, tm.ngx_tm_hour,
tm.ngx_tm_min, tm.ngx_tm_sec);
==>
(void) ngx_sprintf(p1, “%4d-%02d-%02d %02d:%02d:%02d”,
tm.ngx_tm_year, tm.ngx_tm_mon,
tm.ngx_tm_mday, tm.ngx_tm_hour,
tm.ngx_tm_min, tm.ngx_tm_sec);

* 配置

./configure
–prefix=/data/software/nginx
–sbin-path=/data/software/nginx/sbin/nginx
–conf-path=/data/software/nginx/etc/nginx.conf
–pid-path=/data/software/nginx/tmp/nginx.pid
–error-log-path=/data/software/nginx/log/error.log
–http-log-path=/data/software/nginx/log/access.log
–user=greentea
–group=greentea
–with-http_ssl_module
–with-http_realip_module
–with-http_stub_status_module
–with-google_perftools_module
–with-pcre=/data/software/src/pcre-8.34
–with-zlib=/data/software/src/zlib-1.2.8
–with-openssl=/data/software/src/openssl-1.0.1c
–add-module=/data/software/src/echo-nginx-module-0.53
–add-module=/data/software/src/ngx_devel_kit-0.2.19
–add-module=/data/software/src/set-misc-nginx-module-0.25
–add-module=/data/software/src/lua-nginx-module-0.10.0

* 安装

make -j 8
make install

* 准备配置文件
拷贝nginx.conf至/data/software/nginx/etc下,提供参考如下:

修改记录:

    *) Feature: decrease of memory consumption if SSL is used.

用户

user greentea;

新增:the ngx_http_v2_module (replaces ngx_http_spdy_module).

    *) Feature: accept filters are now supported on NetBSD.

工作进程,根据硬件调整,一般等于cpu核数

worker_processes 8;

变更:now the “output_buffers” directive uses two buffers by
default.

    *) Feature: the “uwsgi_buffering” and “scgi_buffering”
directives.
       Thanks to Peter Smit.

错误日志 日志级别

error_log log/error.log;

变更:now nginx limits subrequests recursion(子请求调用的递归次数),

    *) Bugfix: a segmentation fault occurred on start or while
       reconfiguration if the “ssl” directive was used at http level
and
       there was no “ssl_certificate” defined.

pid放置的位置

pid tmp/nginx.pid;

       not simultaneous subrequests(并发的子请求数).

    *) Bugfix: some UTF-8 characters were processed incorrectly.
       Thanks to Alexey Kuts.

google_perftools的线程目录

google_perftools_profiles /data/greentea/tmp/tcmalloc/tcmalloc;

变更:now nginx checks the whole cache key when returning a response
from cache.

    *) Bugfix: the ngx_http_rewrite_module directives specified at
“server”
       level were executed twice if no matching locations were
defined.

指定进程可以打开的最大描述符,最好与ulimit -n 的值保持一致

worker_rlimit_nofile 1048576;

events {
#使用epoll的I/O 模型
use epoll;

  #工作进程的最大连接数量,根据硬件调整,和前面工作进程配合起来用,尽量大,但是别把cpu跑到100%就行
  #每个进程允许的最多连接数, 理论上每台nginx服务器的最大连接数为worker_processes*worker_connections
  worker_connections  65536;

}

修复:“header already sent” alerts might appear in logs when using
cache;

    *) Bugfix: a socket leak might occurred if “aio sendfile” was
used.

设定http服务器,利用它的反向代理功能提供负载均衡支持

http {
#设定mime类型,类型由mime.type文件定义
include mime.types;

  default_type  application/octet-stream;

  charset  utf-8;

  log_format  main  '[$time_local] [$remote_addr] [$remote_user] [$http_x_forwarded_for] '
                   '[$request] [$status] [$request_time] [$body_bytes_sent] '
                   '[$http_referer] [$http_user_agent] [$bytes_sent] [$request_length]';

  #用了log_format指令设置了日志格式之后,需要用access_log指令指定日志文件的存放路径;
  access_log  log/access.log  main;

  #还原用户真实IP
  set_real_ip_from 127.0.0.1;
  set_real_ip_from 10.0.0.0/8;
  set_real_ip_from 172.16.0.0/12;
  set_real_ip_from 192.168.0.0/16;
  real_ip_header X-Forwarded-For;
  real_ip_recursive on;

  #客户端请求头部的缓冲区大小,这个可以根据你的系统分页大小来设置,getconf PAGESIZE
  #client_header_buffer_size 4k;

  #如果把它设置为比较大的数值,例如256k,那么,无论使用firefox还是IE浏览器,来提交任意小于256k的图片,都很正常
  #如果注释该指令,使用默认的client_body_buffer_size设置,也就是操作系统页面大小的两倍,8k或者16k,问题就出现了。
  #无论使用firefox4.0还是IE8.0,提交一个比较大,200k左右的图片,都返回500 Internal Server Error错误
  client_body_buffer_size 512k;

  # 客户端最大上传文件大小
  client_max_body_size 1000m;

  #客户端保持连接超时时间
  keepalive_timeout 60;
  #客户端请求头读取超时时间
  #client_header_timeout 10;
  #客户端请求主体读取超时时间
  #client_body_timeout 10;
  #客户端响应超时时间
  #send_timeout 10;

  #sendfile指令指定 nginx 是否调用sendfile 函数(zero copy 方式)来输出文件
  #对于普通应用,必须设为on,如果用来进行下载等应用磁盘IO重负载应用,可设置为off,
  #以平衡磁盘与网络IO处理速度,降低系统uptime
  sendfile        on;
  #此选项允许或禁止使用socke的TCP_CORK的选项,此选项仅在使用sendfile的时候使用
  #tcp_nopush     on;
  #
  #tcp_nodelay on;

  # http://www.cnblogs.com/rmbteam/archive/2011/10/26/2225010.html
  # 是否开启gzip数据压缩
  gzip  on; #决定是否开启gzip模块
  # 设置gzip申请内存的大小,其作用是按块大小的倍数申请内存空间
  # param1:int; param2:int(k) 后面单位是k
  gzip_buffers 16 8k;
  # 设置gzip压缩等级,等级越底压缩速度越快文件压缩比越小,反之速度越慢文件压缩比越大
  # param:1-9
  gzip_comp_level 6;
  # 当返回内容大于此值时才会使用gzip进行压缩,以K为单位,当值为0时,所有页面都进行压缩
  # param:int
  gzip_min_length 1000;
  # 用于识别http协议的版本,早期的浏览器不支持gzip压缩,用户会看到乱码,所以为了支持前期版本加了此选项,目前此项基本可以忽略
  # param: 1.0|1.1
  # gzip_http_version 1.0
  # Nginx做为反向代理的时候启用,
  gzip_proxied any;
  # 设置需要压缩的MIME类型,非设置值不进行压缩
  # param:text/html|application/x-javascript|text/css|application/xml
  gzip_types text/plain text/css text/javascript application/x-javascript application/xml application/javascript;
  gzip_vary on;
  gzip_disable "msie6";

  #后端服务器连接的超时时间_发起握手等候响应超时时间
  proxy_connect_timeout 90;
  #连接成功后_等候后端服务器响应时间_其实已经进入后端的排队之中等候处理(也可以说是后端服务器处理请求的时间)
  proxy_read_timeout 180;
  #后端服务器数据回传时间_就是在规定时间之内后端服务器必须传完所有的数据
  proxy_send_timeout 180;
  #设置从被代理服务器读取的第一部分应答的缓冲区大小,通常情况下这部分应答中包含一个小的应答头
  #默认情况下这个值的大小为指令proxy_buffers中指定的一个缓冲区的大小,不过可以将其设置为更小
  proxy_buffer_size 256k;
  #设置用于读取应答(来自被代理服务器)的缓冲区数目和大小
  #默认情况也为分页大小,根据操作系统的不同可能是4k或者8k
  proxy_buffers 4 256k;
  ##
  #proxy_busy_buffers_size 256k;
  ##设置在写入proxy_temp_path时数据的大小,预防一个工作进程在传递文件时阻塞太长
  #proxy_temp_file_write_size 256k;
  ##proxy_temp_path和proxy_cache_path指定的路径必须在同一分区
  #proxy_temp_path /data0/proxy_temp_dir;
  ##设置内存缓存空间大小为200MB,1天没有被访问的内容自动清除,硬盘缓存空间大小为30GB
  #proxy_cache_path /data0/proxy_cache_dir levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=30g;
  #表示使nginx阻止HTTP应答代码为400或者更高的应答
  #proxy_intercept_errors on;
  #nginx等待后端返回
  proxy_ignore_client_abort on;

  #这个将为打开文件指定缓存,默认是没有启用的,max指定缓存数量,建议和打开文件数一致,
  #inactive是指经过多长时间文件没被请求后删除缓存
  #open_file_cache max=65535 inactive=60s;
  #这个是指多长时间检查一次缓存的有效信息
  #open_file_cache_valid 80s;
  #open_file_cache指令中的inactive参数时间内文件的最少使用次数
  #如果超过这个数字,文件描述符一直是在缓存中打开的
  #如上例,如果有一个文件在inactive时间内一次没被使用,它将被移除
  #open_file_cache_min_uses 1;

  #负载均衡组定义
  #down:暂时不参与负载均衡
  #backup:预留的备份机器,只有其它机器挂了才访问  
  #max_fails:允许的请求失败次数  
  #fail_timeout:服务请求失败后,暂停服务时间
  #upstream myservers {
  #   ip_hash;
  #   server 192.168.12.133:80;
  #   server 192.168.12.133:80 down;
  #   server 192.168.12.133:80 max_fails=3     fail_timeout=20ms;
  #}

  #fastcgi优化配置
  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 512k;
  fastcgi_buffers 8 512k;
  fastcgi_busy_buffers_size 1024;
  fastcgi_temp_file_write_size 1024;

  #include /data/software/nginx/etc/city.d/citys.geo.conf;

  include /data/software/nginx/etc/vhost.d/*.conf;

}

* 启动

/data/software/nginx/sbin/nginx

### 1.3 常见问题

1. 常用命令

       the bug had appeared in 1.7.5.

    *) Bugfix: connections with fast clients might be closed after
       send_timeout if file AIO was used.

启动:

  /data/software/nginx/sbin/nginx

修复:“writev() failed (4: Interrupted system call)” errors might
appear in logs

    *) Bugfix: in the ngx_http_autoindex_module.

停止:

  /data/software/nginx/sbin/nginx -s stop

        when using CephFS and the “timer_resolution” directive on
Linux.

    *) Bugfix: the module ngx_http_mp4_module did not support
seeking on
       32-bit platforms.

重新加载:

  /data/software/nginx/sbin/nginx -s reload

修复:in invalid configurations handling.

    *) Bugfix: non-cacheable responses might be cached if
       “proxy_cache_bypass” directive was used.
       Thanks to John Ferlito.

测试配置文件是否正确:

  /data/software/nginx/sbin/nginx -t
  /data/software/nginx/sbin/nginx -t /data/software/nginx/etc/nginx.conf

2. 添加开机启动

修复:a segmentation fault occurred in a worker process

    *) Bugfix: cached responses with an empty body were returned
       incorrectly; the bug had appeared in 0.8.31.

在/etc/init.d/中建立软连接

sudo ln -s /data/software/nginx/nginx /etc/init.d/nginx

       if the “sub_filter” directive was used at http level;

    *) Bugfix: 201 responses of the ngx_http_dav_module were
incorrect; the
       bug had appeared in 0.8.32.

更新rc

sudo update-rc.d -f nginx remove
sudo update-rc.d -f nginx defaults

3.  openssl编译错误
错误信息

/usr/bin/ranlib ../../libcrypto.a || echo Never mind.
make[4]: Leaving directory
/data/software/src/openssl-1.0.1c/crypto/cmac' if [ -n "" ]; then (cd ..; make libcrypto.so.1.0.0); fi make[3]: Leaving directory/data/software/src/openssl-1.0.1c/crypto’
make[2]: Leaving directory
/data/software/src/openssl-1.0.1c' make[1]: *** [/data/software/src/openssl-1.0.1c/.openssl/include/openssl/ssl.h] 错误 2 make[1]: Leaving directory/data/software/src/nginx-1.8.0′
make: *** [build] 错误 2

**vim auto/lib/openssl/conf**

:31
CORE_INCS=”$CORE_INCS $OPENSSL/.openssl/include”
CORE_DEPS=”$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h”
CORE_LIBS=”$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a”
CORE_LIBS=”$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a”
==>
CORE_INCS=”$CORE_INCS $OPENSSL/include”
CORE_DEPS=”$CORE_DEPS $OPENSSL/include/openssl/ssl.h”
CORE_LIBS=”$CORE_LIBS $OPENSSL/libssl.a”
CORE_LIBS=”$CORE_LIBS $OPENSSL/libcrypto.a”

       the bug had appeared in 1.9.4.

    *) Bugfix: in the “return” directive.

======

    *) Bugfix: the “ssl_verify_client”, “ssl_verify_depth”, and
       “ssl_prefer_server_ciphers” directives might work incorrectly
if SNI
       was used.

NGINX Plus Release 7 (R7)前几天也发布了

(文/cnbeta)    

文章转载自:开源中国社区 []