Skip to main content

Debian/Ubuntu 构建nginx添加quic

安装编译依赖环境,本文用Debian12.x和Ubuntu20.04做测试验证。

sudo apt install build-essential ca-certificates zlib1g-dev libpcre3 libpcre3-dev tar unzip libssl-dev mercurial libunwind-dev pkg-config make cmake golang gcc git wget
  • Debian如果采用root用户登录则不需要增加sudo来安装,Ubuntu同理。

编译http3/quic需要的依赖,如果不使用,那么可以跳过该步骤。

克隆依赖库我采用自己拉取回gitee的依赖编写

git clone https://gitee.com/fenghuolingyun/boringssl.git
  • 原始库地址:git clone https://boringssl.googlesource.com/boringssl

  • 开始编译依赖:

cd boringssl
mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=Release ..
make

注意这里有可能由于网络原因导致golang模块无法拉取而报错,我们进行代理添加,本文使用的阿里云代理:

export GO111MODULE=on 
export GOPROXY=https://mirrors.aliyun.com/goproxy/

然后执行make完成返回我们平级目录cd ../../

  • 下载nginx源码,需要其它版本自行指定。
wget https://nginx.org/download/nginx-1.25.4.tar.gz
  • 开始编译操作:
tar -xf nginx-1.25.4.tar.gz
cd nginx-1.25.4
  • 配置构建参数,这里采用全模块参数:
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' --with-http_v3_module --with-cc=c++ --with-cc-opt='-I../boringssl/include -x c' --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' 
  • 执行make && make install 编译后安装参数
  • 创建缺失的目录:
mkdir -p /var/cache/nginx/
mkdir -p /var/log/nginx/
mkdir -p /usr/lib/nginx/modules //此目录非必须,方便后续添加动态加载类型模块
  • 添加nginx用户组
useradd -m nginx
  • 编写nginx服务,本文采用nano编辑,如没有请使用apt install nano安装
nano /usr/lib/systemd/system/nginx.service
  • 输入内容:
[Unit]
Description=nginx - high performance web server
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)"
ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)"

[Install]
WantedBy=multi-user.target
  • 执行重载服务命令:
systemctl daemon-reload
  • 现在来可以直接使用systemctl管理我们编译的nginx

现在来配置开机启动

systemctl enable nginx

执行启动

systemctl start nginx

停止Nginx服务:

systemctl stop nginx

重启Nginx服务:

systemctl restart nginx

显示Nginx服务的状态:

systemctl status nginx

禁用Nginx服务,使其不会在系统启动时自动启动:

systemctl disable nginx