Loading... ### 安装编译需要的软件包 ```bash apt update apt install make cmake gcc g++ git libz-dev -y ``` ### Nginx ```bash wget https://nginx.org/download/nginx-1.27.2.tar.gz tar zxvf nginx-1.27.2.tar.gz ``` ### OpenSSL ```bash wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz tar zxvf openssl-1.1.1w.tar.gz ``` ### Zlib (CloudFlare 优化版本) ```bash git clone https://github.com/cloudflare/zlib.git zlib-cf cd zlib-cf make -f Makefile.in distclean cd .. ``` ### Brotli ```bash git clone https://github.com/google/ngx_brotli cd ngx_brotli git submodule update --init --recursive cd deps/brotli mkdir out && cd out cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_C_FLAGS="-Ofast -m64 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_CXX_FLAGS="-Ofast -m64 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_INSTALL_PREFIX=./installed .. cmake --build . --config Release --target brotlienc cd ../../../.. export CFLAGS="-m64 -march=native -mtune=native -Ofast -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" export LDFLAGS="-m64 -Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections" ``` ### Nginx Headers More: ```bash git clone https://github.com/openresty/headers-more-nginx-module.git ``` ### ngx_http_geoip2_module ```bash wget https://github.com/maxmind/libmaxminddb/releases/download/1.8.0/libmaxminddb-1.8.0.tar.gz tar zxvf libmaxminddb-1.8.0.tar.gz cd libmaxminddb-1.8.0 ./configure && make && make install echo /usr/local/lib >> /etc/ld.so.conf.d/local.conf ldconfig cd .. git clone https://github.com/leev/ngx_http_geoip2_module.git ``` ### PCRE ```bash wget https://udomain.dl.sourceforge.net/project/pcre/pcre/8.45/pcre-8.45.tar.gz tar -zxvf pcre-8.45.tar.gz ``` ### jemalloc ```bash wget https://github.com/jemalloc/jemalloc/releases/download/5.3.0/jemalloc-5.3.0.tar.bz2 tar -jxvf jemalloc-5.3.0.tar.bz2 cd jemalloc-5.3.0/ ./configure -prefix=/usr/local/jemalloc --libdir=/usr/local/lib make -j4 make install echo /usr/local/lib >> /etc/ld.so.conf ldconfig cd ../ ``` ### 给 OpenSSL 打上 Patch ```bash cd openssl-1.1.1w/ curl https://raw.githubusercontent.com/kn007/patch/master/openssl-1.1.1.patch | patch -p1 cd ../ ``` ### 给 Nginx 打上 Patch ```bash cd nginx-1.27.2/ #curl https://raw.githubusercontent.com/kn007/patch/master/nginx.patch | patch -p1 curl https://raw.githubusercontent.com/kn007/patch/master/nginx_dynamic_tls_records.patch | patch -p1 curl https://raw.githubusercontent.com/Qwerto107/nginx-patch/main/error_page.patch | patch -p1 cd ../ ``` ### 编译安装 #### 编译参数 `--user=www --group=www`:指定 Nginx 运行时所使用的用户和组 `--prefix=/usr/local/nginx`:指定 Nginx 的安装目录 `--with-openssl=../openssl-1.1.1w`:指定 OpenSSL 源码解压路径 `--with-openssl-opt='zlib -march=native -ljemalloc -Wl,-flto'`:指定在编译 OpenSSL 时的一些选项,包括 zlib 压缩库、使用本地 CPU 架构优化、链接到 jemalloc 内存分配器和启用 LTO(链接时优化) `--with-http_ssl_module`:启用 HTTP SSL 模块 `--with-http_v2_module`:启用 HTTP/2 模块 `--with-http_sub_module`:启用 HTTP Substitution 模块 `--with-http_gzip_static_module`:启用 Gzip 静态文件压缩模块 `--with-http_stub_status_module`:启用状态监控模块 `--with-zlib=../zlib-cf`:指定 zlib 源码解压路径 `--with-pcre=../pcre-8.45`:指定 PCRE 源码解压路径 `--with-pcre-jit`:启用 PCRE 的 JIT(Just-In-Time)编译功能,提高正则表达式的匹配性能 `--add-module=../ngx_brotli`:增加 Brotli 压缩模块 `--add-module=../headers-more-nginx-module`:增加 HTTP Header 修改模块 `--with-stream`:启用 TCP/UDP 代理模块 `--with-stream_realip_module`:启用 Real IP 模块 `--with-stream_ssl_module`:启用 TCP/UDP SSL 模块,用于提供加密流量传输 `--with-stream_ssl_preread_module`:启用 SSL 握手预读模块 `--with-http_v3_module`:启用 HTTP/3 模块,用于支持 HTTP/3 协议 `--add-module=../ngx_http_geoip2_module`:增加 GeoIP2 模块,用于基于地理位置的内容分发和访问控制 `--with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC -ljemalloc -lrt'`:指定链接器的参数,启用 RELRO(Relocation Read-Only)、启用立即重定向符号、使用 jemalloc 内存分配器、链接到 librt 库 #### 编译过程 ```bash cd nginx-1.27.2/ ./configure --user=www --group=www --prefix=/usr/local/nginx --with-openssl=../openssl-1.1.1w --with-openssl-opt='zlib -march=native -ljemalloc -Wl,-flto' --with-http_ssl_module --with-http_v2_module --with-http_sub_module --with-http_gzip_static_module --with-http_stub_status_module --with-zlib=../zlib-cf --with-pcre=../pcre-8.45 --with-pcre-jit --add-module=../ngx_brotli --add-module=../headers-more-nginx-module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_v3_module --add-module=../ngx_http_geoip2_module --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC -ljemalloc -lrt' make -j2 make install ``` ### 服务 ```bash cat > /usr/lib/systemd/system/nginx.service <<EOF [Unit] Description=A high performance web server and a reverse proxy server After=syslog.target network.target network.service [Service] Type=forking PIDFile=/usr/local/nginx/logs/nginx.pid ExecStartPre=/usr/local/nginx/sbin/nginx -t ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/usr/local/nginx/sbin/nginx -s quit Restart=on-abort [Install] WantedBy=multi-user.target EOF ``` ### 启动 ```bash useradd www -s /sbin/nologin mkdir /home/wwwlogs/ mkdir /home/wwwroot/ chown www:www /home/wwwlogs/ -R chown www:www /home/wwwroot/ -R systemctl daemon-reload systemctl enable nginx systemctl start nginx ``` 最后修改:2025 年 01 月 10 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏