vps是centos系统,先用源安装了nginx,后来因为反代需要Substitutions模块,又从源码安装了nginx,并添加了Substitutions模块。
如何从源安装nginx
yum -y install nginx
查看nginx编译参数
nginx -V
nginx的启动重启和停止:
systemctl start nginx #启动 nginx 服务
systemctl stop nginx #停止 nginx 服务
systemctl restart nginx #重启 nginx 服务
从源码编译安装nginx需要先安装依赖包
yum -y install gcc gcc-c++ make libtool zlib zlib-devel openssl openssl-devel pcre pcre-devel
从nginx -V可以知道当前nginx的版本,从网上下载对应版本的源码
wget http://nginx.org/download/nginx-1.12.1.tar.gz
查看configure的参数
tar xf nginx-1.12.1.tar.gz
cd nginx-1.12.1
nginx -V
configure arguments: --prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
...
添加substituion模块
./configure --prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
...
--add-module=../ngx_http_substitutions_filter_module
make && make install
cp /usr/sbin/nginx /usr/sbin/nginx.bak #备份
cp /opt/nginx-1.12.1/objs/nginx /usr/sbin/nginx #替换
systemctl restart nginx #重启 nginx 服务
这样即安装好了从源码编译的nginx。
中间曾经出现几次错误,现记录下来:
—with-ld-opt
checking for gcc -pipe switch ... found
checking for --with-ld-opt="-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E" ... not found
./configure: error: the invalid value in --with-ld-opt="-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E"
解决方案
去掉 --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'
选项
HTTP XSLT
./configure: error: the HTTP XSLT module requires the libxml2/libxslt
libraries. You can either do not enable the module or install the libraries.
解决方案
yum -y install libxml2 libxml2-dev
yum -y install libxslt-devel
HTTP image
./configure: error: the HTTP image filter module requires the GD library.
You can either do not enable the module or install the libraries.
解决方案
yum -y install gd-devel
GenIP
./configure: error: the GeoIP module requires the GeoIP library.
You can either do not enable the module or install the library.
解决方案
yum -y install GeoIP GeoIP-devel GeoIP-data
Google perftools
./configure: error: the Google perftools module requires the Google perftools
library. You can either do not enable the module or install the library.
解决方案
yum install gperftools
AIO
./configure: no supported file AIO was found
Currently file AIO is supported on FreeBSD 4.3+ and Linux 2.6.22+ only
解决方案
去掉 --with-file-aio
选项
can not detect int size
./configure: error: can not detect int size
解决方案
去掉下面这个选项
--with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic'
./configure: error: the HTTP XSLT module requires the libxml2/libxslt libraries. 的解决方案
yum install libxslt-devel
./configure: error: the HTTP image filter module requires the GD library.的解决方案
yum install gd gd-devel
checking forperl+ perl version: v5.10.1 (*) built forx86_64-linux-thread-multiCan’t locateExtUtils/Embed.pm in@INC
(@INC contains: /usr/local/lib64/perl5/usr/local/share/perl5/usr/lib64/perl5/
vendor_perl/usr/share/perl5/vendor_perl/usr/lib64/perl5/usr/share/perl5.).BEGIN failed–compilation aborted../configure: error: perl module ExtUtils::Embed is required的解决方案
yum -y install perl-devel perl-ExtUtils-Embed
接下来正式进入反代环节
nginx配置文件中location代码段中添加:
proxy_pass https://wordpress.org #说明要反代的网站地址
替换网页内容:
subs_filter wordpress.org wp101.net #网页中wordpress.org替换成wp101.net
反代添加缓存空间:
proxy_cache cache_one;#cache空间名字
proxy_cache_valid 200 304 3d;
proxy_cache_key $host$uri$is_args$args;
expires 10d;
通过反代访问网站,网站记录的是服务区的IP地址在访问网站,如何告诉网站访客的真实IP呢?
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
如何在反代中添加统计代码
set $injected ‘<script>
var _hmt = _hmt || [];
(function() {
var hm = document.createElement(“script”);
hm.src = “https://hm.baidu.com/hm.js?50b2a787f170b0cf418daa2ce2546b17”;
var s = document.getElementsByTagName(“script”)[0];
s.parentNode.insertBefore(hm, s);
})();
</script>
‘;
sub_filter ‘</body>’ ‘${injected}</body>’;
反代网站添加https
if ($host = ‘wp101.net’)
{ rewrite ^/(.*)$ https://g.32.pm$1 permanent; #统一www域名到不带www域名 }
ssl_certificate /root/ssl/crt.crt;
ssl_certificate_key /root/ssl/crt.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS; ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m; #网上照抄的SSL参数
location / {
proxy_redirect off;
proxy_pass https://www.google.com/;
proxy_set_header Host www.google.com;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Referer http://www.google.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;