Debian编译安装Nginx

发布于 2022-11-28  668 次阅读

编译安装Nginx

echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
lsmod | grep bbr
 
apt update
apt upgrade -y
 
curl -sSL https://get.docker.com/ | sh
 
#apt-get install docker-ce docker-ce-cli containerd.io -y
 
apt-get install wget build-essential libpcre3 libpcre3-dev zlib1g-dev git -y
mkdir ~/nginx_build && cd ~/nginx_build
wget -c https://nginx.org/download/nginx-1.20.2.tar.gz && tar zxf nginx-1.20.2.tar.gz && rm nginx-1.20.2.tar.gz
wget -c https://www.openssl.org/source/openssl-1.1.1m.tar.gz && tar zxf openssl-1.1.1m.tar.gz && rm openssl-1.1.1m.tar.gz
cd nginx-1.20.2
./configure \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-http_stub_status_module \
--with-http_v2_module \
--with-http_ssl_module \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-pcre \
--with-pcre-jit \
--with-openssl=/root/nginx_build/openssl-1.1.1m \
--with-http_sub_module
make
make install
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx -V
 
wget -O /etc/init.d/nginx https://raw.githubusercontent.com/KJieGitHub/Nginx/master/nginx-script/nginx-startup/nginx-startup-script-for-debian-ubuntu.sh
chmod +x /etc/init.d/nginx
systemctl daemon-reload
systemctl start nginx
update-rc.d -f nginx defaults
 
nano /usr/local/nginx/conf/nginx.conf

# 在http{}中末尾添加如下:
include vhost/*.conf;

mkdir /usr/local/nginx/conf/vhost
mkdir /usr/local/nginx/conf/ssl
nano /usr/local/nginx/conf/vhost/xxx.xxx.xxx.conf

server {
  listen 80;
  listen [::]:80;
 
  server_name xxx.xxx.xxx;
 # access_log /var/log/nginx/xxx.xxx.xxx_nginx.log combined;
  index index.html index.htm index.php;
  root /usr/share/nginx/html;
 
  location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
    valid_referers none blocked xxx.xxx.xxx;
    if ($invalid_referer) {
        return 403;
    }
  }
 
  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    access_log off;
  }
  location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
  }
  location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md) {
    deny all;
  }
}

systemctl stop nginx

acme签发证书

apt-get install -y socat
curl https://get.acme.sh | sh
systemctl stop nginx
~/.acme.sh/acme.sh  --register-account  -m [email protected] --server zerossl
~/.acme.sh/acme.sh  --server zerossl  --issue  -d xxx.xxx.xxx   --standalone
~/.acme.sh/acme.sh --installcert -d xxx.xxx.xxx --key-file /usr/local/nginx/conf/ssl/xxx.xxx.xxx.key --fullchain-file /usr/local/nginx/conf/ssl/xxx.xxx.xxx.crt

Love is merely a madness.