不灭的火

革命尚未成功,同志仍须努力 _ 加密SHA/AES/RSA下载JDK17

【Amazon Linux】编译安装 Nginx 1.23.4,织信所需的Nginx
作者:AlbertWen  添加时间:2025-04-06 13:37:39  修改时间:2025-11-05 07:04:18  分类:06.Linux软件安装  编辑

【Amazon Linux】云主机,“织信安装器”通过 rpm 安装 Nginx 1.22 时,报错:提示OpenSSL版本不对,改为手动编译安装高版本的 Nginx 1.23.4 ,安装成功!

1、编译安装 Nginx 1.23.4

(1) 安装依赖库

yum -y install gcc gcc-c++ zlib zlib-devel openssl openssl-devel pcre-devel

(2) 下载 Nginx 1.23.4 源码包

wget -c http://nginx.org/download/nginx-1.23.4.tar.gz

(3) 解压

tar -zxvf nginx-1.23.4.tar.gz

(4) 编译安装

# 进入目录
# cd ./nginx-1.23.4
cd /data/tmp/123/Nginx/nginx-1.23.4

# 清理上次编译缓存文件(多次编译时使用)
make clean

# 配置编译选项
./configure --prefix=/data/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_secure_link_module --with-http_v2_module

# 编译并安装
make && make install

(5) 启动 Nginx 服务

cd /data/nginx/sbin
./nginx

2、配置织信的Nginx配置文件

(1) 修改配置文件nginx.conf内容

配置文件:/data/nginx/conf/nginx.conf

user  www;
worker_processes  auto;

error_log  logs/error.log notice;
pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include conf.d/*.conf;
}

(2) 从其他“织信服务器”,拷贝出Nginx的配置文件

需要拷贝的文件夹:

/etc/nginx/conf.d
/etc/nginx/includes

拷贝后的路径:

/data/nginx/conf/conf.d
/data/nginx/conf/includes

(3) 新建 onlyoffice 软件所需的日志目录

 

(4) 修改子网站配置文件

文件1:/data/nginx/conf/conf.d/ds.conf

include /data/nginx/conf/includes/http-common.conf;
server {
    listen 0.0.0.0:9002 ssl;
    listen [::]:9002 default_server ssl;
    server_tokens off;
  
    # SSL 配置
    ssl_certificate /data/nginx/conf/ssl/zx.php-note.com.pem;      # 替换为你的证书路径
    ssl_certificate_key /data/nginx/conf/ssl/zx.php-note.com.key;      # 替换为你的私钥路径

    include /data/nginx/conf/includes/ds-*.conf;
}

文件2:/data/nginx/conf/conf.d/informat-next.conf

upstream backend_account {
    hash $proxy_add_x_forwarded_for;
    server 127.0.0.1:9881;
}

upstream backend_biz_s0 {
    hash $proxy_add_x_forwarded_for;
    server 127.0.0.1:8881;
}


# HTTP 配置:80端口重定向到 HTTPS
server {
    listen 80;
    server_name zx.php-note.com;  # 替换为你的域名
    return 301 https://$host$request_uri;  # 重定向到 HTTPS
}

# HTTPS 配置:用于 80 端口的服务
server {
    listen 443 ssl http2;
    server_name zx.php-note.com;  # 替换为你的域名

    # SSL 配置
    ssl_certificate /data/nginx/conf/ssl/zx.php-note.com.pem;      # 替换为你的证书路径
    ssl_certificate_key /data/nginx/conf/ssl/zx.php-note.com.key;      # 替换为你的私钥路径
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    client_max_body_size 2000M;

    proxy_connect_timeout 1m;
    proxy_send_timeout 30m;
    proxy_read_timeout 30m;
    proxy_set_header Connection '';
    proxy_http_version 1.1;
    chunked_transfer_encoding off;
    proxy_buffering off;
    proxy_cache off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Server $host;
    add_header 'Access-Control-Allow-Origin' * always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
    add_header 'Access-Control-Allow-Methods' 'GET,POST,DELETE,PUT,HEAD,OPTIONS' always;
    add_header 'Access-Control-Allow-Headers' 'DNT,token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
    add_header 'Access-Control-Expose-Headers' 'Set-Cookie,Content-Disposition,Content-Range,RequestId,Date' always;

    # 主服务
    location / {
        proxy_pass http://backend_account$request_uri;
        access_log /var/log/nginx/informat_next_account_access_web.log;
    }

    location ^~ /web0/ {
        access_log /var/log/nginx/informat_next_biz_api_web.log;
        if ($request_method = 'OPTIONS') {
           return 204;
        }
        proxy_pass http://backend_biz_s0/web/;
    }

    location ^~ /account/ {
        access_log /var/log/nginx/informat_next_account_api_web.log;
        if ($request_method = 'OPTIONS') {
           return 204;
        }
        proxy_pass http://backend_account$request_uri;
    }
}


server {
    listen 19881;
    server_name localhost;
    client_max_body_size 2000M;

    proxy_connect_timeout 1m;
    proxy_send_timeout 30m;
    proxy_read_timeout 30m;
    proxy_set_header Connection '';
    proxy_http_version 1.1;
    chunked_transfer_encoding off;
    proxy_buffering off;
    proxy_cache off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Server $host;
    add_header 'Access-Control-Allow-Origin' * always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
    add_header 'Access-Control-Allow-Methods' 'GET,POST,DELETE,PUT,HEAD,OPTIONS' always;
    add_header 'Access-Control-Allow-Headers' 'DNT,token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
    add_header 'Access-Control-Expose-Headers' 'Set-Cookie,Content-Disposition,Content-Range,RequestId,Date' always;

    location / {
        proxy_pass http://backend_account$request_uri;
        access_log /var/log/nginx/informat_next_account_access_web.log;
    }

    location ^~ /web0/ {
        access_log /var/log/nginx/informat_next_biz_api_web.log;
        if ($request_method = 'OPTIONS') {
        return 204;
        }
        proxy_pass http://backend_biz_s0/web/;
    }

    location ^~ /account/ {
        access_log /var/log/nginx/informat_next_account_api_web.log;
        if ($request_method = 'OPTIONS') {
        return 204;
        }
        proxy_pass http://backend_account$request_uri;
    }
}

3、配置开机启动服务

(1) 添加专属用户 ——【注意】跟宝塔面板运行用户www保持一致

groupadd www
useradd -g www www

(2) 修改目录权限

chown -R www:www /data/nginx

(3) 创建systemd服务配置文件

vim /usr/lib/systemd/system/nginx.service

输入以下内容:

[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking

# PIDFile=/var/run/nginx.pid
# ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
# ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)"
# ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)"

PIDFile=/data/nginx/logs/nginx.pid
ExecStart=/data/nginx/sbin/nginx -c /data/nginx/conf/nginx.conf
ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /data/nginx/logs/nginx.pid)"
ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /data/nginx/logs/nginx.pid)"

[Install]
WantedBy=multi-user.target

(4) 使配置生效

# 设置开机自启动
systemctl enable nginx
 
# 重新加载systemd程序的配置文件
systemctl daemon-reload

(5) 常用命令:启动/关闭/重启

在测试新命令行之前,先关闭上面已经启动的Nginx进程:

ps -ef | grep nginx
kill -9 进程ID

 

生成织信所需的目录和文件(否则Nginx会启动失败):

mkdir -pv /var/log/nginx/
touch /var/log/nginx/informat_next_account_access_web.log
chmod 777 /var/log/nginx/informat_next_account_access_web.log

 

注意:需要在root用户环境下执行:

# 启动
systemctl start nginx
 
# 关闭
systemctl stop nginx
 
# 重启
systemctl restart nginx

 

调试代码:

注意:需要在root用户环境下执行:

/data/nginx/sbin/nginx -c /data/nginx/conf/nginx.conf

 

Copyright © 2012-2035 不灭的火 版权所有 粤ICP备17073848号