今天看到一篇介绍匿名pear to pear文件分享程序的文章,于是我打开程序的官网
找到安装教程,发现里面有个brotli的一键安装脚本,脚本适用于ubuntu18.04
然后我去到ngx_brotli的项目地址,发现是谷歌出品,看了看介绍,好像还不错。再看看我博客用的nginx,发现版本太老,然后打算重新编译新版本,没想到遇到了坑-导致博客挂了一个钟头,下面记录这样一个过程和解决的思路
编译安装nginx最新版compile latest nginx
新建一个用户bobmaster跟root区分开
adduser bobmaster --gecos "bobmaster"
# 给予root权限
usermod -aG sudo bobmaster切换到新用户, 更新系统软件并安装必要程序
su - bobmaster
sudo apt update && sudo apt upgrade -y
sudo apt install -y software-properties-common vim接下来安装编译需要的工具
sudo apt install -y build-essential git 下载nginx源码以及必要的依赖源码, 同时解压,最后删除所有压缩包
wget https://nginx.org/download/nginx-1.19.0.tar.gz && tar zxvf nginx-1.19.0.tar.gz
wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz && tar zxvf pcre-8.44.tar.gz
wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar zxvf zlib-1.2.11.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz && tar zxvf openssl-1.1.1g.tar.gz
# 删除压缩包
rm -r *.tar.gz安装nginx额外的依赖
sudo apt install -y perl libperl-dev libgd3 libgd-dev libgeoip1 libgeoip-dev geoip-bin libxml2 libxml2-dev libxslt1.1 libxslt1-dev下载ngx_brotli 源码,同时合并子模块
git clone https://github.com/google/ngx_brotli
cd ngx_brotli && git submodule update --init进入nginx-1.19.0源码文件夹
cd ~/nginx-1.19.0配置编译安装nginx
PS: perl路径请自行ls /usr/share/perl 查看
./configure --prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--user=nginx \
--group=nginx \
--build=Debian \
--builddir=nginx-1.19.0 \
--with-select_module \
--with-poll_module \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-http_perl_module=dynamic \
--with-perl_modules_path=/usr/share/perl/5.28.1 \
--with-perl=/usr/bin/perl \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-stream_ssl_preread_module \
--with-compat \
--with-pcre=../pcre-8.44 \
--with-pcre-jit \
--with-zlib=../zlib-1.2.11 \
--with-openssl=../openssl-1.1.1g \
--with-openssl-opt=no-nextprotoneg \
--with-debug \
--with-compat \
--add-dynamic-module=../ngx_brotli
make
sudo make install安装好后,可以查看下版本
sudo nginx -V
#nginx version: nginx/1.19.0 (Debian)
#built by gcc 8.3.0 (Debian 8.3.0-6)
#built with OpenSSL 1.1.1g 21 Apr 2020
#TLS SNI support enabled
#configure arguments: --prefix=....................然后创建nginx modules的软链接-通常这样做
sudo ln -s /usr/lib/nginx/modules /etc/nginx/modules给nginx分配用户和用户组
sudo adduser --system --home /nonexistent --shell /bin/false --no-create-home --disabled-login --disabled-password --gecos "nginx user" --group nginx
然后检测是否被成功创建
sudo tail -n 1 /etc/passwd /etc/group /etc/shadow
显示了nginx就成功了接着创建nginx缓存目录以及配置权限
sudo mkdir -p /var/cache/nginx/client_temp /var/cache/nginx/fastcgi_temp /var/cache/nginx/proxy_temp /var/cache/nginx/scgi_temp /var/cache/nginx/uwsgi_temp
sudo chmod 700 /var/cache/nginx/*
sudo chown nginx:root /var/cache/nginx/*
检查下nginx是否配置正常
sudo nginx -t如果没有任何问题,就可以将nginx交由systemd来管理
sudo vim /etc/systemd/system/nginx.service
# 并填入以下配置文件
[Unit]
Description=nginx - high performance web server
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPost=/bin/sleep 0.1
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
[Install]
WantedBy=multi-user.target然后让nginx开机自启,并运行nginx
sudo systemctl enable nginx.service
sudo systemctl start nginx.service
# 再检查下运行状态
sudo systemctl status nginxnginx的源码中,有专门的vim代码高亮配置文件和man配置文件
# 对于非root用户
mkdir ~/.vim/
cp -r ~/nginx-1.19.0/contrib/vim/* ~/.vim/
# 对于root用户
sudo mkdir /root/.vim/
sudo cp -r ~/nginx-1.19.0/contrib/vim/* /root/.vim/sudo cp ~/nginx-1.19.0/man/nginx.8 /usr/share/man/man8
sudo gzip /usr/share/man/man8/nginx.8
# 检查下man nginx是否正常工作
man nginx接下来创建nginx的常用文件夹
sudo mkdir /etc/nginx/{conf.d,snippets,sites-available,sites-enabled}更改日志目录权限
sudo chmod 640 /var/log/nginx/*
sudo chown nginx:adm /var/log/nginx/access.log /var/log/nginx/error.log然后将nginx的日志用logrotate管理
sudo vim /etc/logrotate.d/nginx
# 添加如下内容
/var/log/nginx/*.log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 640 nginx adm
sharedscripts
postrotate
if [ -f /var/run/nginx.pid ]; then
kill -USR1 `cat /var/run/nginx.pid`
fi
endscript
}最后把残留不需要的文件都删除吧!
cd ~
rm -rf nginx-1.19.0/ pcre-8.44/ zlib-1.2.11/ openssl-1.1.1g/优化optimize
编译讲完了下面步入正题,优化的过程以及遇到的一些坑
优化我采取了以下步骤:
1. 开启brotli
2. redis-server
3. 大部分程序都使用最新版本(数据库、php等)
1. 配置nginx
首先修改下/etc/nginx/nginx.conf
因为ngx-brotli我们采取的是动态加载而不是静态编译, 所以需要在配置文件中添加上述模块
# 加在开头等地方
load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;接下来只需要在网站的配置文件中加入brotli的语法即可,详见项目地址,比如
brotli on;
brotli_comp_level 6;
brotli_static on;
brotli_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;还有将sites-enabled,conf.d加入nginx.conf的http{}区块
include /etc/nginx/sites-enabled/*.conf;
include /etc/nginx/conf.d/*.conf;2. 配置redis-server
首先安装redis-server
sudo apt install redis-server然后配置php-fpm,这里我安装的是php7.4-fpm,具体安装的方式请参考How To Install PHP 7.4 on Debian 10 / Debian 9
wordpress-php插件可以看考
https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions
这里假设你已经安装好php{version}-fpm了,我们要修改php.ini, 一般在 /etc/php/7.<your version>/fpm/目录下
编辑并更改或添加以下两个地方
# 找到[Session]部分,修改如下两处地方
session.save_handler = redis
session.save_path = "tcp://127.0.0.1:6379"之后重启php7.4-fpm
sudo systemctl restart php7.4-fpm之后wordpress安装个Redis Object Cache插件即可
解决“坑”
php权限问题
具体表现为打开博主主页,502Bad Gateway,就是无法加载。通过检查/var/log/nginx/blog.hibobmaster.com.error.log日志发现报connect() to unix:/run/php/php7.4-fpm.sock failed (13: Permission denied) while connecting to upstream
找到了问题–什么没有权限?通过查阅资料可知是/etc/php/7.4/fpm/pool.d/www.conf的权限配置出了些问题
于是编辑上述文件
sudo vim /etc/php/7.4/fpm/pool.d/www.conf
# 修改listen.owner和listen.group
# 将www-data修改为nginx即可
user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx保存然后重启php7.4-fpm就解决了这个权限问题
fastcgi内容缺失
解决了php的问题后,打开网站,什么都没有加载,于是按照常理检查error_log,什么都没有,不对啊为啥加载不出界面,谷歌一下– “nginx wordpress blank page”,通过查询得知:
Nginx source does not define
NARGA EditorialSCRIPT_FILENAMEin thefastcgi_params
根据说明,编辑nginx目录下的fastcgi_params,加入如下内容然后重载配置就好了!
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;reffer:
1.How to Compile Nginx From Source on Debian 10
2.How to Fix and Avoid WordPress Blank Page on NGINX
发表回复