Nginx 1.27.1 源码安装

**Ubuntu24 TLS**

cd /usr/local/src

sudo apt update
sudo apt install -y build-essential zlib1g-dev libpcre3-dev libssl-dev libgd-dev libgeoip-dev git  




git clone https://github.com/google/ngx_brotli.git
cd ngx_brotli/
git submodule update --init 

cd ..

wget https://nginx.org/download/nginx-1.27.1.tar.gz && tar zxvf nginx-1.27.1.tar.gz && cd nginx-1.27.1/



./configure --prefix=/usr/local/nginx1.27 \
    --with-http_dav_module \
    --with-http_addition_module \
    --with-http_realip_module \
    --with-http_sub_module \
    --with-http_flv_module \
    --with-http_mp4_module \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-http_gunzip_module \
    --with-http_stub_status_module \
    --with-http_gzip_static_module \
    --with-http_secure_link_module \
    --with-http_image_filter_module \
    --with-http_random_index_module \
    --with-http_auth_request_module \
    --with-stream \
    --with-stream_realip_module \
    --with-stream_ssl_module \
    --with-stream_ssl_preread_module \
    --with-stream_geoip_module=dynamic \
    --with-threads \
    --with-pcre \
    --with-pcre-jit \
    --with-compat \
    --with-select_module \
    --with-poll_module \
    --with-mail \
    --with-mail_ssl_module  \
    --user=www-data \
    --group=www-data \
    --add-module=../ngx_brotli 


make && make install
ln -s /usr/local/nginx1.27/sbin/nginx /usr/bin/nginx
mkdir /var/log/nginx/exc -p

**系统守护进程**

root@ubuntu ~]# cat  /etc/systemd/system/nginx.service 
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/local/nginx1.27/sbin/nginx -t
ExecStart=/usr/local/nginx1.27/sbin/nginx
ExecReload=/usr/local/nginx1.27/sbin/nginx -s reload
ExecStop=/usr/local/nginx1.27/sbin/nginx -s stop
KillMode=process
Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target

**默认配置文件**

[root@ubuntu ~]# cat /usr/local/nginx1.27/conf/nginx.conf
user www;
worker_processes auto;
pid /run/nginx.pid;

# 避免 nginx 出现 worker_connections are not enough 报错
worker_rlimit_nofile 655360;

events {
    worker_connections 65535;
    use epoll;
    multi_accept on;
}



http {
    # 设置CDN服务器的IP地址范围
    set_real_ip_from 0.0.0.0/0;
    # 使用CDN传递的第一个IP作为真实IP
    real_ip_header   X-Forwarded-For;
    real_ip_recursive on;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


    include   mime.types;
    log_format main '{ "@timestamp": "$time_iso8601", '
                                 '"remote_addr": "$remote_addr", '
                                 '"request_method": "$request_method", '
                                 '"uri": "$uri", '
                                 '"body_bytes_sent": $body_bytes_sent, '
                                 '"request_time": $request_time, '
                                 '"upstream_response_time": "$upstream_response_time", '
                                 '"status": "$status", '
                                 '"upstream_status": "$upstream_status", '
                                 '"request": "$request", '
                                 '"http_referrer": "$http_referer", '
                                 '"http_x_forwarded_for": "$http_x_forwarded_for", '
                                 '"http_user_agent": "$http_user_agent", '
                                '"host": "$host", '
                                '"server_port": "$server_port", '
                                '"upstream_addr": "$upstream_addr", '
                                '"scheme": "$scheme" }';


    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   120;
    client_header_buffer_size 4k;
    open_file_cache max=102400 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 1;
    client_header_timeout 15;
    client_body_timeout 15;
    reset_timedout_connection on;
    send_timeout 150;
    server_tokens off;
    client_max_body_size 1024m;
    types_hash_max_size 4096;
    gzip on;
    gzip_vary  on;
    gzip_min_length  1k;
    gzip_buffers     16 16k;
    gzip_http_version 1.1;
    gzip_comp_level 3;
    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
    gzip_proxied   expired no-cache no-store private auth;
    gzip_disable   "MSIE [1-6]\.";
    fastcgi_connect_timeout     600;
    fastcgi_send_timeout 600;
    fastcgi_read_timeout 600;
    fastcgi_buffer_size 64k;
    fastcgi_buffers  4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;
    fastcgi_temp_path nginx_tmp;
    fastcgi_intercept_errors on;
    fastcgi_cache_path fastcgi_cache levels=1:2 keys_zone=cache_fastcgi:128m inactive=1d max_size=10g;

    proxy_buffering on;
    proxy_buffers 16 32k;
    proxy_buffer_size 32k; 
    

    proxy_cache_path cache levels=1:2 keys_zone=cache:10m max_size=10g inactive=60m use_temp_path=off;

    # 定义全局请求限制区域
    # $binary_remote_addr: 客户端 IP 地址（用二进制表示）
    # zone=one:10m: 使用一个名为 one 的 zone，大小为 10MB
    # rate=50r/s: 每秒钟只允许 50 个请求
    limit_req_zone $binary_remote_addr zone=one:100m rate=50r/s;

    brotli on;
    brotli_comp_level 6;
    brotli_static on;
    brotli_types application/atom+xml application/javascript application/json application/rss+xml
             application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
             application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
             font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
             image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;

    include vhosts/*.conf;

}