Tengine+VeryNginx初探

因为Apache更新完以后prefork mode和h2不能共存

https://t.me/ButNothingHappened/2176

https://http2.pro/doc/Apache

第一,apache2 2.4.26之前的版本http2都有漏洞

第二,更新后的http2不支持prefork模式

所以决定还是套一层CDN,但是太穷,直接用魔方云做一个好了

在LWL的小窝里面问到Tengine,然后折腾了一下午,总算是有个初步进展。记录一下????

  1. 题外话

    • 魔方云的模版有点问题,建议先调整一下locale
    • dpkg-reconfigure locales
  2. 准备工作

useradd:

groupadd www-data

useradd -s /sbin/nologin -g www-data www-data

提示:所有组建提示lib没装的时候记得装dev的包

murmurhash 组件错误:加上 –with-cc-opt=”-Wno-error”

Source:https://www.linuxquestions.org/questions/slackware-arm-108/gcc-7-x-compile-issue-with-nginx-4175608107/

ngx_http 问题:怎么装apt都不对,就直接上包了

  1. 下载 ngx_devel_kit(NDK)模块 :https://github.com/simpl/ngx_devel_kit/tags,不需要安装

cd /usr/local/src
wget https
://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
tar
-xzvf v0.3.0.tar.gz

  1. 下载最新的 lua-nginx-module 模块 :https://github.com/openresty/lua-nginx-module/tags,不需要安装

cd /usr/local/src
wget https
://github.com/openresty/lua-nginx-module/archive/v0.10.10.tar.gz
tar
-xzvf v0.10.10.tar.gz

   #balancer 需要10.11,需要的话从git直接clone
   # https://github.com/alexazhou/VeryNginx/issues/108
   # https://github.com/openresty/lua-resty-core/
</span></span></code>

LuaJit:

cd /usr/local/src
wget http://luajit.org/download/LuaJIT-2.1.0-beta3.tar.gz

tar
-xzvf LuaJIT-2.1.0-beta3.tar.gz
cd LuaJIT-2.1.0-beta3
make && make install
ln -sf luajit-2.1.0-beta3 /usr/local/bin/luajit

Summary:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
./configure --user=www-data --group=www-data --with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_slice_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_concat_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_sysguard_module \
--with-file-aio \
--with-ipv6 \
--with-force-exit \
--with-mail \
--with-mail_ssl_module \
--with-backtrace_module \
--with-http_stub_status_module \
--with-luajit-lib=/usr/local/lib \
--with-luajit-inc=/usr/local/include/luajit-2.1/ \
--with-cc-opt="-Wno-error" \
--add-module=/usr/local/src/lua-nginx-module \
--add-module=/usr/local/src/ngx_devel_kit-0.3.0

4. 下载VeryNginx

他的 install.py 里面写的很清楚了 创建文件夹,复制到opt,然后复制nginx配置,done

如果遇到 balance 的问题在上面解决了,要手动复制一下lib,有问题看附上的 issue 链接,有问题就跑 error.log 看看

附上我自己的配置文件

nginx.conf

user www-data;
worker_processes auto;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

events {
 worker_connections 1024;
}

include /opt/verynginx/verynginx/nginx_conf/in_external.conf;

http {
 include mime.types;
 default_type application/octet-stream;

 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 '$status $body_bytes_sent "$http_referer" '
 '"$http_user_agent" "$http_x_forwarded_for"';

 access_log logs/access.log main;
 sendfile on;
 #tcp_nopush on;

 #keepalive_timeout 0;
 keepalive_timeout 65;
 client_body_buffer_size 128k;

 gzip on;

 #this line shoud be include in every http block
 include /opt/verynginx/verynginx/nginx_conf/in_http_block.conf;

 server {
 listen 80;
 listen [::]:80;
 #this line shoud be include in every server block
 include /opt/verynginx/verynginx/nginx_conf/in_server_block.conf;

 # server_name example.com www.example.com; 
 return 301 https://$host$request_uri;

 }

 server {
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 ssl on;
 ssl_certificate cert/fullchain.crt;
 ssl_certificate_key cert/key.key;
 ssl_session_timeout 5m;
 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
# 后来按照 https://mozilla.github.io/server-side-tls/ssl-config-generator/ 改了
# 推荐上面这个地址的配置
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 include /opt/verynginx/verynginx/nginx_conf/in_server_block.conf;
 location = / {
 root html;
 index index.html index.htm;
 }
 }
}