介绍
OpenResty 的额外拓展:
OpenSSL 1.0.2,提供 ALPN 支持,支持 HTTP/2
Nginx-CT,透明证书提高 HTTPS 网站的安全性和浏览器支持
ngx_PageSpeed,Google 家的网站性能优化工具
Brotli,实现比 Gzip 更高的压缩率
Jemalloc,优化内存管理
教程
本教程以,Ubuntu 16.04 LTS 64位版 为例。
设定版本变量
如果软件版本更新后,为了方便起见,后续修改版本号只需修改下面的变量即可。
在终端中输入:
OpenSSLVersion='openssl-1.0.2l';
NginxCTVersion='1.3.2';
PageSpeedVersion='1.12.34.2';
SystemBit='X64';
OpenRestyVersion='openresty-1.11.2.3';
上述软件版本更新查看: OpenSSL、Nginx-CT、PageSpeed、OpenResty
安装依赖
更新系统软件源缓存顺便升级组件:
# apt update
# apt upgrade -y
安装依赖组件:
# apt install build-essential libreadline-dev libncurses5-dev libpcre3 libpcre3-dev libssl-dev zlib1g-dev unzip git perl make libjemalloc1 libjemalloc-dev
下载源码
这里将 OpenResty 所需的源代码均放置在 /data/www 目录下,方便管理。
# cd /data/www
下载 OpenResty 和其拓展的源代码:
# wget https://www.openssl.org/source/$OpenSSLVersion.tar.gz
# tar xzf $OpenSSLVersion.tar.gz
# wget https://github.com/grahamedgecombe/nginx-ct/archive/v$NginxCTVersion.tar.gz
# tar xzf v$NginxCTVersion.tar.gz
# git clone https://github.com/google/ngx_brotli.git
# cd ngx_brotli
# git submodule update --init
# cd ../
# wget https://github.com/pagespeed/ngx_pagespeed/archive/v$PageSpeedVersion-beta.zip
# unzip v$PageSpeedVersion-beta.zip
# cd incubator-pagespeed-ngx-1.12.34.2-beta/
# wget https://dl.google.com/dl/page-speed/psol/$PageSpeedVersion-$SystemBit.tar.gz
# tar -xzvf $PageSpeedVersion-$SystemBit.tar.gz
# cd ../
# wget -c https://openresty.org/download/$OpenRestyVersion.tar.gz
# tar zxf $OpenRestyVersion.tar.gz
编译 OpenResty
# cd $OpenRestyVersion
# ./configure --prefix=/data/www/openresty \
# --user=www --group=www \
# --add-module=../ngx_brotli \
# --add-module=../nginx-ct-$NginxCTVersion \
# --add-module=../incubator-pagespeed-ngx-1.12.34.2-beta \
# --with-http_v2_module \
# --with-http_ssl_module \
# --with-http_gzip_static_module \
# --with-ld-opt='-ljemalloc'
# make && make install
Ubuntu 16.04(不包括) 以下版本请在倒数第二行添加:
# --with-openssl=../$OpenSSLVersion \
设置变量
# [ -z "`grep ^'export PATH=' /etc/profile`" ] && echo "export PATH=/data/www/openresty/nginx/sbin:\$PATH" >> /etc/profile
# [ -n "`grep ^'export PATH=' /etc/profile`" -a -z "`grep /data/www/openresty/ /etc/profile`" ] && sed -i "s@^export PATH=\(.*\)@export PATH=/data/www/openresty/nginx/sbin:\1@" /etc/profile
# . /etc/profile
> 后面就可以用,nginx -t 检测配置是否正确,nginx -s reload 重载 Nginx 了。
设置服务和开机启动
创建 /etc/systemd/system/openresty.service 文件,内容:
# Stop dance for OpenResty
# A modification of the Nginx systemd script
# =======================
#
# ExecStop sends SIGSTOP (graceful stop) to the Nginx process.
# If, after 5s (--retry QUIT/5) OpenResty is still running, systemd takes control
# and sends SIGTERM (fast shutdown) to the main process.
# After another 5s (TimeoutStopSec=5), and if OpenResty is alive, systemd sends
# SIGKILL to all the remaining processes in the process group (KillMode=mixed).
#
# Nginx signals reference doc:
# http://nginx.org/en/docs/control.html
#
[Unit]
Description=A dynamic web platform based on Nginx and LuaJIT.
After=network.target
[Service]
Type=forking
PIDFile=/data/www/logs/openresty.pid
ExecStartPre=/data/www/openresty/bin/openresty -t -q -g 'daemon on; master_process on;'
ExecStart=/data/www/openresty/bin/openresty -g 'daemon on; master_process on;'
ExecReload=/data/www/openresty/bin/openresty -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /data/www/logs/openresty.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target
编辑 /data/www/openresty/nginx/conf/nginx.conf 文件为(仅作为参考):
user www;
worker_processes auto;
error_log /data/wwwlogs/error_nginx.log crit;
pid /data/www/logs/openresty.pid;
worker_rlimit_nofile 51200;
events {
use epoll;
worker_connections 51200;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 1024m;
client_body_buffer_size 10m;
sendfile on;
tcp_nopush on;
keepalive_timeout 120;
server_tokens off;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_intercept_errors on;
#Gzip Compression
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
brotli on;
brotli_comp_level 6;
brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
#If you have a lot of static files to serve through Nginx then caching of the files' metadata (not the actual files' contents) can save some latency.
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
######################## default ############################
server {
listen 80;
server_name localhost;
access_log /data/www/openresty/logs/access_nginx.log combined;
root html;
index index.html index.htm index.php;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /\.ht {
deny all;
}
}
########################## vhost #############################
include vhost/*.conf;
}
重新加载 systemd 服务,以便它可以找到我们的文件:
# systemctl daemon-reload
通过 systemd 启动 OpenResty:
# systemctl start openresty
设置开机启动:
# systemctl enable openresty
打开你的服务器 IP,就能看到安装好的 OpenResty 提示页了